# 1. Imports

In [1]:
import pandas as pd
from sklearn import preprocessing
import numpy as np
from mlxtend.feature_selection import SequentialFeatureSelector as sfs
from sklearn.linear_model import LinearRegression

# 2. Importing the Datasets

In [2]:
ddos_portmap_2018_df = pd.read_csv("../data/train_test/CSE_CIC_IDS2018/ddos_portmap_2018_train.csv", index_col=0)

In [3]:
ddos_ldap_2019_df = pd.read_csv("../data/train_test/CIC_DDoS2019/ddos_ldap_2019_train.csv", index_col=0)

In [4]:
ddos_netbios_2019_df = pd.read_csv("../data/train_test/CIC_DDoS2019/ddos_netbios_2019_train.csv", index_col=0)

In [5]:
ddos_syn_2019_df = pd.read_csv("../data/train_test/CIC_DDoS2019/ddos_syn_2019_train.csv", index_col=0)

In [19]:
ddos_udp_2019_df = pd.read_csv("../data/train_test/CIC_DDoS2019/ddos_udp_2019_train.csv", index_col=0)

In [20]:
target_feature = 'Label'

# 3. Feature Selection - Backwards Deletion

### Helper Functions

In [24]:
def BackwardElimination_Helper(X_train, y_train, final_num_features):
    
    lreg = LinearRegression()
    sfs1 = sfs(lreg, k_features=final_num_features, forward=False, verbose=1, scoring='neg_mean_squared_error')
    
    new_X_train = X_train.copy()

    result = sfs1.fit(X_train, y_train)

    feat_names = list(result.k_feature_names_)
    
    return feat_names

In [14]:
def stable_BackwardElimination(train_df, num_splits, final_num_features, verbose):
    
    selectedFeatures = []
    
    df_split = np.array_split(train_df, num_splits)
    
    for small_df in df_split:
        X_train = small_df.drop([target_feature], axis=1)
        y_train = small_df[target_feature]
        
        selectedFeatures = selectedFeatures + BackwardElimination_Helper(X_train, y_train, final_num_features)
        # NOTE TO ARYAN, PRANAV, AND ANISHA: THIS IS THE LINE YOU SHOULD CHANGE, AFTER IMPLEMENTING YOUR FEATURE
        # SELECTION METHOD
        
    rank_data = {}
    features = train_df.columns.tolist()
    ranks = []
        
    for feature in features:
        if verbose :
            print("Feature: "+feature+". Count: "+str(selectedFeatures.count(feature))+"/"+str(num_splits))
        ranks.append(selectedFeatures.count(feature)/num_splits)
    
    rank_data = {'feature':features, 'rank':ranks}
    rank_df = pd.DataFrame(rank_data) 
    
    return rank_df

### Investigating a Good Choice of Threshold

In [25]:
X_train_udp = ddos_udp_2019_df.drop([target_feature], axis=1)
y_train_udp = ddos_udp_2019_df[target_feature]

In [26]:
X_train_udp.columns

Index(['FlowID', 'SourceIP', 'SourcePort', 'DestinationIP', 'DestinationPort',
       'Protocol', 'FlowDuration', 'TotalFwdPackets', 'TotalBackwardPackets',
       'TotalLengthofFwdPackets', 'TotalLengthofBwdPackets',
       'FwdPacketLengthMax', 'FwdPacketLengthMin', 'FwdPacketLengthMean',
       'FwdPacketLengthStd', 'BwdPacketLengthMax', 'BwdPacketLengthMin',
       'BwdPacketLengthMean', 'BwdPacketLengthStd', 'FlowBytes/s',
       'FlowPackets/s', 'FlowIATMean', 'FlowIATStd', 'FlowIATMax',
       'FlowIATMin', 'FwdIATTotal', 'FwdIATMean', 'FwdIATStd', 'FwdIATMax',
       'FwdIATMin', 'BwdIATTotal', 'BwdIATMean', 'BwdIATStd', 'BwdIATMax',
       'BwdIATMin', 'FwdPSHFlags', 'BwdPSHFlags', 'FwdURGFlags', 'BwdURGFlags',
       'FwdHeaderLength', 'BwdHeaderLength', 'FwdPackets/s', 'BwdPackets/s',
       'MinPacketLength', 'MaxPacketLength', 'PacketLengthMean',
       'PacketLengthStd', 'PacketLengthVariance', 'FINFlagCount',
       'SYNFlagCount', 'RSTFlagCount', 'PSHFlagCount', 'ACKFla

