<a href="https://colab.research.google.com/github/rutuja-ramrao/AI-Driven-Cybersecurity-Threat-Prediction-Platform/blob/main/sql_Task.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [11]:
import os
print(os.listdir())


['.config', 'cyber_threat_sample.csv', 'sample_data']


In [12]:
from google.colab import files
uploaded = files.upload()


Saving cyber_threat_sample.csv to cyber_threat_sample (1).csv


In [13]:
# Step 2: Load dataset
import pandas as pd

df = pd.read_csv("cyber_threat_sample.csv")

# Step 3: View first 5 rows
print(df.head())


   id            timestamp      source_ip destination_ip    threat_type  \
0   1  2025-08-20 10:15:00   192.168.1.10       10.0.0.2        Malware   
1   2  2025-08-20 10:30:00       10.0.0.5    192.168.1.1       Phishing   
2   3  2025-08-20 10:45:00     172.16.0.3       10.0.0.1           DDoS   
3   4  2025-08-20 11:00:00   203.0.113.45     172.16.0.2  SQL Injection   
4   5  2025-08-20 11:15:00  198.51.100.22    192.168.1.2     Ransomware   

   severity     status  
0      High   Detected  
1    Medium   Detected  
2      High  Mitigated  
3  Critical   Detected  
4  Critical  Mitigated  


In [14]:
# 1. Count total records
print(len(df))

# 2. Show all unique threat types
print(df["threat_type"].unique())

# 3. Count records per threat type
print(df["threat_type"].value_counts())

# 4. Show all critical severity threats
print(df[df["severity"] == "Critical"])

# 5. Count number of detected threats
print(df[df["status"] == "Detected"].shape[0])


10
['Malware' 'Phishing' 'DDoS' 'SQL Injection' 'Ransomware' 'Brute Force']
threat_type
Malware          2
Phishing         2
DDoS             2
Ransomware       2
SQL Injection    1
Brute Force      1
Name: count, dtype: int64
   id            timestamp      source_ip destination_ip    threat_type  \
3   4  2025-08-20 11:00:00   203.0.113.45     172.16.0.2  SQL Injection   
4   5  2025-08-20 11:15:00  198.51.100.22    192.168.1.2     Ransomware   
9  10  2025-08-20 12:30:00  198.51.100.25    192.168.1.4     Ransomware   

   severity     status  
3  Critical   Detected  
4  Critical  Mitigated  
9  Critical  Mitigated  
6


In [15]:
# 6. Threats from a specific IP
print(df[df["source_ip"] == "192.168.1.10"])

# 7. High severity threats only
print(df[df["severity"] == "High"])

# 8. Show ransomware attacks
print(df[df["threat_type"] == "Ransomware"])

# 9. Show records after a specific time
df["timestamp"] = pd.to_datetime(df["timestamp"])
print(df[df["timestamp"] > "2025-08-20 11:00:00"])

# 10. Count threats mitigated
print(df[df["status"] == "Mitigated"].shape[0])


   id            timestamp     source_ip destination_ip threat_type severity  \
0   1  2025-08-20 10:15:00  192.168.1.10       10.0.0.2     Malware     High   

     status  
0  Detected  
   id            timestamp     source_ip destination_ip threat_type severity  \
0   1  2025-08-20 10:15:00  192.168.1.10       10.0.0.2     Malware     High   
2   3  2025-08-20 10:45:00    172.16.0.3       10.0.0.1        DDoS     High   
7   8  2025-08-20 12:00:00    172.16.0.4       10.0.0.4    Phishing     High   
8   9  2025-08-20 12:15:00  203.0.113.50     172.16.0.5        DDoS     High   

      status  
0   Detected  
2  Mitigated  
7   Detected  
8   Detected  
   id            timestamp      source_ip destination_ip threat_type  \
4   5  2025-08-20 11:15:00  198.51.100.22    192.168.1.2  Ransomware   
9  10  2025-08-20 12:30:00  198.51.100.25    192.168.1.4  Ransomware   

   severity     status  
4  Critical  Mitigated  
9  Critical  Mitigated  
   id           timestamp      source_ip de

In [16]:
# 11. Count threats by severity
print(df.groupby("severity")["id"].count())

