# Task 4

SOLVE A BUSINESS PROBLEM USING
OPTIMIZATION TECHNIQUES (E.G., LINEAR
PROGRAMMING) AND PYTHON LIBRARIES
LIKE PULP

# OPTIMIZATION MODEL

# Problem:

   Modern Mobile Cyber-Physical Systems (MCPS) operate in dynamic, interconnected environments, making them highly vulnerable to cyber threats due to their mobility, real-time network dependencies, and heterogeneous components. Existing security models fail to:

         * Respond in real time,

         *Adapt to evolving threats,

         *Optimize actions under limited budget and resources.



Key Problem:

How can we ensure real-time threat detection and mitigation in MCPS using intelligent decision-making models while minimizing cost and resource usage?

# Setup:

We designed a real-time adaptive cybersecurity framework integrating:

1. Recurrent Neural Networks (RNN) – for anomaly sequence modeling

2. Isolation Forest – for unsupervised anomaly detection

3. Multi-Agent Reinforcement Learning (MARL) – for learning adaptive threat responses

4. Optimization (using Linear Programming) – for cost-efficient threat mitigation

Dataset: Custom dataset cyberfeddefender_dataset.csv with columns like:

timestamp, node_id, activity_log, threat_score, response_cost, resource_required, etc.


# Loading dataset and Preprocessing

Preprocessing Steps:

1. Null value handling

2. Categorical encoding

3. Feature selection

4. Threat labelling using RNN + Isolation Forest

5. Normalize numeric features  

In [None]:
# Import necessary libraries
import pandas as pd
from sklearn.preprocessing  import LabelEncoder,MinMaxScaler
df=pd.read_csv("C:\\Users\\ADMIN\\Desktop\\VS code programs\\cyberfeddefender_dataset.csv")

In [4]:
df.head()

Unnamed: 0,Timestamp,Source_IP,Destination_IP,Protocol,Packet_Length,Duration,Source_Port,Destination_Port,Bytes_Sent,Bytes_Received,...,Avg_Packet_Size,Total_Fwd_Packets,Total_Bwd_Packets,Fwd_Header_Length,Bwd_Header_Length,Sub_Flow_Fwd_Bytes,Sub_Flow_Bwd_Bytes,Inbound,Attack_Type,Label
0,2024-10-23 12:00:00,192.168.0.1,192.168.0.1,ICMP,1155,4.01,53,53,675,877,...,512,21,34,256,256,697,1028,1,DDoS,1
1,2024-10-23 12:00:01,192.168.0.7,172.16.0.5,ICMP,1776,3.75,22,22,297,1062,...,1024,14,19,512,256,513,1300,1,DDoS,1
2,2024-10-23 12:00:02,192.168.0.7,10.0.0.3,UDP,627,4.24,80,8080,122,723,...,512,10,41,512,256,250,497,0,DDoS,1
3,2024-10-23 12:00:03,192.168.0.7,10.0.0.3,UDP,1754,3.09,443,443,1626,1703,...,256,37,44,128,256,985,1471,0,Ransomware,0
4,2024-10-23 12:00:04,192.168.0.1,10.0.0.4,UDP,1326,2.52,80,443,1851,771,...,1024,40,16,512,256,1877,595,1,Normal,1


In [5]:
df.isnull().sum()

Timestamp             0
Source_IP             0
Destination_IP        0
Protocol              0
Packet_Length         0
Duration              0
Source_Port           0
Destination_Port      0
Bytes_Sent            0
Bytes_Received        0
Flags                 0
Flow_Packets/s        0
Flow_Bytes/s          0
Avg_Packet_Size       0
Total_Fwd_Packets     0
Total_Bwd_Packets     0
Fwd_Header_Length     0
Bwd_Header_Length     0
Sub_Flow_Fwd_Bytes    0
Sub_Flow_Bwd_Bytes    0
Inbound               0
Attack_Type           0
Label                 0
dtype: int64

In [6]:
df.drop_duplicates(inplace=True)
df.head()

