# Data Preprocessing

### On the CICIDS2017 Dataset
---------------------------------------------

## Combine all Data Files

In [1]:
import pandas as pd
import os

# combine all CICIDS2017 files
path = '../data/CICIDS2017/'
combined_df = pd.DataFrame()
for file in os.listdir(path):
    if file.endswith('.csv'):
        print(file)
        df = pd.read_csv(path + file)
        combined_df = pd.concat([combined_df, df], ignore_index=True)

    

combined_df.head()

Friday-WorkingHours-Afternoon-DDos.pcap_ISCX.csv
Friday-WorkingHours-Afternoon-PortScan.pcap_ISCX.csv
Friday-WorkingHours-Morning.pcap_ISCX.csv
Monday-WorkingHours.pcap_ISCX.csv
Thursday-WorkingHours-Afternoon-Infilteration.pcap_ISCX.csv
Thursday-WorkingHours-Morning-WebAttacks.pcap_ISCX.csv
Tuesday-WorkingHours.pcap_ISCX.csv
Wednesday-workingHours.pcap_ISCX.csv


Unnamed: 0,Destination Port,Flow Duration,Total Fwd Packets,Total Backward Packets,Total Length of Fwd Packets,Total Length of Bwd Packets,Fwd Packet Length Max,Fwd Packet Length Min,Fwd Packet Length Mean,Fwd Packet Length Std,...,min_seg_size_forward,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,54865,3,2,0,12,0,6,6,6.0,0.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
1,55054,109,1,1,6,6,6,6,6.0,0.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
2,55055,52,1,1,6,6,6,6,6.0,0.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
3,46236,34,1,1,6,6,6,6,6.0,0.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN
4,54863,3,2,0,12,0,6,6,6.0,0.0,...,20,0.0,0.0,0,0,0.0,0.0,0,0,BENIGN


In [14]:
print(combined_df[' Label'].value_counts())
print('Shape: ', combined_df.shape)

df = combined_df.copy()

 Label
BENIGN                        2273097
DoS Hulk                       231073
PortScan                       158930
DDoS                           128027
DoS GoldenEye                   10293
FTP-Patator                      7938
SSH-Patator                      5897
DoS slowloris                    5796
DoS Slowhttptest                 5499
Bot                              1966
Web Attack � Brute Force         1507
Web Attack � XSS                  652
Infiltration                       36
Web Attack � Sql Injection         21
Heartbleed                         11
Name: count, dtype: int64
Shape:  (2830743, 79)


## Refactor Data

### Remove NaN and Infinity Values

In [15]:
import numpy as np

# print number of rows with NaN values
print("Number of rows with NaN values: ", df.isnull().sum().sum())

# print number of rows with Infinity values
inf_rows = df.isin([np.inf, -np.inf]).any(axis=1)
print(f"Number of rows with Infinity values: {inf_rows.sum()}")


print("Removing NaN and Infinity values....")
# remove NaN values
df.dropna(inplace=True)
# remove Infinity values
df = df[~inf_rows]


# check if there are still NaN or Infinity values
print(f"Remaining NaN Values: {df.isnull().sum().sum()}")
print(f"Remaining Infinity values: {df.isin([np.inf, -np.inf]).any(axis=1).sum()}")
print('Shape after removing NaN and Infinity values: ', df.shape)


Number of rows with NaN values:  1358
Number of rows with Infinity values: 2867
Removing NaN and Infinity values....


  df = df[~inf_rows]


Remaining NaN Values: 0
Remaining Infinity values: 0
Shape after removing NaN and Infinity values:  (2827876, 79)


## Split Label & Features

In [4]:
# feature_df = df.drop(columns=' Label')
# label_df = df[' Label']

## Symbolic Feature Encoding

In [16]:
# check for symbolic values
print("Checking for symbolic values....")
symbolic_values = df.select_dtypes(include=['object']).columns
print(f"Symbolic values: {symbolic_values}")

Checking for symbolic values....
Symbolic values: Index([' Label'], dtype='object')


In [None]:
from sklearn.preprocessing import LabelEncoder

# binary label encoding 
print("Binary label encoding....")
df[' Label'] = df[' Label'].apply(lambda x: 0 if x == 'BENIGN' else 1)
print(df[' Label'].value_counts())

# multi-class label encoding
# TODO: keep the column name
# print("Multi-class label encoding....")
# label_encoder = LabelEncoder()
# multiclass_label_df = label_encoder.fit_transform(label_df)
# multiclass_label_df = pd.Series(multiclass_label_df)
# print(multiclass_label_df.value_counts())

