In [1]:
"""
The code for testing the classifiers. Uses binary.csv and multiclass.csv

Loads feature lists and tuning ranges from pickles in CWD.

Change model types in models to tune on specific ones.

Writes output files.

Author: Wesley
"""

# Accelerates tuning of some classifiers
from sklearnex import patch_sklearn
patch_sklearn()

import pandas as pd
import numpy as np

from skopt import BayesSearchCV
from skopt.space import Categorical, Integer, Real

from sklearn.feature_selection import RFECV

from sklearn.pipeline import make_pipeline
from sklearn.preprocessing import StandardScaler

from sklearn.ensemble import RandomForestClassifier
from sklearn.tree import DecisionTreeClassifier
from sklearn.linear_model import LogisticRegression
import xgboost as xgb
from sklearn.svm import LinearSVC
from sklearn.neighbors import KNeighborsClassifier
from sklearn.naive_bayes import GaussianNB

import pickle

from sklearn.decomposition import PCA
from sklearn.preprocessing import StandardScaler, LabelEncoder

from sklearn.model_selection import StratifiedKFold

from sklearn.metrics import (
    precision_score,
    recall_score,
    f1_score,
    confusion_matrix,
    accuracy_score
)

from time import time

from sklearn.metrics import classification_report

Intel(R) Extension for Scikit-learn* enabled (https://github.com/intel/scikit-learn-intelex)


In [2]:
multiclass = pd.read_csv("multiclass_train.csv")
multiclass_test = pd.read_csv("multiclass_test.csv")

Preprocessing (make labels numeric)

In [3]:
# Encode attack labels to int and save as array to be used later.
le = LabelEncoder()
multiclass[" Label"] = le.fit_transform(multiclass[" Label"].values)
multiclass_test[" Label"] = le.transform(multiclass_test[" Label"].values)

multiclass_labels = []
print("\nMulticlass Label Encodings (in order of digits 0 -> n): ")
for i in range(0, len(list(set(list(multiclass[' Label']))))):
    multiclass_labels.append(le.inverse_transform([i])[0])

print(multiclass_labels)


Multiclass Label Encodings (in order of digits 0 -> n): 
['DNS', 'LDAP', 'MSSQL', 'NTP', 'NetBIOS', 'Portmap', 'SNMP', 'SSDP', 'Syn', 'TFTP', 'UDP', 'UDP-lag']


Load feature sets and search spaces and enumerate their contents.

In [4]:
feature_sets = pickle.load(open("feature_sets.pickle", 'rb'))
search_spaces = pickle.load(open("hyperparameter_search_spaces.pickle", 'rb'))

print(f"Available Tuning Ranges: {search_spaces.keys()}")

print("Feature Sets for Binary Dataset:")
for key, value in feature_sets["Binary"].items():
    if key == "RFE Sets":
        print(value.keys())

    elif key == "PCA":
        print(f"{key}, suggested variance threshold is {value}")
        
    else:
        print(key)

print("Feature Sets for Multiclass Dataset:")
for key, value in feature_sets["Multiclass"].items():
    if key == "RFE Sets":
        print(value.keys())

    elif key == "PCA":
        print(f"{key}, suggested variance threshold is {value}")

    else:
        print(key)

Available Tuning Ranges: dict_keys(['XGBoost', 'Bagging SVM', 'SVC (RBF)', 'SVC (Poly)', 'Logistic Regression', 'Random Forest', 'KNN', 'Linear SVC', 'Naive Bayes', 'Decision Tree'])
Feature Sets for Binary Dataset:
All
Correlation
Mutual Information
dict_keys(['Decision Tree', 'Random Forest', 'XGBoost', 'Linear SVC', 'Logistic Regression'])
PCA, suggested variance threshold is 0.95
Feature Sets for Multiclass Dataset:
All
Correlation
Mutual Information
dict_keys(['Decision Tree', 'Random Forest', 'XGBoost', 'Logistic Regression'])
PCA, suggested variance threshold is 0.95


In [5]:
"""
This is a helper method to place our performance results in a DataFrame for future analysis.
"""
def format_results_multiclass(y_test, predicted_values, fold_index, fitTime):
    # get scores
    accuracy = accuracy_score(y_test,predicted_values)
    recall_pos = recall_score(y_test, predicted_values, average='macro')
    precision_pos = precision_score(y_test,predicted_values, average='macro')
    f1 = f1_score(y_test,predicted_values, average='macro')

    cols = ["Fitting Time", "accuracy", "Precision", "Recall", "F1 Score"]
    results = [fitTime, accuracy, precision_pos, recall_pos, f1]

    outFrame = pd.DataFrame([results], columns=cols, index=[fold_index])

    return outFrame

This is for tuning on the multiclass set

In [6]:
models = {
    #"Decision Tree": DecisionTreeClassifier(random_state=42),
    #"Random Forest": RandomForestClassifier(random_state=42),
    #"XGBoost": xgb.XGBClassifier(random_state=42, num_class=12, objective='multi:softmax'),
    #"Linear SVC": make_pipeline(StandardScaler(), LinearSVC(random_state=42)),
    #"Logistic Regression": make_pipeline(StandardScaler(), LogisticRegression(random_state=42)),
    #"KNN": KNeighborsClassifier(),
    "Naive Bayes": GaussianNB(),
}

score_methods = ['accuracy']

feature_set = feature_sets["Multiclass"]

y = multiclass[" Label"].copy()
X = multiclass.drop([" Label"], axis=1)

y_test_f = multiclass[" Label"].copy()
X_test_f = multiclass.drop([" Label"], axis=1)

