# This file extracts feature sets from pcap files.

### Input & Output

`Input Files`: All files with the pcap extension in the “./pcaps/” folder is read.

`Output Files`: Fingerprint result file named *FP_MAIN.csv*.

###  importing relevant libraries

In [1]:
from scapy.all import*
import math
import pandas as pd
import os
import numpy as np




### Discovering pcap extension files under "pcaps" folder.

In [137]:
def find_the_way(path,file_format):
    count=0
    files_add = []
    for r, d, f in os.walk(path):
        for file in f:
            if file_format in file:
                files_add.append(os.path.join(r,file))  
    return files_add
files_add=find_the_way('./pcaps/','.pcap')

### List of pcap files to be processed

In [138]:
files_add

['./pcaps/august-hub-01.pcap',
 './pcaps/wyze-cam-01.pcap',
 './pcaps/nest-doorbell-01.pcap',
 './pcaps/blink-cam-01.pcap',
 './pcaps/geeni-doorbell-01.pcap',
 './pcaps/simplisafe-d1.pcap',
 './pcaps/merkury-cam-01.pcap',
 './pcaps/geeni-cam-03.pcap',
 './pcaps/nightowl-doorbell-02.pcap',
 './pcaps/geeni-awarecam-2.pcap',
 './pcaps/ultraloq-hub-01.pcap',
 './pcaps/nightowl-doorbell-01.pcap',
 './pcaps/geeni-awarecam-1.pcap',
 './pcaps/geeni-cam-01.pcap',
 './pcaps/simplisafe-d2.pcap',
 './pcaps/merkury-doorbell-01.pcap',
 './pcaps/sifely-hub-01.pcap',
 './pcaps/geeni-doorbell-02.pcap',
 './pcaps/blink-cam-02.pcap',
 './pcaps/ring-doorbell-02.pcap',
 './pcaps/smartthings-cam-01.pcap',
 './pcaps/schlage-lock-01.pcap',
 './pcaps/ring-doorbell-03.pcap',
 './pcaps/blink-cam-03.pcap']

### Port numbers are classified in this part as:

| Port Numbers | Equivalents |
| :------ | :------ |
|No port| 0|
|Well known ports (between 0 and 1023) |1|
|Rregistered ports (between 1024 and 49151)  |2|
|Dynamic ports (between  49152 and 65535) |3|
# ↓ 

In [139]:
def port_class(port):
    if 0 <= port <= 1023:
        return 1
    elif  1024 <= port <= 49151 :
        return 2
    elif 49152 <=port <= 65535 :
        return 3
    else:
        return 0

### The dictionary to be used for MAC address and device matching.
#### Datasets, their MAC addresses and Devices are given separately.

In [140]:
MAC_list={
 'b8:b7:f1:2a:10:fd': 'august-hub-01',
 'c4:6e:7b:41:5f:28': 'geeni-awarecam-1', 
 'c4:6e:7b:0e:62:5c': 'geeni-awarecam-2',
 '78:db:2f:db:43:48': 'schlage-lock-01',  
 'f4:cf:a2:eb:59:c4': 'sifely-hub-01', 
 '8c:f7:10:a1:a5:9f': 'simplisafe-d1', 
 '6c:21:a2:90:19:b0': 'simplisafe-d2',
 '24:7d:4d:9c:f2:81': 'ring-doorbell-02', 
 '90:e2:02:30:80:a8': 'ring-doorbell-03',   
 '64:16:66:73:e6:e0': 'nest-doorbell-01',   
 'f4:b8:5e:cd:fe:2f': 'blink-cam-03',
 '30:4a:26:12:14:f1': 'geeni-doorbell-01', 
 'd4:d2:d6:3b:27:51': 'geeni-doorbell-02',    
 'f4:b8:5e:ff:2b:1b': 'blink-cam-01',
 '0c:8c:24:7f:34:84': 'geeni-cam-03',
 'a4:cf:12:32:5b:88': 'ultraloq-hub-01', 
 '78:b2:13:e4:a6:ec': 'smartthings-cam-01', 
 '54:2b:57:29:b4:6c': 'nightowl-doorbell-02',
 'f4:b8:5e:35:67:b0': 'blink-cam-02', 
 '58:b3:fc:68:a6:e2': 'geeni-cam-01',
 '7c:a7:b0:dc:a0:1a': 'merkury-cam-01',
 '7c:25:da:2d:a4:70': 'merkury-doorbell-01', 
 '2c:aa:8e:a1:27:65': 'wyze-cam-01', 
 '54:2b:57:29:92:a9': 'nightowl-doorbell-01'
}