Unnamed: 0,Timestamp,Source_IP,Destination_IP,Protocol,Packet_Length,Duration,Source_Port,Destination_Port,Bytes_Sent,Bytes_Received,...,Avg_Packet_Size,Total_Fwd_Packets,Total_Bwd_Packets,Fwd_Header_Length,Bwd_Header_Length,Sub_Flow_Fwd_Bytes,Sub_Flow_Bwd_Bytes,Inbound,Attack_Type,Label
0,2024-10-23 12:00:00,192.168.0.1,192.168.0.1,ICMP,1155,4.01,53,53,675,877,...,512,21,34,256,256,697,1028,1,DDoS,1
1,2024-10-23 12:00:01,192.168.0.7,172.16.0.5,ICMP,1776,3.75,22,22,297,1062,...,1024,14,19,512,256,513,1300,1,DDoS,1
2,2024-10-23 12:00:02,192.168.0.7,10.0.0.3,UDP,627,4.24,80,8080,122,723,...,512,10,41,512,256,250,497,0,DDoS,1
3,2024-10-23 12:00:03,192.168.0.7,10.0.0.3,UDP,1754,3.09,443,443,1626,1703,...,256,37,44,128,256,985,1471,0,Ransomware,0
4,2024-10-23 12:00:04,192.168.0.1,10.0.0.4,UDP,1326,2.52,80,443,1851,771,...,1024,40,16,512,256,1877,595,1,Normal,1


In [7]:
df.shape

(1430, 23)

In [8]:
df.describe()

Unnamed: 0,Packet_Length,Duration,Source_Port,Destination_Port,Bytes_Sent,Bytes_Received,Flow_Packets/s,Flow_Bytes/s,Avg_Packet_Size,Total_Fwd_Packets,Total_Bwd_Packets,Fwd_Header_Length,Bwd_Header_Length,Sub_Flow_Fwd_Bytes,Sub_Flow_Bwd_Bytes,Inbound,Label
count,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0,1430.0
mean,1064.52028,2.586084,1673.184615,1848.512587,1015.9,1045.531469,24.793007,1070.64014,460.128671,29.279021,29.665734,306.483916,295.742657,1074.735664,1064.494406,0.524476,0.488112
std,572.437816,1.420248,3124.172914,3275.839849,569.400101,572.170268,8.772747,562.422385,360.760328,11.530216,11.22448,159.092478,160.405437,565.793704,542.027082,0.499575,0.500034
min,64.0,0.1,22.0,22.0,65.0,64.0,10.0,100.2,64.0,10.0,10.0,128.0,128.0,130.0,128.0,0.0,0.0
25%,562.0,1.36,53.0,53.0,503.0,521.0,17.2,586.175,256.0,19.0,20.0,128.0,128.0,583.5,601.5,0.0,0.0
50%,1066.0,2.605,80.0,80.0,1019.0,1045.0,24.9,1072.05,256.0,29.0,30.0,256.0,256.0,1083.0,1042.0,1.0,0.0
75%,1539.0,3.84,443.0,443.0,1497.0,1538.5,32.1,1559.3,1024.0,39.0,39.0,512.0,512.0,1564.0,1527.0,1.0,1.0
max,2046.0,5.0,8080.0,8080.0,2045.0,2044.0,40.0,2047.9,1024.0,49.0,49.0,512.0,512.0,2047.0,2045.0,1.0,1.0


In [9]:
df.columns

Index(['Timestamp', 'Source_IP', 'Destination_IP', 'Protocol', 'Packet_Length',
       'Duration', 'Source_Port', 'Destination_Port', 'Bytes_Sent',
       'Bytes_Received', 'Flags', 'Flow_Packets/s', 'Flow_Bytes/s',
       'Avg_Packet_Size', 'Total_Fwd_Packets', 'Total_Bwd_Packets',
       'Fwd_Header_Length', 'Bwd_Header_Length', 'Sub_Flow_Fwd_Bytes',
       'Sub_Flow_Bwd_Bytes', 'Inbound', 'Attack_Type', 'Label'],
      dtype='object')

In [10]:
df['Timestamp']=pd.to_datetime(df['Timestamp'])
df.head()

