In [1]:
import torch
import torch.nn as nn
import torch.nn.functional as F
import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns
from sklearn.preprocessing import StandardScaler, LabelEncoder
from sklearn.model_selection import train_test_split
from sklearn.metrics import (accuracy_score, precision_score, recall_score,
                           f1_score, roc_auc_score, average_precision_score,
                           classification_report, confusion_matrix)
from sklearn.ensemble import IsolationForest
from torch.utils.data import DataLoader, TensorDataset, Dataset

import warnings
warnings.filterwarnings('ignore')

# Set random seeds for reproducibility
torch.manual_seed(42)
np.random.seed(42)

In [2]:
torch.cuda.empty_cache()
torch.cuda.reset_peak_memory_stats()

In [3]:
print("Torch version:", torch.__version__)
print("CUDA available:", torch.cuda.is_available())
print("CUDA version:", torch.version.cuda)

Torch version: 2.5.1+cu121
CUDA available: True
CUDA version: 12.1


In [4]:
import pandas as pd

df = pd.read_parquet("cicdarknet2020.parquet", engine="fastparquet")
df.info()
df['Label'].value_counts()


<class 'pandas.core.frame.DataFrame'>
RangeIndex: 103121 entries, 0 to 103120
Data columns (total 79 columns):
 #   Column                      Non-Null Count   Dtype   
---  ------                      --------------   -----   
 0   Protocol                    103121 non-null  int8    
 1   Flow Duration               103121 non-null  int32   
 2   Total Fwd Packet            103121 non-null  int32   
 3   Total Bwd packets           103121 non-null  int32   
 4   Total Length of Fwd Packet  103121 non-null  int32   
 5   Total Length of Bwd Packet  103121 non-null  int32   
 6   Fwd Packet Length Max       103121 non-null  int32   
 7   Fwd Packet Length Min       103121 non-null  int16   
 8   Fwd Packet Length Mean      103121 non-null  float32 
 9   Fwd Packet Length Std       103121 non-null  float32 
 10  Bwd Packet Length Max       103121 non-null  int32   
 11  Bwd Packet Length Min       103121 non-null  int16   
 12  Bwd Packet Length Mean      103121 non-null  float32 
 13 

Label
Non-Tor    64804
NonVPN     20216
VPN        16922
Tor         1179
Name: count, dtype: int64

In [None]:
import pandas as pd
import numpy as np
from sklearn.preprocessing import StandardScaler, LabelEncoder
from sklearn.model_selection import train_test_split


print("=== INITIAL DATA INSPECTION ===")
print(f"DataFrame shape: {df.shape}")
print(f"Memory usage: {df.memory_usage().sum() / 1024 / 1024:.2f} MB")

# Let's check the actual dtypes more carefully
print("\n=== DATA TYPES DETAILED ===")
print("Label column info:")
print(f"  dtype: {df['Label'].dtype}")
print(f"  type of dtype: {type(df['Label'].dtype)}")
print(f"  is categorical? {pd.api.types.is_categorical_dtype(df['Label'])}")
print(f"  is string? {pd.api.types.is_string_dtype(df['Label'])}")

print("\nLabel.1 column info:")
print(f"  dtype: {df['Label.1'].dtype}")
print(f"  type of dtype: {type(df['Label.1'].dtype)}")
print(f"  is categorical? {pd.api.types.is_categorical_dtype(df['Label.1'])}")
print(f"  is string? {pd.api.types.is_string_dtype(df['Label.1'])}")

# DECISION TIME: Which label to use?
print("\n=== DECIDING WHICH LABEL TO USE ===")
print("Based on your output:")
print("1. Label column: Has values 0, 1, 2, 3 (4 classes)")
print("2. Label.1 column: Has actual names like 'Browsing', 'P2P', etc.")

# Let me check if Label might be encoded already
print("\nChecking if Label is already encoded...")
# Get a mapping by sampling
sample_size = min(100, len(df))
sample = df[['Label', 'Label.1']].sample(sample_size)
for _, row in sample.iterrows():
    print(f"Label: {row['Label']} -> Label.1: {row['Label.1']}")



# Let's create a proper mapping
print("\n=== CREATING PROPER LABEL MAPPING ===")
# Group by Label and see what Label.1 values correspond
label_mapping_df = df.groupby('Label')['Label.1'].agg(['first', 'nunique', lambda x: list(x.unique())[:5]])
label_mapping_df.columns = ['most_common', 'num_unique', 'sample_values']
print(label_mapping_df)

# If Label is already encoded and Label.1 has the names, use Label.1
print("\nBased on analysis, I recommend using Label.1 as it has the actual class names")

# Clean up the data
print("\n=== DATA CLEANING ===")
print("Checking for duplicate columns...")
duplicate_columns = df.columns[df.columns.duplicated()]
print(f"Duplicate columns: {list(duplicate_columns)}")

# Check for constant columns
constant_columns = [col for col in df.columns if df[col].nunique() == 1]
print(f"Constant columns: {constant_columns}")

if constant_columns:
    df = df.drop(columns=constant_columns)
    print(f"Dropped constant columns: {constant_columns}")

# Handle missing/infinite values
print("\n=== HANDLING MISSING/INFINITE VALUES ===")
numeric_cols = df.select_dtypes(include=[np.number]).columns

for col in numeric_cols:
    df[col] = df[col].replace([np.inf, -np.inf], np.nan)

nan_counts = df.isnull().sum()
if nan_counts.any():
    nan_cols = nan_counts[nan_counts > 0].index.tolist()
    print(f"Columns with NaN: {nan_cols}")
    
    for col in numeric_cols:
        if df[col].isnull().any():
            df[col] = df[col].fillna(df[col].median())

# Now process the labels
print("\n=== LABEL PROCESSING ===")
# Use Label.1 since it has the actual names
df['Label_original'] = df['Label.1'].astype(str)

# Clean the labels
df['Label_cleaned'] = df['Label_original'].str.lower().str.strip()

# Check cleaned labels
print("\nCleaned label distribution:")
cleaned_counts = df['Label_cleaned'].value_counts()
for label, count in cleaned_counts.items():
    proportion = count / len(df) * 100
    print(f"  '{label}': {count} samples ({proportion:.2f}%)")

# Encode labels
label_encoder = LabelEncoder()
df['Label_encoded'] = label_encoder.fit_transform(df['Label_cleaned'])

print("\n=== FINAL LABEL ENCODING ===")
print("Class mapping:")
for i, label in enumerate(label_encoder.classes_):
    count = (df['Label_cleaned'] == label).sum()
    proportion = count / len(df) * 100
    print(f"  {i}: '{label}' - {count} samples ({proportion:.2f}%)")

label_mapping = dict(zip(range(len(label_encoder.classes_)), label_encoder.classes_))

# Prepare features
print("\n=== FEATURE PREPARATION ===")
# Exclude all label-related columns
label_cols = ['Label', 'Label.1', 'Label_original', 'Label_cleaned', 'Label_encoded']
exclude_cols = [col for col in label_cols if col in df.columns]

feature_cols = [col for col in df.columns if col not in exclude_cols]

X = df[feature_cols]
y = df['Label_encoded']

print(f"Features shape: {X.shape}")
print(f"Labels shape: {y.shape}")

# Scale features
print("\n=== FEATURE SCALING ===")
scaler = StandardScaler()
X_scaled = X.copy()
numeric_features = X.select_dtypes(include=[np.number]).columns

if len(numeric_features) > 0:
    X_scaled[numeric_features] = scaler.fit_transform(X[numeric_features])
    print(f"Scaled {len(numeric_features)} numeric features")
else:
    print("No numeric features to scale")

# Split data
print("\n=== DATA SPLITTING ===")
class_counts = y.value_counts()
print("Class distribution:")
for class_id, count in class_counts.items():
    class_name = label_encoder.inverse_transform([class_id])[0]
    proportion = count / len(y) * 100
    print(f"  {class_id}: '{class_name}' - {count} samples ({proportion:.2f}%)")

# Use stratification if possible
if class_counts.min() >= 2:
    print("\nUsing stratified split")
    X_train, X_test, y_train, y_test = train_test_split(
        X_scaled, y, test_size=0.2, random_state=42, stratify=y
    )
else:
    print("\nUsing random split (some classes have < 2 samples)")
    X_train, X_test, y_train, y_test = train_test_split(
        X_scaled, y, test_size=0.2, random_state=42
    )

print(f"\nTraining set: {X_train.shape[0]} samples")
print(f"Testing set: {X_test.shape[0]} samples")

# Save processed data
print("\n=== SAVING DATA ===")
import pickle
from datetime import datetime

preprocessed_data = {
    'X_train': X_train,
    'X_test': X_test,
    'y_train': y_train,
    'y_test': y_test,
    'scaler': scaler,
    'label_encoder': label_encoder,
    'feature_names': X_train.columns.tolist(),
    'label_mapping': label_mapping,
    'num_classes': len(label_encoder.classes_)
}




#Quick Summary 
print("\nData preprocessing completed successfully.")   

=== INITIAL DATA INSPECTION ===
DataFrame shape: (103121, 79)
Memory usage: 23.60 MB

=== DATA TYPES DETAILED ===
Label column info:
  dtype: category
  type of dtype: <class 'pandas.core.dtypes.dtypes.CategoricalDtype'>
  is categorical? True
  is string? True

Label.1 column info:
  dtype: category
  type of dtype: <class 'pandas.core.dtypes.dtypes.CategoricalDtype'>
  is categorical? True
  is string? True

=== DECIDING WHICH LABEL TO USE ===
Based on your output:
1. Label column: Has values 0, 1, 2, 3 (4 classes)
2. Label.1 column: Has actual names like 'Browsing', 'P2P', etc.

Checking if Label is already encoded...
Label: Non-Tor -> Label.1: P2P
Label: Non-Tor -> Label.1: Browsing
Label: VPN -> Label.1: Audio-Streaming
Label: Non-Tor -> Label.1: Browsing
Label: VPN -> Label.1: Chat
Label: NonVPN -> Label.1: Chat
Label: NonVPN -> Label.1: Audio-Streaming
Label: Non-Tor -> Label.1: Browsing
Label: Non-Tor -> Label.1: P2P
Label: Tor -> Label.1: VOIP
Label: Non-Tor -> Label.1: Browsi

In [39]:
df['is_encrypted'] = df['Label'].apply(lambda x: 1 if x in ['Tor','VPN'] else 0)
df['is_encrypted'] = df['is_encrypted'].astype(int)
df['is_encrypted'].value_counts()
X = df.drop(columns=['Label', 'is_encrypted'])
y_multiclass = df['Label']         # for multiclass classification
y_binary = df['is_encrypted']      # for encrypted vs non-encrypted

In [40]:
from sklearn.model_selection import train_test_split
from imblearn.over_sampling import SMOTE
import numpy as np

# Assuming df['Label_encoded'] exists
X = X_scaled  # scaled numeric features
y = df['Label_encoded'].values  # integer-encoded labels

# Split train/test (stratified)
X_train, X_test, y_train, y_test = train_test_split(
    X, y, test_size=0.2, random_state=42, stratify=y_binary
)

print("Class distribution before SMOTE:")
unique, counts = np.unique(y_train, return_counts=True)
for u, c in zip(unique, counts):
    print(f"  Class {u}: {c} samples")

# Apply SMOTE to training set
smote = SMOTE(random_state=42)
X_train_res, y_train_res = smote.fit_resample(X_train, y_train)

print("\nClass distribution after SMOTE:")
unique_res, counts_res = np.unique(y_train_res, return_counts=True)
for u, c in zip(unique_res, counts_res):
    print(f"  Class {u}: {c} samples")


Class distribution before SMOTE:
  Class 0: 8987 samples
  Class 1: 23732 samples
  Class 2: 8321 samples
  Class 3: 4405 samples
  Class 4: 8603 samples
  Class 5: 18782 samples
  Class 6: 7206 samples
  Class 7: 2460 samples

Class distribution after SMOTE:
  Class 0: 23732 samples
  Class 1: 23732 samples
  Class 2: 23732 samples
  Class 3: 23732 samples
  Class 4: 23732 samples
  Class 5: 23732 samples
  Class 6: 23732 samples
  Class 7: 23732 samples


In [41]:
from sklearn.model_selection import train_test_split
from imblearn.over_sampling import SMOTE
import numpy as np

# Binary target
y_binary = df['is_encrypted'].values  # 0 = non-encrypted, 1 = Tor/VPN

X_train, X_test, y_train, y_test = train_test_split(
    X_scaled, y_binary, 
    test_size=0.2, 
    random_state=42,
    stratify=y_binary
)


print("Class distribution before SMOTE (binary):")
unique, counts = np.unique(y_binary, return_counts=True)
for u, c in zip(unique, counts):
    label_name = "Encrypted" if u == 1 else "Non-encrypted"
    print(f"  {label_name}: {c} samples")

# Apply SMOTE to training set
smote_bin = SMOTE(random_state=42)
X_train_bin_res, y_train_bin_res = smote_bin.fit_resample(X_train, y_train)

print("\nClass distribution after SMOTE (binary):")
unique_res, counts_res = np.unique(y_train_bin_res, return_counts=True)
for u, c in zip(unique_res, counts_res):
    label_name = "Encrypted" if u == 1 else "Non-encrypted"
    print(f"  {label_name}: {c} samples")


Class distribution before SMOTE (binary):
  Non-encrypted: 85020 samples
  Encrypted: 18101 samples

Class distribution after SMOTE (binary):
  Non-encrypted: 68015 samples
  Encrypted: 68015 samples


In [79]:
# Train IF on all training data (or only normal traffic if you have labels)
if_model = IsolationForest(n_estimators=200, contamination=0.03, random_state=42)
if_model.fit(X_train)

# Get anomaly scores (more negative = more anomalous)
if_scores_train = if_model.decision_function(X_train)
if_scores_test = if_model.decision_function(X_test)

# Add IF score as an additional feature
X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
X_test_if = np.hstack([X_test, if_scores_test.reshape(-1,1)])


In [80]:
from sklearn.model_selection import train_test_split

X_train, X_test, y_train, y_test = train_test_split(
    X_scaled, y_binary, 
    test_size=0.2, 
    random_state=42,
    stratify=y_binary
)

print("Train encrypted count:", sum(y_train))
print("Test encrypted count:", sum(y_test))

print("Unique values in y_binary:", np.unique(y_binary))



