In [None]:
# Import necessary libraries
import pandas as pd
import numpy as np
from sklearn.model_selection import train_test_split
from sklearn.preprocessing import StandardScaler
from sklearn.ensemble import RandomForestClassifier, IsolationForest
from sklearn.datasets import make_classification
from sklearn.metrics import classification_report, confusion_matrix, accuracy_score, precision_score, recall_score, f1_score
# Generate synthetic dataset
X, y = make_classification(n_samples=1000, n_features=20, n_informative=15, n_redundant=5, random_state=42)

# Convert to DataFrame for consistency with previous example
data = pd.DataFrame(X, columns=[f'feature_{i}' for i in range(X.shape[1])])
data['label'] = y

# Display the first few rows of the dataset
print("First 5 records of the synthetic dataset:")
print(data.head())

# Preprocess data
X = data.drop('label', axis=1)
y = data['label']
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)

# Feature scaling
scaler = StandardScaler()
X_train = scaler.fit_transform(X_train)
X_test = scaler.transform(X_test)

# Train model
model = RandomForestClassifier(n_estimators=100, random_state=42)
model.fit(X_train, y_train)

# Predict and evaluate
y_pred = model.predict(X_test)
print(confusion_matrix(y_test, y_pred))
print(classification_report(y_test, y_pred))
print("Accuracy:", accuracy_score(y_test, y_pred))


In [None]:

# Generate synthetic dataset
X, y = make_classification(n_samples=1000, n_features=20, n_informative=15, n_redundant=5, random_state=42)

# Convert to DataFrame for consistency with previous example
data = pd.DataFrame(X, columns=[f'feature_{i}' for i in range(X.shape[1])])
data['label'] = y

# Display the first few rows of the dataset
print("First 5 records of the synthetic dataset:")
print(data.head())

# Preprocess data
X = data.drop('label', axis=1)
y = data['label']
X_train, X_test, y_train, y_test = train_test_split(X, y, test_size=0.2, random_state=42)

# Feature scaling
scaler = StandardScaler()
X_train = scaler.fit_transform(X_train)
X_test = scaler.transform(X_test)

# Train Random Forest Classifier model for signature-based detection
rf_model = RandomForestClassifier(n_estimators=100, random_state=42)
rf_model.fit(X_train, y_train)

# Predict and evaluate
y_pred = rf_model.predict(X_test)
print("Random Forest Classifier Confusion Matrix:")
print(confusion_matrix(y_test, y_pred))
print("Random Forest Classifier Classification Report:")
print(classification_report(y_test, y_pred))
print("Random Forest Classifier Accuracy:", accuracy_score(y_test, y_pred))

# Implement anomaly detection using Isolation Forest
iso_forest = IsolationForest(contamination=0.1, random_state=42)
iso_forest.fit(X_train)

# Anomaly detection predictions
anomaly_pred_train = iso_forest.predict(X_train)
anomaly_pred_test = iso_forest.predict(X_test)

# Convert predictions to binary (1: normal, -1: anomaly)
anomaly_pred_train = np.where(anomaly_pred_train == 1, 0, 1)
anomaly_pred_test = np.where(anomaly_pred_test == 1, 0, 1)

# Print anomaly detection results
print("Isolation Forest Anomaly Detection Results (Train):")
print(f"Normal: {np.sum(anomaly_pred_train == 0)}, Anomalies: {np.sum(anomaly_pred_train == 1)}")
print("Isolation Forest Anomaly Detection Results (Test):")
print(f"Normal: {np.sum(anomaly_pred_test == 0)}, Anomalies: {np.sum(anomaly_pred_test == 1)}")

# Evaluate the combined model performance (assuming anomalies are labeled as '1' in the dataset)
# This is a conceptual approach to combine anomaly detection with signature-based detection.
combined_y_pred = np.maximum(y_pred, anomaly_pred_test)

print("Combined Model Confusion Matrix:")
print(confusion_matrix(y_test, combined_y_pred))
print("Combined Model Classification Report:")
print(classification_report(y_test, combined_y_pred))
print("Combined Model Accuracy:", accuracy_score(y_test, combined_y_pred))

# Response and mitigation (conceptual implementation)
def response_mechanism(predictions):
    actions = []
    for pred in predictions:
        if pred == 1:  # Detected intrusion or anomaly
            actions.append("Isolate")
        else:
            actions.append("Allow")
    return actions

response_actions = response_mechanism(combined_y_pred)
print("Response Actions for Detected Intrusions/Anomalies:")
print(response_actions[:20])  # Display the first 20 actions for brevity

# Conclusion
print("The implementation successfully combines signature-based detection and anomaly detection techniques to identify intrusions in IoT environments.")
