
```
Import Libraries

```

In [16]:
# Core data manipulation and analysis libraries
import pandas as pd  # For data manipulation and analysis
import numpy as np   # For numerical operations and arrays

# Ignore warnings
import warnings
warnings.filterwarnings("ignore")

# Enable inline plotting in Jupyter notebooks
# Fixed duplicate import and invalid syntax
%matplotlib inline



```
Load the full datset after Combined Raw Dataset given in 4 CSV Files.

```

In [17]:
    
# Reading datasets
# Using list comprehension to read all csv files in 4 csv files
df = pd.read_csv('C:/Users/raman/OneDrive/Important/1UnisaSTUDY/Courses/Capstone_Project_1/Github/Code Working/Data Cleaning and EDA/full_data.csv', header=0) 

df.head()


Unnamed: 0,srcip,sport,dstip,dsport,proto,state,dur,sbytes,dbytes,sttl,...,ct_ftp_cmd,ct_srv_src,ct_srv_dst,ct_dst_ltm,ct_src_ltm,ct_src_dport_ltm,ct_dst_sport_ltm,ct_dst_src_ltm,attack_cat,label
0,59.166.0.0,1390,149.171.126.6,53,udp,CON,0.001055,132,164,31,...,0,3,7,1,3,1,1,1,,0
1,59.166.0.0,33661,149.171.126.9,1024,udp,CON,0.036133,528,304,31,...,0,2,4,2,3,1,1,2,,0
2,59.166.0.6,1464,149.171.126.7,53,udp,CON,0.001119,146,178,31,...,0,12,8,1,2,2,1,1,,0
3,59.166.0.5,3593,149.171.126.5,53,udp,CON,0.001209,132,164,31,...,0,6,9,1,1,1,1,1,,0
4,59.166.0.3,49664,149.171.126.0,53,udp,CON,0.001169,146,178,31,...,0,7,9,1,1,1,1,1,,0


```

In this section we are trying to find the unique values in the dataset also NAN or null values columns.

The following three columns have null values

- ct_flw_http_mthd:  No. of flows that has methods such as Get and Post in http service. 

- is_ftp_login: If the ftp session is accessed by user and password then 1 else 0.

- attack_cat: The name of each attack category. In this data set, nine categories (e.g., Fuzzers, Analysis, Backdoors, DoS, Exploits,Generic, Reconnaissance, Shellcode and Worms)  

```

In [18]:
# Let's find all the unique values in this DataFrame and count how many times each appears
df.value_counts()


srcip         sport  dstip           dsport  proto  state  dur       sbytes  dbytes  sttl  dttl  sloss  dloss  service  sload         dload         spkts  dpkts  swin  dwin  stcpb       dtcpb       smeansz  dmeansz  trans_depth  res_bdy_len  sjit         djit        stime       ltime       sintpkt     dintpkt     tcprtt    synack    ackdat    is_sm_ips_ports  ct_state_ttl  ct_flw_http_mthd  is_ftp_login  ct_ftp_cmd  ct_srv_src  ct_srv_dst  ct_dst_ltm  ct_src_ltm  ct_src_dport_ltm  ct_dst_sport_ltm  ct_dst_src_ltm  attack_cat      label
175.45.176.3  0      149.171.126.17  0       sep    INT    0.000010  104     0       254   0     0      0      -        4.160000e+07  0.000000      2      0      0     0     0           0           52       0        0            0            0.000000     0.000000    1421928685  1421928685  0.010000    0.000000    0.000000  0.000000  0.000000  0                2             0.0               0.0           0           12          12          5           4 

In [19]:
# Find rows with missing values by checking for NaN values across all columns (axis=1)
missing_rows = df[df.isna().any(axis=1)]
# Get column names where missing values were found in the subset of rows with missing values
missing_cols = missing_rows.columns[missing_rows.isna().any()]
# Print summary of number of rows found with missing values
print(f"\nFound {len(missing_rows)} rows with missing values in columns:")
# Print names of columns containing missing values
print(missing_cols)
# Print the subset of rows and columns containing missing values
print(missing_rows[missing_cols])



Found 2517832 rows with missing values in columns:
Index(['ct_flw_http_mthd', 'is_ftp_login', 'attack_cat'], dtype='object')
         ct_flw_http_mthd  is_ftp_login attack_cat
0                     0.0           0.0        NaN
1                     0.0           0.0        NaN
2                     0.0           0.0        NaN
3                     0.0           0.0        NaN
4                     0.0           0.0        NaN
...                   ...           ...        ...
2540042               NaN           NaN        NaN
2540043               NaN           2.0        NaN
2540044               NaN           2.0        NaN
2540045               2.0           NaN        NaN
2540046               NaN           NaN   Exploits

[2517832 rows x 3 columns]


In [20]:
# checking the sum for null values
df.isnull().sum()

srcip                     0
sport                     0
dstip                     0
dsport                    0
proto                     0
state                     0
dur                       0
sbytes                    0
dbytes                    0
sttl                      0
dttl                      0
sloss                     0
dloss                     0
service                   0
sload                     0
dload                     0
spkts                     0
dpkts                     0
swin                      0
dwin                      0
stcpb                     0
dtcpb                     0
smeansz                   0
dmeansz                   0
trans_depth               0
res_bdy_len               0
sjit                      0
djit                      0
stime                     0
ltime                     0
sintpkt                   0
dintpkt                   0
tcprtt                    0
synack                    0
ackdat                    0
is_sm_ips_ports     

```
In this section we cleared the null values from the following section:

- ct_flw_http_mthd:  No. of flows that has methods such as Get and Post in http service. 

There were 1348145 null values converted into 0.