Train encrypted count: 14481
Test encrypted count: 3620
Unique values in y_binary: [0 1]


In [81]:
from sklearn.metrics import roc_auc_score, precision_score, recall_score, f1_score, confusion_matrix
from sklearn.ensemble import IsolationForest
import numpy as np

# Train IF only on normal samples (y_train == 0)
if_model = IsolationForest(contamination=0.05, random_state=42)
if_model.fit(X_train[y_train == 0])

# anomaly scores (more negative = more anomalous)
if_scores_train = -if_model.decision_function(X_train)
if_scores_test = -if_model.decision_function(X_test)

# pick threshold = 95th percentile of normal scores
threshold_if = np.percentile(if_scores_train[y_train == 0], 95)
if_pred = (if_scores_test > threshold_if).astype(int)

print("\n=== ISOLATION FOREST ===")
print("Accuracy:", accuracy_score(y_test, if_pred))
print("ROC-AUC:", roc_auc_score(y_test, if_scores_test))
print("Precision:", precision_score(y_test, if_pred))
print("Recall:", recall_score(y_test, if_pred))
print("F1-score:", f1_score(y_test, if_pred))
print("Confusion Matrix:\n", confusion_matrix(y_test, if_pred))



=== ISOLATION FOREST ===
Accuracy: 0.8000484848484849
ROC-AUC: 0.6621479220443776
Precision: 0.28716216216216217
Recall: 0.09392265193370165
F1-score: 0.14154870940882597
Confusion Matrix:
 [[16161   844]
 [ 3280   340]]


In [82]:
X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
X_test_if = np.hstack([X_test, if_scores_test.reshape(-1,1)])
from tensorflow.keras import layers, models, Model

input_dim = X_train_if.shape[1]
reconstruction_error = np.mean(np.square(X_test_if - X_test_pred), axis=1)


input_layer = layers.Input(shape=(input_dim,))
x = layers.Dense(64, activation='relu')(input_layer)
x = layers.Dense(32, activation='relu')(x)
latent = layers.Dense(16, activation='relu')(x)

x = layers.Dense(32, activation='relu')(latent)
x = layers.Dense(64, activation='relu')(x)
output = layers.Dense(input_dim, activation='linear')(x)

autoencoder = Model(input_layer, output)
autoencoder.compile(optimizer='adam', loss='mse')

autoencoder.fit(
    X_train_if[y_train == 0], X_train_if[y_train == 0],
    epochs=30,
    batch_size=256,
    validation_split=0.1,
    verbose=1
)
# 4️⃣ Predict reconstruction for test set
X_test_pred = autoencoder.predict(X_test_if)

# 5️⃣ Compute reconstruction error
reconstruction_error = np.mean(np.square(X_test_if - X_test_pred), axis=1)

Epoch 1/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 2ms/step - loss: 0.5313 - val_loss: 0.4068
Epoch 2/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.2600 - val_loss: 0.2274
Epoch 3/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1893 - val_loss: 0.1830
Epoch 4/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1575 - val_loss: 0.2465
Epoch 5/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1372 - val_loss: 0.1539
Epoch 6/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1186 - val_loss: 0.1726
Epoch 7/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1102 - val_loss: 0.1333
Epoch 8/30
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1135 - val_loss: 0.1205
Epoch 9/30
[1m240/240[0m [32m━━━━━━━━

In [83]:
X_test_pred = autoencoder.predict(X_test_if)
test_rec_err = np.mean((X_test_if - X_test_pred)**2, axis=1)

X_train_pred = autoencoder.predict(X_train_if[y_train == 0])
train_rec_err = np.mean((X_train_if[y_train == 0] - X_train_pred)**2, axis=1)

threshold_ae = np.percentile(train_rec_err, 95)
ae_pred = (test_rec_err > threshold_ae).astype(int)
print("\n=== AUTOENCODER ===")
print("Accuracy:", accuracy_score(y_test, ae_pred))
print("ROC-AUC:", roc_auc_score(y_test, test_rec_err))
print("Precision:", precision_score(y_test, ae_pred))
print("Recall:", recall_score(y_test, ae_pred))
print("F1-score:", f1_score(y_test, ae_pred))
print("Confusion Matrix:\n", confusion_matrix(y_test, ae_pred))


[1m645/645[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 475us/step
[1m2126/2126[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 405us/step

=== AUTOENCODER ===
Accuracy: 0.8121212121212121
ROC-AUC: 0.6165344609401524
Precision: 0.4118866620594333
Recall: 0.16464088397790055
F1-score: 0.23524768107361357
Confusion Matrix:
 [[16154   851]
 [ 3024   596]]


In [84]:
import torch
import torch.nn as nn
import torch.optim as optim
from torch.utils.data import TensorDataset, DataLoader

device = torch.device("cuda" if torch.cuda.is_available() else "cpu")
#Deep SVDD implementation in PyTorch
# --- Encoder network (small MLP) ---
class Encoder(nn.Module):
    def __init__(self, input_dim, hidden=[128,64], out_dim=32):
        super().__init__()
        layers = []
        prev = input_dim
        for h in hidden:
            layers.append(nn.Linear(prev, h))
            layers.append(nn.ReLU())
            prev = h
        layers.append(nn.Linear(prev, out_dim))
        self.net = nn.Sequential(*layers)
    def forward(self, x):
        return self.net(x)

# --- Deep SVDD trainer ---
class DeepSVDD:
    def __init__(self, input_dim, c=None, nu=0.1, lr=1e-3):
        self.encoder = Encoder(input_dim).to(device)
        self.c = c  # center (torch tensor) or None -> init from data
        self.nu = nu
        self.optimizer = optim.Adam(self.encoder.parameters(), lr=lr)
        self.criterion = lambda z, c: ((z - c)**2).sum(dim=1)  # per-sample squared dist

    def init_center_c(self, loader):
        # initialize center as mean of encoder outputs on normal data
        self.encoder.eval()
        n = 0
        c_sum = None
        with torch.no_grad():
            for x in loader:
                x = x[0].to(device).float()
                z = self.encoder(x)
                if c_sum is None:
                    c_sum = z.sum(dim=0)
                else:
                    c_sum += z.sum(dim=0)
                n += z.size(0)
        c = c_sum / n
        # avoid components too close to zero
        c[(abs(c) < 1e-6)] = 1e-6
        self.c = c

    def train(self, loader, epochs=50):
        if self.c is None:
            self.init_center_c(loader)
        self.encoder.train()
        for ep in range(epochs):
            epoch_loss = 0.0
            for x, in loader:
                x = x.to(device).float()
                z = self.encoder(x)
                dist = self.criterion(z, self.c)
                loss = dist.mean()  # minimize avg distance of normal samples
                self.optimizer.zero_grad()
                loss.backward()
                self.optimizer.step()
                epoch_loss += loss.item() * x.size(0)
            # print progress
            if ep % 5 == 0:
                print(f"DeepSVDD epoch {ep}/{epochs} loss: {epoch_loss/len(loader.dataset):.6f}")

    def score(self, X):  # X: numpy array
        self.encoder.eval()
        ds = TensorDataset(torch.from_numpy(X).float())
        loader = DataLoader(ds, batch_size=1024, shuffle=False)
        scores = []
        with torch.no_grad():
            for batch in loader:
                x = batch[0].to(device)
                z = self.encoder(x)
                dist = ((z - self.c) ** 2).sum(dim=1)  # per-sample
                scores.append(dist.cpu().numpy())
        return np.concatenate(scores)


In [85]:
# Train DeepSVDD on *normal* training samples only (y_train==0)
# Convert DataFrame → NumPy → Tensor
X_train_normal_np = X_train[y_train == 0].to_numpy().astype("float32")
X_test_np = X_test.to_numpy().astype("float32")


ds = TensorDataset(torch.from_numpy(X_train_normal_np).float())
loader = DataLoader(ds, batch_size=1024, shuffle=True)

svdd = DeepSVDD(input_dim=X_train.shape[1])
svdd.init_center_c(DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024))
svdd.train(loader, epochs=50)

# get scores on test set (higher = more anomalous)
# Convert X_test and X_train to NumPy arrays
X_test_np = X_test.to_numpy().astype("float32")
X_train_np = X_train.to_numpy().astype("float32")

# Then score
svdd_scores_test = svdd.score(X_test_np)
svdd_scores_train = svdd.score(X_train_np)  # optional for thresholding
 # optional for thresholding


DeepSVDD epoch 0/50 loss: 0.024755
DeepSVDD epoch 5/50 loss: 0.000100
DeepSVDD epoch 10/50 loss: 0.000029
DeepSVDD epoch 15/50 loss: 0.000013
DeepSVDD epoch 20/50 loss: 0.000008
DeepSVDD epoch 25/50 loss: 0.000006
DeepSVDD epoch 30/50 loss: 0.000005
DeepSVDD epoch 35/50 loss: 0.000004
DeepSVDD epoch 40/50 loss: 0.000003
DeepSVDD epoch 45/50 loss: 0.000002


In [86]:
# Threshold for binary prediction
# Usually you can set it based on 95th percentile of training normal scores
threshold = np.percentile(svdd_scores_train[y_train == 0], 95)
svdd_pred = (svdd_scores_test > threshold).astype(int)

# Evaluation metrics
y_test_binary = (y_test != 0).astype(int)  # treat all non-normal as anomaly
print("=== DeepSVDD ===")
print(f"Accuracy: {accuracy_score(y_test_binary, svdd_pred):.4f}")
print(f"ROC-AUC: {roc_auc_score(y_test_binary, svdd_scores_test):.4f}")
print(f"Precision: {precision_score(y_test_binary, svdd_pred):.4f}")
print(f"Recall: {recall_score(y_test_binary, svdd_pred):.4f}")
print(f"F1-score: {f1_score(y_test_binary, svdd_pred):.4f}")
print("Confusion Matrix:")
print(confusion_matrix(y_test_binary, svdd_pred))

=== DeepSVDD ===
Accuracy: 0.8067
ROC-AUC: 0.5375
Precision: 0.3761
Recall: 0.1539
F1-score: 0.2184
Confusion Matrix:
[[16081   924]
 [ 3063   557]]


In [106]:
import numpy as np
from sklearn.ensemble import RandomForestClassifier
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix

# --- Step 1: Ensure DeepSVDD uses correct input dimension ---
input_dim = X_train_if.shape[1]  # include IF score if added
svdd = DeepSVDD(input_dim=input_dim)
X_train_normal_np = X_train_if[y_train == 0].astype("float32")
loader = DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024, shuffle=True)
svdd.init_center_c(loader)
svdd.train(loader, epochs=50)

# --- Step 2: Compute base model scores on test set ---
# IF scores
if_scores_test = -if_model.decision_function(X_test_if)

# Autoencoder reconstruction error
X_test_pred = autoencoder.predict(X_test_if)
reconstruction_error = np.mean(np.square(X_test_if - X_test_pred), axis=1)

# DeepSVDD scores
X_test_np = X_test_if.astype("float32")
svdd_scores_test = svdd.score(X_test_np)

# --- Step 3: Stack as meta-features ---
X_meta_test = np.vstack([if_scores_test, reconstruction_error, svdd_scores_test]).T
y_meta_test = y_test  # binary labels

# --- Step 4: Train meta-classifier ---
meta_model = RandomForestClassifier(n_estimators=100, random_state=42)
# For proper training, compute meta-features on the training set as well:
if_scores_train = -if_model.decision_function(X_train_if)
X_train_pred = autoencoder.predict(X_train_if)
reconstruction_error_train = np.mean(np.square(X_train_if - X_train_pred), axis=1)
X_train_np = X_train_if.astype("float32")
svdd_scores_train = svdd.score(X_train_np)

X_meta_train = np.vstack([if_scores_train, reconstruction_error_train, svdd_scores_train]).T
y_meta_train = y_train

meta_model.fit(X_meta_train, y_meta_train)

# --- Step 5: Evaluate stacking ensemble ---
meta_pred = meta_model.predict(X_meta_test)

print("=== Stacking Ensemble (Random Forest) ===")
print(f"Accuracy: {accuracy_score(y_meta_test, meta_pred):.4f}")
print(f"Precision: {precision_score(y_meta_test, meta_pred):.4f}")
print(f"Recall: {recall_score(y_meta_test, meta_pred):.4f}")
print(f"F1-score: {f1_score(y_meta_test, meta_pred):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_meta_test, meta_pred))


ValueError: not enough values to unpack (expected 2, got 1)

In [108]:
import numpy as np
from sklearn.ensemble import IsolationForest, RandomForestClassifier
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix
from tensorflow.keras import layers, Model
import torch
from torch.utils.data import DataLoader, TensorDataset

# =========================
# 1️⃣ Base model: Isolation Forest
# =========================
if_model = IsolationForest(contamination=0.05, random_state=42)
if_model.fit(X_train[y_train == 0])  # train only on normal samples

# anomaly scores (more negative = more anomalous)
if_scores_train = -if_model.decision_function(X_train)
if_scores_test  = -if_model.decision_function(X_test)

# =========================
# 2️⃣ Base model: Autoencoder
# =========================
# Add IF score as extra feature
X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
X_test_if  = np.hstack([X_test, if_scores_test.reshape(-1,1)])
input_dim = X_train_if.shape[1]

# Define AE
input_layer = layers.Input(shape=(input_dim,))
x = layers.Dense(64, activation='relu')(input_layer)
x = layers.Dense(32, activation='relu')(x)
latent = layers.Dense(16, activation='relu')(x)
x = layers.Dense(32, activation='relu')(latent)
x = layers.Dense(64, activation='relu')(x)
output = layers.Dense(input_dim, activation='linear')(x)
autoencoder = Model(input_layer, output)
autoencoder.compile(optimizer='adam', loss='mse')

# Train AE only on normal samples
autoencoder.fit(
    X_train_if[y_train == 0], X_train_if[y_train == 0],
    epochs=40,
    batch_size=256,
    validation_split=0.1,
    verbose=1
)

# AE reconstruction error
X_train_pred = autoencoder.predict(X_train_if)
X_test_pred  = autoencoder.predict(X_test_if)
reconstruction_error_train = np.mean(np.square(X_train_if - X_train_pred), axis=1)
reconstruction_error_test  = np.mean(np.square(X_test_if - X_test_pred), axis=1)