In [141]:
len(MAC_list)

24

### Calculating the payload entropy value.


# ↓ 

In [142]:
def pre_entropy(payload):
    
    characters=[]
    for i in payload:
            characters.append(i)
    return shannon(characters)


def shannon(data):
    freq_dict={} 
    for i in data:
        if i in freq_dict:
            freq_dict[i] += 1
        else:
            freq_dict[i] = 1    
    entropy = 0.0
    logarithm_base = 2
    payload_size = len(data) #
    for key in freq_dict.keys():
        frequency = float(freq_dict[key])/payload_size
        if frequency > 0: 
            entropy = entropy + frequency * math.log(frequency, logarithm_base)
    return -entropy

### This section is the main backbone of our program. In this section, the following operations are performed briefly.


#### - The pcap_files variable contains the addresses of the pcap files. The `for` loop moves through the values of this variable, allowing all files to be processed.


#### - The second for loop examines individual packets in the processed pcap file. All features belonging to a packet are extracted and processed as a new line in the fingerprint file at the end of the second for loop.


#### - All properties are initially assigned a value of 0. These properties are then queried in the packet. If the properties have corresponding data, the data is processed in the variable, otherwise, the value of the variable remains as 0.

In [155]:
count=0
ths = open("./dataset/FP_MAIN_PCAP.csv", "w")
header="ARP,LLC,EAPOL,IP,ICMP,ICMP6,TCP,UDP,TCP_w_size,HTTP,HTTPS,DHCP,BOOTP,SSDP,DNS,MDNS,NTP,IP_padding,IP_add_count,IP_ralert,Portcl_src,Portcl_dst,Pck_size,Pck_rawdata,payload_l,Entropy,Label,MAC\n"
ths.write(header)
dst_ip_list={}

for i in MAC_list:
    dst_ip_list[i]=[]
import time

for i in files_add:
    print(i)
    pkt = PcapReader(i)
    print("\n\n"+"========"+ i[8:]+"========"+"\n" )
    print(pkt)

    for jj,j in enumerate(pkt):
        ip_add_count=0
        layer_2_arp = 0
        layer_2_llc = 0

        layer_3_eapol = 0
        layer_3_ip = 0
        layer_3_icmp = 0
        layer_3_icmp6 = 0



        layer_4_tcp = 0
        layer_4_udp = 0
        layer_4_tcp_ws=0


        layer_7_http = 0
        layer_7_https = 0
        layer_7_dhcp = 0
        layer_7_bootp = 0
        layer_7_ssdp = 0
        layer_7_dns = 0
        layer_7_mdns = 0
        layer_7_ntp = 0

        ip_padding = 0
        ip_ralert = 0


        port_class_src = 0
        port_class_dst = 0

        pck_size = 0
        pck_rawdata = 0
        entropy=0

        layer_4_payload_l=0

        try:

            pck_size=j.len

        except:pass

        try:

            if j[IP]:

                layer_3_ip = 1
            temp=str(j[IP].dst)
            if temp not in dst_ip_list[j.src]:
                dst_ip_list[j.src].append(temp)
            ip_add_count=len(dst_ip_list[j.src])

            port_class_src = port_class(j[IP].sport)
            port_class_dst = port_class(j[IP].dport)

        except:pass

        temp=str(j.show)

        if "ICMPv6" in temp:

            layer_3_icmp6 = 1

        try:
            if j[IP].ihl >5:
                if IPOption_Router_Alert(j):
                    pad=str(IPOption_Router_Alert(j).show)
                    if "Padding" in pad:
                        ip_padding=1
                    ip_ralert = 1
        except:pass

        if j.haslayer(ICMP):
            layer_3_icmp = 1


        if j.haslayer(Raw):
            pck_rawdata = 1

        if j.haslayer(UDP):

            layer_4_udp = 1
            if j[UDP].sport==68 or j[UDP].sport==67:
                layer_7_dhcp = 1
                layer_7_bootp = 1
            if j[UDP].sport==53 or j[UDP].dport==53:
                layer_7_dns = 1
            if j[UDP].sport==5353 or j[UDP].dport==5353:
                layer_7_mdns = 1
            if j[UDP].sport==1900 or j[UDP].dport==1900:
                layer_7_ssdp = 1
            if j[UDP].sport==123 or j[UDP].dport==123:
                layer_7_ntp = 1

        try:
            if j[UDP].payload:
                layer_4_payload_l=len(j[UDP].payload)
        except:pass