# 12. Count threats by status
print(df.groupby("status")["id"].count())

# 13. Count threats by source IP
print(df.groupby("source_ip")["id"].count())

# 14. Count threats by destination IP
print(df.groupby("destination_ip")["id"].count())

# 15. Most common threat type
print(df["threat_type"].mode()[0])


severity
Critical    3
High        4
Low         1
Medium      2
Name: id, dtype: int64
status
Detected     6
Mitigated    4
Name: id, dtype: int64
source_ip
10.0.0.5         1
10.0.0.8         1
172.16.0.3       1
172.16.0.4       1
192.168.1.10     1
192.168.1.15     1
198.51.100.22    1
198.51.100.25    1
203.0.113.45     1
203.0.113.50     1
Name: id, dtype: int64
destination_ip
10.0.0.1       1
10.0.0.2       1
10.0.0.3       1
10.0.0.4       1
172.16.0.2     1
172.16.0.5     1
192.168.1.1    1
192.168.1.2    1
192.168.1.3    1
192.168.1.4    1
Name: id, dtype: int64
DDoS


In [17]:
# 16. Top 3 IPs with most attacks
print(df["source_ip"].value_counts().head(3))

# 17. Show threats that are Critical and Mitigated
print(df[(df["severity"] == "Critical") & (df["status"] == "Mitigated")])

# 18. Number of threats per hour
print(df.groupby(df["timestamp"].dt.hour)["id"].count())

# 19. Percentage of each severity level
print(df["severity"].value_counts(normalize=True) * 100)

# 20. Show threats of type Malware with High severity
print(df[(df["threat_type"] == "Malware") & (df["severity"] == "High")])

# 21. Show the latest recorded threat
print(df.sort_values("timestamp", ascending=False).head(1))


source_ip
192.168.1.10    1
10.0.0.5        1
172.16.0.3      1
Name: count, dtype: int64
   id           timestamp      source_ip destination_ip threat_type  severity  \
4   5 2025-08-20 11:15:00  198.51.100.22    192.168.1.2  Ransomware  Critical   
9  10 2025-08-20 12:30:00  198.51.100.25    192.168.1.4  Ransomware  Critical   

      status  
4  Mitigated  
9  Mitigated  
timestamp
10    3
11    4
12    3
Name: id, dtype: int64
severity
High        40.0
Critical    30.0
Medium      20.0
Low         10.0
Name: proportion, dtype: float64
   id           timestamp     source_ip destination_ip threat_type severity  \
0   1 2025-08-20 10:15:00  192.168.1.10       10.0.0.2     Malware     High   

     status  
0  Detected  
   id           timestamp      source_ip destination_ip threat_type  severity  \
9  10 2025-08-20 12:30:00  198.51.100.25    192.168.1.4  Ransomware  Critical   

      status  
9  Mitigated  


In [18]:
# Mount Google Drive to access dataset
from google.colab import drive
drive.mount('/content/drive')

# Import libraries
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns

# SQL queries inside pandas
!pip install pandasql
from pandasql import sqldf
pysqldf = lambda q: sqldf(q, globals())


Mounted at /content/drive


In [19]:
from google.colab import drive
drive.mount('/content/drive')


Drive already mounted at /content/drive; to attempt to forcibly remount, call drive.mount("/content/drive", force_remount=True).


In [20]:
!ls /content/drive/MyDrive/


 Classroom
'Colab Notebooks'
 cyber_threat_sample.csv
'DOC-20241001-WA0011. (1).pdf'
 DOC-20241001-WA0011..pdf
 Financial_Literacy_Content.pdf
'IBMDesign20250716-29-u1wevq (1).pdf'
 IBMDesign20250716-29-u1wevq.pdf
'IBMDesign20250720-29-tttmod (1).pdf'
 IBMDesign20250720-29-tttmod.pdf
 IDT.pdf
 IMG-20241001-WA0014.jpg
 inbound1069719585714755221.pdf
 PAYMENTCODSOFT.jpg
'RAG_lab_Rutu'\''s_certificate (1).pdf'
"RAG_lab_Rutu's_certificate.pdf"
'Rutu acknowledment.pdf'
'rutujaa_resume[1].pdf'
 Rutuja_Resume-1.pdf
'Rutuja_Resume (1).pdf'
 Rutuja_Resume.pdf
 Screenshot_2025-05-09-13-07-46-48_439a3fec0400f8974d35eed09a31f914.jpg
 VID-20250301-WA0024.mp4