In [7]:
params = []

# This will hold all of our results.
runFrame = None

for name, model in models.items():
        for feature_key, feature_val in feature_set.items():

            # If we're on the RFE sets, check if we have one for this classifier. If not, skip it.
            if feature_key == "RFE Sets":
                if name in feature_val.keys():
                    feature_val = feature_val[name]
                else:
                    continue
            
            for score_method in score_methods:
                opt = BayesSearchCV(estimator=model,search_spaces=search_spaces[name],n_iter=50,scoring=score_method,cv=5,n_jobs=5)
                kf = StratifiedKFold(n_splits=5, random_state=42, shuffle=True)

                counter = 0

                # Used to hold data for a single run (performance metric)
                perfFrame = None

                for train_index, test_index in kf.split(X, y):

                    counter += 1

                    # PCA requires different logic to create X.
                    if feature_key != "PCA":
                        current_X = X.loc[:, feature_val]
                        X_train, X_test = current_X.iloc[train_index,:], current_X.iloc[test_index,:]
                        Y_train, Y_test = y.iloc[train_index], y.iloc[test_index]

                        current_X_f = X_test_f.loc[:, feature_val]
                        
                    else:
                        pca_trans = PCA(n_components=feature_val, random_state=42)
                        current_X = X.loc[:, X.columns]
                        X_train, X_test = current_X.iloc[train_index,:], current_X.iloc[test_index,:]
                        Y_train, Y_test = y.iloc[train_index], y.iloc[test_index]

                        # Apply PCA to training set and use it to transform test set.
                        X_train = pca_trans.fit_transform(X_train)
                        X_test = pca_trans.transform(X_test)
                        current_X_f = pca_trans.transform(X_test_f)

                        # Convert back to DataFrames
                        pca_cols = ["PC"+str(i) for i in list(range(1, len(X_train[0])+1))]
                        X_train = pd.DataFrame(data=X_train, columns=pca_cols)
                        X_test = pd.DataFrame(data=X_test, columns=pca_cols)
                        current_X_f = pd.DataFrame(data=current_X_f, columns=pca_cols)

                    startTime = time()

                    opt.fit(X_train,Y_train)

                    endTime = time()
                    fitTime = endTime - startTime

                    predicted_values = opt.predict(X_test)

                    # get metrics for this fold.
                    foldFrame = format_results_multiclass(Y_test, predicted_values, counter, fitTime)

                    # Add them to our lists of metric.
                    if perfFrame is None:
                        perfFrame = foldFrame
                    else:
                        perfFrame = pd.concat([perfFrame, foldFrame])

                    # Print a classification report on the testing results.
                    print("Validation Results: ")
                    print(classification_report(Y_test, predicted_values, target_names=multiclass_labels, digits=6))

                    print("Testing Results: ")
                    # Print a classification report on the testing results.
                    pred_test = opt.predict(current_X_f)
                    print(classification_report(y_test_f, pred_test, target_names=multiclass_labels, digits=6))

                    # Add tuple with the best params as well as the related model/config
                    params.append((f"Multiclass {name} {feature_key} {score_method} Fold {counter}", opt.best_params_))

                # Create a new line in the results table that averages all the folds
                perfFrame.loc["fold average"] = perfFrame.mean()

                # Mark the results table with the chosen classifier and the current performance metric.
                perfFrame['metric'] = [score_method for j in range(0,6)]
                perfFrame['Classifier'] = [name for j in range(0,6)]
                perfFrame['Feature Set'] = [feature_key for j in range(0,6)]
                perfFrame['Dataset'] = ["multiclass" for j in range(0,6)]
                print(f"{name} with {feature_key} and {score_method} completed.")

                # Add this run to the table with all runs.
                if runFrame is None:
                    runFrame = perfFrame
                else:
                    runFrame = pd.concat([runFrame, perfFrame])

# Write output file, best parameters, and best models to be used later.
runFrame.to_csv(f"multiclass_results_NB_{time()}.csv")
pickle.dump(params, open(f"multiclass_params_NB_{time()}.pickle", "wb"))

  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.165548  0.027747  0.047527      2667
        LDAP   0.000000  0.000000  0.000000      2667
       MSSQL   0.463415  0.071268  0.123537      2666
         NTP   0.846154  0.004126  0.008212      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.240123  0.852588  0.374712      2666
        SNMP   0.219088  0.850394  0.348414      2667
        SSDP   0.232759  0.010124  0.019404      2667
         Syn   0.374813  0.093738  0.149970      2667
        TFTP   0.979666  0.505812  0.667161      2667
         UDP   0.170042  0.572928  0.262250      2667
     UDP-lag   0.951515  0.058890  0.110915      2666

