# Preparacion del DataSet

En este Notebook se muestran algunos de los mecanismos mas utilizados para la preparacion del DataSet

## DataSet 

### Descripccion 

ISCX NSL-KDD dataset 2009 
We apologize, this dataset is no longer available.

ISCX NSL-KDD is a data set suggested to solve some of the inherent problems of the KDD'99 data set which are mentioned in [1]. Although, this new version of the KDD data set still suffers from some of the problems discussed by McHugh and may not be a perfect representative of existing real networks, because of the lack of public data sets for network-based IDSs, we believe it still can be applied as an effective benchmark data set to help researchers compare different intrusion detection methods.

Furthermore, the number of records in the NSL-KDD train and test sets are reasonable. This advantage makes it affordable to run the experiments on the complete set without the need to randomly select a small portion. Consequently, evaluation results of different research work will be consistent and comparable.

### Data files

* <spam style="color:green"> KDDTrain+.ARFF: The full NSL-KDD train set with binary labels in ARFF formatm<spam>
* KDDTrain+.TXT: The full NSL-KDD train set including attack-type labels and difficulty level in CSV format
* KDDTrain+_20Percent.ARFF: A 20% subset of the KDDTrain+.arff file
* KDDTrain+_20Percent.TXT: A 20% subset of the KDDTrain+.txt file
* KDDTest+.ARFF: The full NSL-KDD test set with binary labels in ARFF format
* KDDTest+.TXT: The full NSL-KDD test set including attack-type labels and difficulty level in CSV format
* KDDTest-21.ARFF: A subset of the KDDTest+.arff file which does not include records with difficulty level of 21 out of 21
* KDDTest-21.TXT: A subset of the KDDTest+.txt file which does not include records with difficulty level of 21 out of 21
* Improvements to the KDD'99 dataset
The ISCX NSL-KDD data set has the following advantages over the original KDD data set:

It does not include redundant records in the train set, so the classifiers will not be biased towards more frequent records.
There is no duplicate records in the proposed test sets; therefore, the performance of the learners are not biased by the methods which have better detection rates on the frequent records.
The number of selected records from each difficultylevel group is inversely proportional to the percentage of records in the original KDD data set. As a result, the classification rates of distinct machine learning methods vary in a wider range, which makes it more efficient to have an accurate evaluation of different learning techniques.
The number of records in the train and test sets are reasonable, which makes it affordable to run the experiments on the complete set without the need to randomly select a small portion. Consequently, evaluation results of different research works will be consistent and comparable.
Statistical observations
One of the most important deficiencies in the KDD data set is the huge number of redundant records, which causes the learning algorithms to be biased towards the frequent records, and thus prevent them from learning unfrequent records which are usually more harmful to networks such as U2R and R2L attacks. In addition, the existence of these repeated records in the test set will cause the evaluation results to be biased by the methods which have better detection rates on the frequent records.

In addition, we analyzed the difficulty level of the records in KDD data set. Surprisingly, about 98% of the records in the train set and 86% of the records in the test set were correctly classified with all the 21 learners.

In order to perform our experiments, we randomly created three smaller subsets of the KDD train set each of which included fifty thousand records of information. Each of the learners where trained over the created train sets. We then employed the 21 learned machines (7 learners, each trained 3 times) to label the records of the entire KDD train and test sets, which provides us with 21 predicated labels for each record. Further, we annotated each record of the data set with a #successfulPrediction value, which was initialized to zero. Now, since the KDD data set provides the correct label for each record, we compared the predicated label of each record given by a specific learner with the actual label, where we incremented #successfulPrediction by one if a match was found. Through this process, we calculated the number of learners that were able to correctly label that given record. The highest value for #successfulPrediction is 21, which conveys the fact that all learners were able to correctly predict the label of that record.

Statistics of redundant records in the KDD train set
Original records | Distinct records | Reduction rate

Attacks: 3,925,650 | 262,178 | 93.32%
Normal: 972,781 | 812,814 | 16.44%
Total: 4,898,431 | 1,074,992 | 78.05%
Statistics of redundant records in the KDD test set
Original records | Distinct records | Reduction rate

Attacks: 250,436 | 29,378 | 88.26%
Normal: 60,591 | 47,911 | 20.92%
Total: 311,027 | 77,289 | 75.15%

License
You may redistribute, republish, and mirror the ISCX NSL-KDD dataset in any form. However, any use or redistribution of the data must include a citation to the NSL-KDD dataset and the paper referenced below.