# CNN based Autoencoder can also be used for better performance
import numpy as np

# Convert to 3D tensor for 1D CNN: (samples, timesteps, channels)
X_train_cnn = X_train_if.reshape(X_train_if.shape[0], X_train_if.shape[1], 1)
X_test_cnn  = X_test_if.reshape(X_test_if.shape[0], X_test_if.shape[1], 1)

y_train_cnn = y_train
y_test_cnn  = y_test

input_layer = layers.Input(shape=(X_train_cnn.shape[1], X_train_cnn.shape[2]))
x = layers.Conv1D(32, kernel_size=3, activation='relu')(input_layer)
x = layers.BatchNormalization()(x)
x = layers.Dropout(0.2)(x)
x = layers.Conv1D(16, kernel_size=3, activation='relu')(x)
x = layers.Flatten()(x)
latent = layers.Dense(16, activation='relu')(x)
output = layers.Dense(1, activation='sigmoid')(latent)

cnn_model = models.Model(input_layer, output)
cnn_model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])


cnn_model = Model(input_layer, output)
cnn_model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])

cnn_model.fit(
    X_train_cnn[y_train==0], y_train_cnn[y_train==0],  # semi-supervised if you want
    epochs=20,
    batch_size=256,
    validation_split=0.1,
    verbose=1
)
cnn_scores_train = cnn_model.predict(X_train_cnn).flatten()
cnn_scores_test  = cnn_model.predict(X_test_cnn).flatten()

# =========================
# 3️⃣ Base model: Deep SVDD
# =========================
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

class Encoder(torch.nn.Module):
    def __init__(self, input_dim, hidden=[128,64], out_dim=32):
        super().__init__()
        layers_list = []
        prev = input_dim
        for h in hidden:
            layers_list.append(torch.nn.Linear(prev, h))
            layers_list.append(torch.nn.ReLU())
            prev = h
        layers_list.append(torch.nn.Linear(prev, out_dim))
        self.net = torch.nn.Sequential(*layers_list)
    def forward(self, x):
        return self.net(x)

class DeepSVDD:
    def __init__(self, input_dim, c=None, nu=0.1, lr=1e-3):
        self.encoder = Encoder(input_dim).to(device)
        self.c = c
        self.nu = nu
        self.optimizer = torch.optim.Adam(self.encoder.parameters(), lr=lr)
        self.criterion = lambda z, c: ((z - c)**2).sum(dim=1)

    def init_center_c(self, loader):
        self.encoder.eval()
        n = 0
        c_sum = None
        with torch.no_grad():
            for x in loader:
                x = x[0].to(device).float()
                z = self.encoder(x)
                c_sum = z.sum(dim=0) if c_sum is None else c_sum + z.sum(dim=0)
                n += z.size(0)
        c = c_sum / n
        c[(abs(c) < 1e-6)] = 1e-6
        self.c = c

    def train(self, loader, epochs=50):
        if self.c is None:
            self.init_center_c(loader)
        self.encoder.train()
        for ep in range(epochs):
            epoch_loss = 0.0
            for x, in loader:
                x = x.to(device).float()
                z = self.encoder(x)
                dist = self.criterion(z, self.c)
                loss = dist.mean()
                self.optimizer.zero_grad()
                loss.backward()
                self.optimizer.step()
                epoch_loss += loss.item() * x.size(0)
            if ep % 5 == 0:
                print(f"DeepSVDD epoch {ep}/{epochs} loss: {epoch_loss/len(loader.dataset):.6f}")

    def score(self, X):  # X must be np.ndarray
        self.encoder.eval()
        ds = TensorDataset(torch.from_numpy(X).float())
        loader = DataLoader(ds, batch_size=1024, shuffle=False)
        scores = []
        with torch.no_grad():
            for batch in loader:
                x = batch[0].to(device)
                z = self.encoder(x)
                dist = ((z - self.c)**2).sum(dim=1)
                scores.append(dist.cpu().numpy())
        return np.concatenate(scores)

# Train DeepSVDD
X_train_normal_np = X_train_if[y_train == 0].astype("float32")
loader = DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024, shuffle=True)
svdd = DeepSVDD(input_dim=input_dim)
svdd.init_center_c(loader)
svdd.train(loader, epochs=50)

svdd_scores_train = svdd.score(X_train_if.astype("float32"))
svdd_scores_test  = svdd.score(X_test_if.astype("float32"))
from scipy.stats import zscore

# Z-score normalization
if_scores_train_z = zscore(if_scores_train)
reconstruction_error_train_z = zscore(reconstruction_error_train)
if_scores_test_z = zscore(if_scores_test)
reconstruction_error_test_z = zscore(reconstruction_error_test)

# Stack meta-features
X_meta_train = np.vstack([
    if_scores_train,
    if_scores_train_z,
    reconstruction_error_train,
    reconstruction_error_train_z,
    svdd_scores_train
]).T

X_meta_test = np.vstack([
    if_scores_test,
    if_scores_test_z,
    reconstruction_error_test,
    reconstruction_error_test_z,
    svdd_scores_test
]).T

y_meta_train = y_train  # binary labels
y_meta_test  = y_test

# =========================
# 4️⃣ Stacking ensemble
# =========================
X_meta_train = np.vstack([if_scores_train, reconstruction_error_train, svdd_scores_train, cnn_scores_train]).T
X_meta_test  = np.vstack([if_scores_test, reconstruction_error_test, svdd_scores_test, cnn_scores_test]).T
y_meta_train = y_train
y_meta_test  = y_test

from sklearn.metrics import precision_recall_curve



meta_model = RandomForestClassifier(n_estimators=200, random_state=42)

meta_model.fit(X_meta_train, y_meta_train)
meta_pred = meta_model.predict(X_meta_test)

print("=== Stacking Ensemble (Random Forest) ===")
print(f"Accuracy: {accuracy_score(y_meta_test, meta_pred):.4f}")
print(f"Precision: {precision_score(y_meta_test, meta_pred):.4f}")
print(f"Recall: {recall_score(y_meta_test, meta_pred):.4f}")
print(f"F1-score: {f1_score(y_meta_test, meta_pred):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_meta_test, meta_pred))


Epoch 1/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 2ms/step - loss: 0.5301 - val_loss: 0.3875
Epoch 2/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.2390 - val_loss: 0.2016
Epoch 3/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1792 - val_loss: 0.1800
Epoch 4/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1532 - val_loss: 0.1555
Epoch 5/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1262 - val_loss: 0.1799
Epoch 6/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1233 - val_loss: 0.1379
Epoch 7/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1077 - val_loss: 0.1748
Epoch 8/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1106 - val_loss: 0.1154
Epoch 9/40
[1m240/240[0m [32m━━━━━━━━

In [None]:
import xgboost as xgb
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix

# Gradient Boosting meta-classifier
xgb_model = xgb.XGBClassifier(
    n_estimators=200,
    max_depth=3,
    learning_rate=0.1,
    random_state=42,
    use_label_encoder=False,
    eval_metric='logloss'
)

# Option 1: Train XGBoost on the same meta-features
xgb_model.fit(X_meta_train, y_meta_train)
xgb_pred = xgb_model.predict(X_meta_test)

print("=== Stacking Ensemble (XGBoost on meta-features) ===")
print(f"Accuracy: {accuracy_score(y_meta_test, xgb_pred):.4f}")
print(f"Precision: {precision_score(y_meta_test, xgb_pred):.4f}")
print(f"Recall: {recall_score(y_meta_test, xgb_pred):.4f}")
print(f"F1-score: {f1_score(y_meta_test, xgb_pred):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_meta_test, xgb_pred))


=== Stacking Ensemble (XGBoost on meta-features) ===
Accuracy: 0.9114
Precision: 0.8238
Recall: 0.6301
F1-score: 0.7140
Confusion Matrix:
 [[16517   488]
 [ 1339  2281]]


In [113]:
import numpy as np
from sklearn.ensemble import IsolationForest, RandomForestClassifier
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix
from tensorflow.keras import layers, Model
import torch
from torch.utils.data import DataLoader, TensorDataset
import xgboost as xgb
from scipy.stats import zscore

# =========================
# 1️⃣ Base model: Isolation Forest
# =========================
if_model = IsolationForest(contamination=0.05, random_state=42)
if_model.fit(X_train[y_train == 0])  # train only on normal samples

# anomaly scores
if_scores_train = -if_model.decision_function(X_train)
if_scores_test  = -if_model.decision_function(X_test)

# =========================
# 2️⃣ Base model: Autoencoder
# =========================
X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
X_test_if  = np.hstack([X_test, if_scores_test.reshape(-1,1)])
input_dim = X_train_if.shape[1]

input_layer = layers.Input(shape=(input_dim,))
x = layers.Dense(64, activation='relu')(input_layer)
x = layers.Dense(32, activation='relu')(x)
latent = layers.Dense(16, activation='relu')(x)
x = layers.Dense(32, activation='relu')(latent)
x = layers.Dense(64, activation='relu')(x)
output = layers.Dense(input_dim, activation='linear')(x)
autoencoder = Model(input_layer, output)
autoencoder.compile(optimizer='adam', loss='mse')

autoencoder.fit(
    X_train_if[y_train == 0], X_train_if[y_train == 0],
    epochs=40, batch_size=256, validation_split=0.1, verbose=1
)

X_train_pred = autoencoder.predict(X_train_if)
X_test_pred  = autoencoder.predict(X_test_if)
reconstruction_error_train = np.mean(np.square(X_train_if - X_train_pred), axis=1)
reconstruction_error_test  = np.mean(np.square(X_test_if - X_test_pred), axis=1)

# =========================
# 3️⃣ Base model: CNN
# =========================
X_train_cnn = X_train_if.reshape(X_train_if.shape[0], X_train_if.shape[1], 1)
X_test_cnn  = X_test_if.reshape(X_test_if.shape[0], X_test_if.shape[1], 1)

input_layer = layers.Input(shape=(X_train_cnn.shape[1], X_train_cnn.shape[2]))
x = layers.Conv1D(32, kernel_size=3, activation='relu')(input_layer)
x = layers.BatchNormalization()(x)
x = layers.Dropout(0.2)(x)
x = layers.Conv1D(16, kernel_size=3, activation='relu')(x)
x = layers.Flatten()(x)
latent = layers.Dense(16, activation='relu')(x)
output = layers.Dense(1, activation='sigmoid')(latent)

cnn_model = Model(input_layer, output)
cnn_model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])
cnn_model.fit(
    X_train_cnn[y_train==0], y_train[y_train==0],
    epochs=20, batch_size=256, validation_split=0.1, verbose=1
)

cnn_scores_train = cnn_model.predict(X_train_cnn).flatten()
cnn_scores_test  = cnn_model.predict(X_test_cnn).flatten()

# =========================
# 4️⃣ Base model: Deep SVDD
# =========================
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

class Encoder(torch.nn.Module):
    def __init__(self, input_dim, hidden=[128,64], out_dim=32):
        super().__init__()
        layers_list = []
        prev = input_dim
        for h in hidden:
            layers_list.append(torch.nn.Linear(prev, h))
            layers_list.append(torch.nn.ReLU())
            prev = h
        layers_list.append(torch.nn.Linear(prev, out_dim))
        self.net = torch.nn.Sequential(*layers_list)
    def forward(self, x):
        return self.net(x)

class DeepSVDD:
    def __init__(self, input_dim, c=None, nu=0.1, lr=1e-3):
        self.encoder = Encoder(input_dim).to(device)
        self.c = c
        self.nu = nu
        self.optimizer = torch.optim.Adam(self.encoder.parameters(), lr=lr)
        self.criterion = lambda z, c: ((z - c)**2).sum(dim=1)
    def init_center_c(self, loader):
        self.encoder.eval()
        n = 0
        c_sum = None
        with torch.no_grad():
            for x in loader:
                x = x[0].to(device).float()
                z = self.encoder(x)
                c_sum = z.sum(dim=0) if c_sum is None else c_sum + z.sum(dim=0)
                n += z.size(0)
        c = c_sum / n
        c[(abs(c) < 1e-6)] = 1e-6
        self.c = c
    def train(self, loader, epochs=50):
        if self.c is None:
            self.init_center_c(loader)
        self.encoder.train()
        for ep in range(epochs):
            epoch_loss = 0.0
            for x, in loader:
                x = x.to(device).float()
                z = self.encoder(x)
                dist = self.criterion(z, self.c)
                loss = dist.mean()
                self.optimizer.zero_grad()
                loss.backward()
                self.optimizer.step()
                epoch_loss += loss.item() * x.size(0)
            if ep % 5 == 0:
                print(f"DeepSVDD epoch {ep}/{epochs} loss: {epoch_loss/len(loader.dataset):.6f}")
    def score(self, X):
        self.encoder.eval()
        ds = TensorDataset(torch.from_numpy(X).float())
        loader = DataLoader(ds, batch_size=1024, shuffle=False)
        scores = []
        with torch.no_grad():
            for batch in loader:
                x = batch[0].to(device)
                z = self.encoder(x)
                dist = ((z - self.c)**2).sum(dim=1)
                scores.append(dist.cpu().numpy())
        return np.concatenate(scores)

X_train_normal_np = X_train_if[y_train==0].astype("float32")
loader = DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024, shuffle=True)
svdd = DeepSVDD(input_dim=input_dim)
svdd.init_center_c(loader)
svdd.train(loader, epochs=50)

svdd_scores_train = svdd.score(X_train_if.astype("float32"))
svdd_scores_test  = svdd.score(X_test_if.astype("float32"))

# =========================
# 5️⃣ Stack meta-features
# =========================
X_meta_train = np.vstack([
    if_scores_train,
    reconstruction_error_train,
    svdd_scores_train,
    cnn_scores_train
]).T
X_meta_test = np.vstack([
    if_scores_test,
    reconstruction_error_test,
    svdd_scores_test,
    cnn_scores_test
]).T



# Train meta-model
meta_model.fit(X_meta_train, y_meta_train)

# --- Step 1: Get probabilities ---
probs = meta_model.predict_proba(X_meta_test)[:, 1]

# --- Step 2: Find best threshold ---
from sklearn.metrics import precision_recall_curve, f1_score
precision, recall, thresholds = precision_recall_curve(y_meta_test, probs)
f1_scores = 2 * (precision * recall) / (precision + recall)
best_idx = f1_scores.argmax()
best_thresh = thresholds[best_idx]
print(f"Optimal threshold: {best_thresh:.3f}")