In [None]:
features = BackwardElimination_Helper(X_train_udp, y_train_udp, 50)
print("Features: ("+str(len(features))+") "+str(features))

[Parallel(n_jobs=1)]: Done  49 tasks      | elapsed:    8.9s
Features: 84/50

# 4. Saving the Rankings

In [13]:
portmap_ranking = stable_BackwardElimination(ddos_portmap_2018_df, 10, 0.00005, verbose=False)
portmap_ranking.to_csv("../ranking/CSE_CIC_IDS2018/ddos_portmap_2018_BackwardElimination.csv")
portmap_ranking.head(20)

Unnamed: 0,feature,rank
0,DestinationPort,1.0
1,FlowDuration,1.0
2,TotalFwdPackets,0.3
3,TotalBackwardPackets,0.2
4,TotalLengthofFwdPackets,1.0
5,TotalLengthofBwdPackets,0.3
6,FwdPacketLengthMax,1.0
7,FwdPacketLengthMin,1.0
8,FwdPacketLengthMean,1.0
9,FwdPacketLengthStd,1.0


In [14]:
ldap_ranking = stable_BackwardElimination(ddos_ldap_2019_df, 10, 0.00005, verbose=False)
ldap_ranking.to_csv("../ranking/CIC_DDoS2019/ddos_ldap_2019_BackwardElimination.csv")
ldap_ranking.head(20)

Unnamed: 0,feature,rank
0,FlowID,1.0
1,SourceIP,1.0
2,SourcePort,1.0
3,DestinationIP,1.0
4,DestinationPort,1.0
5,Protocol,1.0
6,FlowDuration,1.0
7,TotalFwdPackets,0.5
8,TotalBackwardPackets,0.1
9,TotalLengthofFwdPackets,0.1


In [15]:
netbios_ranking = stable_BackwardElimination(ddos_netbios_2019_df, 10, 0.00005, verbose=False)
netbios_ranking.to_csv("../ranking/CIC_DDoS2019/ddos_netbios_2019_BackwardElimination.csv")
netbios_ranking.head(20)

Unnamed: 0,feature,rank
0,FlowID,1.0
1,SourceIP,1.0
2,SourcePort,1.0
3,DestinationIP,1.0
4,DestinationPort,1.0
5,Protocol,1.0
6,FlowDuration,1.0
7,TotalFwdPackets,0.0
8,TotalBackwardPackets,0.1
9,TotalLengthofFwdPackets,0.3


In [16]:
syn_ranking = stable_BackwardElimination(ddos_syn_2019_df, 10, 0.00005, verbose=False)
syn_ranking.to_csv("../ranking/CIC_DDoS2019/ddos_syn_2019_BackwardElimination.csv")
syn_ranking.head(20)

Unnamed: 0,feature,rank
0,FlowID,1.0
1,SourceIP,1.0
2,SourcePort,1.0
3,DestinationIP,1.0
4,DestinationPort,1.0
5,Protocol,1.0
6,FlowDuration,1.0
7,TotalFwdPackets,0.0
8,TotalBackwardPackets,0.1
9,TotalLengthofFwdPackets,0.3


In [17]:
udp_ranking = stable_BackwardElimination(ddos_udp_2019_df, 10, 0.00005, verbose=False)
udp_ranking.to_csv("../ranking/CIC_DDoS2019/ddos_udp_2019_BackwardElimination.csv")
udp_ranking.head(20)

Unnamed: 0,feature,rank
0,FlowID,1.0
1,SourceIP,1.0
2,SourcePort,1.0
3,DestinationIP,1.0
4,DestinationPort,1.0
5,Protocol,1.0
6,FlowDuration,1.0
7,TotalFwdPackets,1.0
8,TotalBackwardPackets,1.0
9,TotalLengthofFwdPackets,1.0