    accuracy                       0.253977     31999
   macro avg   0.386927  0.253968  0.176008     31999
weighted avg   0.386909  0.253977  0.176017     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.174793  0.028501  0.049010     13333
        LDAP   0.000000  0.000000  0.000000     13333
       MSSQL   0.484312  0.071777  0.125024     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.241098  0.853146  0.375952     13333
        SNMP   0.220371  0.860936  0.350918     13332
        SSDP   0.236842  0.012151  0.023116     13332
         Syn   0.407006  0.109803  0.172947     13333
        TFTP   0.983595  0.508138  0.670095     13333
         UDP   0.167977  0.560864  0.258526     13333
     UDP-lag   0.944444  0.057376  0.108181     13333

    accuracy                       0.255661    159993
   macro avg   0.393720  0.255662  0.178684    159993
weighted avg   0.393719  0.255661  0.178685    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.108209  0.032633  0.050144      2666
        LDAP   0.000000  0.000000  0.000000      2667
       MSSQL   0.000000  0.000000  0.000000      2666
         NTP   0.863636  0.007127  0.014137      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.212860  0.863892  0.341561      2667
        SNMP   0.246647  0.868766  0.384214      2667
        SSDP   0.237288  0.015748  0.029536      2667
         Syn   0.414040  0.108361  0.171768      2667
        TFTP   0.985075  0.494938  0.658847      2667
         UDP   0.175108  0.561305  0.266940      2667
     UDP-lag   0.940860  0.065641  0.122721      2666

    accuracy                       0.251570     31999
   macro avg   0.348644  0.251534  0.169989     31999
weighted avg   0.348638  0.251570  0.170010     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.098490  0.029851  0.045816     13333
        LDAP   1.000000  0.000075  0.000150     13333
       MSSQL   0.000000  0.000000  0.000000     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.210930  0.855396  0.338412     13333
        SNMP   0.245845  0.860936  0.382473     13332
        SSDP   0.218833  0.012376  0.023428     13332
         Syn   0.421447  0.109653  0.174027     13333
        TFTP   0.984729  0.507838  0.670097     13333
         UDP   0.173177  0.558914  0.264424     13333
     UDP-lag   0.940991  0.066977  0.125053     13333

    accuracy                       0.250605    159993
   macro avg   0.429887  0.250606  0.169526    159993
weighted avg   0.429886  0.250605  0.169527    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.099648  0.031883  0.048309      2666
        LDAP   0.000000  0.000000  0.000000      2667
       MSSQL   0.000000  0.000000  0.000000      2667
         NTP   0.833333  0.005626  0.011177      2666
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.494433  0.782527  0.605981      2667
        SNMP   0.194773  0.858215  0.317491      2666
        SSDP   0.218543  0.012378  0.023429      2666
         Syn   0.447332  0.122610  0.192466      2667
        TFTP   0.990427  0.504312  0.668323      2667
         UDP   0.128743  0.614404  0.212879      2666
     UDP-lag   0.928571  0.068241  0.127139      2667

    accuracy                       0.250008     31999
   macro avg   0.361317  0.250016  0.183933     31999
weighted avg   0.361327  0.250008  0.183943     31999

Testing Results: 
              precision    recall  f1-score   support

         DNS   0.098409  0.030151  0.04

  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.082051  0.023997  0.037134      2667
        LDAP   0.206908  0.698800  0.319280      2666
       MSSQL   0.000000  0.000000  0.000000      2667
         NTP   0.866667  0.004874  0.009694      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.496206  0.760030  0.600415      2667
        SNMP   0.628771  0.641035  0.634844      2666
        SSDP   0.209790  0.011253  0.021360      2666
         Syn   0.450599  0.112903  0.180564      2666
        TFTP   0.976995  0.509752  0.669953      2666
         UDP   0.132112  0.643661  0.219227      2666
     UDP-lag   0.939394  0.069741  0.129843      2667

    accuracy                       0.289643     31998
   macro avg   0.415791  0.289671  0.235193     31998
weighted avg   0.415788  0.289643  0.235173     31998

Testing Results: 
              precision    recall  f1-score   support

         DNS   0.098675  0.030151  0.04

  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.107188  0.031871  0.049133      2667
        LDAP   0.000000  0.000000  0.000000      2666
       MSSQL   0.125000  0.000375  0.000748      2667
         NTP   0.866667  0.004874  0.009694      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.380531  0.854839  0.526632      2666
        SNMP   0.208412  0.864216  0.335836      2666
        SSDP   0.240602  0.012003  0.022865      2666
         Syn   0.395973  0.110653  0.172970      2666
        TFTP   0.986601  0.524756  0.685113      2666
         UDP   0.127997  0.560555  0.208406      2667
     UDP-lag   0.950617  0.057743  0.108872      2667

    accuracy                       0.251797     31998
   macro avg   0.365799  0.251824  0.176689     31998
weighted avg   0.365798  0.251797  0.176668     31998

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.098578  0.030151  0.046178     13333
        LDAP   0.000000  0.000000  0.000000     13333
       MSSQL   0.062500  0.000150  0.000299     13333
         NTP   0.829545  0.005476  0.010879     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.380224  0.852246  0.525846     13333
        SNMP   0.206754  0.861011  0.333440     13332
        SSDP   0.232394  0.012376  0.023501     13332
         Syn   0.413667  0.110328  0.174196     13333
        TFTP   0.985700  0.506638  0.669276     13333
         UDP   0.130846  0.573089  0.213049     13333
     UDP-lag   0.945080  0.061952  0.116281     13333

    accuracy                       0.251117    159993
   macro avg   0.357107  0.251118  0.176079    159993
weighted avg   0.357106  0.251117  0.176080    159993

Naive Bayes with All and accuracy completed.