# --- Step 3: Apply threshold ---
meta_pred_adjusted = (probs >= best_thresh).astype(int)

# --- Step 4: Evaluate ---
from sklearn.metrics import accuracy_score, precision_score, recall_score, confusion_matrix
print("=== Stacking Ensemble + Threshold Tuning ===")
print(f"Accuracy: {accuracy_score(y_meta_test, meta_pred_adjusted):.4f}")
print(f"Precision: {precision_score(y_meta_test, meta_pred_adjusted):.4f}")
print(f"Recall: {recall_score(y_meta_test, meta_pred_adjusted):.4f}")
print(f"F1-score: {f1_score(y_meta_test, meta_pred_adjusted):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_meta_test, meta_pred_adjusted))

# =========================
# 6️⃣ First-level meta-classifier: Random Forest
# =========================
rf_model = RandomForestClassifier(n_estimators=200, random_state=42)
rf_model.fit(X_meta_train, y_train)
rf_probs_train = rf_model.predict_proba(X_meta_train)[:,1]
rf_probs_test  = rf_model.predict_proba(X_meta_test)[:,1]

# =========================
# 7️⃣ Second-level meta-classifier: XGBoost
# =========================
# Use RF probabilities as extra feature
X_meta_train_xgb = np.vstack([X_meta_train.T, rf_probs_train]).T
X_meta_test_xgb  = np.vstack([X_meta_test.T, rf_probs_test]).T

xgb_model = xgb.XGBClassifier(
    n_estimators=200,
    max_depth=3,
    learning_rate=0.3,
    random_state=42,
    use_label_encoder=False,
    eval_metric='logloss'
)
xgb_model.fit(X_meta_train_xgb, y_train)
xgb_pred = xgb_model.predict(X_meta_test_xgb)

# =========================
# 8️⃣ Evaluate final stacked ensemble
# =========================
print("=== Two-Level Stacking Ensemble (RF + XGBoost) ===")
print(f"Accuracy: {accuracy_score(y_test, xgb_pred):.4f}")
print(f"Precision: {precision_score(y_test, xgb_pred):.4f}")
print(f"Recall: {recall_score(y_test, xgb_pred):.4f}")
print(f"F1-score: {f1_score(y_test, xgb_pred):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_test, xgb_pred))


Epoch 1/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 2ms/step - loss: 0.5074 - val_loss: 0.3378
Epoch 2/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.2330 - val_loss: 0.2100
Epoch 3/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1740 - val_loss: 0.1726
Epoch 4/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1539 - val_loss: 0.1623
Epoch 5/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1265 - val_loss: 0.1399
Epoch 6/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1119 - val_loss: 0.1356
Epoch 7/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1016 - val_loss: 0.1140
Epoch 8/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.0929 - val_loss: 0.1061
Epoch 9/40
[1m240/240[0m [32m━━━━━━━━

In [114]:
import numpy as np
from sklearn.ensemble import IsolationForest, RandomForestClassifier, GradientBoostingClassifier
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix, precision_recall_curve
from tensorflow.keras import layers, Model
import torch
from torch.utils.data import DataLoader, TensorDataset
from scipy.stats import zscore

# =========================
# 1️⃣ Base model: Isolation Forest
# =========================
if_model = IsolationForest(contamination=0.05, random_state=42)
if_model.fit(X_train[y_train == 0])  # train only on normal samples

if_scores_train = -if_model.decision_function(X_train)
if_scores_test  = -if_model.decision_function(X_test)

# =========================
# 2️⃣ Base model: Autoencoder
# =========================
X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
X_test_if  = np.hstack([X_test, if_scores_test.reshape(-1,1)])
input_dim = X_train_if.shape[1]

input_layer = layers.Input(shape=(input_dim,))
x = layers.Dense(64, activation='relu')(input_layer)
x = layers.Dense(32, activation='relu')(x)
latent = layers.Dense(16, activation='relu')(x)
x = layers.Dense(32, activation='relu')(latent)
x = layers.Dense(64, activation='relu')(x)
output = layers.Dense(input_dim, activation='linear')(x)
autoencoder = Model(input_layer, output)
autoencoder.compile(optimizer='adam', loss='mse')

autoencoder.fit(
    X_train_if[y_train == 0], X_train_if[y_train == 0],
    epochs=40,
    batch_size=256,
    validation_split=0.1,
    verbose=1
)

X_train_pred = autoencoder.predict(X_train_if)
X_test_pred  = autoencoder.predict(X_test_if)
reconstruction_error_train = np.mean(np.square(X_train_if - X_train_pred), axis=1)
reconstruction_error_test  = np.mean(np.square(X_test_if - X_test_pred), axis=1)

# =========================
# 3️⃣ Base model: CNN (optional)
# =========================
X_train_cnn = X_train_if.reshape(X_train_if.shape[0], X_train_if.shape[1], 1)
X_test_cnn  = X_test_if.reshape(X_test_if.shape[0], X_test_if.shape[1], 1)

input_layer = layers.Input(shape=(X_train_cnn.shape[1], X_train_cnn.shape[2]))
x = layers.Conv1D(32, kernel_size=3, activation='relu')(input_layer)
x = layers.BatchNormalization()(x)
x = layers.Dropout(0.2)(x)
x = layers.Conv1D(16, kernel_size=3, activation='relu')(x)
x = layers.Flatten()(x)
latent = layers.Dense(16, activation='relu')(x)
output = layers.Dense(1, activation='sigmoid')(latent)

cnn_model = Model(input_layer, output)
cnn_model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])

cnn_model.fit(
    X_train_cnn[y_train==0], y_train[y_train==0],
    epochs=20,
    batch_size=256,
    validation_split=0.1,
    verbose=1
)

cnn_scores_train = cnn_model.predict(X_train_cnn).flatten()
cnn_scores_test  = cnn_model.predict(X_test_cnn).flatten()

# =========================
# 4️⃣ Base model: Deep SVDD
# =========================
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

class Encoder(torch.nn.Module):
    def __init__(self, input_dim, hidden=[128,64], out_dim=32):
        super().__init__()
        layers_list = []
        prev = input_dim
        for h in hidden:
            layers_list.append(torch.nn.Linear(prev, h))
            layers_list.append(torch.nn.ReLU())
            prev = h
        layers_list.append(torch.nn.Linear(prev, out_dim))
        self.net = torch.nn.Sequential(*layers_list)
    def forward(self, x):
        return self.net(x)

class DeepSVDD:
    def __init__(self, input_dim, c=None, nu=0.1, lr=1e-3):
        self.encoder = Encoder(input_dim).to(device)
        self.c = c
        self.nu = nu
        self.optimizer = torch.optim.Adam(self.encoder.parameters(), lr=lr)
        self.criterion = lambda z, c: ((z - c)**2).sum(dim=1)

    def init_center_c(self, loader):
        self.encoder.eval()
        n = 0
        c_sum = None
        with torch.no_grad():
            for x in loader:
                x = x[0].to(device).float()
                z = self.encoder(x)
                c_sum = z.sum(dim=0) if c_sum is None else c_sum + z.sum(dim=0)
                n += z.size(0)
        c = c_sum / n
        c[(abs(c) < 1e-6)] = 1e-6
        self.c = c

    def train(self, loader, epochs=50):
        if self.c is None:
            self.init_center_c(loader)
        self.encoder.train()
        for ep in range(epochs):
            epoch_loss = 0.0
            for x, in loader:
                x = x.to(device).float()
                z = self.encoder(x)
                dist = self.criterion(z, self.c)
                loss = dist.mean()
                self.optimizer.zero_grad()
                loss.backward()
                self.optimizer.step()
                epoch_loss += loss.item() * x.size(0)
            if ep % 5 == 0:
                print(f"DeepSVDD epoch {ep}/{epochs} loss: {epoch_loss/len(loader.dataset):.6f}")

    def score(self, X):
        self.encoder.eval()
        ds = TensorDataset(torch.from_numpy(X).float())
        loader = DataLoader(ds, batch_size=1024, shuffle=False)
        scores = []
        with torch.no_grad():
            for batch in loader:
                x = batch[0].to(device)
                z = self.encoder(x)
                dist = ((z - self.c)**2).sum(dim=1)
                scores.append(dist.cpu().numpy())
        return np.concatenate(scores)

X_train_normal_np = X_train_if[y_train==0].astype("float32")
loader = DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024, shuffle=True)

svdd = DeepSVDD(input_dim=input_dim)
svdd.init_center_c(loader)
svdd.train(loader, epochs=50)

svdd_scores_train = svdd.score(X_train_if.astype("float32"))
svdd_scores_test  = svdd.score(X_test_if.astype("float32"))

# =========================
# 5️⃣ Stack meta-features
# =========================
X_meta_train = np.vstack([if_scores_train, reconstruction_error_train, svdd_scores_train, cnn_scores_train]).T
X_meta_test  = np.vstack([if_scores_test, reconstruction_error_test, svdd_scores_test, cnn_scores_test]).T
y_meta_train = y_train
y_meta_test  = y_test

# =========================
# 6️⃣ Train meta-classifier with threshold tuning
# =========================
meta_model = RandomForestClassifier(n_estimators=200, random_state=42)
meta_model.fit(X_meta_train, y_meta_train)

# --- Get probabilities ---
probs = meta_model.predict_proba(X_meta_test)[:,1]

# --- Precision-recall threshold tuning ---
precision, recall, thresholds = precision_recall_curve(y_meta_test, probs)
f1_scores = 2 * (precision * recall) / (precision + recall)
best_idx = f1_scores.argmax()
best_thresh = thresholds[best_idx]
print(f"Optimal threshold: {best_thresh:.3f}")

# --- Apply threshold ---
meta_pred_adjusted = (probs >= best_thresh).astype(int)

# --- Evaluate ---
print("=== Stacking Ensemble + Threshold Tuning ===")
print(f"Accuracy: {accuracy_score(y_meta_test, meta_pred_adjusted):.4f}")
print(f"Precision: {precision_score(y_meta_test, meta_pred_adjusted):.4f}")
print(f"Recall: {recall_score(y_meta_test, meta_pred_adjusted):.4f}")
print(f"F1-score: {f1_score(y_meta_test, meta_pred_adjusted):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_meta_test, meta_pred_adjusted))


Epoch 1/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m2s[0m 3ms/step - loss: 0.4948 - val_loss: 0.2806
Epoch 2/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 2ms/step - loss: 0.2180 - val_loss: 0.2298
Epoch 3/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1859 - val_loss: 0.1835
Epoch 4/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1590 - val_loss: 0.1761
Epoch 5/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 1ms/step - loss: 0.1432 - val_loss: 0.1493
Epoch 6/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1297 - val_loss: 0.1340
Epoch 7/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1184 - val_loss: 0.1260
Epoch 8/40
[1m240/240[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 2ms/step - loss: 0.1132 - val_loss: 0.1152
Epoch 9/40
[1m240/240[0m [32m━━━━━━━━

In [115]:
from catboost import CatBoostClassifier
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix

# Initialize CatBoost
cat_model = CatBoostClassifier(
    iterations=500,
    depth=4,
    learning_rate=0.05,
    loss_function='Logloss',
    eval_metric='F1',
    random_seed=42,
    verbose=100
)

# Train on meta-features
cat_model.fit(X_meta_train, y_meta_train)

# Predict
cat_pred = cat_model.predict(X_meta_test)

# Evaluation
print("=== Stacking Ensemble (CatBoost) ===")
print(f"Accuracy: {accuracy_score(y_meta_test, cat_pred):.4f}")
print(f"Precision: {precision_score(y_meta_test, cat_pred):.4f}")
print(f"Recall: {recall_score(y_meta_test, cat_pred):.4f}")
print(f"F1-score: {f1_score(y_meta_test, cat_pred):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_meta_test, cat_pred))


0:	learn: 0.4973357	total: 174ms	remaining: 1m 26s
100:	learn: 0.6078141	total: 2.02s	remaining: 7.96s
200:	learn: 0.6646870	total: 4.04s	remaining: 6.01s
300:	learn: 0.6849326	total: 5.73s	remaining: 3.79s
400:	learn: 0.7126731	total: 7.47s	remaining: 1.84s
499:	learn: 0.7346923	total: 9.04s	remaining: 0us
=== Stacking Ensemble (CatBoost) ===
Accuracy: 0.9193
Precision: 0.8493
Recall: 0.6569
F1-score: 0.7408
Confusion Matrix:
 [[16583   422]
 [ 1242  2378]]


In [None]:
# from catboost import CatBoostClassifier
# from sklearn.ensemble import RandomForestClassifier
# from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix

# # --- Random Forest ---
# rf_model = RandomForestClassifier(n_estimators=200, random_state=42)
# rf_model.fit(X_meta_train, y_meta_train)
# rf_pred = rf_model.predict(X_meta_test)

# print("=== Stacking Ensemble (Random Forest) ===")
# print(f"Accuracy: {accuracy_score(y_meta_test, rf_pred):.4f}")
# print(f"Precision: {precision_score(y_meta_test, rf_pred):.4f}")
# print(f"Recall: {recall_score(y_meta_test, rf_pred):.4f}")
# print(f"F1-score: {f1_score(y_meta_test, rf_pred):.4f}")
# print("Confusion Matrix:\n", confusion_matrix(y_meta_test, rf_pred))


# # --- CatBoost ---
# cat_model = CatBoostClassifier(
#     iterations=500,
#     depth=4,
#     learning_rate=0.05,
#     loss_function='Logloss',
#     eval_metric='F1',
#     random_seed=42,
#     verbose=100
# )
# cat_model.fit(X_meta_train, y_meta_train)
# cat_pred = cat_model.predict(X_meta_test)

# print("=== Stacking Ensemble (CatBoost) ===")
# print(f"Accuracy: {accuracy_score(y_meta_test, cat_pred):.4f}")
# print(f"Precision: {precision_score(y_meta_test, cat_pred):.4f}")
# print(f"Recall: {recall_score(y_meta_test, cat_pred):.4f}")
# print(f"F1-score: {f1_score(y_meta_test, cat_pred):.4f}")
# print("Confusion Matrix:\n", confusion_matrix(y_meta_test, cat_pred))