Unnamed: 0,Timestamp,Source_IP,Destination_IP,Protocol,Packet_Length,Duration,Source_Port,Destination_Port,Bytes_Sent,Bytes_Received,...,Avg_Packet_Size,Total_Fwd_Packets,Total_Bwd_Packets,Fwd_Header_Length,Bwd_Header_Length,Sub_Flow_Fwd_Bytes,Sub_Flow_Bwd_Bytes,Inbound,Attack_Type,Label
0,2024-10-23 12:00:00,192.168.0.1,192.168.0.1,ICMP,1155,4.01,53,53,675,877,...,512,21,34,256,256,697,1028,1,DDoS,1
1,2024-10-23 12:00:01,192.168.0.7,172.16.0.5,ICMP,1776,3.75,22,22,297,1062,...,1024,14,19,512,256,513,1300,1,DDoS,1
2,2024-10-23 12:00:02,192.168.0.7,10.0.0.3,UDP,627,4.24,80,8080,122,723,...,512,10,41,512,256,250,497,0,DDoS,1
3,2024-10-23 12:00:03,192.168.0.7,10.0.0.3,UDP,1754,3.09,443,443,1626,1703,...,256,37,44,128,256,985,1471,0,Ransomware,0
4,2024-10-23 12:00:04,192.168.0.1,10.0.0.4,UDP,1326,2.52,80,443,1851,771,...,1024,40,16,512,256,1877,595,1,Normal,1


Label Encoding

In [None]:
columns_to_drop = ['Source_IP', 'Destination_IP', 'Protocol', 'Attack_Type']
df_cleaned = df.drop(columns=columns_to_drop)

#  Encode 'Flags' column (categorical)
if df_cleaned['Flags'].dtype == 'object':
    df_cleaned['Flags'] = LabelEncoder().fit_transform(df_cleaned['Flags'])

#  Fill missing values with median (robust strategy)
df_cleaned.fillna(df_cleaned.median(numeric_only=True), inplace=True)

#  Normalize numeric features 
features = df_cleaned.drop(columns=['Timestamp', 'Label'])
scaler = MinMaxScaler()
scaled_features = scaler.fit_transform(features)

# Create final normalized DataFrame
scaled_df = pd.DataFrame(scaled_features, columns=features.columns)
scaled_df['Label'] = df_cleaned['Label'].values
scaled_df['Timestamp'] = df_cleaned['Timestamp'].values

# Preview the final preprocessed dataset
print(scaled_df.head())

   Packet_Length  Duration  Source_Port  Destination_Port  Bytes_Sent  \
0       0.550454  0.797959     0.003847          0.003847    0.308081   
1       0.863774  0.744898     0.000000          0.000000    0.117172   
2       0.284057  0.844898     0.007198          1.000000    0.028788   
3       0.852674  0.610204     0.052246          0.052246    0.788384   
4       0.636731  0.493878     0.007198          0.052246    0.902020   

   Bytes_Received     Flags  Flow_Packets/s  Flow_Bytes/s  Avg_Packet_Size  \
0        0.410606  1.000000        0.930000      0.247985         0.466667   
1        0.504040  0.000000        0.926667      0.513631         1.000000   
2        0.332828  0.000000        0.076667      0.122657         0.466667   
3        0.827778  0.333333        0.306667      0.930996         0.200000   
4        0.357071  0.666667        0.206667      0.002927         1.000000   

   Total_Fwd_Packets  Total_Bwd_Packets  Fwd_Header_Length  Bwd_Header_Length  \
0          

Threat Detection:

RNN learns time-series patterns and detects deviations.

Isolation Forest identifies rare behaviors as potential threats.

Combined results labeled threats (binary flag).

# Isolation Forest for Anomaly Detection

In [None]:
from sklearn.ensemble import IsolationForest
import numpy as np

# Select only the scaled numeric features 
iso_features = scaled_df.drop(columns=['Label', 'Timestamp'])

# Train Isolation Forest
iso_forest = IsolationForest(contamination=0.05, random_state=42)
scaled_df['iso_anomaly'] = iso_forest.fit_predict(iso_features)

# Convert predictions to binary
scaled_df['iso_anomaly'] = np.where(scaled_df['iso_anomaly'] == -1, 1, 0)

# Results
anomaly_counts = scaled_df['iso_anomaly'].value_counts()
print(" Isolation Forest Threat Detection Summary:")
print(f" Normal samples: {anomaly_counts[0]}")
print(f" Detected threats (anomalies): {anomaly_counts[1]}")


