# DDoS PortMap Attack Analysis

This notebook demonstrates the analysis of DDoS PortMap attacks using Isolation Forest anomaly detection.

In [None]:
import sys
sys.path.append('..')

import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns

from src.parse_logs import load_dataset
from src.features import prepare_features
from src.detect import detect_anomalies
from src.visualize import plot_anomaly_scores, create_anomaly_summary

## 1. Load and Explore Dataset

In [None]:
# Load dataset
df = load_dataset('../data/CICDDoS2019_PortMap.csv')

print("Dataset shape:", df.shape)
print("\nFeature statistics:")
df.describe()

## 2. Feature Analysis

In [None]:
# Prepare features
X_scaled, features = prepare_features(df)

# Plot correlation matrix
plt.figure(figsize=(12, 8))
sns.heatmap(pd.DataFrame(X_scaled, columns=features).corr(), 
            annot=True, cmap='coolwarm', center=0)
plt.title('Feature Correlation Matrix')
plt.tight_layout()
plt.show()

## 3. Anomaly Detection

In [None]:
# Detect anomalies
labels, scores = detect_anomalies(X_scaled)

# Create summary
summary = create_anomaly_summary(df, labels, scores)

# Plot anomaly scores
plot_anomaly_scores(scores, labels)
plt.show()

## 4. Analyze Detected Anomalies

In [None]:
# Display anomaly statistics
n_anomalies = sum(labels == -1)
print(f"Number of anomalies detected: {n_anomalies}")
print(f"Anomaly rate: {(n_anomalies/len(df))*100:.2f}%")

# Show example anomalies
print("\nExample anomalies:")
anomalies = summary[summary['Is_Anomaly']].sort_values('Anomaly_Score')
anomalies.head(10)