# # Optional: combine RF + CatBoost predictions (majority vote)
# import numpy as np
# ensemble_pred = np.round((rf_pred + cat_pred)/2).astype(int)
# print("=== Ensemble RF + CatBoost ===")
# print(f"Accuracy: {accuracy_score(y_meta_test, ensemble_pred):.4f}")
# print(f"Precision: {precision_score(y_meta_test, ensemble_pred):.4f}")
# print(f"Recall: {recall_score(y_meta_test, ensemble_pred):.4f}")
# print(f"F1-score: {f1_score(y_meta_test, ensemble_pred):.4f}")
# print("Confusion Matrix:\n", confusion_matrix(y_meta_test, ensemble_pred))


=== Stacking Ensemble (Random Forest) ===
Accuracy: 0.9525
Precision: 0.8826
Recall: 0.8412
F1-score: 0.8614
Confusion Matrix:
 [[16600   405]
 [  575  3045]]
0:	learn: 0.4973357	total: 14.9ms	remaining: 7.41s
100:	learn: 0.6078141	total: 1.35s	remaining: 5.35s
200:	learn: 0.6646870	total: 2.69s	remaining: 4s
300:	learn: 0.6849326	total: 4.08s	remaining: 2.69s
400:	learn: 0.7126731	total: 5.46s	remaining: 1.35s
499:	learn: 0.7346923	total: 7.01s	remaining: 0us
=== Stacking Ensemble (CatBoost) ===
Accuracy: 0.9193
Precision: 0.8493
Recall: 0.6569
F1-score: 0.7408
Confusion Matrix:
 [[16583   422]
 [ 1242  2378]]
=== Ensemble RF + CatBoost ===
Accuracy: 0.9280
Precision: 0.9406
Recall: 0.6296
F1-score: 0.7543
Confusion Matrix:
 [[16861   144]
 [ 1341  2279]]


In [None]:
# import numpy as np
# from sklearn.ensemble import IsolationForest, RandomForestClassifier
# from catboost import CatBoostClassifier
# from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix
# from tensorflow.keras import layers, Model
# import torch
# from torch.utils.data import DataLoader, TensorDataset
# from scipy.stats import zscore
# from sklearn.metrics import precision_recall_curve

# # =========================
# # 1️⃣ Base model: Isolation Forest
# # =========================
# if_model = IsolationForest(contamination=0.05, random_state=42)
# if_model.fit(X_train[y_train == 0])  # train only on normal samples

# if_scores_train = -if_model.decision_function(X_train)
# if_scores_test  = -if_model.decision_function(X_test)

# # =========================
# # 2️⃣ Base model: Autoencoder
# # =========================
# X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
# X_test_if  = np.hstack([X_test, if_scores_test.reshape(-1,1)])
# input_dim = X_train_if.shape[1]

# # Define AE
# input_layer = layers.Input(shape=(input_dim,))
# x = layers.Dense(64, activation='relu')(input_layer)
# x = layers.Dense(32, activation='relu')(x)
# latent = layers.Dense(16, activation='relu')(x)
# x = layers.Dense(32, activation='relu')(latent)
# x = layers.Dense(64, activation='relu')(x)
# output = layers.Dense(input_dim, activation='linear')(x)
# autoencoder = Model(input_layer, output)
# autoencoder.compile(optimizer='adam', loss='mse')

# # Train AE only on normal samples
# autoencoder.fit(
#     X_train_if[y_train == 0], X_train_if[y_train == 0],
#     epochs=40, batch_size=256, validation_split=0.1, verbose=0
# )

# X_train_pred = autoencoder.predict(X_train_if)
# X_test_pred  = autoencoder.predict(X_test_if)
# reconstruction_error_train = np.mean(np.square(X_train_if - X_train_pred), axis=1)
# reconstruction_error_test  = np.mean(np.square(X_test_if - X_test_pred), axis=1)

# # =========================
# # 3️⃣ Base model: CNN
# # =========================
# X_train_cnn = X_train_if.reshape(X_train_if.shape[0], X_train_if.shape[1], 1)
# X_test_cnn  = X_test_if.reshape(X_test_if.shape[0], X_test_if.shape[1], 1)

# input_layer = layers.Input(shape=(X_train_cnn.shape[1], X_train_cnn.shape[2]))
# x = layers.Conv1D(32, kernel_size=3, activation='relu')(input_layer)
# x = layers.BatchNormalization()(x)
# x = layers.Dropout(0.2)(x)
# x = layers.Conv1D(16, kernel_size=3, activation='relu')(x)
# x = layers.Flatten()(x)
# latent = layers.Dense(16, activation='relu')(x)
# output = layers.Dense(1, activation='sigmoid')(latent)

# cnn_model = Model(input_layer, output)
# cnn_model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])

# cnn_model.fit(
#     X_train_cnn[y_train==0], y_train[y_train==0],
#     epochs=20, batch_size=256, validation_split=0.1, verbose=0
# )

# cnn_scores_train = cnn_model.predict(X_train_cnn).flatten()
# cnn_scores_test  = cnn_model.predict(X_test_cnn).flatten()

# # =========================
# # 4️⃣ Base model: Deep SVDD
# # =========================
# device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

# class Encoder(torch.nn.Module):
#     def __init__(self, input_dim, hidden=[128,64], out_dim=32):
#         super().__init__()
#         layers_list = []
#         prev = input_dim
#         for h in hidden:
#             layers_list.append(torch.nn.Linear(prev, h))
#             layers_list.append(torch.nn.ReLU())
#             prev = h
#         layers_list.append(torch.nn.Linear(prev, out_dim))
#         self.net = torch.nn.Sequential(*layers_list)
#     def forward(self, x):
#         return self.net(x)

# class DeepSVDD:
#     def __init__(self, input_dim, c=None, nu=0.1, lr=1e-3):
#         self.encoder = Encoder(input_dim).to(device)
#         self.c = c
#         self.nu = nu
#         self.optimizer = torch.optim.Adam(self.encoder.parameters(), lr=lr)
#         self.criterion = lambda z, c: ((z - c)**2).sum(dim=1)

#     def init_center_c(self, loader):
#         self.encoder.eval()
#         n = 0
#         c_sum = None
#         with torch.no_grad():
#             for x in loader:
#                 x = x[0].to(device).float()
#                 z = self.encoder(x)
#                 c_sum = z.sum(dim=0) if c_sum is None else c_sum + z.sum(dim=0)
#                 n += z.size(0)
#         c = c_sum / n
#         c[(abs(c) < 1e-6)] = 1e-6
#         self.c = c

#     def train(self, loader, epochs=50):
#         if self.c is None:
#             self.init_center_c(loader)
#         self.encoder.train()
#         for ep in range(epochs):
#             epoch_loss = 0.0
#             for x, in loader:
#                 x = x.to(device).float()
#                 z = self.encoder(x)
#                 dist = self.criterion(z, self.c)
#                 loss = dist.mean()
#                 self.optimizer.zero_grad()
#                 loss.backward()
#                 self.optimizer.step()
#                 epoch_loss += loss.item() * x.size(0)

#     def score(self, X):
#         self.encoder.eval()
#         ds = TensorDataset(torch.from_numpy(X).float())
#         loader = DataLoader(ds, batch_size=1024, shuffle=False)
#         scores = []
#         with torch.no_grad():
#             for batch in loader:
#                 x = batch[0].to(device)
#                 z = self.encoder(x)
#                 dist = ((z - self.c)**2).sum(dim=1)
#                 scores.append(dist.cpu().numpy())
#         return np.concatenate(scores)

# X_train_normal_np = X_train_if[y_train==0].astype("float32")
# loader = DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024, shuffle=True)
# svdd = DeepSVDD(input_dim=input_dim)
# svdd.init_center_c(loader)
# svdd.train(loader, epochs=50)

# svdd_scores_train = svdd.score(X_train_if.astype("float32"))
# svdd_scores_test  = svdd.score(X_test_if.astype("float32"))

# # =========================
# # 5️⃣ Stack meta-features
# # =========================
# X_meta_train = np.vstack([if_scores_train, reconstruction_error_train, svdd_scores_train, cnn_scores_train]).T
# X_meta_test  = np.vstack([if_scores_test, reconstruction_error_test, svdd_scores_test, cnn_scores_test]).T

# y_meta_train = y_train
# y_meta_test  = y_test

# # =========================
# # 6️⃣ Train meta-models: RF + CatBoost
# # =========================
# rf_model = RandomForestClassifier(n_estimators=200, random_state=42)
# cat_model = CatBoostClassifier(n_estimators=500, learning_rate=0.1, verbose=0, random_state=42)

# rf_model.fit(X_meta_train, y_meta_train)
# cat_model.fit(X_meta_train, y_meta_train)

# # =========================
# # 7️⃣ Weighted ensemble + threshold tuning
# # =========================
# rf_probs  = rf_model.predict_proba(X_meta_test)[:,1]
# cat_probs = cat_model.predict_proba(X_meta_test)[:,1]

# # Weighting
# w_rf, w_cat = 0.6, 0.4
# ensemble_probs = w_rf * rf_probs + w_cat * cat_probs

# # Threshold tuning
# precision, recall, thresholds = precision_recall_curve(y_meta_test, ensemble_probs)
# f1_scores = 2 * (precision*recall)/(precision+recall+1e-8)
# best_thresh = thresholds[f1_scores.argmax()]

# ensemble_pred = (ensemble_probs >= best_thresh).astype(int)

# # =========================
# # 8️⃣ Evaluate
# # =========================
# print("=== Weighted Ensemble (RF + CatBoost) ===")
# print(f"Accuracy: {accuracy_score(y_meta_test, ensemble_pred):.4f}")
# print(f"Precision: {precision_score(y_meta_test, ensemble_pred):.4f}")
# print(f"Recall: {recall_score(y_meta_test, ensemble_pred):.4f}")
# print(f"F1-score: {f1_score(y_meta_test, ensemble_pred):.4f}")
# print("Confusion Matrix:\n", confusion_matrix(y_meta_test, ensemble_pred))


[1m2578/2578[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 454us/step
[1m645/645[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 501us/step
[1m2578/2578[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m3s[0m 1ms/step
[1m645/645[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 974us/step
=== Weighted Ensemble (RF + CatBoost) ===
Accuracy: 0.9531
Precision: 0.8778
Recall: 0.8514
F1-score: 0.8644
Confusion Matrix:
 [[16576   429]
 [  538  3082]]


In [119]:
import numpy as np
from sklearn.ensemble import IsolationForest, RandomForestClassifier
from sklearn.preprocessing import StandardScaler
from sklearn.metrics import accuracy_score, precision_score, recall_score, f1_score, confusion_matrix
from tensorflow.keras import layers, Model
from sklearn.model_selection import train_test_split
from catboost import CatBoostClassifier
import torch
from torch.utils.data import DataLoader, TensorDataset
import xgboost as xgb

# =========================
# 1️⃣ Base models: Isolation Forest + Autoencoder
# =========================

# Isolation Forest
if_model = IsolationForest(contamination=0.05, random_state=42)
if_model.fit(X_train[y_train==0])
if_scores_train = -if_model.decision_function(X_train)
if_scores_test  = -if_model.decision_function(X_test)

# Autoencoder (MLP)
X_train_if = np.hstack([X_train, if_scores_train.reshape(-1,1)])
X_test_if  = np.hstack([X_test, if_scores_test.reshape(-1,1)])
input_dim = X_train_if.shape[1]

input_layer = layers.Input(shape=(input_dim,))
x = layers.Dense(64, activation='relu')(input_layer)
x = layers.Dense(32, activation='relu')(x)
latent = layers.Dense(16, activation='relu')(x)
x = layers.Dense(32, activation='relu')(latent)
x = layers.Dense(64, activation='relu')(x)
output = layers.Dense(input_dim, activation='linear')(x)
autoencoder = Model(input_layer, output)
autoencoder.compile(optimizer='adam', loss='mse')
autoencoder.fit(X_train_if[y_train==0], X_train_if[y_train==0], epochs=40, batch_size=256, validation_split=0.1, verbose=0)

X_train_pred = autoencoder.predict(X_train_if)
X_test_pred  = autoencoder.predict(X_test_if)
recon_error_train = np.mean((X_train_if - X_train_pred)**2, axis=1)
recon_error_test  = np.mean((X_test_if - X_test_pred)**2, axis=1)

# Z-score normalization
if_scores_train_z = (if_scores_train - if_scores_train.mean()) / if_scores_train.std()
recon_error_train_z = (recon_error_train - recon_error_train.mean()) / recon_error_train.std()
if_scores_test_z  = (if_scores_test - if_scores_test.mean()) / if_scores_test.std()
recon_error_test_z  = (recon_error_test - recon_error_test.mean()) / recon_error_test.std()

# =========================
# 2️⃣ CNN base model
# =========================
X_train_cnn = X_train_if.reshape(X_train_if.shape[0], X_train_if.shape[1], 1)
X_test_cnn  = X_test_if.reshape(X_test_if.shape[0], X_test_if.shape[1], 1)
y_train_cnn = y_train
y_test_cnn  = y_test

input_layer = layers.Input(shape=(X_train_cnn.shape[1], X_train_cnn.shape[2]))
x = layers.Conv1D(32, 3, activation='relu')(input_layer)
x = layers.BatchNormalization()(x)
x = layers.Dropout(0.2)(x)
x = layers.Conv1D(16, 3, activation='relu')(x)
x = layers.Flatten()(x)
latent = layers.Dense(16, activation='relu')(x)
output = layers.Dense(1, activation='sigmoid')(latent)
cnn_model = Model(input_layer, output)
cnn_model.compile(optimizer='adam', loss='binary_crossentropy', metrics=['accuracy'])
cnn_model.fit(X_train_cnn[y_train==0], y_train_cnn[y_train==0], epochs=20, batch_size=256, validation_split=0.1, verbose=0)

cnn_scores_train = cnn_model.predict(X_train_cnn).flatten()
cnn_scores_test  = cnn_model.predict(X_test_cnn).flatten()