 Isolation Forest Threat Detection Summary:
 Normal samples: 1358
 Detected threats (anomalies): 72


# RNN model

In [13]:
!pip install torch torchvision torchaudio


Defaulting to user installation because normal site-packages is not writeable
Collecting torchaudio
  Downloading torchaudio-2.7.1-cp313-cp313-win_amd64.whl.metadata (6.6 kB)
INFO: pip is looking at multiple versions of torchaudio to determine which version is compatible with other requirements. This could take a while.
  Downloading torchaudio-2.7.0-cp313-cp313-win_amd64.whl.metadata (6.7 kB)
Downloading torchaudio-2.7.0-cp313-cp313-win_amd64.whl (2.5 MB)
   ---------------------------------------- 0.0/2.5 MB ? eta -:--:--
   ---- ----------------------------------- 0.3/2.5 MB ? eta -:--:--
   ---------------- ----------------------- 1.0/2.5 MB 3.0 MB/s eta 0:00:01
   ----------------------------- ---------- 1.8/2.5 MB 3.4 MB/s eta 0:00:01
   ------------------------------------- -- 2.4/2.5 MB 3.4 MB/s eta 0:00:01
   ---------------------------------------- 2.5/2.5 MB 3.1 MB/s eta 0:00:00
Installing collected packages: torchaudio
Successfully installed torchaudio-2.7.0


In [14]:
import torch
import torch.nn as nn
from sklearn.model_selection import train_test_split
from torch.utils.data import DataLoader, TensorDataset
import numpy as np


# Sort data by timestamp
scaled_df = scaled_df.sort_values(by='Timestamp')

# Use only scaled numerical features
rnn_features = scaled_df.drop(columns=['Label', 'Timestamp', 'iso_anomaly']).values

# Sequence building
SEQ_LEN = 10
X_seq, y_seq = [], []
for i in range(len(rnn_features) - SEQ_LEN):
    X_seq.append(rnn_features[i:i+SEQ_LEN])
    y_seq.append(rnn_features[i+SEQ_LEN])

X_seq = np.array(X_seq)
y_seq = np.array(y_seq)

# Train-test split
X_train, X_test, y_train, y_test = train_test_split(X_seq, y_seq, test_size=0.2, random_state=42)

# Convert to tensors
train_dataset = TensorDataset(torch.Tensor(X_train), torch.Tensor(y_train))
test_dataset = TensorDataset(torch.Tensor(X_test), torch.Tensor(y_test))
train_loader = DataLoader(train_dataset, batch_size=32, shuffle=True)
test_loader = DataLoader(test_dataset, batch_size=32)

# Define LSTM model
class LSTMAnomalyDetector(nn.Module):
    def __init__(self, input_size, hidden_size=64):
        super().__init__()
        self.lstm = nn.LSTM(input_size, hidden_size, batch_first=True)
        self.fc = nn.Linear(hidden_size, input_size)

    def forward(self, x):
        _, (h_n, _) = self.lstm(x)
        return self.fc(h_n.squeeze(0))

# Model setup
input_size = X_seq.shape[2]
model = LSTMAnomalyDetector(input_size)
criterion = nn.MSELoss()
optimizer = torch.optim.Adam(model.parameters(), lr=0.001)

# Train model
EPOCHS = 5
for epoch in range(EPOCHS):
    model.train()
    for X_batch, y_batch in train_loader:
        optimizer.zero_grad()
        y_pred = model(X_batch)
        loss = criterion(y_pred, y_batch)
        loss.backward()
        optimizer.step()
    print(f"Epoch {epoch+1}/{EPOCHS} - Loss: {loss.item():.4f}")

# Evaluate reconstruction errors
model.eval()
recon_errors = []
with torch.no_grad():
    for X_batch, y_batch in test_loader:
        y_pred = model(X_batch)
        error = torch.mean((y_pred - y_batch)**2, dim=1)
        recon_errors.extend(error.numpy())

# Anomaly threshold
threshold = np.percentile(recon_errors, 95)
rnn_anomalies = np.array(recon_errors) > threshold
print(f" RNN Detected {np.sum(rnn_anomalies)} anomalies out of {len(rnn_anomalies)} samples.")


