# Data Wrangling

<p> The data for this project is available in multiple .pcap files. Each file has a column added with a unique identifier to allow clarity once the files are combined. In order to ensure that each file contained the same column names, the column names were compiled and only unique values were printed to verify that they matched. All of the .pcap files are then concatenated into one large usable database.</p>
<p> Once the larger dataframe is created, the datatype of each column is determined. Then, using the .describe() command, summary statistics are obtained. To begin the cleanup process, the number of null values are determined. Since the number of null values is negligible compared to the total amount of rows, they are dropped.</p>

In [1]:
import pandas as pd
from tabulate import tabulate
import numpy as np

#### Friday working cells

In [2]:
#read csv file
friday_ddos = pd.read_csv("Friday-WorkingHours-Afternoon-DDos.pcap_ISCX.csv")

#insert a column with a table indicator to keep the values organized once concatenated 
friday_ddos.insert(0, 'Table', 'DDoS')

#list of column names
friday_ddos_cols = list(friday_ddos.columns)

friday_ddos.head()

Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,DDoS,54865,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,DDoS,55054,109,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,DDoS,55055,52,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,DDoS,46236,34,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,DDoS,54863,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


In [3]:
#read csv file
friday_portscan = pd.read_csv("Friday-WorkingHours-Afternoon-PortScan.pcap_ISCX.csv")

#insert column with table name
friday_portscan.insert(0, 'Table', 'Portscan')

#list of column names
friday_portscan_cols = list(friday_portscan.columns)

friday_portscan.head()

Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Portscan,22,1266342,41,44,2664,6954,456,0,64.97561,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,Portscan,22,1319353,41,44,2664,6954,456,0,64.97561,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,Portscan,22,160,1,1,0,0,0,0,0.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,Portscan,22,1303488,41,42,2728,6634,456,0,66.536585,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Portscan,35396,77,1,2,0,0,0,0,0.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


In [4]:
#read csv file
friday_morning = pd.read_csv("Friday-WorkingHours-Morning.pcap_ISCX.csv")

#insert column with table name
friday_morning.insert(0, 'Table', 'Friday')

#list of column names
friday_morning_cols = list(friday_morning.columns)

friday_morning.head()

Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Friday,3268,112740690,32,16,6448,1152,403,0,201.5,...,32,359.4286,11.99802,380,343,16100000.0,498804.8,16400000,15400000,BENIGN
1,Friday,389,112740560,32,16,6448,5056,403,0,201.5,...,32,320.2857,15.74499,330,285,16100000.0,498793.7,16400000,15400000,BENIGN
2,Friday,0,113757377,545,0,0,0,0,0,0.0,...,0,9361829.0,7324646.0,18900000,19,12200000.0,6935824.0,20800000,5504997,BENIGN
3,Friday,5355,100126,22,0,616,0,28,28,28.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Friday,0,54760,4,0,0,0,0,0,0.0,...,0,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


#### Monday working cells

In [5]:
#read csv file
monday = pd.read_csv("Monday-WorkingHours.pcap_ISCX.csv")

#insert column with table name
monday.insert(0, 'Table', 'Monday')

#list of column names
monday_cols = list(monday.columns)

monday.head()


Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Monday,49188,4,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,Monday,49188,1,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,Monday,49188,1,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,Monday,49188,1,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Monday,49486,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


#### Thursday working cells

In [6]:
#read csv file
thursday_infilteration = pd.read_csv("Thursday-WorkingHours-Afternoon-Infilteration.pcap_ISCX.csv")

#insert column with table name
thursday_infilteration.insert(0, 'Table', 'Infilteration')

#list of column names
thursday_infilteration_cols = list(thursday_infilteration.columns)

thursday_infilteration.head()


Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Infilteration,22,166,1,1,0,0,0,0,0.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,Infilteration,60148,83,1,2,0,0,0,0,0.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,Infilteration,123,99947,1,1,48,48,48,48,48.0,...,40,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,Infilteration,123,37017,1,1,48,48,48,48,48.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Infilteration,0,111161336,147,0,0,0,0,0,0.0,...,0,1753752.625,2123197.578,4822992,95,9463032.7,2657727.996,13600000,5700287,BENIGN


In [7]:
#read csv file
thursday_webattacks = pd.read_csv("Thursday-WorkingHours-Morning-WebAttacks.pcap_ISCX.csv")

#insert column with table name
thursday_webattacks.insert(0, 'Table', 'Webattacks')

#list of column names
thursday_webattacks_cols = list(thursday_webattacks.columns)

thursday_webattacks.head()


Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Webattacks,389,113095465,48,24,9668,10012,403,0,201.416667,...,32,203985.5,575837.3,1629110,379,13800000.0,4277541.0,16500000,6737603,BENIGN
1,Webattacks,389,113473706,68,40,11364,12718,403,0,167.117647,...,32,178326.875,503426.9,1424245,325,13800000.0,4229413.0,16500000,6945512,BENIGN
2,Webattacks,0,119945515,150,0,0,0,0,0,0.0,...,0,6909777.333,11700000.0,20400000,6,24400000.0,24300000.0,60100000,5702188,BENIGN
3,Webattacks,443,60261928,9,7,2330,4221,1093,0,258.888889,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Webattacks,53,269,2,2,102,322,51,51,51.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


#### Tuesday working cells

In [8]:
#read csv file
tuesday = pd.read_csv("Tuesday-WorkingHours.pcap_ISCX.csv")

#insert column with table name
tuesday.insert(0, 'Table', 'Tuesday')

#list of column names
tuesday_cols = list(tuesday.columns)

tuesday.head()


Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Tuesday,88,640,7,4,440,358,220,0,62.857143,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,Tuesday,88,900,9,4,600,2944,300,0,66.666667,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,Tuesday,88,1205,7,4,2776,2830,1388,0,396.571429,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,Tuesday,88,511,7,4,452,370,226,0,64.571429,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Tuesday,88,773,9,4,612,2944,306,0,68.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


#### Wednesday working cells

In [9]:
#read csv file
wednesday = pd.read_csv("Wednesday-workingHours.pcap_ISCX.csv")

#insert column with table name
wednesday.insert(0, 'Table', 'Wednesday')

#list of column names
wednesday_cols = list(wednesday.columns)

wednesday.head()


Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,Wednesday,80,38308,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,Wednesday,389,479,11,5,172,326,79,0,15.636364,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,Wednesday,88,1095,10,6,3150,3150,1575,0,315.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,Wednesday,389,15206,17,12,3452,6660,1313,0,203.058823,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,Wednesday,88,1092,9,6,3150,3152,1575,0,350.0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


##### Compare column lists to make sure all columns are the same

In [10]:
columns_all = [friday_ddos_cols, friday_portscan_cols, friday_morning_cols, monday_cols, thursday_infilteration_cols, thursday_webattacks_cols, tuesday_cols, wednesday_cols]
csv_all = [friday_ddos, friday_portscan, friday_morning, monday, thursday_infilteration, thursday_webattacks, tuesday, wednesday]

def unique(list1):
 
    # initialize a null list
    unique_list = []
    unique_cols = []
 
    # traverse for all elements
    for x in list1:
        # check if exists in unique_list or not
        if x not in unique_list:
            unique_list.append(x)
    # print list
    for x in unique_list:
        unique_cols = unique_cols + x
    return unique_cols
        
cols_list = list(unique(columns_all))
print(cols_list)


['Table', ' Destination Port', ' Flow Duration', ' Total Fwd Packets', ' Total Backward Packets', 'Total Length of Fwd Packets', ' Total Length of Bwd Packets', ' Fwd Packet Length Max', ' Fwd Packet Length Min', ' Fwd Packet Length Mean', ' Fwd Packet Length Std', 'Bwd Packet Length Max', ' Bwd Packet Length Min', ' Bwd Packet Length Mean', ' Bwd Packet Length Std', 'Flow Bytes/s', ' Flow Packets/s', ' Flow IAT Mean', ' Flow IAT Std', ' Flow IAT Max', ' Flow IAT Min', 'Fwd IAT Total', ' Fwd IAT Mean', ' Fwd IAT Std', ' Fwd IAT Max', ' Fwd IAT Min', 'Bwd IAT Total', ' Bwd IAT Mean', ' Bwd IAT Std', ' Bwd IAT Max', ' Bwd IAT Min', 'Fwd PSH Flags', ' Bwd PSH Flags', ' Fwd URG Flags', ' Bwd URG Flags', ' Fwd Header Length', ' Bwd Header Length', 'Fwd Packets/s', ' Bwd Packets/s', ' Min Packet Length', ' Max Packet Length', ' Packet Length Mean', ' Packet Length Std', ' Packet Length Variance', 'FIN Flag Count', ' SYN Flag Count', ' RST Flag Count', ' PSH Flag Count', ' ACK Flag Count', ' 

In [11]:
#concat tables to create a large, usable database
df = pd.concat(csv_all, ignore_index=True)

df.head()


Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,DDoS,54865,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,DDoS,55054,109,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,DDoS,55055,52,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,DDoS,46236,34,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,DDoS,54863,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


# Data Definition

In [12]:
#verify that column dtypes make sense
df.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 2830743 entries, 0 to 2830742
Data columns (total 80 columns):
 #   Column                        Dtype  
---  ------                        -----  
 0   Table                         object 
 1    Destination Port             int64  
 2    Flow Duration                int64  
 3    Total Fwd Packets            int64  
 4    Total Backward Packets       int64  
 5   Total Length of Fwd Packets   int64  
 6    Total Length of Bwd Packets  int64  
 7    Fwd Packet Length Max        int64  
 8    Fwd Packet Length Min        int64  
 9    Fwd Packet Length Mean       float64
 10   Fwd Packet Length Std        float64
 11  Bwd Packet Length Max         int64  
 12   Bwd Packet Length Min        int64  
 13   Bwd Packet Length Mean       float64
 14   Bwd Packet Length Std        float64
 15  Flow Bytes/s                  float64
 16   Flow Packets/s               float64
 17   Flow IAT Mean                float64
 18   Flow IAT Std         