In [21]:
!ls /content/drive/MyDrive/



 Classroom
'Colab Notebooks'
 cyber_threat_sample.csv
'DOC-20241001-WA0011. (1).pdf'
 DOC-20241001-WA0011..pdf
 Financial_Literacy_Content.pdf
'IBMDesign20250716-29-u1wevq (1).pdf'
 IBMDesign20250716-29-u1wevq.pdf
'IBMDesign20250720-29-tttmod (1).pdf'
 IBMDesign20250720-29-tttmod.pdf
 IDT.pdf
 IMG-20241001-WA0014.jpg
 inbound1069719585714755221.pdf
 PAYMENTCODSOFT.jpg
'RAG_lab_Rutu'\''s_certificate (1).pdf'
"RAG_lab_Rutu's_certificate.pdf"
'Rutu acknowledment.pdf'
'rutujaa_resume[1].pdf'
 Rutuja_Resume-1.pdf
'Rutuja_Resume (1).pdf'
 Rutuja_Resume.pdf
 Screenshot_2025-05-09-13-07-46-48_439a3fec0400f8974d35eed09a31f914.jpg
 VID-20250301-WA0024.mp4


In [22]:
import pandas as pd

# Replace with your actual file name and folder if needed
df = pd.read_csv("/content/drive/MyDrive/cyber_threat_sample.csv")

# Check first few rows
print(df.head())


   id            timestamp      source_ip destination_ip    threat_type  \
0   1  2025-08-20 10:15:00   192.168.1.10       10.0.0.2        Malware   
1   2  2025-08-20 10:30:00       10.0.0.5    192.168.1.1       Phishing   
2   3  2025-08-20 10:45:00     172.16.0.3       10.0.0.1           DDoS   
3   4  2025-08-20 11:00:00   203.0.113.45     172.16.0.2  SQL Injection   
4   5  2025-08-20 11:15:00  198.51.100.22    192.168.1.2     Ransomware   

   severity     status  
0      High   Detected  
1    Medium   Detected  
2      High  Mitigated  
3  Critical   Detected  
4  Critical  Mitigated  


In [23]:
# Mount Google Drive to access dataset
from google.colab import drive
drive.mount('/content/drive')

# Import libraries
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns

# SQL queries inside pandas
!pip install pandasql
from pandasql import sqldf
pysqldf = lambda q: sqldf(q, globals())


Drive already mounted at /content/drive; to attempt to forcibly remount, call drive.mount("/content/drive", force_remount=True).


In [24]:
# Replace filename with whichever is correct (check sizes earlier)
df = pd.read_csv("/content/drive/MyDrive/cyber_threat_sample.csv")

# Preview first 5 rows
df.head()


Unnamed: 0,id,timestamp,source_ip,destination_ip,threat_type,severity,status
0,1,2025-08-20 10:15:00,192.168.1.10,10.0.0.2,Malware,High,Detected
1,2,2025-08-20 10:30:00,10.0.0.5,192.168.1.1,Phishing,Medium,Detected
2,3,2025-08-20 10:45:00,172.16.0.3,10.0.0.1,DDoS,High,Mitigated
3,4,2025-08-20 11:00:00,203.0.113.45,172.16.0.2,SQL Injection,Critical,Detected
4,5,2025-08-20 11:15:00,198.51.100.22,192.168.1.2,Ransomware,Critical,Mitigated



Passing `palette` without assigning `hue` is deprecated and will be removed in v0.14.0. Assign the `y` variable to `hue` and set `legend=False` for the same effect.




Passing `palette` without assigning `hue` is deprecated and will be removed in v0.14.0. Assign the `y` variable to `hue` and set `legend=False` for the same effect.




Passing `palette` without assigning `hue` is deprecated and will be removed in v0.14.0. Assign the `y` variable to `hue` and set `legend=False` for the same effect.




Passing `palette` without assigning `hue` is deprecated and will be removed in v0.14.0. Assign the `y` variable to `hue` and set `legend=False` for the same effect.



In [25]:
print("Shape of dataset:", df.shape)
print("\nColumns:\n", df.columns)
print("\nMissing values:\n", df.isnull().sum())


Shape of dataset: (10, 7)

Columns:
 Index(['id', 'timestamp', 'source_ip', 'destination_ip', 'threat_type',
       'severity', 'status'],
      dtype='object')

Missing values:
 id                0
timestamp         0
source_ip         0
destination_ip    0
threat_type       0
severity          0
status            0
dtype: int64