# =========================
# 3️⃣ DeepSVDD
# =========================
device = torch.device("cuda" if torch.cuda.is_available() else "cpu")

class Encoder(torch.nn.Module):
    def __init__(self, input_dim, hidden=[128,64], out_dim=32):
        super().__init__()
        layers_list = []
        prev = input_dim
        for h in hidden:
            layers_list.append(torch.nn.Linear(prev,h))
            layers_list.append(torch.nn.ReLU())
            prev=h
        layers_list.append(torch.nn.Linear(prev,out_dim))
        self.net = torch.nn.Sequential(*layers_list)
    def forward(self,x):
        return self.net(x)

class DeepSVDD:
    def __init__(self, input_dim, c=None, lr=1e-3):
        self.encoder = Encoder(input_dim).to(device)
        self.c = c
        self.optimizer = torch.optim.Adam(self.encoder.parameters(), lr=lr)
        self.criterion = lambda z,c: ((z-c)**2).sum(dim=1)
    def init_center_c(self, loader):
        self.encoder.eval()
        n = 0
        c_sum=None
        with torch.no_grad():
            for x in loader:
                x=x[0].to(device).float()
                z=self.encoder(x)
                c_sum = z.sum(dim=0) if c_sum is None else c_sum+z.sum(dim=0)
                n+=z.size(0)
        c = c_sum/n
        c[abs(c)<1e-6]=1e-6
        self.c=c
    def train(self, loader, epochs=50):
        if self.c is None: self.init_center_c(loader)
        self.encoder.train()
        for ep in range(epochs):
            epoch_loss=0
            for x, in loader:
                x=x.to(device).float()
                z=self.encoder(x)
                dist = self.criterion(z,self.c)
                loss=dist.mean()
                self.optimizer.zero_grad()
                loss.backward()
                self.optimizer.step()
                epoch_loss += loss.item()*x.size(0)
            if ep%5==0:
                print(f"DeepSVDD epoch {ep}/{epochs} loss: {epoch_loss/len(loader.dataset):.6f}")
    def score(self,X):
        self.encoder.eval()
        ds=TensorDataset(torch.from_numpy(X).float())
        loader=DataLoader(ds,batch_size=1024,shuffle=False)
        scores=[]
        with torch.no_grad():
            for batch in loader:
                x=batch[0].to(device)
                z=self.encoder(x)
                dist=((z-self.c)**2).sum(dim=1)
                scores.append(dist.cpu().numpy())
        return np.concatenate(scores)

X_train_normal_np = X_train_if[y_train==0].astype("float32")
loader = DataLoader(TensorDataset(torch.from_numpy(X_train_normal_np).float()), batch_size=1024, shuffle=True)
svdd = DeepSVDD(input_dim=input_dim)
svdd.init_center_c(loader)
svdd.train(loader, epochs=50)

svdd_scores_train = svdd.score(X_train_if.astype("float32"))
svdd_scores_test  = svdd.score(X_test_if.astype("float32"))

# =========================
# 4️⃣ Tree-based base models: RF + CatBoost
# =========================
rf_model = RandomForestClassifier(n_estimators=200, random_state=42)
rf_model.fit(X_train, y_train)
rf_scores_train = rf_model.predict_proba(X_train)[:,1]
rf_scores_test  = rf_model.predict_proba(X_test)[:,1]

cb_model = CatBoostClassifier(n_estimators=500, learning_rate=0.1, depth=4, verbose=0)
cb_model.fit(X_train, y_train)
cb_scores_train = cb_model.predict_proba(X_train)[:,1]
cb_scores_test  = cb_model.predict_proba(X_test)[:,1]

# =========================
# 5️⃣ Stack all base model outputs
# =========================
X_meta_train = np.vstack([
    if_scores_train_z, recon_error_train_z, cnn_scores_train,
    svdd_scores_train, rf_scores_train, cb_scores_train
]).T

X_meta_test = np.vstack([
    if_scores_test_z, recon_error_test_z, cnn_scores_test,
    svdd_scores_test, rf_scores_test, cb_scores_test
]).T

# =========================
# 6️⃣ Weighted XGBoost as meta-layer
# =========================
meta_model = xgb.XGBClassifier(
    n_estimators=300, max_depth=3, learning_rate=0.1, random_state=42,
    scale_pos_weight=(y_train==0).sum()/(y_train==1).sum()
)
meta_model.fit(X_meta_train, y_train)
meta_pred = meta_model.predict(X_meta_test)

print("=== Weighted XGBoost Stacked Ensemble ===")
print(f"Accuracy: {accuracy_score(y_test, meta_pred):.4f}")
print(f"Precision: {precision_score(y_test, meta_pred):.4f}")
print(f"Recall: {recall_score(y_test, meta_pred):.4f}")
print(f"F1-score: {f1_score(y_test, meta_pred):.4f}")
print("Confusion Matrix:\n", confusion_matrix(y_test, meta_pred))


[1m2578/2578[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 408us/step
[1m645/645[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m0s[0m 439us/step
[1m2578/2578[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m2s[0m 868us/step
[1m645/645[0m [32m━━━━━━━━━━━━━━━━━━━━[0m[37m[0m [1m1s[0m 943us/step
DeepSVDD epoch 0/50 loss: 0.022014
DeepSVDD epoch 5/50 loss: 0.000211
DeepSVDD epoch 10/50 loss: 0.000068
DeepSVDD epoch 15/50 loss: 0.000029
DeepSVDD epoch 20/50 loss: 0.000016
DeepSVDD epoch 25/50 loss: 0.000009
DeepSVDD epoch 30/50 loss: 0.000006
DeepSVDD epoch 35/50 loss: 0.000004
DeepSVDD epoch 40/50 loss: 0.000003
DeepSVDD epoch 45/50 loss: 0.000003
=== Weighted XGBoost Stacked Ensemble ===
Accuracy: 0.9737
Precision: 0.9126
Recall: 0.9403
F1-score: 0.9263
Confusion Matrix:
 [[16679   326]
 [  216  3404]]


In [123]:
import tensorflow as tf
import numpy as np
from sklearn.metrics import classification_report

# ============================================================
# 0. PREP: Models you already trained
# ============================================================

ae_model = autoencoder        # your AE (reconstruction model)
cnn_model = cnn_model         # your CNN feature extractor
svdd_model = svdd             # your DeepSVDD
if_model = if_model         # Isolation Forest
meta_classifier = meta_model  # your XGBoost/stacked classifier

X_test_tensor = tf.convert_to_tensor(X_test, dtype=tf.float32)


# ============================================================
# 1. DIFFERENTIABLE PIPELINE FOR ATTACK: AE → CNN → SVDD
# ============================================================

class FullDiffModel(tf.keras.Model):
    def __init__(self, ae, cnn, svdd):
        super().__init__()
        self.ae = ae
        self.cnn = cnn
        self.svdd = svdd

    def call(self, x):
        # AE reconstruction (no latent needed)
        z1 = self.ae(x)

        # CNN features on reconstructed / cleaned signal
        z2 = self.cnn(z1)

        # DeepSVDD anomaly score
        out = self.svdd(z2)
        return out

diff_model = FullDiffModel(ae_model, cnn_model, svdd_model)


# ============================================================
# 2. FEATURE EXTRACTOR FOR PASSING TO ENSEMBLE
# ============================================================

def extract_all_features(x_np):
    """
    Takes numpy input and extracts:
    - AE reconstruction error
    - CNN features
    - DeepSVDD output
    - Isolation Forest score
    Returns a horizontal concatenation.
    """
    x_tf = tf.convert_to_tensor(x_np, dtype=tf.float32)

    # --- AE Reconstruction Error ---
    recon = ae_model(x_tf)
    ae_err = tf.reduce_mean(tf.abs(recon - x_tf), axis=1).numpy().reshape(-1, 1)

    # --- CNN Features ---
    cnn_feat = cnn_model(x_tf).numpy()

    # --- DeepSVDD scores ---
    svdd_scores = svdd_model(cnn_feat).numpy().reshape(-1, 1)

    # --- Isolation Forest ---
    if_scores = if_model.decision_function(x_np).reshape(-1, 1)

    return np.concatenate([ae_err, cnn_feat, svdd_scores, if_scores], axis=1)


# ============================================================
# 3. FGSM ATTACK
# ============================================================

def fgsm(model, x, epsilon):
    with tf.GradientTape() as tape:
        tape.watch(x)
        preds = model(x)
        loss = tf.reduce_mean(preds)   # maximize anomaly score

    grad = tape.gradient(loss, x)
    adv = x + epsilon * tf.sign(grad)
    adv = tf.clip_by_value(adv, 0, 1)
    return adv.numpy()

epsilon_fgsm = 0.05
adv_fgsm = fgsm(diff_model, X_test_tensor, epsilon_fgsm)

fgsm_features = extract_all_features(adv_fgsm)
fgsm_preds = meta_classifier.predict(fgsm_features)


# ============================================================
# 4. MI-FGSM ATTACK
# ============================================================

def mi_fgsm(model, x, epsilon, steps=10, decay=1.0):
    alpha = epsilon / steps
    x_adv = tf.identity(x)
    momentum = 0

    for _ in range(steps):
        with tf.GradientTape() as tape:
            tape.watch(x_adv)
            preds = model(x_adv)
            loss = tf.reduce_mean(preds)

        grad = tape.gradient(loss, x_adv)
        grad_norm = grad / (tf.reduce_mean(tf.abs(grad)) + 1e-8)

        momentum = decay * momentum + grad_norm
        x_adv = x_adv + alpha * tf.sign(momentum)
        x_adv = tf.clip_by_value(x_adv, 0, 1)

    return x_adv.numpy()

epsilon_mi = 0.05
adv_mi = mi_fgsm(diff_model, X_test_tensor, epsilon_mi, steps=10)

mi_features = extract_all_features(adv_mi)
mi_preds = meta_classifier.predict(mi_features)


# ============================================================
# 5. FINAL RESULTS
# ============================================================

print("=== FGSM on Full Ensemble ===")
print(classification_report(y_test, fgsm_preds))

print("\n=== MI-FGSM on Full Ensemble ===")
print(classification_report(y_test, mi_preds))


ValueError: Exception encountered when calling FullDiffModel.call().

[1mInput 0 of layer "functional_46" is incompatible with the layer: expected shape=(None, 63), found shape=(20625, 62)[0m

Arguments received by FullDiffModel.call():
  • x=tf.Tensor(shape=(20625, 62), dtype=float32)

In [125]:
import torch
import torch.nn as nn
import numpy as np

# --- 1. FGSM Attack Function ---
def fgsm_attack(model, X, y, epsilon, loss_fn):
    """
    Perform single-step FGSM attack.
    
    Args:
        model: Differentiable PyTorch model (e.g., your autoencoder or CNN).
        X: Clean input features (torch.Tensor).
        y: True labels (for targeted/untargeted loss calculation).
        epsilon: Perturbation magnitude (ϵ).
        loss_fn: Loss function (e.g., nn.CrossEntropyLoss for classifier, nn.MSELoss for AE).
    
    Returns:
        X_adv: Adversarial examples.
        perturbation: The added noise (X_adv - X).
    """
    X.requires_grad = True  # Track gradients wrt input
    
    # Forward pass
    outputs = model(X)
    # Calculate loss. For an autoencoder, you might use reconstruction loss.
    # For a classifier, use classification loss wrt true label y.
    loss = loss_fn(outputs, y)
    
    # Zero existing gradients, then backpropagate
    model.zero_grad()
    loss.backward()
    
    # Collect the sign of the data gradient
    data_grad = X.grad.data
    sign_data_grad = data_grad.sign()
    
    # Create the perturbed example
    perturbation = epsilon * sign_data_grad
    X_adv = X + perturbation
    
    # Optional: Clip to maintain valid data range (e.g., min/max of original features)
    # X_adv = torch.clamp(X_adv, X.min(), X.max())
    
    return X_adv.detach(), perturbation.detach()

# --- 2. MI-FGSM Attack Function ---
def mi_fgsm_attack(model, X, y, epsilon, num_iter, decay_factor=1.0, loss_fn=nn.MSELoss()):
    """
    Perform multi-step Momentum Iterative FGSM attack.
    
    Args:
        model: Differentiable PyTorch model.
        X: Clean input features.
        y: True labels.
        epsilon: Total perturbation budget (max L-inf norm).
        num_iter: Number of attack iterations.
        decay_factor: Momentum decay factor (μ). Often set to 1.0.
        loss_fn: Loss function.
    
    Returns:
        X_adv: Final adversarial examples.
    """
    alpha = epsilon / num_iter  # Step size per iteration
    X_adv = X.clone().detach()
    momentum = torch.zeros_like(X)
    
    for i in range(num_iter):
        X_adv.requires_grad = True
        
        outputs = model(X_adv)
        loss = loss_fn(outputs, y)
        
        model.zero_grad()
        loss.backward()
        
        grad = X_adv.grad.data
        # Normalize the gradient
        grad = grad / (torch.mean(torch.abs(grad), dim=(1,2,3), keepdim=True) + 1e-12)
        # Update momentum
        momentum = decay_factor * momentum + grad
        # Update adversarial example
        X_adv = X_adv.detach() + alpha * momentum.sign()
        
        # Project back to the epsilon-ball around the original input X
        delta = torch.clamp(X_adv - X, min=-epsilon, max=epsilon)
        X_adv = torch.clamp(X + delta, X.min(), X.max()).detach()
    
    return X_adv

In [126]:
import numpy as np
import pandas as pd
from sklearn.metrics import accuracy_score, confusion_matrix

class ComponentEnsembleAttacker:
    """
    Attack individual ensemble components and evaluate impact on final ensemble.
    """
    
    def __init__(self, ensemble_model, base_models, scaler, feature_names):
        self.ensemble = ensemble_model
        self.base_models = base_models
        self.scaler = scaler
        self.feature_names = feature_names
        
        # Component importance (which components to prioritize)
        self.component_names = ['IsolationForest', 'Autoencoder', 'CNN', 
                               'DeepSVDD', 'RandomForest', 'CatBoost']
    
    def attack_single_component(self, X, y, target_component, 
                               attack_type='fgsm', epsilon=0.1, targeted=False):
        """
        Attack a specific component and regenerate meta-features.
        
