## Cyber Attacks on Real Time

### Overview

This dataset encompasses both normal and adversarial network behaviours, providing a general representation of real-world scenarios. Incorporating data from IoT devices such as ThingSpeak-LED, Wipro-Bulb, and MQTT-Temp, as well as simulated attack scenarios involving Brute-Force SSH attacks, DDoS attacks using Hping and Slowloris, and Nmap patterns, RT-IoT2022 offers a detailed perspective on the complex nature of network traffic. The bidirectional attributes of network traffic are meticulously captured using the Zeek network monitoring tool and the Flowmeter plugin.


Provided here: [Cyber Attacks on Real-Time Internet of Things](https://www.kaggle.com/datasets/joebeachcapital/real-time-internet-of-things-rt-iot2022?resource=download)

In [1]:
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns
%matplotlib inline


RT = pd.read_csv('files/RT_IOT2022.csv')
RT

Unnamed: 0.1,Unnamed: 0,id.orig_p,id.resp_p,proto,service,flow_duration,fwd_pkts_tot,bwd_pkts_tot,fwd_data_pkts_tot,bwd_data_pkts_tot,...,active.std,idle.min,idle.max,idle.tot,idle.avg,idle.std,fwd_init_window_size,bwd_init_window_size,fwd_last_window_size,Attack_type
0,0,38667,1883,tcp,mqtt,32.011598,9,5,3,3,...,0.0,2.972918e+07,2.972918e+07,2.972918e+07,2.972918e+07,0.0,64240,26847,502,MQTT_Publish
1,1,51143,1883,tcp,mqtt,31.883584,9,5,3,3,...,0.0,2.985528e+07,2.985528e+07,2.985528e+07,2.985528e+07,0.0,64240,26847,502,MQTT_Publish
2,2,44761,1883,tcp,mqtt,32.124053,9,5,3,3,...,0.0,2.984215e+07,2.984215e+07,2.984215e+07,2.984215e+07,0.0,64240,26847,502,MQTT_Publish
3,3,60893,1883,tcp,mqtt,31.961063,9,5,3,3,...,0.0,2.991377e+07,2.991377e+07,2.991377e+07,2.991377e+07,0.0,64240,26847,502,MQTT_Publish
4,4,51087,1883,tcp,mqtt,31.902362,9,5,3,3,...,0.0,2.981470e+07,2.981470e+07,2.981470e+07,2.981470e+07,0.0,64240,26847,502,MQTT_Publish
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
123112,2005,59247,63331,tcp,-,0.000006,1,1,0,0,...,0.0,0.000000e+00,0.000000e+00,0.000000e+00,0.000000e+00,0.0,1024,0,1024,NMAP_XMAS_TREE_SCAN
123113,2006,59247,64623,tcp,-,0.000007,1,1,0,0,...,0.0,0.000000e+00,0.000000e+00,0.000000e+00,0.000000e+00,0.0,1024,0,1024,NMAP_XMAS_TREE_SCAN
123114,2007,59247,64680,tcp,-,0.000006,1,1,0,0,...,0.0,0.000000e+00,0.000000e+00,0.000000e+00,0.000000e+00,0.0,1024,0,1024,NMAP_XMAS_TREE_SCAN
123115,2008,59247,65000,tcp,-,0.000006,1,1,0,0,...,0.0,0.000000e+00,0.000000e+00,0.000000e+00,0.000000e+00,0.0,1024,0,1024,NMAP_XMAS_TREE_SCAN


### Attack Types

The attack types that affects IOT devices in real time.
* Attack types
* The most common attack

#### Attack types

In [2]:
RT['Attack_type'].unique()

array(['MQTT_Publish', 'Thing_Speak', 'Wipro_bulb', 'ARP_poisioning',
       'DDOS_Slowloris', 'DOS_SYN_Hping', 'Metasploit_Brute_Force_SSH',
       'NMAP_FIN_SCAN', 'NMAP_OS_DETECTION', 'NMAP_TCP_scan',
       'NMAP_UDP_SCAN', 'NMAP_XMAS_TREE_SCAN'], dtype=object)

#### Most Common Attack

In [3]:
RT['Attack_type'].describe()

count            123117
unique               12
top       DOS_SYN_Hping
freq              94659
Name: Attack_type, dtype: object

In [4]:
A = RT[RT['Attack_type'] == 'DOS_SYN_Hping']
B = RT[RT['Attack_type'] == 'MQTT_Publish']
C = RT[RT['Attack_type'] == 'NMAP_XMAS_TREE_SCAN']
d = RT[RT['Attack_type'] == 'Thing_Speak']
e = RT[RT['Attack_type'] == 'Wipro_bulb']
f = RT[RT['Attack_type'] == 'ARP_poisioning']
g = RT[RT['Attack_type'] == 'DDOS_Slowloris']
h = RT[RT['Attack_type'] == 'Metasploit_Brute_Force_SSH']
i = RT[RT['Attack_type'] == 'NMAP_UDP_SCAN']
j = RT[RT['Attack_type'] == 'NMAP_TCP_scan']


print(A.shape)
print(B.shape)
print(C.shape)
print(d.shape)
print(e.shape)
print(f.shape)
print(g.shape)
print(B.shape)
print(h.shape)
print(i.shape)


(94659, 85)
(4146, 85)
(2010, 85)
(8108, 85)
(253, 85)
(7750, 85)
(534, 85)
(4146, 85)
(37, 85)
(2590, 85)


In [None]:
ax = RT.plot.bar(y= 'fwd_last_window_size', rot=0)