```

In [21]:
# Check for null values before filling
print("Number of null values before:", df['ct_flw_http_mthd'].isnull().sum())

# Check unique values before transformation
print("\nUnique values before:")
print(df['ct_flw_http_mthd'].unique())

# Show value counts before transformation
print(df['ct_flw_http_mthd'].value_counts())

# Fill null values with 0
df['ct_flw_http_mthd'] = df['ct_flw_http_mthd'].fillna(0)

# Check unique values after transformation
print("\nUnique values after:")
print(df['ct_flw_http_mthd'].unique())

# Show value counts after transformation
print("\nValue counts after:")
print(df['ct_flw_http_mthd'].value_counts())


Number of null values before: 1348145

Unique values before:
[ 0.  1.  2.  4. 14.  8.  6. 12. 10.  3.  5. 36.  9. nan 16. 25. 30.]
ct_flw_http_mthd
0.0     986791
1.0     188008
6.0       7902
4.0       6564
3.0        738
2.0        588
5.0        430
9.0        270
14.0       224
12.0       132
30.0        60
8.0         56
16.0        48
36.0        36
10.0        30
25.0        25
Name: count, dtype: int64

Unique values after:
[ 0.  1.  2.  4. 14.  8.  6. 12. 10.  3.  5. 36.  9. 16. 25. 30.]

Value counts after:
ct_flw_http_mthd
0.0     2334936
1.0      188008
6.0        7902
4.0        6564
3.0         738
2.0         588
5.0         430
9.0         270
14.0        224
12.0        132
30.0         60
8.0          56
16.0         48
36.0         36
10.0         30
25.0         25
Name: count, dtype: int64


```
In this section we cleared the null values from the following section:

- is_ftp_login:  If the ftp session is accessed by user and password then 1 else 0.  

There were 1429879 null values converted into 0.

and 4.0 has 156 values and 2.0 has 30 values in this section.

These values above 1 were converted into 1 value.

```

In [22]:
# Check initial null values and unique values
print("Initial null values:", df['is_ftp_login'].isnull().sum())
print("\nInitial unique values:")
print(df['is_ftp_login'].unique())
print(df['is_ftp_login'].value_counts())

# Fill nulls with 0 and cap values at 1 to create binary column
df['is_ftp_login'] = df['is_ftp_login'].fillna(0)
df['is_ftp_login'] = np.where(df['is_ftp_login']>1, 1, df['is_ftp_login'])

# Show final value distribution
print("\nFinal value counts:")
print(df['is_ftp_login'].value_counts())


Initial null values: 1429879

Initial unique values:
[ 0.  1. nan  2.  4.]
is_ftp_login
0.0    1066593
1.0      43389
4.0        156
2.0         30
Name: count, dtype: int64

Final value counts:
is_ftp_login
0.0    2496472
1.0      43575
Name: count, dtype: int64


```
In this section we cleared the null values from the following section:

- attack_cat:  If the ftp session is accessed by user and password then 1 else 0.  

There were 2218764 null values converted as Normal.


```

In [23]:
# We don't have "Normal" values for "attack_cat", so we must fill Null values with "normal"
# This code performs two operations on the 'attack_cat' column of a dataframe:
# 1. Fills any null/missing values with the string 'normal' using fillna()
# Check for null values before filling
print("Number of null values before:", df['attack_cat'].isnull().sum())

# Check unique values before transformation
print("\nUnique values before:")
print(df['attack_cat'].unique())

# Apply the transformation
df['attack_cat'] = df.attack_cat.fillna(value='Normal').apply(lambda x: x.strip())

# Check for null values after filling
print("\nNumber of null values after:", df['attack_cat'].isnull().sum())

# Check unique values after transformation
print("\nUnique values after:")
print(df['attack_cat'].unique())

# Get value counts to see distribution
print("\nValue counts:")
print(df['attack_cat'].value_counts())#    - Removes leading/trailing whitespace using strip()


Number of null values before: 2218764

Unique values before:
[nan 'Exploits' 'Reconnaissance' 'DoS' 'Generic' 'Shellcode' ' Fuzzers'
 'Worms' 'Backdoors' 'Analysis' ' Reconnaissance ' 'Backdoor' ' Fuzzers '
 ' Shellcode ']