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.163717  0.027747  0.047451      2667
        LDAP   0.459176  0.672666  0.545786      2667
       MSSQL   0.462871  0.070143  0.121824      2666
         NTP   0.846154  0.004126  0.008212      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.240525  0.852213  0.375165      2666
        SNMP   0.281972  0.682040  0.398991      2667
        SSDP   0.230769  0.010124  0.019397      2667
         Syn   0.131180  0.100487  0.113800      2667
        TFTP   0.984127  0.023247  0.045421      2667
         UDP   0.169872  0.572928  0.262048      2667
     UDP-lag   0.944444  0.038260  0.073540      2666

    accuracy                       0.254508     31999
   macro avg   0.409567  0.254498  0.167636     31999
weighted avg   0.409553  0.254508  0.167644     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.172570  0.028501  0.048922     13333
        LDAP   0.459989  0.683342  0.549849     13333
       MSSQL   0.481195  0.070052  0.122299     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.241540  0.852771  0.376453     13333
        SNMP   0.287301  0.696445  0.406791     13332
        SSDP   0.236152  0.012151  0.023113     13332
         Syn   0.147953  0.116028  0.130060     13333
        TFTP   0.994118  0.025351  0.049441     13333
         UDP   0.167864  0.560789  0.258384     13333
     UDP-lag   0.926874  0.038026  0.073055     13333

    accuracy                       0.257393    159993
   macro avg   0.414979  0.257392  0.170734    159993
weighted avg   0.414979  0.257393  0.170734    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.108479  0.032633  0.050173      2666
        LDAP   0.461442  0.693288  0.554091      2667
       MSSQL   0.000000  0.000000  0.000000      2666
         NTP   0.863636  0.007127  0.014137      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.205969  0.864267  0.332660      2667
        SNMP   0.362942  0.712411  0.480891      2667
        SSDP   0.237288  0.015748  0.029536      2667
         Syn   0.150074  0.114736  0.130047      2667
        TFTP   0.968750  0.011624  0.022971      2667
         UDP   0.179657  0.560930  0.272148      2667
     UDP-lag   0.937500  0.045011  0.085898      2666

    accuracy                       0.254852     31999
   macro avg   0.372978  0.254815  0.164379     31999
weighted avg   0.372977  0.254852  0.164400     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.098588  0.029851  0.045826     13333
        LDAP   0.460059  0.683342  0.549899     13333
       MSSQL   0.000000  0.000000  0.000000     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.204289  0.855921  0.329850     13333
        SNMP   0.355154  0.696670  0.470469     13332
        SSDP   0.218833  0.012376  0.023428     13332
         Syn   0.148416  0.115578  0.129954     13333
        TFTP   0.986667  0.011100  0.021954     13333
         UDP   0.177638  0.558614  0.269557     13333
     UDP-lag   0.924559  0.043201  0.082545     13333

    accuracy                       0.250992    159993
   macro avg   0.369867  0.250992  0.161160    159993
weighted avg   0.369865  0.250992  0.161160    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.099765  0.031883  0.048323      2666
        LDAP   0.458239  0.685039  0.549143      2667
       MSSQL   0.000000  0.000000  0.000000      2667
         NTP   0.833333  0.005626  0.011177      2666
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.243931  0.851519  0.379227      2667
        SNMP   0.286642  0.695424  0.405956      2666
        SSDP   0.220000  0.012378  0.023438      2666
         Syn   0.159828  0.125609  0.140668      2667
        TFTP   1.000000  0.010499  0.020779      2667
         UDP   0.165508  0.553638  0.254834      2666
     UDP-lag   0.892086  0.046494  0.088382      2667

    accuracy                       0.251508     31999
   macro avg   0.363278  0.251509  0.160161     31999
weighted avg   0.363284  0.251508  0.160162     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.098433  0.030151  0.046162     13333
        LDAP   0.460059  0.683342  0.549899     13333
       MSSQL   0.000000  0.000000  0.000000     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.241574  0.852546  0.376472     13333
        SNMP   0.287398  0.696745  0.406939     13332
        SSDP   0.233380  0.012376  0.023506     13332
         Syn   0.148905  0.115278  0.129951     13333
        TFTP   0.986755  0.011175  0.022100     13333
         UDP   0.167792  0.560864  0.258307     13333
     UDP-lag   0.925439  0.047476  0.090319     13333

    accuracy                       0.251267    159993
   macro avg   0.367828  0.251267  0.159508    159993
weighted avg   0.367826  0.251267  0.159508    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.082051  0.023997  0.037134      2667
        LDAP   0.206885  0.698800  0.319253      2666
       MSSQL   0.000000  0.000000  0.000000      2667
         NTP   0.866667  0.004874  0.009694      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.495115  0.760030  0.599615      2667
        SNMP   0.628771  0.641035  0.634844      2666
        SSDP   0.209790  0.011253  0.021360      2666
         Syn   0.158049  0.121530  0.137405      2666
        TFTP   1.000000  0.030008  0.058267      2666
         UDP   0.132238  0.643286  0.219380      2666
     UDP-lag   0.919708  0.047244  0.089872      2667

    accuracy                       0.248484     31998
   macro avg   0.391606  0.248505  0.177235     31998
weighted avg   0.391607  0.248484  0.177225     31998