References: [1] M. Tavallaee, E. Bagheri, W. Lu, and A. Ghorbani, “A Detailed Analysis of the KDD CUP 99 Data Set,” Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA), 2009.

[URL](https://www.unb.ca/cic/datasets/nsl.html)

## Imports

In [44]:
import arff
import pandas as pd
import numpy as np 
from sklearn.model_selection import train_test_split

## Funciones auxiliares 

In [45]:
def load_kdd_dataset(data_path):
   """Lectura del DataSet NLS-KDD"""
   with open(data_path, "r") as train_set:
      dataset = arff.load(train_set)
      attributes = [attr[0] for attr in dataset["attributes"]]
      return pd.DataFrame(dataset["data"], columns=attributes)

In [46]:
from sklearn.model_selection import train_test_split

# Construcción de una función que realice el particionado completo
def train_val_test_split(df, rstate=42, shuffle=True, stratify=None):
    strat = df[stratify] if stratify else None
    
    # División: 60% train, 40% test+val
    train_set, test_set = train_test_split(
        df, test_size=0.4, random_state=rstate, shuffle=shuffle, stratify=strat
    )
    
    strat = test_set[stratify] if stratify else None
    
    # División del 40% en val y test (20% y 20%)
    val_set, test_set = train_test_split(
        test_set, test_size=0.5, random_state=rstate, shuffle=shuffle, stratify=strat
    )
    
    return train_set, val_set, test_set


## 1.- Lectura del DataSet

In [47]:
df = load_kdd_dataset(r"C:\Users\yanet\OneDrive\Documentos\ANTLR\datasets\NSL-KDD/KDDTrain+.arff")

## 2.- Divicion del DataSet

In [48]:
train_set, val_set, test_set = train_val_test_split(df, stratify='protocol_type')

In [49]:
print("Longitud del Trrain Set", len(train_set))
print("Longitud del Validation Set", len(val_set))
print("Longitud del Test Set", len(test_set))

Longitud del Trrain Set 75583
Longitud del Validation Set 25195
Longitud del Test Set 25195


# 3.- Limpieza de los datos 

Antes de comenzar , es necesario recuperar el Dataset limpio y separar las etiquetas del resto de los datos , no es necesariamente se requiere aplicar las mismas transformaciones en ambos conjuntos 

In [50]:
#Separar las características de entrada  de las características de salida (etiquetas)
X_train = train_set.drop("class", axis=1)
y_train = train_set["class"].copy()


In [51]:
#Para facilitar esta secccion es necesario definir algunos valores nulos
#a algunas caracteristicas del dataset
X_train.loc[(X_train["src_bytes"]>400) & (X_train["src_bytes"]>800), "src_bytes"] = np.nan
X_train.loc[(X_train["dst_bytes"]>400) & (X_train["dst_bytes"]>800), "dst_bytes"] = np.nan

X_train

Unnamed: 0,duration,protocol_type,service,flag,src_bytes,dst_bytes,land,wrong_fragment,urgent,hot,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
113467,0.0,tcp,http,SF,407.0,,0,0.0,0.0,0.0,...,9.0,255.0,1.00,0.00,0.11,0.03,0.00,0.00,0.0,0.0
31899,0.0,tcp,private,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,4.0,0.02,0.05,0.00,0.00,1.00,1.00,0.0,0.0
108116,0.0,tcp,http,SF,304.0,636.0,0,0.0,0.0,0.0,...,39.0,255.0,1.00,0.00,0.03,0.06,0.00,0.00,0.0,0.0
89913,0.0,tcp,private,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,15.0,0.06,0.07,0.00,0.00,1.00,1.00,0.0,0.0
106319,0.0,icmp,eco_i,SF,8.0,0.0,0,0.0,0.0,0.0,...,2.0,7.0,1.00,0.00,1.00,0.57,0.00,0.00,0.0,0.0
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
64559,0.0,tcp,systat,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,20.0,0.08,0.06,0.00,0.00,1.00,1.00,0.0,0.0
67272,0.0,tcp,http,SF,210.0,736.0,0,0.0,0.0,0.0,...,119.0,255.0,1.00,0.00,0.01,0.02,0.02,0.01,0.0,0.0
32452,3.0,tcp,smtp,SF,,328.0,0,0.0,0.0,0.0,...,111.0,155.0,0.64,0.04,0.01,0.01,0.01,0.00,0.0,0.0
112657,0.0,tcp,http,SF,284.0,444.0,0,0.0,0.0,0.0,...,255.0,255.0,1.00,0.00,0.00,0.00,0.00,0.00,0.0,0.0