        if j.haslayer(TCP):
            layer_4_tcp = 1
            layer_4_tcp_ws=j[TCP].window
            if j[TCP].sport==80 or j[TCP].dport==80:
                layer_7_http = 1
            if j[TCP].sport==443 or j[TCP].dport==443:
                layer_7_https = 1
            try:
                if j[TCP].payload:
                    layer_4_payload_l=len(j[TCP].payload)
            except:pass

        if j.haslayer(ARP):
            layer_2_arp = 1

        if j.haslayer(LLC):
            layer_2_llc = 1

        if j.haslayer(EAPOL):
            layer_3_eapol = 1
        try:
            entropy=pre_entropy(j[Raw].original)

        except:pass
        if j.src in MAC_list:
            label=MAC_list[j.src]
    #         else:
    #             label="unknown"
       # label=MAC_list[j.src]
        line=[layer_2_arp, layer_2_llc, layer_3_eapol, layer_3_ip, layer_3_icmp, layer_3_icmp6, layer_4_tcp, layer_4_udp, layer_4_tcp_ws, layer_7_http, layer_7_https, layer_7_dhcp, layer_7_bootp, layer_7_ssdp, layer_7_dns, layer_7_mdns, layer_7_ntp, ip_padding, ip_add_count, ip_ralert, port_class_src, port_class_dst, pck_size, pck_rawdata,layer_4_payload_l,entropy, label,j.src]
        line=str(line).replace("[","")
        line=str(line).replace("]","")
        line=str(line).replace(", ",",")
        line=str(line).replace("\'","")
        if label!="unknown":
            ths.write(str(line)+"\n")
    
ths.close()


./pcaps/august-hub-01.pcap



<scapy.utils.PcapReader object at 0x7fecd2c8ef10>
./pcaps/wyze-cam-01.pcap



<scapy.utils.PcapReader object at 0x7fecd58c8d90>
./pcaps/nest-doorbell-01.pcap



<scapy.utils.PcapReader object at 0x7fef9129fe50>
./pcaps/blink-cam-01.pcap



<scapy.utils.PcapReader object at 0x7ff04000e580>
./pcaps/geeni-doorbell-01.pcap



<scapy.utils.PcapReader object at 0x7fef9129f310>
./pcaps/simplisafe-d1.pcap



<scapy.utils.PcapReader object at 0x7ff10bd14850>
./pcaps/merkury-cam-01.pcap



<scapy.utils.PcapReader object at 0x7ff0e805bbb0>
./pcaps/geeni-cam-03.pcap



<scapy.utils.PcapReader object at 0x7fef9129fcd0>
./pcaps/nightowl-doorbell-02.pcap



<scapy.utils.PcapReader object at 0x7ff120125040>
./pcaps/geeni-awarecam-2.pcap



<scapy.utils.PcapReader object at 0x7fef98031c10>
./pcaps/ultraloq-hub-01.pcap



<scapy.utils.PcapReader object at 0x7ff127130850>
./pcaps/nightowl-doorbell-01.pcap



<scapy.utils.PcapReader object at 0x7fef98176b20>
./pcaps/geeni-awa

### Input & Output

`Input Files`: FP_MAIN.csv

`Output Files`: IPAssess.csv

In [2]:
dataset="dataset/FP_MAIN_PCAP.csv"
df=pd.read_csv(dataset)

## Correlation matrix on Main Feature Set i.e FP_Main

In [45]:
dataframe1 = pd.read_csv("dataset/FP_MAIN_PCAP.csv")
del dataframe1["MAC"]
del dataframe1["Label"]
matrix1 = dataframe1.corr()
dataframe2 = pd.read_csv("iots/FP_MAIN.csv")
del dataframe2["MAC"]
del dataframe2["Label"]
matrix2 = dataframe2.corr()
dataframe3 = pd.read_csv("dataset/FP_MAIN_Hub.csv")
del dataframe3["MAC"]
del dataframe3["Label"]
matrix3 = dataframe3.corr()

In [46]:
df_IOT_Hub=matrix3[(matrix2['IP']<=(-0.05)) | (matrix2['IP']>=0.05)]
df_IOT_Hub