Testing Results: 
              precision    recall  f1-score   support

         DNS   0.098675  0.030151  0.04

  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.173362  0.030746  0.052229      2667
        LDAP   0.456527  0.683421  0.547394      2666
       MSSQL   0.448649  0.062242  0.109318      2667
         NTP   0.866667  0.004874  0.009694      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.240899  0.856339  0.376019      2666
        SNMP   0.284434  0.678545  0.400842      2666
        SSDP   0.242424  0.012003  0.022873      2666
         Syn   0.142791  0.115529  0.127721      2666
        TFTP   1.000000  0.011253  0.022255      2666
         UDP   0.163890  0.545932  0.252099      2667
     UDP-lag   0.935780  0.038245  0.073487      2667

    accuracy                       0.253235     31998
   macro avg   0.412952  0.253261  0.166161     31998
weighted avg   0.412955  0.253235  0.166145     31998

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.161035  0.028951  0.049078     13333
        LDAP   0.453689  0.686642  0.546371     13333
       MSSQL   0.436249  0.062102  0.108726     13333
         NTP   0.829545  0.005476  0.010879     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.240502  0.853146  0.375227     13333
        SNMP   0.282630  0.676493  0.398692     13332
        SSDP   0.232722  0.012376  0.023503     13332
         Syn   0.148109  0.115728  0.129931     13333
        TFTP   0.986928  0.011325  0.022394     13333
         UDP   0.168572  0.560789  0.259222     13333
     UDP-lag   0.923469  0.040726  0.078012     13333

    accuracy                       0.254480    159993
   macro avg   0.405287  0.254479  0.166836    159993
weighted avg   0.405287  0.254480  0.166837    159993

Naive Bayes with Correlation and accuracy completed.


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.165548  0.027747  0.047527      2667
        LDAP   0.443410  0.678665  0.536376      2667
       MSSQL   0.459854  0.070893  0.122847      2666
         NTP   0.846154  0.004126  0.008212      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.307266  0.851838  0.451626      2666
        SNMP   0.303692  0.641545  0.412239      2667
        SSDP   0.228070  0.009749  0.018698      2667
         Syn   0.211542  0.999250  0.349165      2667
        TFTP   0.984375  0.023622  0.046137      2667
         UDP   0.003295  0.001500  0.002061      2667
     UDP-lag   0.838710  0.009752  0.019281      2666

    accuracy                       0.276571     31999
   macro avg   0.399326  0.276557  0.167847     31999
weighted avg   0.399312  0.276571  0.167855     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.174873  0.028501  0.049013     13333
        LDAP   0.444171  0.689492  0.540288     13333
       MSSQL   0.478937  0.071627  0.124617     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.305887  0.852621  0.450245     13333
        SNMP   0.310502  0.654890  0.421268     13332
        SSDP   0.235650  0.011701  0.022295     13332
         Syn   0.212435  0.998425  0.350330     13333
        TFTP   0.994169  0.025576  0.049868     13333
         UDP   0.004890  0.002175  0.003011     13333
     UDP-lag   0.878788  0.010875  0.021485     13333

    accuracy                       0.279262    159993
   macro avg   0.408708  0.279261  0.170238    159993
weighted avg   0.408707  0.279262  0.170238    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.193473  0.031133  0.053635      2666
        LDAP   0.439612  0.697413  0.539287      2667
       MSSQL   0.437352  0.069392  0.119780      2666
         NTP   0.863636  0.007127  0.014137      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.278988  0.864267  0.421814      2667
        SNMP   0.340252  0.657668  0.448479      2667
        SSDP   0.253012  0.015748  0.029651      2667
         Syn   0.207160  0.998125  0.343108      2667
        TFTP   0.968750  0.011624  0.022971      2667
         UDP   0.000000  0.000000  0.000000      2667
     UDP-lag   0.897959  0.016504  0.032413      2666

    accuracy                       0.280790     31999
   macro avg   0.406683  0.280750  0.168773     31999
weighted avg   0.406672  0.280790  0.168792     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.173675  0.028501  0.048966     13333
        LDAP   0.440292  0.691067  0.537887     13333
       MSSQL   0.441509  0.070202  0.121142     13333
         NTP   0.864198  0.005251  0.010438     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.276530  0.855846  0.418001     13333
        SNMP   0.335032  0.646040  0.441240     13332
        SSDP   0.232394  0.012376  0.023501     13332
         Syn   0.206214  0.998125  0.341809     13333
        TFTP   0.986667  0.011100  0.021954     13333
         UDP   0.000000  0.000000  0.000000     13333
     UDP-lag   0.882927  0.013575  0.026740     13333