La mayoria de los algoritmos de Machine Learning no pueden trabajar sobre caracteristicas que contengan valores nulos .Por ello exixtem tres opciones para remplazarlos :

* Eliminar las filas correspondeientes.
* Eliminar el atributo (columna) corrrespondiente.
* Rellenar con un valor determinado (zero, media, mediana, ...).

In [52]:
#comprobar si existe algun atributo con valores nulos 
X_train.isna().any()

duration                       False
protocol_type                  False
service                        False
flag                           False
src_bytes                       True
dst_bytes                       True
land                           False
wrong_fragment                 False
urgent                         False
hot                            False
num_failed_logins              False
logged_in                      False
num_compromised                False
root_shell                     False
su_attempted                   False
num_root                       False
num_file_creations             False
num_shells                     False
num_access_files               False
num_outbound_cmds              False
is_host_login                  False
is_guest_login                 False
count                          False
srv_count                      False
serror_rate                    False
srv_serror_rate                False
rerror_rate                    False
s

In [53]:
#Seleccionar las filas que contienen valores nulos
filas_valores_nulos = X_train[X_train.isnull().any(axis=1)]
filas_valores_nulos

Unnamed: 0,duration,protocol_type,service,flag,src_bytes,dst_bytes,land,wrong_fragment,urgent,hot,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
113467,0.0,tcp,http,SF,407.0,,0,0.0,0.0,0.0,...,9.0,255.0,1.00,0.00,0.11,0.03,0.00,0.0,0.00,0.00
16447,0.0,tcp,smtp,SF,,363.0,0,0.0,0.0,0.0,...,141.0,137.0,0.55,0.04,0.01,0.01,0.00,0.0,0.00,0.00
100052,0.0,tcp,http,SF,206.0,,0,0.0,0.0,0.0,...,255.0,255.0,1.00,0.00,0.00,0.00,0.00,0.0,0.00,0.00
78082,0.0,tcp,ftp_data,SF,,0.0,0,0.0,0.0,0.0,...,93.0,51.0,0.23,0.03,0.23,0.04,0.00,0.0,0.00,0.00
29208,0.0,tcp,http,SF,336.0,,0,0.0,0.0,0.0,...,255.0,255.0,1.00,0.00,0.00,0.00,0.00,0.0,0.00,0.00
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
44289,0.0,tcp,http,SF,337.0,,0,0.0,0.0,0.0,...,68.0,255.0,1.00,0.00,0.01,0.04,0.00,0.0,0.00,0.00
70184,0.0,tcp,http,SF,315.0,,0,0.0,0.0,0.0,...,255.0,255.0,1.00,0.00,0.00,0.00,0.00,0.0,0.00,0.00
42166,0.0,tcp,smtp,SF,,328.0,0,0.0,0.0,0.0,...,219.0,139.0,0.57,0.02,0.00,0.01,0.00,0.0,0.03,0.04
32452,3.0,tcp,smtp,SF,,328.0,0,0.0,0.0,0.0,...,111.0,155.0,0.64,0.04,0.01,0.01,0.01,0.0,0.00,0.00


### Opcion 1 : Eliminar las filas con valores nulos 


In [54]:
#Copiar el DataFrame para no alterar el original
X_train_copy = X_train.copy()

