## 🐼 Pandas vs Polars 🧊

Instalamos las librerías necesarias:

In [1]:
!pip install -q pandas polars

Importamos esas librerías y añadimos un alias:

In [2]:
import pandas as pd
import polars as pl

Lectura del archivo `network_traffic.csv` e impresión de sus primeras filas:

In [3]:
%%time
df_pl = pl.read_csv('data\\network_traffic.csv')
print(df_pl.head()) #Polars

shape: (5, 6)
┌────────────────────┬────────────────────┬──────────┬────────────┬────────────────┬───────────────┐
│ source_ip          ┆ destination_ip     ┆ protocol ┆ bytes_sent ┆ bytes_received ┆ timestamp     │
│ ---                ┆ ---                ┆ ---      ┆ ---        ┆ ---            ┆ ---           │
│ str                ┆ str                ┆ str      ┆ i64        ┆ i64            ┆ i64           │
╞════════════════════╪════════════════════╪══════════╪════════════╪════════════════╪═══════════════╡
│ 141.242.218.133/9  ┆ 54.53.23.47/7      ┆ HDLC     ┆ 13715      ┆ 3517           ┆ 1728259200000 │
│ 253.157.170.255/12 ┆ 241.85.142.207/20  ┆ CIFS     ┆ 14460      ┆ 10207          ┆ 1728259200000 │
│ 0.124.74.56/29     ┆ 238.230.209.205/29 ┆ HTTPS    ┆ 5062       ┆ 8908           ┆ 1728259200000 │
│ 202.51.193.244/15  ┆ 177.108.193.87/26  ┆ IGMP     ┆ 3682       ┆ 4757           ┆ 1728259200000 │
│ 210.23.143.230/17  ┆ 164.62.129.214/1   ┆ DNS      ┆ 12393      ┆ 2478     

In [4]:
%%time
df_pd = pd.read_csv('data\\network_traffic.csv')
print(df_pd.head()) #Pandas

            source_ip      destination_ip protocol  bytes_sent  \
0   141.242.218.133/9       54.53.23.47/7     HDLC       13715   
1  253.157.170.255/12   241.85.142.207/20     CIFS       14460   
2      0.124.74.56/29  238.230.209.205/29    HTTPS        5062   
3   202.51.193.244/15   177.108.193.87/26     IGMP        3682   
4   210.23.143.230/17    164.62.129.214/1      DNS       12393   

   bytes_received      timestamp  
0            3517  1728259200000  
1           10207  1728259200000  
2            8908  1728259200000  
3            4757  1728259200000  
4            2478  1728259200000  
CPU times: user 34.3 ms, sys: 5.74 ms, total: 40 ms
Wall time: 64.8 ms


Resumen de los datos del .csv:

In [5]:
# Polars
print(df_pl.describe())
print(df_pl.dtypes)

shape: (9, 7)
┌────────────┬────────────────┬───────────────┬──────────┬─────────────┬───────────────┬───────────┐
│ statistic  ┆ source_ip      ┆ destination_i ┆ protocol ┆ bytes_sent  ┆ bytes_receive ┆ timestamp │
│ ---        ┆ ---            ┆ p             ┆ ---      ┆ ---         ┆ d             ┆ ---       │
│ str        ┆ str            ┆ ---           ┆ str      ┆ f64         ┆ ---           ┆ f64       │
│            ┆                ┆ str           ┆          ┆             ┆ f64           ┆           │
╞════════════╪════════════════╪═══════════════╪══════════╪═════════════╪═══════════════╪═══════════╡
│ count      ┆ 10000          ┆ 10000         ┆ 10000    ┆ 10000.0     ┆ 10000.0       ┆ 10000.0   │
│ null_count ┆ 0              ┆ 0             ┆ 0        ┆ 0.0         ┆ 0.0           ┆ 0.0       │
│ mean       ┆ null           ┆ null          ┆ null     ┆ 7477.459    ┆ 7483.1792     ┆ 1.7283e12 │
│ std        ┆ null           ┆ null          ┆ null     ┆ 4319.571275 ┆ 4356

In [6]:
# Pandas
print(df_pd.describe())
print(df_pd.dtypes)

         bytes_sent  bytes_received     timestamp
count  10000.000000    10000.000000  1.000000e+04
mean    7477.459000     7483.179200  1.728259e+12
std     4319.571275     4356.466664  0.000000e+00
min        2.000000        0.000000  1.728259e+12
25%     3751.750000     3704.250000  1.728259e+12
50%     7467.500000     7483.000000  1.728259e+12
75%    11240.250000    11262.500000  1.728259e+12
max    14996.000000    14999.000000  1.728259e+12
source_ip         object
destination_ip    object
protocol          object
bytes_sent         int64
bytes_received     int64
timestamp          int64
dtype: object


