# Module 6 â€“ Preprocessing Lab Notebook
## Preparing Data for Machine Learning

### Objectives:
- Clean a cybersecurity dataset
- Encode categorical variables
- Scale numerical features
- Perform train-test split
- Document each preprocessing step


In [66]:
import pandas as pd
import numpy as np
import textwrap
from sklearn.preprocessing import LabelEncoder, StandardScaler
from sklearn.model_selection import train_test_split


## Step 1: Load Dataset

In [67]:
df = pd.read_csv(r'C:\Users\kayro\jupyter\assignments\Module6\module6_cyber_ml_dataset.csv')
df.head()
df.info()
df.describe()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 300 entries, 0 to 299
Data columns (total 9 columns):
 #   Column          Non-Null Count  Dtype 
---  ------          --------------  ----- 
 0   Timestamp       300 non-null    object
 1   SourceIP        300 non-null    object
 2   DestinationIP   300 non-null    object
 3   Protocol        300 non-null    object
 4   BytesSent       300 non-null    int64 
 5   BytesReceived   300 non-null    int64 
 6   LoginAttempts   300 non-null    int64 
 7   Severity Level  300 non-null    int64 
 8   AttackType      300 non-null    object
dtypes: int64(4), object(5)
memory usage: 21.2+ KB


Unnamed: 0,BytesSent,BytesReceived,LoginAttempts,Severity Level
count,300.0,300.0,300.0,300.0
mean,2639.9,2676.48,7.926667,4.873333
std,1430.601453,1382.127899,4.045058,2.597392
min,103.0,140.0,1.0,1.0
25%,1534.5,1486.75,5.0,2.75
50%,2495.0,2815.0,8.0,5.0
75%,3919.25,3745.75,11.0,7.0
max,4992.0,4995.0,14.0,9.0


## Step 2: Check for Missing Values

In [68]:
summary=f"""dataset is complete with no missing values"""
print(textwrap.fill(summary, width=80))
df.isnull().sum()



dataset is complete with no missing values


Timestamp         0
SourceIP          0
DestinationIP     0
Protocol          0
BytesSent         0
BytesReceived     0
LoginAttempts     0
Severity Level    0
AttackType        0
dtype: int64

## Step 3: Encode Categorical Variables

In [69]:
summary=f"""values are encoded into numbers because machine learning models cannot do math on text\n"""
print(textwrap.fill(summary, width=80))

encoder = LabelEncoder()
df['Protocol'] = encoder.fit_transform(df['Protocol'])
print(dict(zip(encoder.classes_, range(len(encoder.classes_)))))
df['AttackType'] = encoder.fit_transform(df['AttackType'])

print(dict(zip(encoder.classes_, range(len(encoder.classes_)))))
df.head()


values are encoded into numbers because machine learning models cannot do math
on text
{'ICMP': 0, 'TCP': 1, 'UDP': 2}
{'BruteForce': 0, 'DDoS': 1, 'Normal': 2, 'Phishing': 3}


Unnamed: 0,Timestamp,SourceIP,DestinationIP,Protocol,BytesSent,BytesReceived,LoginAttempts,Severity Level,AttackType
0,1/1/2024 0:00,192.168.1.103,10.0.0.126,1,4585,2135,3,1,2
1,1/1/2024 0:05,192.168.1.180,10.0.0.130,2,355,577,8,9,0
2,1/1/2024 0:10,192.168.1.93,10.0.0.53,2,4904,1354,5,1,1
3,1/1/2024 0:15,192.168.1.15,10.0.0.172,2,1938,1022,1,8,2
4,1/1/2024 0:20,192.168.1.107,10.0.0.218,0,2044,519,7,2,3


## Step 4: Feature Engineering

In [None]:
## Step 5: Feature Scaling

summary=f"""scalers looks at each numeric_cols and calculates its mean and standard deviation, this normalizes the data putting all numeric columns on the same scale"""
print(textwrap.fill(summary, width=80))

scaler = StandardScaler()
numeric_cols = ['BytesSent', 'BytesReceived', 'LoginAttempts', 'Severity Level', 'TotalBytes', 'ByteRatio']
df[numeric_cols] = scaler.fit_transform(df[numeric_cols])
df.head()

In [None]:
## Step 6: Train-Test Split

## Step 5: Train-Test Split

In [74]:
summary="""you never want to test a model on data it was trained on, this split ensures the machine learning model is being tested
on a significantly larger set of of new data than its training data"""
print(textwrap.fill(summary, width=80))

X = df.drop('AttackType', axis=1)
y = df['AttackType']

X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)

print('Training set size:', X_train.shape)
print('Testing set size:', X_test.shape)

you never want to test a model on data it was trained on, this split ensures the
machine learning model is being tested on a significantly larger set of of new
data than its training data
Training set size: (240, 8)
Testing set size: (60, 8)


## Reflection Questions
1. Why is encoding necessary before modeling?
2. Why should scaling occur after splitting data?
3. How does preprocessing impact model performance?

1. Why is encoding necessary before modeling?
Your Answer: Values are encoded into numbers because its much easier for machine learning models to do math on numbers rather than text

2. Why should scaling occur after splitting data?
your Answer: This normalizes the data, so all different numbers are on a similar scale. This prevents outliers

3. How does preprocessing impact model performance?
Your Answer: Makes table data computable, ensuring values are evaluated equally, and removing null instances that can throw off machine learning models.