    accuracy                       0.277675    159993
   macro avg   0.403286  0.277674  0.165973    159993
weighted avg   0.403285  0.277675  0.165973    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.099765  0.031883  0.048323      2666
        LDAP   0.468151  0.677915  0.553837      2667
       MSSQL   0.000000  0.000000  0.000000      2667
         NTP   0.789474  0.005626  0.011173      2666
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.496314  0.782527  0.607392      2667
        SNMP   0.244985  0.728432  0.366657      2666
        SSDP   0.218543  0.012378  0.023429      2666
         Syn   0.229925  0.997375  0.373700      2667
        TFTP   1.000000  0.022497  0.044004      2667
         UDP   0.056376  0.070143  0.062510      2666
     UDP-lag   0.833333  0.011249  0.022198      2667

    accuracy                       0.278352     31999
   macro avg   0.369739  0.278335  0.176102     31999
weighted avg   0.369753  0.278352  0.176114     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.098481  0.030151  0.046167     13333
        LDAP   0.471683  0.676517  0.555829     13333
       MSSQL   0.000000  0.000000  0.000000     13333
         NTP   0.853659  0.005251  0.010437     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.499469  0.776119  0.607794     13333
        SNMP   0.246726  0.733498  0.369249     13332
        SSDP   0.231417  0.012376  0.023496     13332
         Syn   0.229301  0.998050  0.372923     13333
        TFTP   0.994152  0.025501  0.049726     13333
         UDP   0.062118  0.079352  0.069685     13333
     UDP-lag   0.876847  0.013350  0.026300     13333

    accuracy                       0.279181    159993
   macro avg   0.380321  0.279180  0.177634    159993
weighted avg   0.380320  0.279181  0.177635    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.081946  0.023997  0.037123      2667
        LDAP   0.206610  0.698800  0.318925      2666
       MSSQL   0.000000  0.000000  0.000000      2667
         NTP   0.866667  0.004874  0.009694      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.498524  0.760030  0.602109      2667
        SNMP   0.619341  0.641410  0.630182      2666
        SSDP   0.209790  0.011253  0.021360      2666
         Syn   0.226808  0.997749  0.369598      2666
        TFTP   1.000000  0.030383  0.058973      2666
         UDP   0.061997  0.078020  0.069092      2666
     UDP-lag   0.911111  0.015373  0.030236      2667

    accuracy                       0.271798     31998
   macro avg   0.390233  0.271824  0.178941     31998
weighted avg   0.390233  0.271798  0.178929     31998

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.098626  0.030151  0.046183     13333
        LDAP   0.205446  0.694367  0.317077     13333
       MSSQL   0.000000  0.000000  0.000000     13333
         NTP   0.829545  0.005476  0.010879     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.500823  0.775969  0.608749     13333
        SNMP   0.625709  0.645515  0.635457     13332
        SSDP   0.231417  0.012376  0.023496     13332
         Syn   0.226286  0.998050  0.368927     13333
        TFTP   0.994135  0.025426  0.049583     13333
         UDP   0.062850  0.076652  0.069068     13333
     UDP-lag   0.876238  0.013275  0.026154     13333

    accuracy                       0.273106    159993
   macro avg   0.387590  0.273105  0.179631    159993
weighted avg   0.387586  0.273106  0.179630    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.240550  0.026247  0.047329      2667
        LDAP   0.444042  0.689047  0.540056      2666
       MSSQL   0.356757  0.074241  0.122905      2667
         NTP   0.866667  0.004874  0.009694      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.300749  0.858590  0.445461      2666
        SNMP   0.315551  0.652288  0.425339      2666
        SSDP   0.250000  0.012003  0.022906      2666
         Syn   0.210007  0.998125  0.347004      2666
        TFTP   1.000000  0.012003  0.023721      2666
         UDP   0.004936  0.001875  0.002717      2667
     UDP-lag   0.882353  0.011249  0.022214      2667

    accuracy                       0.278330     31998
   macro avg   0.405968  0.278378  0.167446     31998
weighted avg   0.405965  0.278330  0.167421     31998

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.228530  0.023551  0.042701     13333
        LDAP   0.440260  0.690917  0.537817     13333
       MSSQL   0.340020  0.075002  0.122895     13333
         NTP   0.829545  0.005476  0.010879     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.300903  0.854796  0.445117     13333
        SNMP   0.311751  0.646115  0.420575     13332
        SSDP   0.237189  0.012151  0.023118     13332
         Syn   0.210098  0.998350  0.347142     13333
        TFTP   0.987730  0.012075  0.023859     13333
         UDP   0.002724  0.000975  0.001436     13333
     UDP-lag   0.885870  0.012225  0.024118     13333

    accuracy                       0.277637    159993
   macro avg   0.397885  0.277636  0.166638    159993
weighted avg   0.397884  0.277637  0.166638    159993

Naive Bayes with Mutual Information and accuracy completed.


