In [30]:
import pandas as pd 
from sklearn.preprocessing import StandardScaler
from sklearn.ensemble import IsolationForest
import numpy as np

scaler = StandardScaler()
dataset = pd.read_csv("Benign_train.pcap.csv")
feature_means = dataset.mean()
scaled_dataset = scaler.fit_transform(dataset)
model = IsolationForest(n_estimators=50,contamination="auto",random_state=67)
dataset = dataset.astype(float)

model.fit(scaled_dataset)

slow_scan = dataset.iloc[[35]].copy().reset_index(drop=True)
slow_scan.loc[0, "Header_Length"] = 34
slow_scan.loc[0, "Protocol Type"] = 6
slow_scan.loc[0, "Time_To_Live"] = 64
slow_scan.loc[0, "TCP"] = 1
slow_scan.loc[0, "IPv"] = 1
slow_scan.loc[0, "LLC"] = 1

slow_scan.loc[0, "IAT"] = 0.45
slow_scan.loc[0, "Rate"] = 120
slow_scan.loc[0, "Number"] = 100

slow_scan.loc[0, "syn_count"] = 82
slow_scan.loc[0, "ack_count"] = 16
slow_scan.loc[0, "rst_count"] = 35
slow_scan.loc[0, "fin_count"] = 1

slow_scan.loc[0, "syn_flag_number"] = 0.84
slow_scan.loc[0, "ack_flag_number"] = 0.16
slow_scan.loc[0, "rst_flag_number"] = 0.35
slow_scan.loc[0, "fin_flag_number"] = 0.01

slow_scan.loc[0, "Min"] = 60
slow_scan.loc[0, "Max"] = 74
slow_scan.loc[0, "AVG"] = 64
slow_scan.loc[0, "Std"] = 3.5
slow_scan.loc[0, "Variance"] = 12.25
slow_scan.loc[0, "Tot size"] = 64
slow_scan.loc[0, "Tot sum"] = 6400

slow_scan = slow_scan.fillna(feature_means)
slow_scan_scaled = scaler.transform(slow_scan)
prediction = model.predict(slow_scan_scaled)[0]
score = model.decision_function(slow_scan_scaled)[0]

print("---- Slow Scan ----")
print("Prediction:", "Anomaly " if prediction == -1 else "Normal")
print(f"Anomaly Score: {score:.3f}")
print(" ")

df = dataset.iloc[[35]].copy().reset_index(drop=True)
df.loc[0, "Header_Length"] = 31.0
df.loc[0, "Protocol Type"] = 6.0
df.loc[0, "Time_To_Live"] = 64.0
df.loc[0, "Rate"] = 18500.0
df.loc[0, "fin_flag_number"] = 0.002
df.loc[0, "syn_flag_number"] = 0.88
df.loc[0, "rst_flag_number"] = 0.42
df.loc[0, "ack_flag_number"] = 0.12
df.loc[0, "ack_count"] = 120.0
df.loc[0, "syn_count"] = 880.0
df.loc[0, "fin_count"] = 2.0
df.loc[0, "rst_count"] = 420.0
df.loc[0, "TCP"] = 1.0
df.loc[0, "IPv"] = 1.0
df.loc[0, "LLC"] = 1.0
df.loc[0, "Tot sum"] = 64000.0
df.loc[0, "Min"] = 60.0
df.loc[0, "Max"] = 74.0
df.loc[0, "AVG"] = 64.0
df.loc[0, "Std"] = 3.0
df.loc[0, "Tot size"] = 64.0
df.loc[0, "IAT"] = 0.000040
df.loc[0, "Number"] = 1000.0
df.loc[0, "Variance"] = 9.0

df = df.fillna(feature_means)
aggressive_scan_scaled = scaler.transform(df)
prediction = model.predict(aggressive_scan_scaled)[0]
score = model.decision_function(aggressive_scan_scaled)[0]

print("---- Aggressive Scan ----")
print("Prediction:", "Anomaly " if prediction == -1 else "Normal")
print(f"Anomaly Score: {score:.3f}")
print(" ")

evasive = dataset.iloc[[35]].copy().reset_index(drop=True)
evasive.loc[0, "Header_Length"] = 31.0
evasive.loc[0, "Protocol Type"] = 6.0
evasive.loc[0, "Time_To_Live"] = 70.0
evasive.loc[0, "Rate"] = 22.0
evasive.loc[0, "fin_flag_number"] = 0.08
evasive.loc[0, "syn_flag_number"] = 0.06
evasive.loc[0, "rst_flag_number"] = 0.02
evasive.loc[0, "psh_flag_number"] = 0.40
evasive.loc[0, "ack_flag_number"] = 0.92
evasive.loc[0, "ack_count"] = 92.0
evasive.loc[0, "syn_count"] = 4.0
evasive.loc[0, "fin_count"] = 6.0
evasive.loc[0, "rst_count"] = 2.0
evasive.loc[0, "HTTPS"] = 0.12
evasive.loc[0, "TCP"] = 0.98
evasive.loc[0, "UDP"] = 0.02
evasive.loc[0, "IPv"] = 1.0
evasive.loc[0, "LLC"] = 1.0
evasive.loc[0, "Tot sum"] = 11800.0
evasive.loc[0, "Min"] = 60.0
evasive.loc[0, "Max"] = 1100.0
evasive.loc[0, "AVG"] = 118.0
evasive.loc[0, "Std"] = 140.0
evasive.loc[0, "Tot size"] = 118.0
evasive.loc[0, "IAT"] = 0.048
evasive.loc[0, "Number"] = 100.0
evasive.loc[0, "Variance"] = 19600.0