In [55]:
#Eliminar las filas con valores nulos
X_train_copy.dropna(subset=['src_bytes', 'dst_bytes'], inplace=True)
X_train_copy

Unnamed: 0,duration,protocol_type,service,flag,src_bytes,dst_bytes,land,wrong_fragment,urgent,hot,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
31899,0.0,tcp,private,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,4.0,0.02,0.05,0.00,0.00,1.00,1.00,0.0,0.0
108116,0.0,tcp,http,SF,304.0,636.0,0,0.0,0.0,0.0,...,39.0,255.0,1.00,0.00,0.03,0.06,0.00,0.00,0.0,0.0
89913,0.0,tcp,private,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,15.0,0.06,0.07,0.00,0.00,1.00,1.00,0.0,0.0
106319,0.0,icmp,eco_i,SF,8.0,0.0,0,0.0,0.0,0.0,...,2.0,7.0,1.00,0.00,1.00,0.57,0.00,0.00,0.0,0.0
98007,0.0,udp,domain_u,SF,46.0,139.0,0,0.0,0.0,0.0,...,255.0,254.0,1.00,0.01,0.00,0.00,0.00,0.00,0.0,0.0
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
55359,0.0,tcp,http,SF,283.0,237.0,0,0.0,0.0,0.0,...,91.0,255.0,1.00,0.00,0.01,0.05,0.00,0.01,0.0,0.0
90665,0.0,tcp,ftp_data,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,63.0,0.25,0.02,0.02,0.00,1.00,1.00,0.0,0.0
64559,0.0,tcp,systat,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,20.0,0.08,0.06,0.00,0.00,1.00,1.00,0.0,0.0
67272,0.0,tcp,http,SF,210.0,736.0,0,0.0,0.0,0.0,...,119.0,255.0,1.00,0.00,0.01,0.02,0.02,0.01,0.0,0.0


In [56]:
#Contar el numero de atributos eliminados 
print("Numero de atributos  eliminadas es :", len(list(X_train)) - len(list(X_train_copy)))

Numero de atributos  eliminadas es : 0


In [57]:
#Contar el numero de atributos eliminados 
print("Numero de atributos  eliminadas es :", len((X_train)) - len((X_train_copy)))

Numero de atributos  eliminadas es : 23083


### Opcion 2: Eliminar los atributos con valores nulos 

In [58]:
#Copiar el DataFrame para no afectar el original
X_train_copy = X_train.copy()

In [59]:
#Eliminar los atributos con valores nulos
X_train_copy.drop(['src_bytes', 'dst_bytes'], axis=1, inplace=True)
X_train_copy

Unnamed: 0,duration,protocol_type,service,flag,land,wrong_fragment,urgent,hot,num_failed_logins,logged_in,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
113467,0.0,tcp,http,SF,0,0.0,0.0,0.0,0.0,1,...,9.0,255.0,1.00,0.00,0.11,0.03,0.00,0.00,0.0,0.0
31899,0.0,tcp,private,S0,0,0.0,0.0,0.0,0.0,0,...,255.0,4.0,0.02,0.05,0.00,0.00,1.00,1.00,0.0,0.0
108116,0.0,tcp,http,SF,0,0.0,0.0,0.0,0.0,1,...,39.0,255.0,1.00,0.00,0.03,0.06,0.00,0.00,0.0,0.0
89913,0.0,tcp,private,S0,0,0.0,0.0,0.0,0.0,0,...,255.0,15.0,0.06,0.07,0.00,0.00,1.00,1.00,0.0,0.0
106319,0.0,icmp,eco_i,SF,0,0.0,0.0,0.0,0.0,0,...,2.0,7.0,1.00,0.00,1.00,0.57,0.00,0.00,0.0,0.0
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
64559,0.0,tcp,systat,S0,0,0.0,0.0,0.0,0.0,0,...,255.0,20.0,0.08,0.06,0.00,0.00,1.00,1.00,0.0,0.0
67272,0.0,tcp,http,SF,0,0.0,0.0,0.0,0.0,1,...,119.0,255.0,1.00,0.00,0.01,0.02,0.02,0.01,0.0,0.0
32452,3.0,tcp,smtp,SF,0,0.0,0.0,0.0,0.0,1,...,111.0,155.0,0.64,0.04,0.01,0.01,0.01,0.00,0.0,0.0
112657,0.0,tcp,http,SF,0,0.0,0.0,0.0,0.0,1,...,255.0,255.0,1.00,0.00,0.00,0.00,0.00,0.00,0.0,0.0