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.105405  0.029246  0.045788      2667
        LDAP   0.438541  0.680915  0.533490      2667
       MSSQL   0.401664  0.343961  0.370580      2666
         NTP   0.051546  0.005626  0.010145      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.411765  0.790323  0.541436      2666
        SNMP   0.553946  0.544807  0.549338      2667
        SSDP   0.058824  0.000375  0.000745      2667
         Syn   0.196637  0.999625  0.328629      2667
        TFTP   0.000000  0.000000  0.000000      2667
         UDP   0.000000  0.000000  0.000000      2667
     UDP-lag   0.003472  0.000750  0.001234      2666

    accuracy                       0.282978     31999
   macro avg   0.185150  0.282969  0.198449     31999
weighted avg   0.185152  0.282978  0.198451     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.109487  0.029776  0.046819     13333
        LDAP   0.438489  0.692117  0.536855     13333
       MSSQL   0.412686  0.351834  0.379838     13333
         NTP   0.066026  0.007726  0.013833     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.407438  0.787220  0.536962     13333
        SNMP   0.567005  0.553480  0.560161     13332
        SSDP   0.109589  0.000600  0.001194     13332
         Syn   0.197717  0.999175  0.330112     13333
        TFTP   0.000000  0.000000  0.000000     13333
         UDP   0.000000  0.000000  0.000000     13333
     UDP-lag   0.002096  0.000450  0.000741     13333

    accuracy                       0.285200    159993
   macro avg   0.192544  0.285198  0.200543    159993
weighted avg   0.192543  0.285200  0.200543    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.132512  0.032258  0.051885      2666
        LDAP   0.438324  0.698163  0.538539      2667
       MSSQL   0.415696  0.361590  0.386760      2666
         NTP   0.087500  0.010503  0.018754      2666
     NetBIOS   0.000000  0.000000  0.000000      2666
     Portmap   0.408801  0.794151  0.539755      2667
        SNMP   0.574067  0.559430  0.566654      2667
        SSDP   0.048544  0.001875  0.003610      2667
         Syn   0.201193  0.999250  0.334946      2667
        TFTP   0.000000  0.000000  0.000000      2667
         UDP   0.000000  0.000000  0.000000      2667
     UDP-lag   0.001427  0.000375  0.000594      2666

    accuracy                       0.288165     31999
   macro avg   0.192339  0.288133  0.203458     31999
weighted avg   0.192349  0.288165  0.203476     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.123058  0.029701  0.047852     13333
        LDAP   0.438406  0.692117  0.536793     13333
       MSSQL   0.420017  0.363534  0.389740     13333
         NTP   0.067942  0.007726  0.013874     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.407671  0.786845  0.537077     13333
        SNMP   0.569156  0.552805  0.560861     13332
        SSDP   0.055238  0.002175  0.004186     13332
         Syn   0.199775  0.999175  0.332975     13333
        TFTP   0.000000  0.000000  0.000000     13333
         UDP   0.000000  0.000000  0.000000     13333
     UDP-lag   0.001953  0.000525  0.000828     13333

    accuracy                       0.286219    159993
   macro avg   0.190268  0.286217  0.202015    159993
weighted avg   0.190267  0.286219  0.202016    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.109375  0.031508  0.048923      2666
        LDAP   0.436351  0.694038  0.535823      2667
       MSSQL   0.437031  0.392951  0.413820      2667
         NTP   0.069536  0.007877  0.014151      2666
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.410860  0.791526  0.540935      2667
        SNMP   0.571983  0.552888  0.562274      2666
        SSDP   0.538462  0.002626  0.005226      2666
         Syn   0.200814  0.999250  0.334421      2667
        TFTP   0.000000  0.000000  0.000000      2667
         UDP   0.000000  0.000000  0.000000      2666
     UDP-lag   0.001391  0.000375  0.000591      2667

    accuracy                       0.289447     31999
   macro avg   0.231317  0.289420  0.204680     31999
weighted avg   0.231313  0.289447  0.204693     31999

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.108381  0.029776  0.046717     13333
        LDAP   0.438385  0.692117  0.536777     13333
       MSSQL   0.431264  0.380935  0.404540     13333
         NTP   0.067057  0.007726  0.013855     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.407343  0.787220  0.536880     13333
        SNMP   0.569289  0.553105  0.561080     13332
        SSDP   0.333333  0.001500  0.002987     13332
         Syn   0.200364  0.999100  0.333789     13333
        TFTP   0.000000  0.000000  0.000000     13333
         UDP   0.000000  0.000000  0.000000     13333
     UDP-lag   0.001593  0.000450  0.000702     13333

    accuracy                       0.287663    159993
   macro avg   0.213084  0.287661  0.203111    159993
weighted avg   0.213082  0.287663  0.203111    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.104478  0.023622  0.038532      2667
        LDAP   0.437206  0.697299  0.537439      2666
       MSSQL   0.402797  0.334833  0.365684      2667
         NTP   0.059561  0.007124  0.012726      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.400116  0.773528  0.527419      2667
        SNMP   0.568393  0.551763  0.559954      2666
        SSDP   0.037037  0.001500  0.002884      2666
         Syn   0.197567  0.998875  0.329885      2666
        TFTP   0.000000  0.000000  0.000000      2666
         UDP   0.000000  0.000000  0.000000      2666
     UDP-lag   0.001745  0.000375  0.000617      2667

    accuracy                       0.282393     31998
   macro avg   0.184075  0.282410  0.197928     31998
weighted avg   0.184071  0.282393  0.197921     31998

Testing Results: 