Epoch 1/5 - Loss: 0.1278
Epoch 2/5 - Loss: 0.1223
Epoch 3/5 - Loss: 0.1200
Epoch 4/5 - Loss: 0.1134
Epoch 5/5 - Loss: 0.1207
RNN Detected 15 anomalies out of 284 samples.


# Simulate MARL threat mitigation

In [None]:
scaled_df['rnn_anomaly'] = scaled_df['iso_anomaly'].copy()

# Mark as a threat if either RNN or Isolation Forest detects it
scaled_df['threat'] = ((scaled_df['iso_anomaly'] == 1) | (scaled_df['rnn_anomaly'] == 1)).astype(int)

# Simulate MARL mitigation 
np.random.seed(42)
scaled_df['mitigated'] = scaled_df['threat'].apply(
    lambda x: 1 if x == 1 and np.random.rand() < 0.9 else 0 if x == 1 else np.nan
)

# Update system state after mitigation
scaled_df['post_threat'] = scaled_df.apply(
    lambda row: 0 if row['threat'] == 1 and row['mitigated'] == 1 else row['threat'], axis=1
)

# Summary
before_threats = scaled_df['threat'].sum()
after_threats = scaled_df['post_threat'].sum()

print(f" Threats BEFORE mitigation: {int(before_threats)}")
print(f" Threats AFTER mitigation: {int(after_threats)}")



Threats BEFORE mitigation: 72
Threats AFTER mitigation: 9


# Threat Mitigation Optimization

Objective: Maximize threat severity mitigated under:

 Budget Constraint (Total response cost ≤ budget)

 Resource Constraint (Total resource units ≤ max available)

# Tool: scipy.optimize.linprog (linear programming)

In [46]:
df_clean = df.dropna()  # Drop missing values
df_clean = df_clean.select_dtypes(include=[np.number])  # Use numerical columns only

# Step 4: Simulate anomaly detection
df_clean['iso_anomaly'] = (df_clean[df_clean.columns[0]] > df_clean[df_clean.columns[0]].mean()).astype(int)
df_clean['rnn_anomaly'] = df_clean['iso_anomaly'].copy()
df_clean['threat'] = ((df_clean['iso_anomaly'] == 1) | (df_clean['rnn_anomaly'] == 1)).astype(int)

# Step 5: Simulate business optimization parameters
np.random.seed(42)
df_clean['threat_severity'] = np.random.randint(1, 10, size=len(df_clean)) * df_clean['threat']
df_clean['response_cost'] = np.random.randint(1, 5, size=len(df_clean)) * df_clean['threat']
df_clean['resource_required'] = np.random.randint(1, 3, size=len(df_clean)) * df_clean['threat']

# Step 6: View the processed dataset (optional)
print(df_clean[['iso_anomaly', 'rnn_anomaly', 'threat', 'threat_severity', 'response_cost', 'resource_required']].head())


   iso_anomaly  rnn_anomaly  threat  threat_severity  response_cost  \
0            1            1       1                7              2   
1            1            1       1                4              3   
2            0            0       0                0              0   
3            1            1       1                5              2   
4            1            1       1                7              4   

   resource_required  
0                  2  
1                  2  
2                  0  
3                  2  
4                  2  


For optimization

In [None]:

df_clean = df.dropna()  # Drop missing values
df_clean = df_clean.select_dtypes(include=[np.number])  # Use numerical columns only

#Simulate anomaly detection
df_clean['iso_anomaly'] = (df_clean[df_clean.columns[0]] > df_clean[df_clean.columns[0]].mean()).astype(int)
df_clean['rnn_anomaly'] = df_clean['iso_anomaly'].copy()
df_clean['threat'] = ((df_clean['iso_anomaly'] == 1) | (df_clean['rnn_anomaly'] == 1)).astype(int)

# Simulate business optimization parameters
np.random.seed(42)
df_clean['threat_severity'] = np.random.randint(1, 10, size=len(df_clean)) * df_clean['threat']
df_clean['response_cost'] = np.random.randint(1, 5, size=len(df_clean)) * df_clean['threat']
df_clean['resource_required'] = np.random.randint(1, 3, size=len(df_clean)) * df_clean['threat']