In [13]:
#summary statistics
df.describe()

Unnamed: 0,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,Fwd Packet Length Std,...,act_data_pkt_fwd,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min
count,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,...,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0,2830743.0
mean,8071.483,14785660.0,9.36116,10.39377,549.3024,16162.64,207.5999,18.71366,58.20194,68.91013,...,5.418218,-2741.688,81551.32,41134.12,153182.5,58295.82,8316037.0,503843.9,8695752.0,7920031.0
std,18283.63,33653740.0,749.6728,997.3883,9993.589,2263088.0,717.1848,60.33935,186.0912,281.1871,...,636.4257,1084989.0,648599.9,393381.5,1025825.0,577092.3,23630080.0,4602984.0,24366890.0,23363420.0
min,0.0,-13.0,1.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,...,0.0,-536870700.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
25%,53.0,155.0,2.0,1.0,12.0,0.0,6.0,0.0,6.0,0.0,...,0.0,20.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
50%,80.0,31316.0,2.0,2.0,62.0,123.0,37.0,2.0,34.0,0.0,...,1.0,24.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
75%,443.0,3204828.0,5.0,4.0,187.0,482.0,81.0,36.0,50.0,26.16295,...,2.0,32.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0,0.0
max,65535.0,120000000.0,219759.0,291922.0,12900000.0,655453000.0,24820.0,2325.0,5940.857,7125.597,...,213557.0,138.0,110000000.0,74200000.0,110000000.0,110000000.0,120000000.0,76900000.0,120000000.0,120000000.0


In [14]:
#number of unique values for each column
df.nunique()

Table                            8
 Destination Port            53805
 Flow Duration             1050899
 Total Fwd Packets            1432
 Total Backward Packets       1747
                            ...   
Idle Mean                   222016
 Idle Std                   197616
 Idle Max                   149737
 Idle Min                   223888
 Label                          15
Length: 80, dtype: int64

In [15]:
# number of duplicate rows
duplicates = df.duplicated()
duplicate_rows = df[duplicates]
len(duplicate_rows.index)
print(duplicate_rows)

             Table   Destination Port   Flow Duration   Total Fwd Packets  \
2109          DDoS                 80              77                   2   
2257          DDoS                443               3                   2   
2749          DDoS                443              49                   2   
2862          DDoS                443               4                   2   
2877          DDoS                443               1                   2   
...            ...                ...             ...                 ...   
2830701  Wednesday                 53             179                   2   
2830725  Wednesday                 53             161                   2   
2830726  Wednesday                 53             212                   2   
2830731  Wednesday                443               3                   2   
2830733  Wednesday                 53             158                   2   

          Total Backward Packets  Total Length of Fwd Packets  \
2109      

In [16]:
df.drop_duplicates()

Unnamed: 0,Table,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,DDoS,54865,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,DDoS,55054,109,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,DDoS,55055,52,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,DDoS,46236,34,1,1,6,6,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,DDoS,54863,3,2,0,12,0,6,6,6.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
2830738,Wednesday,53,32215,4,2,112,152,28,28,28.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2830739,Wednesday,53,324,2,2,84,362,42,42,42.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2830740,Wednesday,58030,82,2,1,31,6,31,0,15.5,...,32,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2830741,Wednesday,53,1048635,6,2,192,256,32,32,32.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


# Data Cleaning

In [17]:
#find the number of non-null values

df.count()

Table                      2830743
 Destination Port          2830743
 Flow Duration             2830743
 Total Fwd Packets         2830743
 Total Backward Packets    2830743
                            ...   
Idle Mean                  2830743
 Idle Std                  2830743
 Idle Max                  2830743
 Idle Min                  2830743
 Label                     2830743
Length: 80, dtype: int64

In [18]:
#null values in entire dataframe
df.isna().sum().sum()

1358

In [19]:
#not null values in entire dataframe
df.notna().sum().sum()

226458082

In [20]:
#determine where in the dataframe the null values are
list(df.isna().sum())

[0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 1358,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0]

In [21]:
#the null values are in the Flow Bytes/s column
df['Flow Bytes/s'].isna().sum()

1358

In [22]:
#verifying that there are a significant amount of non-null values
df['Flow Bytes/s'].notna().sum()

2829385

In [23]:
#verifying that the null values have been dropped
df2 = df.dropna()
df2.isna().sum().sum()

0

In [None]:
#export dataframe to csv
df.to_csv(r'C:\Users\Luv2t\MachineLearningCVE\df.csv')