In [60]:
#Contar el numero de atributos eliminados
print("Numero de atributos  eliminadas es :", len(list(X_train)) - len(list(X_train_copy)))

Numero de atributos  eliminadas es : 2


### Opcion 3 : Rellenar los valores nulos con un valor determinado 

In [61]:
#Copiar el DataSet para no alterar el original
X_train_copy = X_train.copy()

In [62]:
#Rellenar los valores nulos con media de los vaores del atributo
media_srcbytes = X_train_copy["src_bytes"].mean()
media_dstbytes = X_train_copy["dst_bytes"].mean()

X_train_copy["src_bytes"].fillna(media_srcbytes, inplace=True)
X_train_copy["dst_bytes"].fillna(media_dstbytes, inplace=True)

X_train_copy

The behavior will change in pandas 3.0. This inplace method will never work because the intermediate object on which we are setting values always behaves as a copy.

For example, when doing 'df[col].method(value, inplace=True)', try using 'df.method({col: value}, inplace=True)' or df[col] = df[col].method(value) instead, to perform the operation inplace on the original object.


  X_train_copy["src_bytes"].fillna(media_srcbytes, inplace=True)
The behavior will change in pandas 3.0. This inplace method will never work because the intermediate object on which we are setting values always behaves as a copy.

For example, when doing 'df[col].method(value, inplace=True)', try using 'df.method({col: value}, inplace=True)' or df[col] = df[col].method(value) instead, to perform the operation inplace on the original object.


  X_train_copy["dst_bytes"].fillna(media_dstbytes, inplace=True)


Unnamed: 0,duration,protocol_type,service,flag,src_bytes,dst_bytes,land,wrong_fragment,urgent,hot,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
113467,0.0,tcp,http,SF,407.000000,84.864483,0,0.0,0.0,0.0,...,9.0,255.0,1.00,0.00,0.11,0.03,0.00,0.00,0.0,0.0
31899,0.0,tcp,private,S0,0.000000,0.000000,0,0.0,0.0,0.0,...,255.0,4.0,0.02,0.05,0.00,0.00,1.00,1.00,0.0,0.0
108116,0.0,tcp,http,SF,304.000000,636.000000,0,0.0,0.0,0.0,...,39.0,255.0,1.00,0.00,0.03,0.06,0.00,0.00,0.0,0.0
89913,0.0,tcp,private,S0,0.000000,0.000000,0,0.0,0.0,0.0,...,255.0,15.0,0.06,0.07,0.00,0.00,1.00,1.00,0.0,0.0
106319,0.0,icmp,eco_i,SF,8.000000,0.000000,0,0.0,0.0,0.0,...,2.0,7.0,1.00,0.00,1.00,0.57,0.00,0.00,0.0,0.0
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
64559,0.0,tcp,systat,S0,0.000000,0.000000,0,0.0,0.0,0.0,...,255.0,20.0,0.08,0.06,0.00,0.00,1.00,1.00,0.0,0.0
67272,0.0,tcp,http,SF,210.000000,736.000000,0,0.0,0.0,0.0,...,119.0,255.0,1.00,0.00,0.01,0.02,0.02,0.01,0.0,0.0
32452,3.0,tcp,smtp,SF,111.567842,328.000000,0,0.0,0.0,0.0,...,111.0,155.0,0.64,0.04,0.01,0.01,0.01,0.00,0.0,0.0
112657,0.0,tcp,http,SF,284.000000,444.000000,0,0.0,0.0,0.0,...,255.0,255.0,1.00,0.00,0.00,0.00,0.00,0.00,0.0,0.0


#### Existe otra alternativa para la opcion 3 , que conciste en usar la clase imputer de Sklearn

In [63]:
#coptar el DataSet para no alterar el original
X_train_copy = X_train.copy()