Binary label encoding....
 Label
0    2271320
1     556556
Name: count, dtype: int64


In [10]:
# from sklearn.preprocessing import LabelEncoder

# # check for symbolic values
# print("Checking for symbolic values....")
# symbolic_values = features.select_dtypes(include=['object']).columns
# print(f"Symbolic values: {symbolic_values}")

# # binary label encoding
# binary_label_df = label.apply(lambda x: 0 if x == 'BENIGN' else 1)
# print(f"Binary Label: {binary_label_df.value_counts()}")

# # multiclass label encoding
# label_encoder = LabelEncoder()
# multiclass_label_df = label_encoder.fit_transform(label_df)
# # refactor to dataframe
# multiclass_label_df = pd.DataFrame(multiclass_label_df)
# print(f"Multiclass Label: {label_encoder.classes_}")
# # print unique labels and their counts
# unique_labels, counts = np.unique(multiclass_label_df, return_counts=True)
# print(f"Unique Labels: {unique_labels}")
# print(f"Unique Labels Counts: {counts}")
# # set column name
# multiclass_label_df.name = ' Label'


Checking for symbolic values....
Symbolic values: Index([' Label'], dtype='object')
Binary Label:  Label
0    2271320
1     556556
Name: count, dtype: int64
Multiclass Label: ['BENIGN' 'Bot' 'DDoS' 'DoS GoldenEye' 'DoS Hulk' 'DoS Slowhttptest'
 'DoS slowloris' 'FTP-Patator' 'Heartbleed' 'Infiltration' 'PortScan'
 'SSH-Patator' 'Web Attack � Brute Force' 'Web Attack � Sql Injection'
 'Web Attack � XSS']
Unique Labels: [ 0  1  2  3  4  5  6  7  8  9 10 11 12 13 14]
Unique Labels Counts: [2271320    1956  128025   10293  230124    5499    5796    7935      11
      36  158804    5897    1507      21     652]


## Remove Feature Columns with only 0 values

In [18]:
# check for columns which contain only 0 values
print("Columns which contain only 0 values....")
zero_columns = df.columns[(df.sum() == 0)]
print(f"Zero Columns: {zero_columns}")
# drop columns with only 0 values
df.drop(columns=zero_columns, inplace=True)
print("Dropped Zero Columns....")

Columns which contain only 0 values....
Zero Columns: Index([' Bwd PSH Flags', ' Bwd URG Flags', 'Fwd Avg Bytes/Bulk',
       ' Fwd Avg Packets/Bulk', ' Fwd Avg Bulk Rate', ' Bwd Avg Bytes/Bulk',
       ' Bwd Avg Packets/Bulk', 'Bwd Avg Bulk Rate'],
      dtype='object')
Dropped Zero Columns....


## Normalization

### Min-Max, Standard and No-Norm Normalization

In [19]:
from sklearn.preprocessing import StandardScaler, MinMaxScaler


# min-max normalization
# TODO: min-max normalization without label column
print("Min-Max Normalization....")
min_max_scaler = MinMaxScaler()
min_max_norm = min_max_scaler.fit_transform(df)
min_max_norm = pd.DataFrame(min_max_norm, columns=df.columns)
print(min_max_norm.shape)
print(min_max_norm.head(2))

# TODO: standardization without label column
# print("Standardization....")
# scaler = StandardScaler()
# standard_norm = scaler.fit_transform(feature_df)
# standard_norm = pd.DataFrame(standard_norm, columns=feature_df.columns)
# print(standard_norm.shape)
# standard_norm.head(2)

# TODO: no normalization
# print("No Normalization....")
# no_norm = feature_df.copy()
# print(no_norm.shape)
# print(no_norm.head(2))

# store the normalized data
min_max_norm.to_csv('../data/preprocessed/test3.csv', index=False)

Min-Max Normalization....
(2827876, 71)
    Destination Port   Flow Duration   Total Fwd Packets  \
0           0.837186    1.333333e-07            0.000005   
1           0.840070    1.016667e-06            0.000000   

    Total Backward Packets  Total Length of Fwd Packets  \
0                 0.000000                 9.302326e-07   
1                 0.000003                 4.651163e-07   

    Total Length of Bwd Packets   Fwd Packet Length Max  \
0                  0.000000e+00                0.000242   
1                  9.153974e-09                0.000242   