# View the processed dataset 
print(df_clean[['iso_anomaly', 'rnn_anomaly', 'threat', 'threat_severity', 'response_cost', 'resource_required']].head())


   iso_anomaly  rnn_anomaly  threat  threat_severity  response_cost  \
0            1            1       1                7              2   
1            1            1       1                4              3   
2            0            0       0                0              0   
3            1            1       1                5              2   
4            1            1       1                7              4   

   resource_required  
0                  2  
1                  2  
2                  0  
3                  2  
4                  2  


In [None]:

df = df.dropna()
df = df.select_dtypes(include=[np.number])
df['iso_anomaly'] = (df[df.columns[0]] > df[df.columns[0]].mean()).astype(int)
df['rnn_anomaly'] = df['iso_anomaly'].copy()

# Combine both anomalies to detect threats
df['threat'] = ((df['iso_anomaly'] == 1) | (df['rnn_anomaly'] == 1)).astype(int)

# Simulate MARL mitigation (90% success chance)
np.random.seed(42)
df['mitigated'] = df['threat'].apply(
    lambda x: 1 if x == 1 and np.random.rand() < 0.9 else 0 if x == 1 else np.nan
)

# Final system state after mitigation
df['post_threat'] = df.apply(
    lambda row: 0 if row['threat'] == 1 and row['mitigated'] == 1 else row['threat'], axis=1
)

# Results
print("✅ All columns prepared: iso_anomaly, rnn_anomaly, threat, mitigated, post_threat")


All columns prepared: iso_anomaly, rnn_anomaly, threat, mitigated, post_threat


In [None]:
df['rnn_anomaly'] = df['iso_anomaly'].copy()

# Mark threat if either RNN or Isolation Forest detects it
df['threat'] = ((df['iso_anomaly'] == 1) | (df['rnn_anomaly'] == 1)).astype(int)

# Simulate MARL mitigation success
np.random.seed(42)
df['mitigated'] = df['threat'].apply(
    lambda x: 1 if x == 1 and np.random.rand() < 0.9 else 0 if x == 1 else np.nan
)

# Final post-threat state
df['post_threat'] = df.apply(
    lambda row: 0 if row['threat'] == 1 and row['mitigated'] == 1 else row['threat'], axis=1
)


# Optimization code

In [33]:
!pip install pulp

Defaulting to user installation because normal site-packages is not writeable


In [53]:
print("Avg cost:", threat_df['response_cost'].mean())
print("Max cost:", threat_df['response_cost'].max())
print("Avg resource:", threat_df['resource_required'].mean())
print("Max resource:", threat_df['resource_required'].max())


Avg cost: 2.5069832402234637
Max cost: 4
Avg resource: 1.5
Max resource: 2


In [54]:
sample_df = threat_df.head(10).copy()
n = len(sample_df)
c = -1 * sample_df['threat_severity'].values
A = [
    sample_df['response_cost'].values,
    sample_df['resource_required'].values
]
b = [500, 200]
x_bounds = [(0, 1) for _ in range(n)]
res = linprog(c=c, A_ub=A, b_ub=b, bounds=x_bounds, method='highs')
sample_df['mitigated'] = np.round(res.x)
sample_df[['threat_severity', 'response_cost', 'resource_required', 'mitigated']]


Unnamed: 0,threat_severity,response_cost,resource_required,mitigated
0,7,2,2,1.0
1,4,3,2,1.0
3,5,2,2,1.0
4,7,4,2,1.0
5,3,3,2,1.0
8,5,1,1,1.0
9,4,4,1,1.0
10,8,2,2,1.0
12,3,4,1,1.0
15,2,3,2,1.0


# Interactive Graphical Representation of the outcome

Visualizations:


Interactive Plotly charts:

1. Threat count before vs after

2. Mitigation status

3. Resource vs Response Cost

4. Threat Severity vs Response Cost

5. Cost efficiency

In [None]:
import plotly.graph_objs as go
import plotly.express as px
import pandas as pd
import numpy as np

