## Objective

The primary objective of the machine learning model is classification. We want to determine which connections a firewall should allow, deny, drop, or "reset-both." Automating the classification of firewall rules is beneficial because many features of network traffic, such as bytes sent, are continuous rather than discrete, making set threshold values difficult to set. In addition, malicious or unwanted traffic likely cannot be identified by just one factor. For example, traffic over a certain port may normally be benign, but high volume could indicate malicious activity. Finally, machine learning can help identify trends and patterns that are too difficult for humans to identify manually, but emerge given enough training data.



## Dataset
The data set contains the following features: Source Port, Destination Port, NAT Source Port, NAT Destination Port, Bytes, Bytes Sent, Bytes Received, Packets, Elapsed Time (sec), pkts_sent, pkts_received, and Class. Only on of the features, Class, is categorical. These are the target values we will use to train the model for classification.

To begin train a model for classification, we have to convert the string classes into numbers that sklearn can process. To do this we use sklearn's LabelEncoder to preprocess the classes. We pass the column of the class to the method fit_transform. This creates an object containing our target values converted to integers and ready for training. We can still view the associated strings with by printing "le.classes_".

In [None]:
from sklearn.preprocessing import LabelEncoder
le = LabelEncoder()
# Encode the classes
y = le.fit_transform(df[classColumn])
class_names = le.classes_
print('Class labels:', class_names)
# Class labels: ['allow' 'deny' 'drop' 'reset-both']

## Models Explored

I used Decision Trees, Random Forest, and Naive Bayes to classify the data. I decided to add Naive Bayes as I intend to use it in my final project and wanted to be familiary with how it functioned.

### Decisions Trees

#### Hyperparameters
My previous work during week five found that using the Gini impurity measure performed better than Entropy. In addition, I attained significantly better accuracy until a depth of five, when accuracy gains started to level off.

#### Results

METRICS FOR DEPTH 5 AND CRITERION Gini

Overall Accuracy: 0.9984

Classification Report:

| | precision | recall | f1-score | support |
|:---|:---:|:---:|:---:|---:|
| **allow** | 1.00 | 1.00 | 1.00 | 30063 |
| **deny** | 1.00 | 1.00 | 1.00 | 12011 |
| **drop** | 1.00 | 1.00 | 1.00 | 10308 |
| **reset-both** | 1.00 | 0.23 | 0.37 | 44 |
| | | | | |
| **accuracy** | | | 1.00 | 52426 |
| **macro avg** | 1.00 | 0.81 | 0.84 | 52426 |
| **weighted avg** | 1.00 | 1.00 | 1.00 | 52426 |

Confusion Matrix:

Training Accuracy: 0.9984

Test Accuracy:     0.9984

The actual depth of the tree is: 5

(The maximum allowed depth was: 5)

### Random Forest
#### Hyperparameters
I decided to set n_estimators, meaning the number of decision trees in the forest, to 100, which is the default

#### Results

METRICS FOR RANDOM FOREST MODEL

(Estimators: 100, LR: 1.0)

Overall Accuracy: 0.9996

Classification Report:

| | precision | recall | f1-score | support |
|:---|:---:|:---:|:---:|---:|
| **allow** | 1.00 | 1.00 | 1.00 | 30063 |
| **deny** | 1.00 | 1.00 | 1.00 | 12011 |
| **drop** | 1.00 | 1.00 | 1.00 | 10308 |
| **reset-both** | 1.00 | 0.98 | 0.99 | 44 |
| | | | | |
| **accuracy** | | | 1.00 | 52426 |
| **macro avg** | 1.00 | 0.99 | 1.00 | 52426 |
| **weighted avg** | 1.00 | 1.00 | 1.00 | 52426 |

Confusion Matrix:

Training Accuracy: 0.9998

Test Accuracy:     0.9996

### Complement Naive Bayes
#### Hyperparameters
I decided to use a variation of Naive Bayes, Complement Naive Bayes, because sklearn suggested it performed better on highly imbalanced dataset. I used the default setting for hyperparameters.

#### Results

METRICS FOR COMPLEMENT NAIVE BAYES

Overall Accuracy: 0.9128

Classification Report:

| | precision | recall | f1-score | support |
|:---|:---:|:---:|:---:|---:|
| **allow** | 1.00 | 0.88 | 0.93 | 30063 |
| **deny** | 0.98 | 0.93 | 0.96 | 12011 |
| **drop** | 0.71 | 1.00 | 0.83 | 10308 |
| **reset-both** | 0.00 | 0.00 | 0.00 | 44 |
| | | | | |
| **accuracy** | | | 0.91 | 52426 |
| **macro avg** | 0.67 | 0.70 | 0.68 | 52426 |
| **weighted avg** | 0.94 | 0.91 | 0.92 | 52426 |

Confusion Matrix:

Training Accuracy: 0.9138

Test Accuracy:     0.9128



Accuracy: 0.9128295120741616

F1 Score: 0.908917365026234