In [64]:
from sklearn.impute import SimpleImputer
imputer = SimpleImputer(strategy='median')

In [65]:
#Lac clase imputer no admite valores categóricos; eliminar los atributos categóricos
X_train_copy_num = X_train_copy.select_dtypes(exclude=['object'])
X_train_copy_num.info()


<class 'pandas.core.frame.DataFrame'>
Index: 75583 entries, 113467 to 99030
Data columns (total 34 columns):
 #   Column                       Non-Null Count  Dtype  
---  ------                       --------------  -----  
 0   duration                     75583 non-null  float64
 1   src_bytes                    67915 non-null  float64
 2   dst_bytes                    58797 non-null  float64
 3   wrong_fragment               75583 non-null  float64
 4   urgent                       75583 non-null  float64
 5   hot                          75583 non-null  float64
 6   num_failed_logins            75583 non-null  float64
 7   num_compromised              75583 non-null  float64
 8   root_shell                   75583 non-null  float64
 9   su_attempted                 75583 non-null  float64
 10  num_root                     75583 non-null  float64
 11  num_file_creations           75583 non-null  float64
 12  num_shells                   75583 non-null  float64
 13  num_access_files

In [66]:
#Se le proporcionan los atributos numeriscos para que calcule los valores 
imputer.fit(X_train_copy_num)

0,1,2
,missing_values,
,strategy,'median'
,fill_value,
,copy,True
,add_indicator,False
,keep_empty_features,False


In [67]:
#Rellenar los valores nulos 
X_train_copy_num_noman = imputer.transform(X_train_copy_num)

In [68]:
#Transformar el resultado a un  DataFrame de Pandas
X_train_copy = pd.DataFrame(X_train_copy_num_noman, columns=X_train_copy_num.columns)
X_train_copy.head(10)

Unnamed: 0,duration,src_bytes,dst_bytes,wrong_fragment,urgent,hot,num_failed_logins,num_compromised,root_shell,su_attempted,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
0,0.0,407.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,9.0,255.0,1.0,0.0,0.11,0.03,0.0,0.0,0.0,0.0
1,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,255.0,4.0,0.02,0.05,0.0,0.0,1.0,1.0,0.0,0.0
2,0.0,304.0,636.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,39.0,255.0,1.0,0.0,0.03,0.06,0.0,0.0,0.0,0.0
3,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,255.0,15.0,0.06,0.07,0.0,0.0,1.0,1.0,0.0,0.0
4,0.0,8.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,2.0,7.0,1.0,0.0,1.0,0.57,0.0,0.0,0.0,0.0
5,0.0,46.0,139.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,255.0,254.0,1.0,0.01,0.0,0.0,0.0,0.0,0.0,0.0
6,0.0,12.0,363.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,141.0,137.0,0.55,0.04,0.01,0.01,0.0,0.0,0.0,0.0
7,1.0,729.0,329.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,198.0,181.0,0.65,0.03,0.01,0.01,0.02,0.02,0.0,0.0
8,0.0,206.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,255.0,255.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
9,0.0,334.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,8.0,28.0,1.0,0.0,1.0,0.11,0.0,0.0,0.0,0.0


## Api's de Sklearn 

Antes de continuar es necesario hacer una pequeña reseña sobre somo funcionan las API's de Skelearn:

* **Estimators**: Cualquier odjecto que pueda estimar algun parametro:

      - El propio estimador , se forma mediante el metodo fit(), que siempre toma un DataSet como argumento.
      - Cualquier otro parametro de este metodo , es un hiperparametro.

* **Transformers**:Son estimadores capaces de transformar el DataSet (como imputer)

      -La tranformacion se realiza mediante el metodo transforn().
      -Reciben un dataset como parametro de entrada

* **Predictors**: Son estimadores capaces de realizar prediciones:

      - La prediccion se realiza mediante el metodo predict().
      - Reciben un DataSet como entrada.
      - Reciben un DataSet como predicciones 
      - Tienen un metodo score() para evaluar el resultado de la prediccion.