Unnamed: 0,ARP,LLC,EAPOL,IP,ICMP,ICMP6,TCP,UDP,TCP_w_size,HTTP,...,NTP,IP_padding,IP_add_count,IP_ralert,Portcl_src,Portcl_dst,Pck_size,Pck_rawdata,payload_l,Entropy
ARP,1.0,-0.002004,-0.009426,-0.934551,-0.010608,-0.000786,-0.236498,-0.101821,-0.08525,-0.007567,...,-0.009834,,-0.087453,,-0.572751,-0.39274,-0.138421,-0.009141,-0.017482,
LLC,-0.002004,1.0,-0.000721,-0.071439,-0.000811,-6e-05,-0.018078,-0.007783,-0.006517,-0.000578,...,-0.000752,,-0.006685,,-0.043783,-0.030022,-0.010461,0.219177,-0.001336,
EAPOL,-0.009426,-0.000721,1.0,-0.3361,-0.003815,-0.000283,-0.085054,-0.036619,-0.030659,-0.002721,...,-0.003537,,-0.031451,,-0.205983,-0.141244,-0.040779,-0.003288,-0.006287,
IP,-0.934551,-0.071439,-0.3361,1.0,0.011351,-0.028019,0.25306,0.108431,0.09122,0.008097,...,0.010523,,0.093577,,0.612862,0.420244,0.144916,-0.006395,0.014824,
ICMP6,-0.000786,-6e-05,-0.000283,-0.028019,-0.000318,1.0,-0.00709,-0.003053,-0.002556,-0.000227,...,-0.000295,,-0.002622,,-0.017172,-0.011775,-0.004149,-0.000274,-0.000524,
TCP,-0.236498,-0.018078,-0.085054,0.25306,-0.095718,-0.00709,1.0,-0.918731,0.360469,0.031995,...,-0.088736,,0.100909,,0.121297,-0.362966,0.166954,-0.081469,-0.072046,
UDP,-0.101821,-0.007783,-0.036619,0.108431,-0.04121,-0.003053,-0.918731,1.0,-0.331174,-0.029395,...,0.096585,,-0.065045,,0.154047,0.566417,-0.107835,-0.007279,0.083061,
TCP_w_size,-0.08525,-0.006517,-0.030659,0.09122,-0.034504,-0.002556,0.360469,-0.331174,1.0,0.05028,...,-0.031986,,-0.152554,,0.23954,-0.115254,-0.115737,-0.02953,0.013416,
HTTP,-0.007567,-0.000578,-0.002721,0.008097,-0.003063,-0.000227,0.031995,-0.029395,0.05028,1.0,...,-0.002839,,-0.015019,,0.00332,-0.037968,-0.008201,-0.000312,0.006554,
HTTPS,-0.143729,-0.010987,-0.05169,0.153794,-0.058172,-0.004309,0.607739,-0.558348,0.195978,-0.041493,...,-0.053928,,0.201099,,0.067327,-0.7212,-0.004692,-0.05005,-0.024502,


In [47]:
df_IOT_SENT=matrix2[(matrix2['IP']<=(-0.05)) | (matrix2['IP']>=0.05)]
df_IOT_SENT

Unnamed: 0,ARP,LLC,EAPOL,IP,ICMP,ICMP6,TCP,UDP,TCP_w_size,HTTP,...,NTP,IP_padding,IP_add_count,IP_ralert,Portcl_src,Portcl_dst,Pck_size,Pck_rawdata,payload_l,Entropy
ARP,1.0,-0.005992,-0.017211,-0.704634,-0.010112,-0.014796,-0.229618,-0.095085,-0.095611,-0.128418,...,-0.019598,,-0.194911,,-0.356129,-0.317738,-0.105607,-0.117829,-0.085674,-0.106495
LLC,-0.005992,1.0,-0.004008,-0.164071,-0.002354,-0.003445,-0.053466,-0.02214,-0.022263,-0.029902,...,-0.004563,,-0.045384,,-0.082923,-0.073984,-0.02393,0.050857,-0.019949,-0.002194
EAPOL,-0.017211,-0.004008,1.0,-0.471234,-0.006762,-0.009895,-0.15356,-0.06359,-0.063941,-0.085881,...,-0.013107,,-0.130349,,-0.238166,-0.212492,-0.037198,0.146069,-0.057296,0.045193
IP,-0.704634,-0.164071,-0.471234,1.0,0.01435,-0.405104,0.325868,0.103535,0.135689,0.182248,...,0.027813,,0.276613,,0.505409,0.450926,0.121116,0.03814,0.109698,0.090195
ICMP6,-0.014796,-0.003445,-0.009895,-0.405104,-0.005813,1.0,-0.13201,-0.054666,-0.054968,-0.073829,...,-0.011267,,-0.112057,,-0.204743,-0.182672,-0.060601,-0.067741,-0.049255,-0.061225
TCP,-0.229618,-0.053466,-0.15356,0.325868,-0.090218,-0.13201,1.0,-0.848363,0.416393,0.559267,...,-0.174857,,0.371357,,0.107414,0.225689,0.07678,-0.007594,0.050786,0.073819
UDP,-0.095085,-0.02214,-0.06359,0.103535,-0.037359,-0.054666,-0.848363,1.0,-0.353252,-0.474462,...,0.206111,,-0.254978,,0.227492,0.063695,0.003391,-0.040144,0.028475,-0.044473
TCP_w_size,-0.095611,-0.022263,-0.063941,0.135689,-0.037566,-0.054968,0.416393,-0.353252,1.0,0.220188,...,-0.072809,,0.29871,,0.090767,0.033248,-0.046144,-0.169906,-0.062262,-0.10493
HTTP,-0.128418,-0.029902,-0.085881,0.182248,-0.050456,-0.073829,0.559267,-0.474462,0.220188,1.0,...,-0.097792,,0.367118,,-0.225665,0.252279,-0.102774,-0.047394,-0.121421,-0.112212
HTTPS,-0.068237,-0.015889,-0.045634,0.09684,-0.02681,-0.03923,0.297175,-0.252113,0.184261,-0.340492,...,-0.051963,,-0.138192,,0.313862,-0.3002,-0.079916,-0.090033,-0.0863,-0.016497