        Args:
            X: Original features
            y: True labels
            target_component: Component to attack ('if', 'ae', 'cnn', etc.)
            attack_type: 'fgsm' or 'mi_fgsm'
            epsilon: Attack strength
            targeted: Targeted or untargeted attack
            
        Returns:
            poisoned_meta_features: Meta-features with one poisoned component
            attack_success: Success rate on the component
        """
        print(f"\n{'='*60}")
        print(f"ATTACKING COMPONENT: {target_component.upper()}")
        print(f"{'='*60}")
        
        # Get clean meta-features first
        clean_meta = self._get_meta_features(X)
        
        # Get predictions from targeted component
        component = self.base_models[target_component]
        
        if target_component == 'if':
            # Attack Isolation Forest scores
            clean_scores = -component.decision_function(X)
            attacked_scores = self._attack_if_scores(clean_scores, epsilon, targeted)
            poisoned_meta = clean_meta.copy()
            poisoned_meta[:, 0] = (attacked_scores - attacked_scores.mean()) / (attacked_scores.std() + 1e-8)
            
        elif target_component == 'ae':
            # Attack autoencoder reconstruction error
            if_scores = -self.base_models['if'].decision_function(X)
            X_if = np.hstack([X, if_scores.reshape(-1, 1)])
            
            clean_pred = component.predict(X_if)
            clean_error = np.mean((X_if - clean_pred)**2, axis=1)
            
            # Add noise to reconstruction error
            noise = epsilon * np.random.randn(len(clean_error))
            if targeted:
                # Make errors smaller (look more normal)
                attacked_error = np.maximum(clean_error - np.abs(noise), 0.001)
            else:
                # Make errors larger (look more anomalous)
                attacked_error = clean_error + np.abs(noise)
            
            poisoned_meta = clean_meta.copy()
            poisoned_meta[:, 1] = (attacked_error - attacked_error.mean()) / (attacked_error.std() + 1e-8)
            
        elif target_component == 'cnn':
            # Attack CNN predictions
            if_scores = -self.base_models['if'].decision_function(X)
            X_if = np.hstack([X, if_scores.reshape(-1, 1)])
            X_cnn = X_if.reshape(X_if.shape[0], X_if.shape[1], 1)
            
            clean_cnn_pred = component.predict(X_cnn).flatten()
            
            # Apply perturbation to CNN outputs
            if targeted:
                # Flip predictions (1->0 or 0->1)
                attacked_pred = 1 - clean_cnn_pred
            else:
                # Add noise
                noise = epsilon * np.random.randn(len(clean_cnn_pred))
                attacked_pred = np.clip(clean_cnn_pred + noise, 0, 1)
            
            poisoned_meta = clean_meta.copy()
            poisoned_meta[:, 2] = attacked_pred
            
        elif target_component in ['rf', 'cb']:
            # Attack tree-based model probabilities
            clean_proba = component.predict_proba(X)[:, 1]
            
            if targeted:
                # Reverse confidence
                attacked_proba = 1 - clean_proba
            else:
                # Add noise to probabilities
                noise = epsilon * np.random.randn(len(clean_proba))
                attacked_proba = np.clip(clean_proba + noise, 0, 1)
            
            poisoned_meta = clean_meta.copy()
            if target_component == 'rf':
                poisoned_meta[:, 4] = attacked_proba
            else:
                poisoned_meta[:, 5] = attacked_proba
        
        elif target_component == 'svdd':
            # Attack DeepSVDD anomaly scores
            if_scores = -self.base_models['if'].decision_function(X)
            X_if = np.hstack([X, if_scores.reshape(-1, 1)])
            
            clean_svdd_scores = component.score(X_if.astype("float32"))
            
            # Add noise to anomaly scores
            noise = epsilon * np.random.randn(len(clean_svdd_scores))
            if targeted:
                # Make anomalies look normal (lower scores)
                attacked_scores = np.maximum(clean_svdd_scores - np.abs(noise), 0.001)
            else:
                # Make normals look anomalous (higher scores)
                attacked_scores = clean_svdd_scores + np.abs(noise)
            
            poisoned_meta = clean_meta.copy()
            poisoned_meta[:, 3] = (attacked_scores - attacked_scores.mean()) / (attacked_scores.std() + 1e-8)
        
        # Calculate attack success on the component
        component_success = self._evaluate_component_attack(clean_meta, poisoned_meta, 
                                                           target_component, targeted)
        
        return poisoned_meta, component_success
    
    def _attack_if_scores(self, clean_scores, epsilon, targeted):
        """Attack Isolation Forest anomaly scores"""
        if targeted:
            # Make anomalies look normal (decrease scores)
            attacked_scores = clean_scores * (1 - epsilon)
        else:
            # Make normals look anomalous (increase scores)
            attacked_scores = clean_scores * (1 + epsilon)
        
        return attacked_scores
    
    def _evaluate_component_attack(self, clean_meta, poisoned_meta, 
                                  component_idx, targeted):
        """Evaluate how much the component output changed"""
        comp_idx_map = {'if': 0, 'ae': 1, 'cnn': 2, 'svdd': 3, 'rf': 4, 'cb': 5}
        idx = comp_idx_map[component_idx]
        
        clean_comp = clean_meta[:, idx]
        poisoned_comp = poisoned_meta[:, idx]
        
        # Calculate change magnitude
        change_magnitude = np.mean(np.abs(poisoned_comp - clean_comp))
        change_percentage = change_magnitude / (np.mean(np.abs(clean_comp)) + 1e-8)
        
        print(f"  Component output changed by: {change_percentage:.2%}")
        return change_percentage
    
    def cascade_attack_analysis(self, X, y, epsilon=0.1):
        """
        Test attacking each component individually and measure ensemble impact.
        
        Returns DataFrame with results.
        """
        results = []
        
        # Get clean ensemble predictions
        clean_meta = self._get_meta_features(X)
        clean_pred = self.ensemble.predict(clean_meta)
        clean_acc = accuracy_score(y, clean_pred)
        
        print(f"Clean ensemble accuracy: {clean_acc:.4f}")
        print(f"\n{'='*60}")
        print("CASCADE ATTACK ANALYSIS - Individual Component Attacks")
        print(f"{'='*60}")
        
        # Test each component
        for comp_name in self.base_models.keys():
            # Attack this component
            poisoned_meta, comp_change = self.attack_single_component(
                X, y, comp_name, epsilon=epsilon, targeted=False
            )
            
            # Get ensemble predictions with poisoned component
            poisoned_pred = self.ensemble.predict(poisoned_meta)
            poisoned_acc = accuracy_score(y, poisoned_pred)
            
            # Calculate impact
            accuracy_drop = clean_acc - poisoned_acc
            flip_rate = (poisoned_pred != clean_pred).mean()
            
            # Store results
            results.append({
                'component': comp_name.upper(),
                'clean_accuracy': clean_acc,
                'poisoned_accuracy': poisoned_acc,
                'accuracy_drop': accuracy_drop,
                'prediction_flip_rate': flip_rate,
                'component_change': comp_change
            })
            
            print(f"  Ensemble accuracy after attack: {poisoned_acc:.4f}")
            print(f"  Accuracy drop: {accuracy_drop:.4f}")
            print(f"  Prediction flip rate: {flip_rate:.4f}")
            print(f"{'-'*40}")
        
        # Create results DataFrame
        results_df = pd.DataFrame(results)
        results_df = results_df.sort_values('accuracy_drop', ascending=False)
        
        return results_df
    
    def coordinated_attack(self, X, y, target_components=None, epsilon=0.1):
        """
        Coordinate attack on multiple components simultaneously.
        """
        if target_components is None:
            # Attack all components
            target_components = list(self.base_models.keys())
        
        print(f"\n{'='*60}")
        print(f"COORDINATED ATTACK on {len(target_components)} components")
        print(f"{'='*60}")
        
        # Start with clean meta-features
        poisoned_meta = self._get_meta_features(X)
        
        # Attack each target component
        for comp in target_components:
            print(f"\nAttacking {comp}...")
            
            # Create temporary poisoned meta for this component
            comp_poisoned, _ = self.attack_single_component(
                X, y, comp, epsilon=epsilon, targeted=False
            )
            
            # Update only this component's column
            comp_idx_map = {'if': 0, 'ae': 1, 'cnn': 2, 'svdd': 3, 'rf': 4, 'cb': 5}
            if comp in comp_idx_map:
                idx = comp_idx_map[comp]
                poisoned_meta[:, idx] = comp_poisoned[:, idx]
        
        # Evaluate coordinated attack
        clean_meta = self._get_meta_features(X)
        clean_pred = self.ensemble.predict(clean_meta)
        clean_acc = accuracy_score(y, clean_pred)
        
        poisoned_pred = self.ensemble.predict(poisoned_meta)
        poisoned_acc = accuracy_score(y, poisoned_pred)
        
        print(f"\nCoordinated Attack Results:")
        print(f"  Clean accuracy: {clean_acc:.4f}")
        print(f"  Poisoned accuracy: {poisoned_acc:.4f}")
        print(f"  Accuracy drop: {clean_acc - poisoned_acc:.4f}")
        print(f"  Prediction flip rate: {(poisoned_pred != clean_pred).mean():.4f}")
        
        return poisoned_meta, poisoned_pred

In [127]:
def thesis_component_attack_experiments(X_test, y_test, attacker):
    """
    Comprehensive component attack experiments for your thesis.
    """
    
    # Experiment 1: Individual component vulnerability
    print("EXPERIMENT 1: Individual Component Attacks")
    individual_results = attacker.cascade_attack_analysis(
        X_test[:1000], y_test[:1000], epsilon=0.15
    )
    
    # Experiment 2: Attack the most vulnerable component
    most_vulnerable = individual_results.iloc[0]['component'].lower()
    print(f"\n\nEXPERIMENT 2: Focused Attack on Most Vulnerable Component ({most_vulnerable})")
    
    focused_results = []
    for eps in [0.05, 0.1, 0.2, 0.3, 0.5]:
        poisoned_meta, _ = attacker.attack_single_component(
            X_test[:500], y_test[:500], 
            target_component=most_vulnerable,
            epsilon=eps,
            targeted=False
        )
        
        poisoned_pred = attacker.ensemble.predict(poisoned_meta)
        clean_meta = attacker._get_meta_features(X_test[:500])
        clean_pred = attacker.ensemble.predict(clean_meta)
        
        flip_rate = (poisoned_pred != clean_pred).mean()
        focused_results.append({
            'epsilon': eps,
            'flip_rate': flip_rate,
            'component': most_vulnerable
        })
    
    # Experiment 3: Strategic component combination attacks
    print("\n\nEXPERIMENT 3: Strategic Component Combinations")
    
    # Try different combinations
    combinations = [
        ['if', 'ae'],           # Anomaly detection components
        ['rf', 'cb'],           # Tree-based components
        ['cnn', 'svdd'],        # Deep learning components
        ['if', 'rf', 'cnn'],    # One from each category
    ]
    
    combo_results = []
    for combo in combinations:
        poisoned_meta, poisoned_pred = attacker.coordinated_attack(
            X_test[:500], y_test[:500],
            target_components=combo,
            epsilon=0.1
        )
        
        clean_meta = attacker._get_meta_features(X_test[:500])
        clean_pred = attacker.ensemble.predict(clean_meta)
        
        combo_results.append({
            'components': '+'.join(combo),
            'flip_rate': (poisoned_pred != clean_pred).mean(),
            'num_components': len(combo)
        })
    
    # Experiment 4: Class-specific vulnerability
    print("\n\nEXPERIMENT 4: Class-Specific Component Attacks")
    
    class_results = {}
    unique_classes = np.unique(y_test)
    
    for class_id in unique_classes:
        class_mask = y_test == class_id
        X_class = X_test[class_mask][:200]
        y_class = y_test[class_mask][:200]
        
        if len(X_class) > 0:
            class_results[class_id] = attacker.cascade_attack_analysis(
                X_class, y_class, epsilon=0.1
            )
    
    return {
        'individual_results': individual_results,
        'focused_attack': pd.DataFrame(focused_results),
        'combination_attacks': pd.DataFrame(combo_results),
        'class_specific': class_results
    }

In [128]:
import matplotlib.pyplot as plt
import seaborn as sns

def visualize_component_attacks(results):
    """
    Create visualizations for thesis.
    """
    fig, axes = plt.subplots(2, 2, figsize=(15, 12))
    
    # 1. Individual component vulnerability
    ax1 = axes[0, 0]
    individual_df = results['individual_results']
    bars = ax1.bar(individual_df['component'], individual_df['accuracy_drop'])
    ax1.set_title('Individual Component Vulnerability', fontsize=14)
    ax1.set_ylabel('Accuracy Drop', fontsize=12)
    ax1.set_xlabel('Component', fontsize=12)
    ax1.tick_params(axis='x', rotation=45)
    
    # Color bars by impact
    for i, bar in enumerate(bars):
        if individual_df.iloc[i]['accuracy_drop'] > 0.1:
            bar.set_color('red')
        elif individual_df.iloc[i]['accuracy_drop'] > 0.05:
            bar.set_color('orange')
        else:
            bar.set_color('blue')
    
    # 2. Epsilon vs Attack Success
    ax2 = axes[0, 1]
    focused_df = results['focused_attack']
    ax2.plot(focused_df['epsilon'], focused_df['flip_rate'], 'b-o', linewidth=2)
    ax2.fill_between(focused_df['epsilon'], 0, focused_df['flip_rate'], alpha=0.2)
    ax2.set_title('Attack Strength vs. Success Rate', fontsize=14)
    ax2.set_xlabel('Epsilon (Attack Strength)', fontsize=12)
    ax2.set_ylabel('Prediction Flip Rate', fontsize=12)
    ax2.grid(True, alpha=0.3)
    
    # 3. Component combination effectiveness
    ax3 = axes[1, 0]
    combo_df = results['combination_attacks']
    colors = ['red', 'blue', 'green', 'purple']
    bars = ax3.bar(range(len(combo_df)), combo_df['flip_rate'], color=colors)
    ax3.set_title('Component Combination Attacks', fontsize=14)
    ax3.set_ylabel('Flip Rate', fontsize=12)
    ax3.set_xticks(range(len(combo_df)))
    ax3.set_xticklabels(combo_df['components'], rotation=45)
    
    # 4. Defense effectiveness visualization
    ax4 = axes[1, 1]
    
    # Simulate defense mechanisms
    defense_methods = ['No Defense', 'Majority Voting', 
                      'Component Validation', 'Outlier Detection']
    defense_effectiveness = [0.1, 0.3, 0.5, 0.7]  # Hypothetical
    
    bars = ax4.bar(defense_methods, defense_effectiveness)
    for i, bar in enumerate(bars):
        bar.set_color(['red', 'orange', 'yellow', 'green'][i])
    
    ax4.set_title('Hypothetical Defense Effectiveness', fontsize=14)
    ax4.set_ylabel('Attack Success Reduction', fontsize=12)
    ax4.tick_params(axis='x', rotation=45)
    
    plt.tight_layout()
    plt.savefig('component_attack_analysis.png', dpi=300, bbox_inches='tight')
    plt.show()

In [129]:
import numpy as np
import pandas as pd
from sklearn.metrics import accuracy_score
import matplotlib.pyplot as plt
import seaborn as sns

# ============================================
# STEP 1: COLLECT ALL YOUR TRAINED MODELS
# ============================================

print("Collecting all trained models from your ensemble...")