## 4.- Transformacion de atributos catagoricos a numericos 

Antes de comenzar es necesario recuperar el dataSet limpio y separa  las etiquetas del esrto de datos , no necesariamente se quiere aplicar las mismas transformaciones en ambos conjuntos 

In [69]:
X_train = train_set.drop("class", axis=1)
y_train= train_set["class"].copy()

Los algoritmos de Machine Learning por norma geneneral inguieren datos numericos .En este DataSet se teiene una gran catidiad de valores categoricos y en consecuencia se deben de compartir a numericos 

In [70]:
X_train.info()

<class 'pandas.core.frame.DataFrame'>
Index: 75583 entries, 113467 to 99030
Data columns (total 41 columns):
 #   Column                       Non-Null Count  Dtype  
---  ------                       --------------  -----  
 0   duration                     75583 non-null  float64
 1   protocol_type                75583 non-null  object 
 2   service                      75583 non-null  object 
 3   flag                         75583 non-null  object 
 4   src_bytes                    75583 non-null  float64
 5   dst_bytes                    75583 non-null  float64
 6   land                         75583 non-null  object 
 7   wrong_fragment               75583 non-null  float64
 8   urgent                       75583 non-null  float64
 9   hot                          75583 non-null  float64
 10  num_failed_logins            75583 non-null  float64
 11  logged_in                    75583 non-null  object 
 12  num_compromised              75583 non-null  float64
 13  root_shell      

Exixten diferentes formas de compartir los atributos catagoricos en numericos .Probablemente , la mas sencilla es la que proporciona el metodo **factorize** de Pandas , que transforma cada categoria en un numero secuencial .

In [71]:
protocol_type= X_train['protocol_type']
protocol_type_encoded, categories = protocol_type.factorize()


In [72]:
#Mostrar en pantalla como se han codificado
for i in range(10):
    print(protocol_type.iloc[i], "=", protocol_type_encoded[i])

tcp = 0
tcp = 0
tcp = 0
tcp = 0
icmp = 1
udp = 2
tcp = 0
tcp = 0
tcp = 0
tcp = 0


In [73]:
print(categories)

Index(['tcp', 'icmp', 'udp'], dtype='object')


### Transformaciones mediante Scikit-Learn
#### Ordinal Ecoding

Realiza la misma codificacion que el metodo **factorize** de Pandas 

In [74]:
from sklearn.preprocessing import OrdinalEncoder

#Importamos solo la biblioteca
protocol_type = X_train[['protocol_type']]

ordinal_encoder = OrdinalEncoder()
protocol_type_encoded = ordinal_encoder.fit_transform(protocol_type)

In [75]:
#Mostrar en pantalla como se han codificado
for i in range(10):
    print(protocol_type["protocol_type"].iloc[i], "=", protocol_type_encoded[i])

tcp = [1.]
tcp = [1.]
tcp = [1.]
tcp = [1.]
icmp = [0.]
udp = [2.]
tcp = [1.]
tcp = [1.]
tcp = [1.]
tcp = [1.]


In [76]:
print(ordinal_encoder.categories_)

[array(['icmp', 'tcp', 'udp'], dtype=object)]


El problema de este tipo de codificacion radica en que ciertos algoritmos de ML funciona midiendo la similitud de 2 puntos por su distancia , van a consderar que el 1 esta mas cerca del 2 que del 3 , y en este caso (para estos vaores categoricos ), no tiene sentido

el odjectivo no es medir distancias , el odjectivo es saber las categorias 

Por ello , se utilizan otros metodos de categorizacion , como por ejmplo , OneHot Encoding.

### One-Hot Encodiing

Genera para cada categoria del atributo categorico una matrix binaria que representa el valor 

In [77]:
#La matrix solo almacena la pocision  del los valores que no son 0
#esto para ahorrar memoria

from sklearn.preprocessing import OneHotEncoder

protocol_type=X_train[['protocol_type']]
oh_encoder = OneHotEncoder()
protocol_type_oh= oh_encoder.fit_transform(protocol_type)
protocol_type_oh


<Compressed Sparse Row sparse matrix of dtype 'float64'
	with 75583 stored elements and shape (75583, 3)>

In [78]:
#Convertir  la matrix a un array de >Numpy
protocol_type_oh.toarray()

array([[0., 1., 0.],
       [0., 1., 0.],
       [0., 1., 0.],
       ...,
       [0., 1., 0.],
       [0., 1., 0.],
       [0., 1., 0.]])

