Given a cleaned dataset, performs k-means clustering and calculates the number of malware/non-malware in each cluster. It then saves this to an excel sheet. 

This code can be run on a single dataset (by uncommenting the line below) or multiple datasets (by running run_clusters.ipynb)

In [31]:
# file = 3

# Imports

In [32]:
import numpy as np
import pandas as pd
from sklearn.cluster import KMeans
from sklearn import preprocessing
import xlwt
from xlwt import Workbook

# Perform K-Means Clustering

Set the number of clusters below

In [36]:
NUM_CLUSTERS = 15

In [33]:
print('clustering data')
print(file)

clustering data
3


In [34]:
# grab data
no_outliers = pd.read_csv("working_data/no_outliers{}.csv".format(file))
botnets = pd.read_csv("working_data/botnet{}.csv".format(file))

# get all the features except StartTime and Label
x = no_outliers.iloc[:,1:14]
botnet_header = botnets['Label'].tolist()

In [35]:
# Counts the number of botnets and benign flows in each cluster, given a list of 
# the labels and the # of clusters
# -------------------

def count_groups(n, labels, centroids):
    
    # Make a list of dictionaries for storing counts of botnet and benign flows 
    # for each cluster
    counts = list()
    
    for index in range(0, n):
        counts.append({})

    # Iterate through each individual cluster
    for index in range(0, len(labels)):
        
        # If we encounter more than one malware/non-malware of the same type
        try:
            counts[labels[index]][no_outliers['Label'][index]] += 1
        except:
            counts[labels[index]][no_outliers['Label'][index]] = 0
            
            
    return counts


In [37]:
# For each cluster, find the number of types of botnet and benign
# ---------------


# Perform k-means clustering (30 clusters) on dataset x

kmeans = KMeans(n_clusters=15)
kmeans.fit(x)
centroids = kmeans.cluster_centers_
labels = kmeans.labels_
clusters_set = count_groups(15, labels, centroids)

In [38]:
# Write table of malware/malware+non-malware counts to excel sheet
# ---------------

# create workbook
wb = Workbook()

# create sheets
sheet1 = wb.add_sheet('botnet')
sheet2 = wb.add_sheet('combined')

# Create the table header the list of botnet/benign types
header = set().union(*(d.keys() for d in clusters_set))
header = list(header)

# Convert the dictionary values to a list of lists
rows = list()
i = 1
for cluster in clusters_set:
    row = list()
    for item in header:
        try:
            row.append(cluster[item])
        except:
            row.append(0)
    rows.append(row)
    i+=1
    

bot_col = 0

# dictionary for storing the counts of malware + non-malware in each cluster
combined_data = {'malware': [0] * len(rows), 'non-malware': [0] * len(rows)}


# write table of malware to excel sheet, keep track of non-malware for later
for col in range(0, len(header)):
    
    # check to see if the column has any counts over 0 (contains any malware/non-malware)
    nonZero = 0
    for row in range(0, len(rows)):
        if rows[row][col] != 0:
            nonZero = 1
            
    # if the column contains no data, there is no need to print it
    # otherwise, proceed
    if nonZero != 0:
        
        # write table of malware
        # -----------------
        
        # if the column is for holding counts of malware
        if header[col] in botnet_header:
            # print header
            sheet1.write(0, bot_col, header[col])

            # print each row in column
            for row in range(0, len(rows)):
                # if the value is 0, print a blank instead
                if rows[row][col] == 0:
                    sheet1.write(row+1, bot_col, '')
                # write the count to the table
                else:
                    sheet1.write(row+1, bot_col, rows[row][col])
                    # update the total count of malware for the cluster
                    combined_data['malware'][row] += (rows[row][col])
                    
            bot_col += 1
            

        
        # if the column is for holding counts of non-malware
        else:
            # print each row in column
            for row in range(0, len(rows)):
                if rows[row][col] != 0:
                    # update the total count of non-malware for the cluster
                    combined_data['non-malware'][row] += (rows[row][col])
            

# write a table of combined malware and non-malware to the excel sheet
col = 0
for key in combined_data:
    sheet2.write(0, col, key)
    for row in range(len(combined_data[key])):
        sheet2.write(row+1, col, combined_data[key][row])
    col += 1


# Save excel sheet
FILE = "working_data/clusters_chart_{}.xls".format(file)
wb.save(FILE)


# create dataframes from the excel sheets
combined_df = pd.read_excel("working_data/clusters_chart_{}.xls".format(file), sheet_name=1)
botnet_df = pd.read_excel("working_data/clusters_chart_{}.xls".format(file), sheet_name=0)

cat_combined = list(combined_df.columns.values)
combined_df.set_index(cat_combined, inplace=True)

cat_botnet = list(botnet_df.columns.values)
botnet_df.set_index(cat_botnet, inplace=True)


In [39]:

# create charts from the dataframes, store the new excel sheet in the results folder
# --------------

# create writer
writer = pd.ExcelWriter("results/clusters_graph_{}.xls".format(file), engine='xlsxwriter')
botnet_df.to_excel(writer, sheet_name='botnet')
combined_df.to_excel(writer, sheet_name='combined')

# create workbook/worksheets
workbook = writer.book
mal_ws = writer.sheets['botnet']
com_ws = writer.sheets['combined']

# create two stacked bar charts
mal_chart = workbook.add_chart({'type': 'bar', 'subtype': 'stacked'}) 
com_chart = workbook.add_chart({'type': 'bar', 'subtype': 'stacked'}) 

# Configure the charts from the dataframe data
for col_num in range(1, len(cat_botnet) + 1):
    
    letter = chr(ord('@')+col_num)
    str = '=botnet!${}$1:${}{}'.format(letter, letter, NUM_CLUSTERS)
    
    mal_chart.add_series({
        'name': cat_botnet[col_num-1],
        'values': str,
    })

for col_num in range(1, 3):
    title=''
        
    letter = chr(ord('@')+col_num)
    str = '=combined!${}$1:${}{}'.format(letter, letter, NUM_CLUSTERS)
    
    com_chart.add_series({
        'name': cat_combined[col_num-1],
        'values': str,
    })
    

# insert charts
com_ws.insert_chart('A40', com_chart)
mal_ws.insert_chart('A40', mal_chart)
writer.save()

In [40]:
print('success!')

success!