In [48]:
df_IOT_lab=matrix1[(matrix1['IP']<=(-0.05)) | (matrix1['IP']>=0.05)]
df_IOT_lab

Unnamed: 0,ARP,LLC,EAPOL,IP,ICMP,ICMP6,TCP,UDP,TCP_w_size,HTTP,...,NTP,IP_padding,IP_add_count,IP_ralert,Portcl_src,Portcl_dst,Pck_size,Pck_rawdata,payload_l,Entropy
ARP,1.0,-0.000704,-0.003144,-0.956375,-0.030405,-0.000214,-0.117688,-0.074886,-0.03778,-0.00491,...,-0.00442,,-0.047267,,-0.116514,-0.106681,-0.064467,-0.031342,-0.025666,
LLC,-0.000704,1.0,-0.000207,-0.063046,-0.002004,-1.4e-05,-0.007758,-0.004937,-0.002491,-0.000324,...,-0.000291,,-0.003116,,-0.007681,-0.007033,-0.004169,0.022469,-0.001692,
EAPOL,-0.003144,-0.000207,1.0,-0.281429,-0.008947,-6.3e-05,-0.034631,-0.022036,-0.011117,-0.001445,...,-0.001301,,-0.013909,,-0.034286,-0.031393,-0.013188,-0.009223,-0.007553,
IP,-0.956375,-0.063046,-0.281429,1.0,0.031792,-0.019154,0.123056,0.078302,0.039503,0.005134,...,0.004622,,0.049423,,0.121828,0.111548,0.065758,0.031207,0.026836,
TCP,-0.117688,-0.007758,-0.034631,0.123056,-0.334963,-0.002357,1.0,-0.825,0.321019,0.041723,...,-0.048699,,-0.224039,,0.020858,-0.255795,0.133093,-0.345252,-0.24017,
UDP,-0.074886,-0.004937,-0.022036,0.078302,-0.213141,-0.0015,-0.825,1.0,-0.26484,-0.034422,...,0.05903,,0.235886,,0.194551,0.464897,-0.047623,0.418111,0.298293,
HTTPS,-0.097161,-0.006405,-0.028591,0.101594,-0.276541,-0.001946,0.825588,-0.68111,0.257901,-0.044661,...,-0.040206,,-0.195725,,-0.001381,-0.336563,0.076414,-0.285061,-0.196994,
Portcl_src,-0.116514,-0.007681,-0.034286,0.121828,-0.331522,-0.002334,0.020858,0.194551,-0.00688,0.007113,...,-0.006007,,0.254222,,1.0,0.841741,0.085172,0.214611,0.002584,
Portcl_dst,-0.106681,-0.007033,-0.031393,0.111548,-0.303368,-0.002137,-0.255795,0.464897,-0.105858,-0.013283,...,-0.018812,,0.357575,,0.841741,1.0,0.101051,0.388725,0.014382,
Pck_size,-0.064467,-0.004169,-0.013188,0.065758,-0.134208,-0.001291,0.133093,-0.047623,-0.102756,-0.023132,...,-0.020225,,0.097085,,0.085172,0.101051,1.0,-0.169861,-0.111702,