Calculamos el número de valores únicos en la columna `source_ip`:

In [7]:
%%time
unique_ips = df_pl.select(pl.col("source_ip").n_unique()).item()
print(f"Número de IPs únicas: {unique_ips}") # Polars

Número de IPs únicas: 10000
CPU times: user 1.65 ms, sys: 0 ns, total: 1.65 ms
Wall time: 1.66 ms


In [8]:
%%time
unique_ips = df_pd['source_ip'].nunique()
print(f"Número de IPs únicas: {unique_ips}") # Pandas

Número de IPs únicas: 10000
CPU times: user 4.53 ms, sys: 0 ns, total: 4.53 ms
Wall time: 11.7 ms


Calculamos el número de valores nulos en la columna `destination_ip`:

In [9]:
%%time
null_destinations = df_pl.select(pl.col("destination_ip").is_null().sum()).item()
print(f"Número de destinos nulos: {null_destinations}") # Polars

Número de destinos nulos: 0
CPU times: user 473 µs, sys: 0 ns, total: 473 µs
Wall time: 481 µs


In [10]:
%%time
null_destinations = df_pd['destination_ip'].isnull().sum()
print(f"Número de destinos nulos: {null_destinations}") # Pandas

Número de destinos nulos: 0
CPU times: user 715 µs, sys: 961 µs, total: 1.68 ms
Wall time: 1.68 ms


Filtramos los datos por protocolo:

In [11]:
%%time
tcp_traffic = df_pl.filter(pl.col('protocol') == 'TCP')
print(tcp_traffic) # Polars

shape: (208, 6)
┌────────────────────┬────────────────────┬──────────┬────────────┬────────────────┬───────────────┐
│ source_ip          ┆ destination_ip     ┆ protocol ┆ bytes_sent ┆ bytes_received ┆ timestamp     │
│ ---                ┆ ---                ┆ ---      ┆ ---        ┆ ---            ┆ ---           │
│ str                ┆ str                ┆ str      ┆ i64        ┆ i64            ┆ i64           │
╞════════════════════╪════════════════════╪══════════╪════════════╪════════════════╪═══════════════╡
│ 93.189.74.34/10    ┆ 55.139.190.126/23  ┆ TCP      ┆ 6700       ┆ 266            ┆ 1728259200000 │
│ 38.51.153.186/7    ┆ 237.121.250.128/8  ┆ TCP      ┆ 12549      ┆ 2520           ┆ 1728259200000 │
│ 88.225.230.241/22  ┆ 159.178.128.80/18  ┆ TCP      ┆ 5633       ┆ 9830           ┆ 1728259200000 │
│ 219.234.59.39/10   ┆ 224.57.88.45/23    ┆ TCP      ┆ 10496      ┆ 6667           ┆ 1728259200000 │
│ 63.17.221.1/18     ┆ 70.84.1.17/24      ┆ TCP      ┆ 13763      ┆ 9881   

In [12]:
%%time
tcp_traffic = df_pd[df_pd['protocol'] == 'TCP']
print(tcp_traffic) # Pandas

               source_ip      destination_ip protocol  bytes_sent  \
19       93.189.74.34/10   55.139.190.126/23      TCP        6700   
23       38.51.153.186/7   237.121.250.128/8      TCP       12549   
111    88.225.230.241/22   159.178.128.80/18      TCP        5633   
159     219.234.59.39/10     224.57.88.45/23      TCP       10496   
184       63.17.221.1/18       70.84.1.17/24      TCP       13763   
...                  ...                 ...      ...         ...   
9733   81.183.174.166/24       3.71.47.205/2      TCP       10529   
9743  170.192.188.147/12    109.169.199.51/8      TCP         144   
9934     251.86.93.178/8    174.26.191.175/4      TCP          17   
9981   153.215.123.88/19  237.181.229.145/29      TCP       14330   
9999   207.51.195.244/15   177.108.193.87/26      TCP        3682   

      bytes_received      timestamp  
19               266  1728259200000  
23              2520  1728259200000  
111             9830  1728259200000  
159             666

Agrupamos por IP y sumamos los bytes enviados:

In [13]:
%%time
grouped_data = df_pl.group_by('source_ip').agg([pl.sum('bytes_sent').alias('total_bytes_sent')])
print(grouped_data) # Polars

shape: (10_000, 2)
┌───────────────────┬──────────────────┐
│ source_ip         ┆ total_bytes_sent │
│ ---               ┆ ---              │
│ str               ┆ i64              │
╞═══════════════════╪══════════════════╡
│ 85.141.26.162/29  ┆ 7404             │
│ 228.63.92.234/18  ┆ 12098            │
│ 109.136.62.231/23 ┆ 5245             │
│ 37.59.171.191/17  ┆ 5482             │
│ 255.151.177.149/4 ┆ 3641             │
│ …                 ┆ …                │
│ 32.205.137.130/7  ┆ 3524             │
│ 80.138.21.198/5   ┆ 2527             │
│ 178.190.25.142/14 ┆ 8459             │
│ 166.215.244.242/8 ┆ 3616             │
│ 74.181.39.240/20  ┆ 150              │
└───────────────────┴──────────────────┘
CPU times: user 6.42 ms, sys: 1.92 ms, total: 8.33 ms
Wall time: 15.8 ms


In [14]:
%%time
grouped_data = df_pd.groupby('source_ip')['bytes_sent'].sum().reset_index()
print(grouped_data) # Pandas

             source_ip  bytes_sent
0          0.0.148.3/3       13266
1     0.108.239.134/10        2583
2     0.114.231.169/12        9958
3       0.124.74.56/29        5062
4      0.126.64.123/31        1474
...                ...         ...
9995   99.69.117.156/2        7281
9996   99.7.148.133/21        8919
9997   99.73.89.117/29       13480
9998  99.75.241.118/31        4096
9999  99.96.177.212/28        9705

[10000 rows x 2 columns]
CPU times: user 28.1 ms, sys: 242 µs, total: 28.3 ms
Wall time: 84.7 ms


 Calculamos el percentil 99 para encontrar posibles anomalías y filtramos los valores atípicos:

In [15]:
%%time
threshold = df_pl.select(pl.quantile("bytes_sent", 0.99)).item()
anomalous_traffic = df_pl.filter(pl.col("bytes_sent") > threshold)

print(f"IPs con tráfico inusual: {anomalous_traffic}") # Polars

IPs con tráfico inusual: shape: (99, 6)
┌────────────────────┬────────────────────┬──────────┬────────────┬────────────────┬───────────────┐
│ source_ip          ┆ destination_ip     ┆ protocol ┆ bytes_sent ┆ bytes_received ┆ timestamp     │
│ ---                ┆ ---                ┆ ---      ┆ ---        ┆ ---            ┆ ---           │
│ str                ┆ str                ┆ str      ┆ i64        ┆ i64            ┆ i64           │
╞════════════════════╪════════════════════╪══════════╪════════════╪════════════════╪═══════════════╡
│ 141.158.124.165/31 ┆ 116.34.198.86/31   ┆ DCCP     ┆ 14883      ┆ 6130           ┆ 1728259200000 │
│ 98.190.38.213/25   ┆ 127.253.35.84/9    ┆ SNMP     ┆ 14871      ┆ 14913          ┆ 1728259200000 │
│ 51.202.136.19/26   ┆ 133.201.93.92/26   ┆ CIFS     ┆ 14960      ┆ 8285           ┆ 1728259200000 │
│ 78.188.134.0/7     ┆ 69.233.216.221/2   ┆ HDLC     ┆ 14961      ┆ 4625           ┆ 1728259200000 │
│ 38.25.63.65/10     ┆ 194.28.245.56/27   ┆ NDP    

In [16]:
%%time
threshold = df_pd["bytes_sent"].quantile(0.99)
anomalous_traffic = df_pd[df_pd["bytes_sent"] > threshold]

print(f"IPs con tráfico inusual: {anomalous_traffic}") # Pandas

IPs con tráfico inusual:                source_ip      destination_ip protocol  bytes_sent  \
85    141.158.124.165/31    116.34.198.86/31     DCCP       14883   
99      98.190.38.213/25     127.253.35.84/9     SNMP       14871   
393     51.202.136.19/26    133.201.93.92/26     CIFS       14960   
425       78.188.134.0/7    69.233.216.221/2     HDLC       14961   
449       38.25.63.65/10    194.28.245.56/27      NDP       14927   
...                  ...                 ...      ...         ...   
9479    75.98.224.175/26       8.250.96.6/11      BGP       14862   
9619    156.21.234.27/26  180.146.165.176/31      RDP       14994   
9730    186.249.53.62/18    162.26.187.12/10     ICMP       14930   
9740   18.239.227.169/17      4.23.49.100/17      ARP       14973   
9960    163.1.120.162/10    121.98.201.48/25      DNS       14949   

      bytes_received      timestamp  
85              6130  1728259200000  
99             14913  1728259200000  
393             8285  1728259200