## **Importing and setup of SQL environment**

Import the `sqlite3` library



In [3]:
import sqlite3

## **Load DataSet into SQL**

In [4]:
import pandas as pd
df = pd.read_csv('/content/cybersecurity_threats.csv')
print(df.head())

  Threat_ID          Threat_Type  Severity Detection_Date  \
0     T0000  Supply Chain Attack  Critical     2022-03-05   
1     T0001             Phishing    Medium     2023-12-02   
2     T0002           Ransomware    Medium     2023-09-05   
3     T0003       Insider Threat  Critical     2022-02-13   
4     T0004           Ransomware       Low     2023-10-07   

          Target_System      Attack_Vector     Status             Impact  
0            Web Server   Misconfiguration   Detected     Financial Loss  
1            Web Server  Drive-by Download  Mitigated        Data Breach  
2            IoT Device  Drive-by Download   Detected  Reputation Damage  
3  Cloud Infrastructure              Email  Mitigated     Financial Loss  
4  Employee Workstation  Drive-by Download  Mitigated     Financial Loss  


## **Create SQL Table from DataFrame**

Create an SQL table in the SQLite database with a schema derived from the Pandas DataFrame, ensuring proper column types


In [5]:
conn = sqlite3.connect('cybersecurity.db')
df.to_sql('threats', conn, if_exists='replace', index=False)
conn.close()
print("DataFrame successfully loaded into 'threats' table in cybersecurity.db")

DataFrame successfully loaded into 'threats' table in cybersecurity.db


In [6]:
conn = sqlite3.connect('cybersecurity.db')
cursor = conn.cursor()

# Count the number of rows
cursor.execute("SELECT COUNT(*) FROM threats;")
row_count = cursor.fetchone()[0]
print(f"Number of rows in 'threats' table: {row_count}")

# Select the first 5 rows
cursor.execute("SELECT * FROM threats LIMIT 5;")
rows = cursor.fetchall()

print("First 5 rows from 'threats' table:")
for row in rows:
    print(row)

conn.close()

Number of rows in 'threats' table: 100
First 5 rows from 'threats' table:
('T0000', 'Supply Chain Attack', 'Critical', '2022-03-05', 'Web Server', 'Misconfiguration', 'Detected', 'Financial Loss')
('T0001', 'Phishing', 'Medium', '2023-12-02', 'Web Server', 'Drive-by Download', 'Mitigated', 'Data Breach')
('T0002', 'Ransomware', 'Medium', '2023-09-05', 'IoT Device', 'Drive-by Download', 'Detected', 'Reputation Damage')
('T0003', 'Insider Threat', 'Critical', '2022-02-13', 'Cloud Infrastructure', 'Email', 'Mitigated', 'Financial Loss')
('T0004', 'Ransomware', 'Low', '2023-10-07', 'Employee Workstation', 'Drive-by Download', 'Mitigated', 'Financial Loss')


## **Understanding the rows and columns**

In [10]:
conn = sqlite3.connect('cybersecurity.db')
cursor = conn.cursor()

cursor.execute("PRAGMA table_info(threats);")
schema = cursor.fetchall()

print("Schema of the 'threats' table:")
print("Column Name | Data Type")
print("---------------------")
for col in schema:
    print(f"{col[1]:<12} | {col[2]}")

conn.close()

Schema of the 'threats' table:
Column Name | Data Type
---------------------
Threat_ID    | TEXT
Threat_Type  | TEXT
Severity     | TEXT
Detection_Date | TEXT
Target_System | TEXT
Attack_Vector | TEXT
Status       | TEXT
Impact       | TEXT


## **Prompt used for Basic Data Retrieval**

Retrive all columns and records from database

To retrieve all columns and records from the 'threats' table, I will connect to the `cybersecurity.db` database, execute a `SELECT * FROM threats` SQL query, and then fetch all the results to display them.

In [8]:
conn = sqlite3.connect('cybersecurity.db')
cursor = conn.cursor()

cursor.execute("SELECT * FROM threats LIMIT 5;")
head_rows = cursor.fetchall()

print("First 5 records from 'threats' table:")
for row in head_rows:
    print(row)

conn.close()

First 5 records from 'threats' table:
('T0000', 'Supply Chain Attack', 'Critical', '2022-03-05', 'Web Server', 'Misconfiguration', 'Detected', 'Financial Loss')
('T0001', 'Phishing', 'Medium', '2023-12-02', 'Web Server', 'Drive-by Download', 'Mitigated', 'Data Breach')
('T0002', 'Ransomware', 'Medium', '2023-09-05', 'IoT Device', 'Drive-by Download', 'Detected', 'Reputation Damage')
('T0003', 'Insider Threat', 'Critical', '2022-02-13', 'Cloud Infrastructure', 'Email', 'Mitigated', 'Financial Loss')
('T0004', 'Ransomware', 'Low', '2023-10-07', 'Employee Workstation', 'Drive-by Download', 'Mitigated', 'Financial Loss')


## **Prompt for Analyzing Types of Cyberattacks**

Analyse the types of cyberattacks recorded

In [9]:
conn = sqlite3.connect('cybersecurity.db')
cursor = conn.cursor()

cursor.execute("SELECT Threat_Type, COUNT(*) FROM threats GROUP BY Threat_Type ORDER BY COUNT(*) DESC;")
threat_type_counts = cursor.fetchall()

print("Cyberattack Type Distribution:")
for threat_type, count in threat_type_counts:
    print(f"{threat_type}: {count}")

conn.close()