evasive = evasive.fillna(feature_means)
evasive_scan_scaled = scaler.transform(evasive)
prediction = model.predict(evasive_scan_scaled)[0]
score = model.decision_function(evasive_scan_scaled)[0]

print("---- Evasive Scan ----")
print("Prediction:", "Anomaly " if prediction == -1 else "Normal")
print(f"Anomaly Score: {score:.3f}")
print(" ")


vuln  = dataset.iloc[[35]].copy().reset_index(drop=True)
vuln.loc[0, "Header_Length"] = 18.8
vuln.loc[0, "Protocol Type"] = 6.0
vuln.loc[0, "Time_To_Live"] = 146.6
vuln.loc[0, "Rate"] = 36.141654
vuln.loc[0, "ack_count"] = 9.0
vuln.loc[0, "HTTPS"] = 0.4
vuln.loc[0, "TCP"] = 0.9
vuln.loc[0, "UDP"] = 0.1
vuln.loc[0, "IPv"] = 1.0
vuln.loc[0, "LLC"] = 1.0
vuln.loc[0, "Tot sum"] = 2611.0
vuln.loc[0, "Min"] = 60.0
vuln.loc[0, "Max"] = 930.0
vuln.loc[0, "AVG"] = 261.1
vuln.loc[0, "Std"] = 347.592817
vuln.loc[0, "Tot size"] = 261.1
vuln.loc[0, "IAT"] = 0.027669
vuln.loc[0, "Number"] = 10.0
vuln.loc[0, "Variance"] = 120820.766667

vuln = vuln.fillna(feature_means)
vuln_scan_scaled = scaler.transform(vuln)
prediction = model.predict(vuln_scan_scaled)[0]
score = model.decision_function(vuln_scan_scaled)[0]

print("---- Vulnerability Scan ----")
print("Prediction:", "Anomaly " if prediction == -1 else "Normal")
print(f"Anomaly Score: {score:.3f}")
print(" ")


mqtt  = dataset.iloc[[35]].copy().reset_index(drop=True)
mqtt.loc[0, "Header_Length"] = 33.0
mqtt.loc[0, "Protocol Type"] = 6.0
mqtt.loc[0, "Time_To_Live"] = 64.0
mqtt.loc[0, "Rate"] = 7363.724784
mqtt.loc[0, "fin_flag_number"] = 0.03
mqtt.loc[0, "syn_flag_number"] = 0.17
mqtt.loc[0, "rst_flag_number"] = 0.21
mqtt.loc[0, "psh_flag_number"] = 0.27
mqtt.loc[0, "ack_flag_number"] = 0.91
mqtt.loc[0, "ack_count"] = 91.0
mqtt.loc[0, "syn_count"] = 17.0
mqtt.loc[0, "fin_count"] = 3.0
mqtt.loc[0, "rst_count"] = 21.0
mqtt.loc[0, "TCP"] = 1.0
mqtt.loc[0, "IPv"] = 1.0
mqtt.loc[0, "LLC"] = 1.0
mqtt.loc[0, "Tot sum"] = 7058.0
mqtt.loc[0, "Min"] = 60.0
mqtt.loc[0, "Max"] = 83.0
mqtt.loc[0, "AVG"] = 70.58
mqtt.loc[0, "Std"] = 6.650253
mqtt.loc[0, "Tot size"] = 70.58
mqtt.loc[0, "IAT"] = 0.000136
mqtt.loc[0, "Number"] = 100.0
mqtt.loc[0, "Variance"] = 44.225859

mqtt = mqtt.fillna(feature_means)
mqtt_scan_scaled = scaler.transform(mqtt)
prediction = model.predict(mqtt_scan_scaled)[0]
score = model.decision_function(mqtt_scan_scaled)[0]

print("---- MQTT DoS ----")
print("Prediction:", "Anomaly " if prediction == -1 else "Normal")
print(f"Anomaly Score: {score:.3f}")
print(" ")

---- Slow Scan ----
Prediction: Anomaly 
Anomaly Score: -0.114
 
---- Aggressive Scan ----
Prediction: Anomaly 
Anomaly Score: -0.101
 
---- Evasive Scan ----
Prediction: Anomaly 
Anomaly Score: -0.018
 
---- Vulnerability Scan ----
Prediction: Normal
Anomaly Score: 0.021
 
---- MQTT DoS ----
Prediction: Anomaly 
Anomaly Score: -0.100
 