In [79]:
#Mostrar en pantalla como se han codificado
for i in range(10):
    print(protocol_type["protocol_type"].iloc[i], "=", protocol_type_oh.toarray()[i])

tcp = [0. 1. 0.]
tcp = [0. 1. 0.]
tcp = [0. 1. 0.]
tcp = [0. 1. 0.]
icmp = [1. 0. 0.]
udp = [0. 0. 1.]
tcp = [0. 1. 0.]
tcp = [0. 1. 0.]
tcp = [0. 1. 0.]
tcp = [0. 1. 0.]


In [80]:
print(ordinal_encoder.categories_)

[array(['icmp', 'tcp', 'udp'], dtype=object)]


In [81]:
oh_enccoder=OneHotEncoder(handle_unknown='ignore')

#### Get Dummies
Get Dummies es un metodo sencillo de utilizar que permite aplicar One-Hot Encodding aun DtaFrame de Pandas 

In [82]:
pd.get_dummies(X_train['protocol_type'])

Unnamed: 0,icmp,tcp,udp
113467,False,True,False
31899,False,True,False
108116,False,True,False
89913,False,True,False
106319,True,False,False
...,...,...,...
64559,False,True,False
67272,False,True,False
32452,False,True,False
112657,False,True,False


## 5.- Escalalonado del DataFrame 

Antes de comenzar vamos a recuperar el Dtaset limpio y vamos a separrar a las etiquetas del reset o de los datos , no necesariamente se requiere aplicar las mismas transformadoresen ambos conjuntos 

In [83]:
X_train = train_set.drop("class", axis=1)
y_train = train_set["class"].copy()

Por lo general, los algoritmos de ML no se comportan adecuadamente si los valores de las características que reciben como entrada se encuentran en rangos muy dispares.Por ello , se utilizan técnicas de **Importe**: tener en cuenta que estos mecanismos de escalado no deben de aplicarse sobre las etiquetas.

* **Normalización**= los valores del atributo se escalan para adquirir un valor entre 0 y 1

* **Estandarizacion**= los valores del atributo se escalan y reciben un vamos similar pero no se encuentran dentro de un rango 

* **Importante**= Para probar estos valores se realizan las transformadores solo sobre un dataset de entrenamiento.Despues,se aplicará sobre el dataset de pruebas para testear


In [84]:
from sklearn.preprocessing import RobustScaler

# Seleccionar las columnas a escalar
scale_attrs = X_train[['src_bytes', 'dst_bytes']]

In [85]:
X_train.head()

Unnamed: 0,duration,protocol_type,service,flag,src_bytes,dst_bytes,land,wrong_fragment,urgent,hot,...,dst_host_count,dst_host_srv_count,dst_host_same_srv_rate,dst_host_diff_srv_rate,dst_host_same_src_port_rate,dst_host_srv_diff_host_rate,dst_host_serror_rate,dst_host_srv_serror_rate,dst_host_rerror_rate,dst_host_srv_rerror_rate
113467,0.0,tcp,http,SF,407.0,53508.0,0,0.0,0.0,0.0,...,9.0,255.0,1.0,0.0,0.11,0.03,0.0,0.0,0.0,0.0
31899,0.0,tcp,private,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,4.0,0.02,0.05,0.0,0.0,1.0,1.0,0.0,0.0
108116,0.0,tcp,http,SF,304.0,636.0,0,0.0,0.0,0.0,...,39.0,255.0,1.0,0.0,0.03,0.06,0.0,0.0,0.0,0.0
89913,0.0,tcp,private,S0,0.0,0.0,0,0.0,0.0,0.0,...,255.0,15.0,0.06,0.07,0.0,0.0,1.0,1.0,0.0,0.0
106319,0.0,icmp,eco_i,SF,8.0,0.0,0,0.0,0.0,0.0,...,2.0,7.0,1.0,0.0,1.0,0.57,0.0,0.0,0.0,0.0