Cyberattack Type Distribution:
Ransomware: 13
SQL Injection: 12
Insider Threat: 12
Credential Stuffing: 12
Supply Chain Attack: 11
DDoS: 10
Zero-Day Exploit: 9
XSS (Cross-Site Scripting): 9
Malware: 9
Phishing: 3


## **Prompt for Understanding and filtering by severity**

Retrieve data from the threats table by selecting all columns, specific columns, and filtering by severity

In [14]:
print("\n--- Selecting all columns (first 5 rows) ---")
cursor.execute("SELECT * FROM threats LIMIT 5;")
all_columns_rows = cursor.fetchall()
for row in all_columns_rows:
    print(row)

print("\n--- Selecting specific columns (Threat_ID, Threat_Type, Severity, first 5 rows) ---")
cursor.execute("SELECT Threat_ID, Threat_Type, Severity FROM threats LIMIT 5;")
specific_columns_rows = cursor.fetchall()
for row in specific_columns_rows:
    print(row)

print("\n--- Filtering by Severity = 'Critical' (first 5 rows) ---")
cursor.execute("SELECT * FROM threats WHERE Severity = 'Critical' LIMIT 5;")
filtered_rows = cursor.fetchall()
for row in filtered_rows:
    print(row)

conn.close()
print("\nDatabase connection closed.")


--- Selecting all columns (first 5 rows) ---
('T0000', 'Supply Chain Attack', 'Critical', '2022-03-05', 'Web Server', 'Misconfiguration', 'Detected', 'Financial Loss')
('T0001', 'Phishing', 'Medium', '2023-12-02', 'Web Server', 'Drive-by Download', 'Mitigated', 'Data Breach')
('T0002', 'Ransomware', 'Medium', '2023-09-05', 'IoT Device', 'Drive-by Download', 'Detected', 'Reputation Damage')
('T0003', 'Insider Threat', 'Critical', '2022-02-13', 'Cloud Infrastructure', 'Email', 'Mitigated', 'Financial Loss')
('T0004', 'Ransomware', 'Low', '2023-10-07', 'Employee Workstation', 'Drive-by Download', 'Mitigated', 'Financial Loss')

--- Selecting specific columns (Threat_ID, Threat_Type, Severity, first 5 rows) ---
('T0000', 'Supply Chain Attack', 'Critical')
('T0001', 'Phishing', 'Medium')
('T0002', 'Ransomware', 'Medium')
('T0003', 'Insider Threat', 'Critical')
('T0004', 'Ransomware', 'Low')

--- Filtering by Severity = 'Critical' (first 5 rows) ---
('T0000', 'Supply Chain Attack', 'Critica

## **Prompt for Most Countries affected by Cyberthreat attacks**

Anlyse the most affected countries by cyber threat attacks

In [24]:
conn = sqlite3.connect('cybersecurity.db')
cursor = conn.cursor()

cursor.execute("SELECT Country_Affected, COUNT(*) FROM threats_with_countries GROUP BY Country_Affected ORDER BY COUNT(*) DESC;")
country_attack_counts = cursor.fetchall()

print("Cyberattacks by Country:")
for country, count in country_attack_counts:
    print(f"{country}: {count}")

conn.close()

Cyberattacks by Country:
Zanadu: 23
Eldoria: 22
Genovia: 21
Atlantis: 19
Valyria: 15


## **Prompt Used for Analyze Most Affected Devices**

In [25]:
conn = sqlite3.connect('cybersecurity.db')
cursor = conn.cursor()

cursor.execute("SELECT Target_System, COUNT(*) FROM threats_with_countries GROUP BY Target_System ORDER BY COUNT(*) DESC;")
target_system_counts = cursor.fetchall()

print("Cyberattacks by Target System:")
for system, count in target_system_counts:
    print(f"{system}: {count}")

conn.close()

Cyberattacks by Target System:
Database Server: 17
Web Server: 16
Network Device: 16
IoT Device: 16
Mobile Device: 13
Employee Workstation: 12
Cloud Infrastructure: 10


## **Prompt for Analyze Cyberattacks by Device and Country**

analyze Cyberattacks by Device and Country

In [27]:
import pandas as pd

# Assuming device_country_attack_counts is already available from the previous execution
# If not, the previous code to generate it would need to be re-run.
# Example data structure: [('Cloud Infrastructure', 'Eldoria', 6), ...]

df_device_country_attacks = pd.DataFrame(device_country_attack_counts, columns=['Target System', 'Country Affected', 'Attack Count'])

print("Cyberattacks by Target System and Country (Tabulated):")
print(df_device_country_attacks.to_string(index=False))

Cyberattacks by Target System and Country (Tabulated):
       Target System Country Affected  Attack Count
Cloud Infrastructure          Eldoria             6
     Database Server          Eldoria             5
     Database Server          Genovia             5
Employee Workstation          Valyria             5
          IoT Device           Zanadu             5
       Mobile Device          Genovia             5
      Network Device          Eldoria             5
          IoT Device         Atlantis             4
          IoT Device          Genovia             4
       Mobile Device         Atlantis             4
      Network Device           Zanadu             4
          Web Server         Atlantis             4
          Web Server          Eldoria             4
          Web Server           Zanadu             4
     Database Server           Zanadu             3
Employee Workstation           Zanadu             3
          IoT Device          Valyria             3
      Net