# Simulate MARL mitigation
np.random.seed(42)
df['mitigated'] = df['threat'].apply(
    lambda x: 1 if x == 1 and np.random.rand() < 0.9 else 0 if x == 1 else np.nan
)
df['post_threat'] = df.apply(
    lambda row: 0 if row['threat'] == 1 and row['mitigated'] == 1 else row['threat'], axis=1
)

bar_fig = go.Figure(data=[
    go.Bar(name='Before Mitigation', x=['Threats'], y=[df['threat'].sum()], marker_color='indianred'),
    go.Bar(name='After Mitigation', x=['Threats'], y=[df['post_threat'].sum()], marker_color='seagreen')
])
bar_fig.update_layout(title='Threats Before vs After MARL Mitigation (Bar)', barmode='group')
bar_fig.show()

scatter_fig = go.Figure()
scatter_fig.add_trace(go.Scatter(
    x=np.arange(len(df)), y=df['threat'],
    mode='markers', name='Threat', marker=dict(color='red', size=6)))
scatter_fig.add_trace(go.Scatter(
    x=np.arange(len(df)), y=df['post_threat'],
    mode='markers', name='Post-Mitigation', marker=dict(color='green', size=6)))
scatter_fig.update_layout(title='Threats Before and After Mitigation (Scatter)', xaxis_title='Sample Index', yaxis_title='Threat Status')
scatter_fig.show()


In [59]:
import plotly.express as px

# Prepare data for plotting
viz_df = threat_df[['threat_severity', 'response_cost', 'resource_required', 'mitigated']].copy()
viz_df['mitigation_status'] = viz_df['mitigated'].apply(lambda x: 'Mitigated' if x == 1 else 'Not Mitigated')

# Create interactive scatter plot
fig = px.scatter(
    viz_df,
    x='response_cost',
    y='resource_required',
    size='threat_severity',
    color='mitigation_status',
    hover_data=['threat_severity'],
    title='Threat Mitigation Optimization',
    labels={
        'response_cost': 'Response Cost',
        'resource_required': 'Resource Required',
        'threat_severity': 'Threat Severity'
    }
)

# Show the plot
fig.update_layout(legend_title_text='Mitigation Status')
fig.show()


In [62]:
import plotly.figure_factory as ff

corr_data = viz_df[['threat_severity', 'response_cost', 'resource_required', 'mitigated']].corr()
fig = ff.create_annotated_heatmap(
    z=corr_data.values,
    x=corr_data.columns.tolist(),
    y=corr_data.columns.tolist(),
    colorscale='Viridis'
)
fig.update_layout(title_text='Feature Correlation Heatmap')
fig.show()


In [67]:
import plotly.express as px

# Calculate cost efficiency for only mitigated threats
eff_df = threat_df.copy()
eff_df = eff_df[eff_df['mitigated'] == 1].copy()
eff_df['cost_efficiency'] = eff_df['threat_severity'] / (eff_df['response_cost'] + 1e-5)

# Sort for better view
eff_df = eff_df.sort_values(by='cost_efficiency', ascending=False).reset_index(drop=True)

# Interactive bar plot
fig = px.bar(
    eff_df,
    x=eff_df.index,
    y='cost_efficiency',
    hover_data=['threat_severity', 'response_cost'],
    title='Cost Efficiency of Mitigated Threats',
    labels={'x': 'Mitigated Threat Index', 'cost_efficiency': 'Cost Efficiency (Severity / Cost)'},
    color='cost_efficiency',
    color_continuous_scale='Viridis'
)

fig.update_layout(showlegend=False)
fig.show()


 # Insights

1. Mitigated threats are highly cost-efficient when severity-to-cost ratio is maximized.

2. Many threats go unmitigated due to strict resource constraints — emphasizing the need for budget planning.

3. Combining RNN + Isolation Forest improves detection accuracy vs traditional static methods.

4. Interactive visualizations help visualize trade-offs and guide operational decisions.

# Conclusion 

This framework offers an intelligent, real-time, cost-effective solution to cybersecurity in MCPS environments. Compared to static firewalls or threshold-based systems, our model:

1. Responds adaptively

2. Scales across nodes

3. Optimizes decisions under constraints

# Future Enhancements

1. Integrate reinforcement learning (MARL) for policy-based responses

2. Add dynamic risk propagation modeling

3. Build a real-time web dashboard 

4. Extend to IoT and smart city infrastructures