    Fwd Packet Length Min   Fwd Packet Length Mean   Fwd Packet Length Std  \
0                0.002581                  0.00101                     0.0   
1                0.002581                  0.00101                     0.0   

   ...   min_seg_size_forward  Active Mean   Active Std   Active Max  \
0  ...                    1.0          0.0          0.0          0.0   
1  ...                    1.0          0.0  

In [20]:
# from sklearn.preprocessing import StandardScaler, MinMaxScaler

# # normalize features
# scaler = StandardScaler()

# # min-max normalization
# min_max_scaler = MinMaxScaler()
# min_max_feature_df = min_max_scaler.fit_transform(feature_df)
# min_max_feature_df = pd.DataFrame(min_max_feature_df, columns=feature_df.columns)
# print("Min-Max Normalization")
# print(min_max_feature_df.head())

# # standard normalization
# standard_feature_df = scaler.fit_transform(feature_df)
# standard_feature_df = pd.DataFrame(standard_feature_df, columns=feature_df.columns)
# print("Standard Normalization")
# print(standard_feature_df.head())

# # no normalization
# print("No Normalization")
# no_norm_df = feature_df
# print(no_norm_df.head())


Min-Max Normalization
    Destination Port   Flow Duration   Total Fwd Packets  \
0           0.837186    1.333333e-07            0.000005   
1           0.840070    1.016667e-06            0.000000   
2           0.840085    5.416666e-07            0.000000   
3           0.705516    3.916666e-07            0.000000   
4           0.837156    1.333333e-07            0.000005   

    Total Backward Packets  Total Length of Fwd Packets  \
0                 0.000000                 9.302326e-07   
1                 0.000003                 4.651163e-07   
2                 0.000003                 4.651163e-07   
3                 0.000003                 4.651163e-07   
4                 0.000000                 9.302326e-07   

    Total Length of Bwd Packets   Fwd Packet Length Max  \
0                  0.000000e+00                0.000242   
1                  9.153974e-09                0.000242   
2                  9.153974e-09                0.000242   
3                  9.15397

## Store Data

In [9]:
# combine features and labels
binary_min_max_combined_df = pd.concat([min_max_feature_df, binary_label_df], axis=1)
print("Binary Min-Max Combined")
print(binary_min_max_combined_df.head(1))
binary_standard_combined_df = pd.concat([standard_feature_df, binary_label_df], axis=1)
binary_no_norm_combined_df = pd.concat([no_norm_df, binary_label_df], axis=1)
multiclass_min_max_combined_df = pd.concat([min_max_feature_df, multiclass_label_df], axis=1)
multiclass_standard_combined_df = pd.concat([standard_feature_df, multiclass_label_df], axis=1)
multiclass_no_norm_combined_df = pd.concat([no_norm_df, multiclass_label_df], axis=1)


# store dataframes to csv
binary_min_max_combined_df.to_csv('../data/preprocessed/binary_min_max_combined.csv', index=False)
binary_standard_combined_df.to_csv('../data/preprocessed/binary_standard_combined.csv', index=False)
binary_no_norm_combined_df.to_csv('../data/preprocessed/binary_no_norm_combined.csv', index=False)
multiclass_min_max_combined_df.to_csv('../data/preprocessed/multiclass_min_max_combined.csv', index=False)
multiclass_standard_combined_df.to_csv('../data/preprocessed/multiclass_standard_combined.csv', index=False)
multiclass_no_norm_combined_df.to_csv('../data/preprocessed/multiclass_no_norm_combined.csv', index=False)
print("Dataframes stored to csv....")

Binary Min-Max Combined
    Destination Port   Flow Duration   Total Fwd Packets  \
0           0.837186    1.333333e-07            0.000005   

    Total Backward Packets  Total Length of Fwd Packets  \
0                      0.0                 9.302326e-07   

    Total Length of Bwd Packets   Fwd Packet Length Max  \
0                           0.0                0.000242   

    Fwd Packet Length Min   Fwd Packet Length Mean   Fwd Packet Length Std  \
0                0.002581                  0.00101                     0.0   

   ...   min_seg_size_forward  Active Mean   Active Std   Active Max  \
0  ...                    1.0          0.0          0.0          0.0   

    Active Min  Idle Mean   Idle Std   Idle Max   Idle Min   Label  
0          0.0        0.0        0.0        0.0        0.0     0.0  

[1 rows x 71 columns]
Dataframes stored to csv....