  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


              precision    recall  f1-score   support

         DNS   0.123318  0.029551  0.047677     13333
        LDAP   0.438489  0.692117  0.536855     13333
       MSSQL   0.412582  0.351684  0.379707     13333
         NTP   0.067942  0.007726  0.013874     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.407533  0.787220  0.537045     13333
        SNMP   0.567821  0.553255  0.560444     13332
        SSDP   0.052920  0.002175  0.004179     13332
         Syn   0.197679  0.999175  0.330059     13333
        TFTP   0.000000  0.000000  0.000000     13333
         UDP   0.000000  0.000000  0.000000     13333
     UDP-lag   0.002101  0.000450  0.000741     13333

    accuracy                       0.285281    159993
   macro avg   0.189199  0.285279  0.200882    159993
weighted avg   0.189198  0.285281  0.200882    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


Validation Results: 
              precision    recall  f1-score   support

         DNS   0.134281  0.031871  0.051515      2667
        LDAP   0.441989  0.690173  0.538878      2666
       MSSQL   0.420721  0.350206  0.382239      2667
         NTP   0.064516  0.007499  0.013436      2667
     NetBIOS   0.000000  0.000000  0.000000      2667
     Portmap   0.406165  0.785821  0.535532      2666
        SNMP   0.574411  0.557389  0.565772      2666
        SSDP   0.000000  0.000000  0.000000      2666
         Syn   0.198791  0.998875  0.331590      2666
        TFTP   0.000000  0.000000  0.000000      2666
         UDP   0.000000  0.000000  0.000000      2667
     UDP-lag   0.001361  0.000375  0.000588      2667

    accuracy                       0.285143     31998
   macro avg   0.186853  0.285184  0.201629     31998
weighted avg   0.186837  0.285143  0.201605     31998

Testing Results: 
              precision    recall  f1-score   support

         DNS   0.121704  0.029776  0.04

  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))


In [8]:
best = pickle.load(open("multiclass_params_NB_1670716706.2672274.pickle", 'rb'))

In [16]:
final_feature_set = None
for key, value in feature_sets["Multiclass"].items():
    if key == "Mutual Information":
        final_feature_set = value
        break

print(final_feature_set)

X_fin = X.loc[:, final_feature_set]
x_test_fin = X_test_f.loc[:, final_feature_set]

[' Protocol', ' Flow Duration', ' Total Fwd Packets', 'Total Length of Fwd Packets', ' Fwd Packet Length Max', ' Fwd Packet Length Min', ' Fwd Packet Length Mean', ' Fwd Packet Length Std', 'Flow Bytes/s', ' Flow Packets/s', ' Flow IAT Mean', ' Flow IAT Std', ' Flow IAT Max', ' Flow IAT Min', 'Fwd IAT Total', ' Fwd IAT Mean', ' Fwd IAT Std', ' Fwd IAT Max', ' Fwd IAT Min', ' Fwd Header Length', 'Fwd Packets/s', ' Min Packet Length', ' Max Packet Length', ' Packet Length Mean', ' Packet Length Std', ' Packet Length Variance', ' ACK Flag Count', ' Average Packet Size', ' Avg Fwd Segment Size', ' Fwd Header Length.1', 'Subflow Fwd Packets', ' Subflow Fwd Bytes', 'Init_Win_bytes_forward', ' act_data_pkt_fwd', ' min_seg_size_forward']


In [24]:
for i in range(10, 15):
    print(best[i])

('Multiclass Naive Bayes Mutual Information accuracy Fold 1', OrderedDict([('var_smoothing', 4.049813277792584e-08)]))
('Multiclass Naive Bayes Mutual Information accuracy Fold 2', OrderedDict([('var_smoothing', 1e-07)]))
('Multiclass Naive Bayes Mutual Information accuracy Fold 3', OrderedDict([('var_smoothing', 1.382265033644363e-08)]))
('Multiclass Naive Bayes Mutual Information accuracy Fold 4', OrderedDict([('var_smoothing', 1.6617172281871747e-08)]))
('Multiclass Naive Bayes Mutual Information accuracy Fold 5', OrderedDict([('var_smoothing', 8.845459792087945e-08)]))


In [23]:
clf = GaussianNB(var_smoothing = 1e-07)
clf.fit(X_fin, y)
pred_test = clf.predict(x_test_fin)
print(classification_report(y_test_f, pred_test, target_names=multiclass_labels, digits=6))

              precision    recall  f1-score   support

         DNS   0.173833  0.028501  0.048972     13333
        LDAP   0.439535  0.691592  0.537480     13333
       MSSQL   0.438842  0.070502  0.121486     13333
         NTP   0.855422  0.005326  0.010585     13332
     NetBIOS   0.000000  0.000000  0.000000     13333
     Portmap   0.296180  0.854796  0.439928     13333
        SNMP   0.318515  0.645965  0.426653     13332
        SSDP   0.235465  0.012151  0.023110     13332
         Syn   0.204984  0.998200  0.340123     13333
        TFTP   0.986667  0.011100  0.021954     13333
         UDP   0.003204  0.000750  0.001216     13333
     UDP-lag   0.879397  0.013125  0.025865     13333

    accuracy                       0.277668    159993
   macro avg   0.402670  0.277667  0.166448    159993
weighted avg   0.402669  0.277668  0.166448    159993



  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
  _warn_prf(average, modifier, msg_start, len(result))