## Create IPAssess


In [30]:
df=pd.read_csv("dataset/FP_MAIN.csv")
deleted=["ICMP","Pck_rawdata","DHCP","BOOTP","SSDP","DNS","MDNS","NTP"]
name="IPAssess.csv"
df=df.drop(columns=deleted)
df.to_csv('dataset/'+name, index=False)
df.columns

Index(['ARP', 'LLC', 'EAPOL', 'IP', 'ICMP6', 'TCP', 'UDP', 'TCP_w_size',
       'HTTP', 'HTTPS', 'IP_padding', 'IP_add_count', 'IP_ralert',
       'Portcl_src', 'Portcl_dst', 'Pck_size', 'payload_l', 'Entropy', 'Label',
       'MAC'],
      dtype='object')

In [26]:
df=pd.read_csv("dataset/IPAssess.csv")

for col in df:
    print(df[col].value_counts())

0    12226554
1      111559
Name: ARP, dtype: int64
0    12337203
1         910
Name: LLC, dtype: int64
0    12319996
1       18117
Name: EAPOL, dtype: int64
1    12207443
0      130670
Name: IP, dtype: int64
0    12338029
1          84
Name: ICMP6, dtype: int64
1    6556528
0    5781585
Name: TCP, dtype: int64
0    7466384
1    4871729
Name: UDP, dtype: int64
0       6294378
5098    1738701
1825     683757
3650     497159
1636     481841
         ...   
5106          1
5140          1
4285          1
5030          1
2292          1
Name: TCP_w_size, Length: 1002, dtype: int64
0    12309395
1       28718
Name: HTTP, dtype: int64
0    6978979
1    5359134
Name: HTTPS, dtype: int64
0    12338113
Name: IP_padding, dtype: int64
19     767147
22     594679
23     574277
17     528406
25     487868
        ...  
748        58
701        58
740        58
713        40
743        30
Name: IP_add_count, Length: 750, dtype: int64
0    12338113
Name: IP_ralert, dtype: int64
2    6718273
3    4705

In [10]:
dataframe2

Unnamed: 0,ARP,LLC,EAPOL,IP,ICMP,ICMP6,TCP,UDP,TCP_w_size,HTTP,...,NTP,IP_padding,IP_add_count,IP_ralert,Portcl_src,Portcl_dst,Pck_size,Pck_rawdata,payload_l,Entropy
0,0,0,1,0,0,0,0,0,0,0,...,0,0,0,0,0,0,117,1,0,4.089918
1,0,0,1,0,0,0,0,0,0,0,...,0,0,0,0,0,0,95,1,0,1.631315
2,0,0,0,1,0,0,0,1,0,0,...,0,0,1,0,1,1,576,0,548,0.000000
3,0,0,0,1,0,0,0,1,0,0,...,0,0,1,0,1,1,576,0,548,0.000000
4,1,0,0,0,0,0,0,0,0,0,...,0,0,0,0,0,0,0,0,0,0.000000
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
107647,0,0,0,1,0,0,0,1,0,0,...,0,0,30,0,2,2,471,1,443,5.493612
107648,0,0,0,1,1,0,0,0,0,0,...,0,0,30,0,0,0,104,1,0,3.324557
107649,0,0,0,1,1,0,0,0,0,0,...,0,0,30,0,0,0,104,1,0,0.702030
107650,0,0,0,1,1,0,0,0,0,0,...,0,0,30,0,0,0,104,1,0,0.702030


In [24]:
dataframe1 = pd.read_csv("dataset/FP_MAIN_PCAPNG.csv")
del dataframe1["MAC"]
del dataframe1["Label"]
matrix1 = dataframe1.corr()['IP'] 

In [38]:
matrix1

ARP            -0.926975
LLC            -0.082619
EAPOL          -0.360655
IP              1.000000
ICMP            0.033637
ICMP6          -0.025296
TCP             0.109273
UDP             0.100874
TCP_w_size      0.051350
HTTP            0.006145
HTTPS           0.085057
DHCP            0.002301
BOOTP           0.002301
SSDP                 NaN
DNS             0.014407
MDNS                 NaN
NTP             0.004955
IP_padding           NaN
IP_add_count    0.079401
IP_ralert            NaN
Portcl_src      0.300271
Portcl_dst      0.240836
Pck_size        0.079240
Pck_rawdata     0.044459
payload_l       0.031116
Entropy              NaN
Name: IP, dtype: float64