# 1 - Reading Raw Data

Loading data, sanity checks and data preprocessing

### Imports

Be sure that you are using the poetry environment according to the README description.

In [1]:
import pandas as pd
import pathlib
import os
import pickle

# Setting project root directory to work with scripts folder
project_root = os.path.abspath(os.path.join(os.getcwd(), ".."))
os.chdir(project_root)

print("Current Working Directory:", os.getcwd())    

Current Working Directory: /home/gabrielhso/Desktop/northumbria/data-analytics/project-repo


### Downloading Data

Before running the cells below, be sure that you have [AWS CLI](https://aws.amazon.com/cli/) installed. The script below tries to use it to download the necessary files from the S3 bucket. \
For further information about the installation, read the [registry description](https://registry.opendata.aws/cse-cic-ids2018/).

In [2]:
DATA_DIR = pathlib.Path.cwd() / 'data'
DATA_DIR.mkdir(parents=True, exist_ok=True)
RAW_DATA_DIR = DATA_DIR / 'raw'
RAW_DATA_DIR.mkdir(parents=True, exist_ok=True)

In [3]:
from scripts.download_data import download_data

download_data()
TARGET_FILEPATH = RAW_DATA_DIR / 'Wednesday-14-02-2018_TrafficForML_CICFlowMeter.csv'

raw_data_df = pd.read_csv(TARGET_FILEPATH)
raw_data_df.head()

File data/raw/Wednesday-14-02-2018_TrafficForML_CICFlowMeter.csv already exists.


Unnamed: 0,Dst Port,Protocol,Timestamp,Flow Duration,Tot Fwd Pkts,Tot Bwd Pkts,TotLen Fwd Pkts,TotLen Bwd Pkts,Fwd Pkt Len Max,Fwd Pkt Len Min,...,Fwd Seg Size Min,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,0,0,14/02/2018 08:31:01,112641719,3,0,0,0,0,0,...,0,0.0,0.0,0,0,56320859.5,139.300036,56320958,56320761,Benign
1,0,0,14/02/2018 08:33:50,112641466,3,0,0,0,0,0,...,0,0.0,0.0,0,0,56320733.0,114.551299,56320814,56320652,Benign
2,0,0,14/02/2018 08:36:39,112638623,3,0,0,0,0,0,...,0,0.0,0.0,0,0,56319311.5,301.934596,56319525,56319098,Benign
3,22,6,14/02/2018 08:40:13,6453966,15,10,1239,2273,744,0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,Benign
4,22,6,14/02/2018 08:40:23,8804066,14,11,1143,2209,744,0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,Benign


### Sanity checks

Making sure there everything is right with the dataset

In [4]:
print(TARGET_FILEPATH)
filesize = TARGET_FILEPATH.stat().st_size
print(f'This file has {filesize} bytes')

print(f'Shape: {raw_data_df.shape}\n')
print(raw_data_df.info())
display(raw_data_df.head())

/home/gabrielhso/Desktop/northumbria/data-analytics/project-repo/data/raw/Wednesday-14-02-2018_TrafficForML_CICFlowMeter.csv
This file has 358223333 bytes
Shape: (1048575, 80)

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 1048575 entries, 0 to 1048574
Data columns (total 80 columns):
 #   Column             Non-Null Count    Dtype  
---  ------             --------------    -----  
 0   Dst Port           1048575 non-null  int64  
 1   Protocol           1048575 non-null  int64  
 2   Timestamp          1048575 non-null  object 
 3   Flow Duration      1048575 non-null  int64  
 4   Tot Fwd Pkts       1048575 non-null  int64  
 5   Tot Bwd Pkts       1048575 non-null  int64  
 6   TotLen Fwd Pkts    1048575 non-null  int64  
 7   TotLen Bwd Pkts    1048575 non-null  int64  
 8   Fwd Pkt Len Max    1048575 non-null  int64  
 9   Fwd Pkt Len Min    1048575 non-null  int64  
 10  Fwd Pkt Len Mean   1048575 non-null  float64
 11  Fwd Pkt Len Std    1048575 non-null  float64
 12  Bwd P

Unnamed: 0,Dst Port,Protocol,Timestamp,Flow Duration,Tot Fwd Pkts,Tot Bwd Pkts,TotLen Fwd Pkts,TotLen Bwd Pkts,Fwd Pkt Len Max,Fwd Pkt Len Min,...,Fwd Seg Size Min,Active Mean,Active Std,Active Max,Active Min,Idle Mean,Idle Std,Idle Max,Idle Min,Label
0,0,0,14/02/2018 08:31:01,112641719,3,0,0,0,0,0,...,0,0.0,0.0,0,0,56320859.5,139.300036,56320958,56320761,Benign
1,0,0,14/02/2018 08:33:50,112641466,3,0,0,0,0,0,...,0,0.0,0.0,0,0,56320733.0,114.551299,56320814,56320652,Benign
2,0,0,14/02/2018 08:36:39,112638623,3,0,0,0,0,0,...,0,0.0,0.0,0,0,56319311.5,301.934596,56319525,56319098,Benign
3,22,6,14/02/2018 08:40:13,6453966,15,10,1239,2273,744,0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,Benign
4,22,6,14/02/2018 08:40:23,8804066,14,11,1143,2209,744,0,...,32,0.0,0.0,0,0,0.0,0.0,0,0,Benign


In [5]:
raw_data_df['Protocol'].value_counts()

Protocol
6     829309
17    207384
0      11882
Name: count, dtype: int64

### Feature Selection and Data Preprocessing

Selecting the features necessary for the hypothesis test and dropping the rest.