# Your models should already exist from your earlier training code.
# If not, here's how to recreate them:

# 1. Your XGBoost meta-model (from your ensemble training)
# This should already exist as 'meta_model' in your code
# If not, retrain it:
# meta_model = xgb.XGBClassifier(...)
# meta_model.fit(X_meta_train, y_train)

# 2. Collect ALL base models into a dictionary
base_models = {
    'if': if_model,           # Isolation Forest from your code
    'ae': autoencoder,        # Autoencoder from your code
    'cnn': cnn_model,         # CNN from your code
    'svdd': svdd,             # DeepSVDD from your code
    'rf': rf_model,           # Random Forest from your code
    'cb': cb_model            # CatBoost from your code
}

# Check which models you have
print("\nAvailable models:")
for name, model in base_models.items():
    if model is not None:
        print(f"  ✓ {name}: {type(model).__name__}")
    else:
        print(f"  ✗ {name}: NOT FOUND - You need to train this model first")

# 3. Get your scaler and feature names
# These should already exist from your preprocessing:
# scaler = StandardScaler()  # From your preprocessing
# scaler.fit(X_train)        # Already done

# Feature names - get them from your data
if hasattr(X_train, 'columns'):
    feature_names = X_train.columns.tolist()
else:
    feature_names = [f'feature_{i}' for i in range(X_train.shape[1])]

print(f"\nFeature count: {len(feature_names)}")
print(f"Scaler available: {'scaler' in locals() or 'scaler' in globals()}")

# ============================================
# STEP 2: REUSE THE COMPONENT ATTACKER CLASS
# ============================================

# First, make sure you have the ComponentEnsembleAttacker class defined
# If not, copy it from the previous message or define it here:

class ComponentEnsembleAttacker:
    """
    Attack individual ensemble components and evaluate impact on final ensemble.
    """
    
    def __init__(self, ensemble_model, base_models, scaler, feature_names):
        self.ensemble = ensemble_model
        self.base_models = base_models
        self.scaler = scaler
        self.feature_names = feature_names
        
        # Component importance (which components to prioritize)
        self.component_names = ['IsolationForest', 'Autoencoder', 'CNN', 
                               'DeepSVDD', 'RandomForest', 'CatBoost']
    
    def _get_meta_features(self, X):
        """Recreate the meta-features from base models"""
        # Your existing meta-feature generation code here
        # (Copy from your stacking implementation)
        
        # For now, placeholder - you need to replace with your actual code
        print("WARNING: Using placeholder for _get_meta_features")
        print("You need to implement this with your actual stacking logic")
        return np.random.randn(len(X), 6)  # 6 base models
    
    def attack_single_component(self, X, y, target_component, epsilon=0.1):
        """Attack a specific component"""
        # Your attack implementation here
        pass
    
    def cascade_attack_analysis(self, X, y, epsilon=0.1):
        """Test attacking each component individually"""
        # Your analysis implementation here
        pass

# ============================================
# STEP 3: INITIALIZE THE ATTACKER WITH REAL PARAMETERS
# ============================================

print("\n" + "="*60)
print("INITIALIZING COMPONENT ENSEMBLE ATTACKER")
print("="*60)

try:
    # Make sure all required parameters exist
    required_params = ['ensemble_model', 'base_models', 'scaler', 'feature_names']
    
    for param in required_params:
        if param not in locals() and param not in globals():
            print(f"ERROR: Missing parameter: {param}")
            print(f"Please define {param} before continuing")
    
    # Initialize the attacker
    attacker = ComponentEnsembleAttacker(
        ensemble_model=meta_model,      # Your XGBoost meta-model
        base_models=base_models,        # Dictionary of base models
        scaler=scaler,                  # Your StandardScaler
        feature_names=feature_names     # Feature names
    )
    
    print("✓ Attacker initialized successfully!")
    
except NameError as e:
    print(f"\nERROR: Missing variable - {e}")
    print("\nYou need to define these variables first:")
    print("1. meta_model: Your trained XGBoost ensemble")
    print("2. base_models: Dictionary with all 6 base models")
    print("3. scaler: StandardScaler from preprocessing")
    print("4. X_train: Your training data (for feature names)")
    
    # Create minimal working example if variables are missing
    print("\nCreating minimal working example with dummy data...")
    
    # Create dummy data if real data isn't available
    X_test_dummy = np.random.randn(100, X_train.shape[1] if 'X_train' in locals() else 10)
    y_test_dummy = np.random.randint(0, 2, 100)
    
    # Create dummy models (for testing only)
    from sklearn.ensemble import RandomForestClassifier
    
    dummy_ensemble = RandomForestClassifier()
    dummy_ensemble.fit(X_test_dummy[:50], y_test_dummy[:50])
    
    dummy_base_models = {
        'if': RandomForestClassifier(),
        'ae': RandomForestClassifier(),
        'cnn': RandomForestClassifier(),
        'svdd': RandomForestClassifier(),
        'rf': RandomForestClassifier(),
        'cb': RandomForestClassifier()
    }
    
    for name, model in dummy_base_models.items():
        model.fit(X_test_dummy[:50], y_test_dummy[:50])
    
    from sklearn.preprocessing import StandardScaler
    dummy_scaler = StandardScaler()
    dummy_scaler.fit(X_test_dummy)
    
    dummy_feature_names = [f'feature_{i}' for i in range(X_test_dummy.shape[1])]
    
    attacker = ComponentEnsembleAttacker(
        ensemble_model=dummy_ensemble,
        base_models=dummy_base_models,
        scaler=dummy_scaler,
        feature_names=dummy_feature_names
    )
    
    print("✓ Created dummy attacker for testing")

# ============================================
# STEP 4: IMPLEMENT MISSING METHODS
# ============================================

# You need to implement the actual meta-feature generation
# Replace the placeholder with your actual stacking logic

def implement_meta_features(self, X):
    """
    IMPLEMENT THIS WITH YOUR ACTUAL CODE
    This should match your ensemble stacking code
    """
    # This is a CRITICAL method - you need to implement it
    
    # Your code should look something like this:
    # 1. Isolation Forest scores
    if_scores = -self.base_models['if'].decision_function(X)
    if_scores_z = (if_scores - if_scores.mean()) / (if_scores.std() + 1e-8)
    
    # 2. Autoencoder reconstruction error
    X_if = np.hstack([X, if_scores.reshape(-1, 1)])
    X_pred = self.base_models['ae'].predict(X_if)
    recon_error = np.mean((X_if - X_pred)**2, axis=1)
    recon_error_z = (recon_error - recon_error.mean()) / (recon_error.std() + 1e-8)
    
    # 3. CNN scores
    X_cnn = X_if.reshape(X_if.shape[0], X_if.shape[1], 1)
    cnn_scores = self.base_models['cnn'].predict(X_cnn).flatten()
    
    # 4. DeepSVDD scores
    svdd_scores = self.base_models['svdd'].score(X_if.astype("float32"))
    svdd_scores_z = (svdd_scores - svdd_scores.mean()) / (svdd_scores.std() + 1e-8)
    
    # 5. Random Forest probabilities
    rf_probs = self.base_models['rf'].predict_proba(X)[:, 1]
    
    # 6. CatBoost probabilities
    cb_probs = self.base_models['cb'].predict_proba(X)[:, 1]
    
    # Stack all meta-features
    meta_features = np.vstack([
        if_scores_z, recon_error_z, cnn_scores,
        svdd_scores_z, rf_probs, cb_probs
    ]).T
    
    return meta_features

# Replace the placeholder method
ComponentEnsembleAttacker._get_meta_features = implement_meta_features

print("\n✓ Meta-feature generation implemented")

# ============================================
# STEP 5: RUN THE EXPERIMENTS
# ============================================

print("\n" + "="*60)
print("RUNNING COMPREHENSIVE EXPERIMENTS")
print("="*60)

# Use smaller subset for initial testing
sample_size = min(500, len(X_test))
print(f"Using {sample_size} samples for testing")

try:
    # Run experiments
    thesis_results = thesis_component_attack_experiments(
        X_test[:sample_size], 
        y_test[:sample_size], 
        attacker
    )
    
    print("✓ Experiments completed successfully!")
    
    # Generate visualizations
    visualize_component_attacks(thesis_results)
    
    # Identify critical findings
    print("\n" + "="*60)
    print("CRITICAL THESIS FINDINGS")
    print("="*60)
    
    if 'individual_results' in thesis_results:
        most_vuln = thesis_results['individual_results'].iloc[0]
        print(f"1. Most Vulnerable Component: {most_vuln['component']}")
        print(f"   Accuracy drop when attacked: {most_vuln['accuracy_drop']:.2%}")
    
    if 'combination_attacks' in thesis_results:
        best_combo = thesis_results['combination_attacks'].iloc[0]
        print(f"\n2. Most Effective Attack Combination: {best_combo['components']}")
        print(f"   Prediction flip rate: {best_combo['flip_rate']:.2%}")
    
    print("\n3. Defense Recommendations:")
    print("   - Monitor component output consistency")
    print("   - Implement majority voting for outlier detection")
    print("   - Regularly update most vulnerable components")
    
except Exception as e:
    print(f"\nERROR during experiments: {e}")
    print("\nDebugging tips:")
    print("1. Check if all base models are trained and loaded")
    print("2. Verify X_test and y_test have correct shapes")
    print("3. Ensure _get_meta_features method is correctly implemented")
    print(f"   X_test shape: {X_test.shape if 'X_test' in locals() else 'Not found'}")
    print(f"   y_test shape: {y_test.shape if 'y_test' in locals() else 'Not found'}")

# ============================================
# STEP 6: QUICK DIAGNOSTIC CHECK
# ============================================

print("\n" + "="*60)
print("DIAGNOSTIC CHECK")
print("="*60)

# Check if all necessary variables exist
variables_to_check = [
    'meta_model', 'if_model', 'autoencoder', 'cnn_model',
    'svdd', 'rf_model', 'cb_model', 'scaler', 'X_test', 'y_test'
]

for var in variables_to_check:
    exists = var in locals() or var in globals()
    status = "✓" if exists else "✗"
    print(f"{status} {var}: {'Found' if exists else 'MISSING'}")

# Test meta-feature generation
print("\nTesting meta-feature generation...")
try:
    test_meta = attacker._get_meta_features(X_test[:5])
    print(f"✓ Meta-features shape: {test_meta.shape}")
except Exception as e:
    print(f"✗ Error: {e}")
    print("You need to properly implement _get_meta_features()")

Collecting all trained models from your ensemble...

Available models:
  ✓ if: IsolationForest
  ✓ ae: Functional
  ✓ cnn: Functional
  ✓ svdd: DeepSVDD
  ✓ rf: RandomForestClassifier
  ✓ cb: CatBoostClassifier

Feature count: 62
Scaler available: True

INITIALIZING COMPONENT ENSEMBLE ATTACKER
ERROR: Missing parameter: ensemble_model
Please define ensemble_model before continuing
✓ Attacker initialized successfully!

✓ Meta-feature generation implemented

RUNNING COMPREHENSIVE EXPERIMENTS
Using 500 samples for testing
EXPERIMENT 1: Individual Component Attacks

ERROR during experiments: 'NoneType' object has no attribute 'iloc'

Debugging tips:
1. Check if all base models are trained and loaded
2. Verify X_test and y_test have correct shapes
3. Ensure _get_meta_features method is correctly implemented
   X_test shape: (20625, 62)
   y_test shape: (20625,)

DIAGNOSTIC CHECK
✓ meta_model: Found
✓ if_model: Found
✓ autoencoder: Found
✓ cnn_model: Found
✓ svdd: Found
✓ rf_model: Found
✓ cb

In [131]:
import tensorflow as tf

# Make sure your CNN is compiled and trained: cnn_model
loss_object = tf.keras.losses.BinaryCrossentropy()

def fgsm_attack(model, x, y, epsilon=0.01):
    """
    x: input tensor (batch, features, 1)
    y: true labels (0/1)
    epsilon: perturbation magnitude
    """
    x_tensor = tf.convert_to_tensor(x)
    y_tensor = tf.convert_to_tensor(y, dtype=tf.float32)

    with tf.GradientTape() as tape:
        tape.watch(x_tensor)
        pred = model(x_tensor)
        loss = loss_object(y_tensor, pred)

    gradient = tape.gradient(loss, x_tensor)
    perturbation = epsilon * tf.sign(gradient)
    x_adv = x_tensor + perturbation
    x_adv = tf.clip_by_value(x_adv, 0, 1)  # keep input in valid range
    return x_adv.numpy()

# Example usage:
X_test_cnn_tensor = X_test_cnn.astype(np.float32)
y_test_tensor = y_test_cnn.astype(np.float32)
X_test_adv_fgsm = fgsm_attack(cnn_model, X_test_cnn_tensor, y_test_tensor, epsilon=0.01)


In [None]:
def mi_fgsm_attack(model, x, y, epsilon=0.01, alpha=0.005, iters=10, decay=1.0):
    """
    x: input tensor
    y: true labels
    epsilon: max perturbation
    alpha: step size per iteration
    iters: number of iterations
    decay: momentum decay factor
    """
    x_adv = tf.identity(x)
    g = tf.zeros_like(x_adv)

    for i in range(iters):
        with tf.GradientTape() as tape:
            tape.watch(x_adv)
            pred = model(x_adv)
            loss = loss_object(y, pred)

        gradient = tape.gradient(loss, x_adv)
        g = decay * g + gradient / tf.reduce_mean(tf.abs(gradient), axis=[1,2], keepdims=True)
        x_adv = x_adv + alpha * tf.sign(g)
        x_adv = tf.clip_by_value(x_adv, 0, 1)

    # Ensure perturbation stays within epsilon-ball
    x_adv = tf.clip_by_value(x + tf.clip_by_value(x_adv - x, -epsilon, epsilon), 0, 1)
    return x_adv.numpy()

# Example usage:
X_test_adv_mifgsm = mi_fgsm_attack(cnn_model, X_test_cnn_tensor, y_test_tensor,
                                   epsilon=0.01, alpha=0.005, iters=10, decay=1.0)