Number of null values after: 0

Unique values after:
['Normal' 'Exploits' 'Reconnaissance' 'DoS' 'Generic' 'Shellcode'
 'Fuzzers' 'Worms' 'Backdoors' 'Analysis' 'Backdoor']

Value counts:
attack_cat
Normal            2218764
Generic            215481
Exploits            44525
Fuzzers             24246
DoS                 16353
Reconnaissance      13987
Analysis             2677
Backdoor             1795
Shellcode            1511
Backdoors             534
Worms                 174
Name: count, dtype: int64


```
Once again all datset unique values column wise checked and found some strange values in the following columns:

- service: http, ftp, ssh, dns ..,else (-)

This section got 1246397 values as - which is then converted into none.

- ct_ftp_cmd:No of flows that has a command in ftp session. 

This section got numeric values with unique chracters like [0, 1, 6, 2, 4, 8, 5, 3, '0', '1', ' ', '2', '4']  which is the converted as '1' as 1.



```

In [24]:
# This code iterates through each column in the DataFrame 'df'
# For each column, it:
# 1. Prints the column name
# 2. Uses value_counts() to display how many times each unique value appears in that column
# Display unique values and their counts for each column
for column in df.columns:
    print(f"\n{column}:")
    print(df[column].value_counts())



srcip:
srcip
59.166.0.4         197959
59.166.0.1         197680
59.166.0.5         197626
59.166.0.2         197550
59.166.0.0         197528
59.166.0.3         195953
59.166.0.9         190187
59.166.0.6         189419
59.166.0.8         189341
59.166.0.7         189059
175.45.176.1       127998
175.45.176.3       118673
175.45.176.0        82999
149.171.126.18      81680
149.171.126.15      44883
149.171.126.14      41047
175.45.176.2        32026
149.171.126.10      30365
149.171.126.12      16082
10.40.85.1           4018
10.40.182.1          3984
10.40.182.6          3492
10.40.85.30          2138
10.40.182.3          2105
10.40.170.2          2094
10.40.85.10           793
149.171.126.5         339
149.171.126.1         311
149.171.126.3         311
149.171.126.4         300
149.171.126.6         298
149.171.126.2         295
149.171.126.8         291
149.171.126.9         285
149.171.126.7         270
149.171.126.0         261
149.171.126.13        218
192.168.241.243       10

In [25]:
# Count the number of occurrences of each unique value in the 'service' column
# Returns a Series with the value counts in descending order
df['service'].value_counts()

service
-           1246397
dns          781668
http         206273
ftp-data     125783
smtp          81645
ftp           49090
ssh           47160
pop3           1533
dhcp            172
ssl             142
snmp            113
radius           40
irc              31
Name: count, dtype: int64

In [26]:
# Replace all instances of "-" with "None" in the 'service' column using more readable method
df['service'] = df['service'].replace('-', 'none')
# Get the count of unique values in the 'service' column after removing "-" with none
df['service'].value_counts()


service
none        1246397
dns          781668
http         206273
ftp-data     125783
smtp          81645
ftp           49090
ssh           47160
pop3           1533
dhcp            172
ssl             142
snmp            113
radius           40
irc              31
Name: count, dtype: int64

In [27]:
# Count the frequency of each unique value in the 'ct_ftp_cmd' column
# Returns a Series with unique values as index and their counts as values
df['ct_ftp_cmd'].value_counts()


ct_ftp_cmd
     1429879
0    1060763
1      22903
1      17174
0       5735
2       1234
4        804
3        729
6        332
5        290
4        156
2         30
8         18
Name: count, dtype: int64

In [None]:
# Get unique values in the 'ct_ftp_cmd' column of the dataframe
# Returns array of distinct FTP commands used in the dataset
df['ct_ftp_cmd'].unique()

array([0, 1, 6, 2, 4, 8, 5, 3, '0', '1', ' ', '2', '4'], dtype=object)

In [29]:
# Map values to correct categories (0-8)
df['ct_ftp_cmd'] = df['ct_ftp_cmd'].map({
    0: 0,
    1: 1,
    '1': 1,  # Convert string '1' to int 1
    2: 2,
    '2': 2,
    3: 3,
    4: 4,
    '4': 4,
    5: 5,
    6: 6,
    8: 8
})

# Verify the cleanup
print(df['ct_ftp_cmd'].value_counts().sort_index())

ct_ftp_cmd
0.0    1060763
1.0      40077
2.0       1264
3.0        729
4.0        960
5.0        290
6.0        332
8.0         18
Name: count, dtype: int64


```
As most of the dataset is cleaned and can be downloaded into a Cleaned_full_data.csv csv file

```

In [30]:
# Export the cleaned DataFrame to a CSV file
# The file will be saved in the current directory as 'Cleaned_full_data.csv'
# index=False prevents the DataFrame index from being written to the CSV
# This file will be too big to load in github so change the path to other location


# df.to_csv('./Cleaned_full_data.csv', index=False)