In [40]:
FEATURES = ['Dst Port', 'Protocol', 'Timestamp', 'Tot Fwd Pkts', 'Tot Bwd Pkts', 'SYN Flag Cnt', 'ACK Flag Cnt', 'RST Flag Cnt', 'Label']

data_df = raw_data_df[FEATURES].copy()
data_df.head()

Unnamed: 0,Dst Port,Protocol,Timestamp,Tot Fwd Pkts,Tot Bwd Pkts,SYN Flag Cnt,ACK Flag Cnt,RST Flag Cnt,Label
0,0,0,14/02/2018 08:31:01,3,0,0,0,0,Benign
1,0,0,14/02/2018 08:33:50,3,0,0,0,0,Benign
2,0,0,14/02/2018 08:36:39,3,0,0,0,0,Benign
3,22,6,14/02/2018 08:40:13,15,10,0,0,0,Benign
4,22,6,14/02/2018 08:40:23,14,11,0,0,0,Benign


In [41]:
data_df.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 1048575 entries, 0 to 1048574
Data columns (total 9 columns):
 #   Column        Non-Null Count    Dtype 
---  ------        --------------    ----- 
 0   Dst Port      1048575 non-null  int64 
 1   Protocol      1048575 non-null  int64 
 2   Timestamp     1048575 non-null  object
 3   Tot Fwd Pkts  1048575 non-null  int64 
 4   Tot Bwd Pkts  1048575 non-null  int64 
 5   SYN Flag Cnt  1048575 non-null  int64 
 6   ACK Flag Cnt  1048575 non-null  int64 
 7   RST Flag Cnt  1048575 non-null  int64 
 8   Label         1048575 non-null  object
dtypes: int64(7), object(2)
memory usage: 72.0+ MB


**Correcting Data Types**

In [42]:
# Investigating data type of Timestamp
test = data_df['Timestamp'].iloc[0]
print(test, type(test))

14/02/2018 08:31:01 <class 'str'>


In [43]:
# Changing Timestamp to datetime
test = pd.to_datetime(data_df['Timestamp'], format='%d/%m/%Y %H:%M:%S') 
test.describe()

count                          1048575
mean     2018-02-14 05:54:36.638509568
min                1970-01-05 03:01:17
25%                2018-02-14 03:09:32
50%                2018-02-14 09:46:05
75%                2018-02-14 11:17:33
max                2018-02-14 12:59:59
Name: Timestamp, dtype: object

There seem to be a data with a formatting problem. Let's investigate this line

In [44]:
test = test[test < '2018-02-13 23:59:59']
test

410956   1970-01-05 03:01:17
410957   1970-01-08 07:32:33
410958   1970-01-12 07:17:56
410959   1970-01-12 09:15:10
412184   1970-01-12 09:44:12
Name: Timestamp, dtype: datetime64[ns]

In [45]:
data_df.iloc[410956: 410960]

Unnamed: 0,Dst Port,Protocol,Timestamp,Tot Fwd Pkts,Tot Bwd Pkts,SYN Flag Cnt,ACK Flag Cnt,RST Flag Cnt,Label
410956,0,0,05/01/1970 03:01:17,2,0,0,0,0,Benign
410957,0,0,08/01/1970 07:32:33,3,0,0,0,0,Benign
410958,0,0,12/01/1970 07:17:56,81,0,0,0,0,Benign
410959,0,0,12/01/1970 09:15:10,282,0,0,0,0,Benign


Let's convert everything to Timestamp and ignore dates below 2018

In [46]:
data_df['Timestamp'] = pd.to_datetime(data_df['Timestamp'], format='%d/%m/%Y %H:%M:%S')
data_df = data_df[data_df['Timestamp'] > '2018-02-13 23:59:59']
data_df['Timestamp'].describe()

count                          1048570
mean     2018-02-14 07:55:14.118234112
min                2018-02-14 01:00:00
25%                2018-02-14 03:09:32
50%                2018-02-14 09:46:05
75%                2018-02-14 11:17:33
max                2018-02-14 12:59:59
Name: Timestamp, dtype: object

**Changing Label Reading**

In [47]:
data_df['Label'].value_counts()

Label
Benign            667621
FTP-BruteForce    193360
SSH-Bruteforce    187589
Name: count, dtype: int64

To facilitate working with labels, let's create new columns

In [48]:
data_df['Malicious'] = data_df['Label'].apply(lambda x: 1 if x != 'Benign' else 0)
data_df['FTP-BruteForce'] = data_df['Label'].apply(lambda x: 1 if x == 'FTP-BruteForce' else 0)
data_df['SSH-Bruteforce'] = data_df['Label'].apply(lambda x: 1 if x == 'SSH-Bruteforce' else 0)
data_df.drop('Label', axis=1, inplace=True)

In [49]:
print(data_df.shape)
data_df.head()

(1048570, 11)


Unnamed: 0,Dst Port,Protocol,Timestamp,Tot Fwd Pkts,Tot Bwd Pkts,SYN Flag Cnt,ACK Flag Cnt,RST Flag Cnt,Malicious,FTP-BruteForce,SSH-Bruteforce
0,0,0,2018-02-14 08:31:01,3,0,0,0,0,0,0,0
1,0,0,2018-02-14 08:33:50,3,0,0,0,0,0,0,0
2,0,0,2018-02-14 08:36:39,3,0,0,0,0,0,0,0
3,22,6,2018-02-14 08:40:13,15,10,0,0,0,0,0,0
4,22,6,2018-02-14 08:40:23,14,11,0,0,0,0,0,0


### Saving processed data

Saving data to a pickle file to easily work on other notebooks

In [50]:
PROCESSED_DATA_DIR = DATA_DIR / 'processed'
PROCESSED_DATA_DIR.mkdir(parents=True, exist_ok=True)

with open(PROCESSED_DATA_DIR / 'data_df.pkl', 'wb') as f:
    pickle.dump(data_df, f)