# Import the Libraries

In [22]:
import os
import numpy as np
import pandas as pd
import matplotlib.pyplot as plt
import seaborn as sns

In [23]:
os.chdir(r"D:\Analytixlabs\Internship\Project 4\Cyber Security")

# Import the Datasets

In [24]:
Monday_WorkingHours = pd.read_csv("data/Monday-WorkingHours.csv")
Tuesday_WorkingHours = pd.read_csv("data/Tuesday-WorkingHours.csv")
Wednesday_WorkingHours = pd.read_csv("data/Wednesday-WorkingHours.csv")
Thursday_WorkingHours_Morning = pd.read_csv("data/Thursday-WorkingHours-Morning.csv")
Thursday_WorkingHours_Afternoon = pd.read_csv("data/Thursday-WorkingHours-Afternoon.csv")
Friday_WorkingHours_Morning = pd.read_csv("data/Friday-WorkingHours-Morning.csv")
Friday_WorkingHours_Afternoon_1 = pd.read_csv("data/Friday-WorkingHours-Afternoon-1.csv")
Friday_WorkingHours_Afternoon_2 = pd.read_csv("data/Friday-WorkingHours-Afternoon-2.csv")

# Create the 'weekday' Feature 

In [25]:
Monday_WorkingHours['weekday'] = 'Monday'
Tuesday_WorkingHours['weekday'] = 'Tuesday'
Wednesday_WorkingHours['weekday'] = 'Wednesday'
Thursday_WorkingHours_Morning['weekday'] = 'Thursday'
Thursday_WorkingHours_Afternoon['weekday'] = 'Thursday'
Friday_WorkingHours_Morning['weekday'] = 'Friday'
Friday_WorkingHours_Afternoon_1['weekday'] = 'Friday'
Friday_WorkingHours_Afternoon_2['weekday'] = 'Friday'

# Concat the Datasets

In [26]:
network_data = pd.concat(
    [
        Monday_WorkingHours,
        Tuesday_WorkingHours,
        Wednesday_WorkingHours,
        Thursday_WorkingHours_Morning,
        Thursday_WorkingHours_Afternoon,
        Friday_WorkingHours_Morning,
        Friday_WorkingHours_Afternoon_1,
        Friday_WorkingHours_Afternoon_2
    ],
    axis = 0
).copy()

# Cleaning the Column Names

In [27]:
network_data.columns = network_data.columns.str.strip()
network_data.columns = network_data.columns.str.replace(" ", "_")
network_data.columns = network_data.columns.str.lower()

In [28]:
cols_to_rename = {
    'flow_bytes/s': 'flow_bytes_per_sec',
    'flow_packets/s': 'flow_packets_per_sec',
    'fwd_packets/s': 'fwd_packets_per_sec',
    'bwd_packets/s': 'bwd_packets_per_sec',
    'down/up_ratio': 'down_up_ratio',
    'fwd_header_length.1': 'fwd_header_length',
    'fwd_avg_bytes/bulk': 'fwd_avg_bytes_per_bulk',
    'fwd_avg_packets/bulk': 'fwd_avg_packets_per_bulk',
    'bwd_avg_bytes/bulk': 'bwd_avg_bytes_per_bulk',
    'bwd_avg_packets/bulk': 'bwd_avg_packets_per_bulk',
}

In [29]:
network_data.rename(columns = cols_to_rename, inplace = True)

In [30]:
conditions = [
    network_data['label'] == 'BENIGN',
    network_data['label'] == 'FTP-Patator',
    network_data['label'] == 'SSH-Patator',
    network_data['label'] == 'DoS slowloris',
    network_data['label'] == 'DoS Slowhttptest',
    network_data['label'] == 'DoS Hulk',
    network_data['label'] == 'DoS GoldenEye',
    network_data['label'] == 'Heartbleed',
    network_data['label'] == 'Web Attack � Brute Force',
    network_data['label'] == 'Web Attack � XSS',
    network_data['label'] == 'Web Attack � Sql Injection',
    network_data['label'] == 'Infiltration',
    network_data['label'] == 'Bot',
    network_data['label'] == 'DDoS',
    network_data['label'] == 'PortScan',
]

choices = [
    'benign', 
    'ftp_patator', 
    'ssh_patator', 
    'dos_slow_loris',
    'dos_slow_http_test', 
    'dos_hulk', 
    'dos_golden_eye', 
    'heartbleed',
    'web_attack_brute_force',
    'web_attack_xss',
    'web_attack_sql_injection', 
    'infiltration', 
    'bot', 
    'ddos',
    'portscan'
]

In [31]:
network_data['label'] = np.select(
    condlist = conditions,
    choicelist = choices,
    default = network_data['label']
)

# Creating the Target Variables

### Binary Target

In [32]:
network_data['attack'] = np.select(
    condlist = [network_data['label'] == 'benign'],
    choicelist = [0],
    default = 1
)

### Multicalss Target

In [33]:
conditions_1 = [
    network_data['label'] == 'benign',
    network_data['label'].isin(['ftp_patator','ssh_patator','web_attack_brute_force']),
    network_data['label'].isin(['dos_slow_loris','dos_slow_http_test','dos_hulk','dos_golden_eye','ddos']),
    network_data['label'].isin(['web_attack_xss', 'web_attack_sql_injection'])
]

choices_1 = [
    'benign',
    'brute_force',
    'dos_ddos',
    'web_attack'
]

In [34]:
network_data['attack_type'] = np.select(
    condlist = conditions_1,
    choicelist = choices_1,
    default = network_data['label']
)

# Checking for Infinite, Nulls, and Duplicate Entries

### Null Check

In [35]:
network_data.isna().sum().sum()

1358

### Duplicates Check

In [36]:
network_data.duplicated().sum()

266021

### Infinite Values Check

In [37]:
network_data.isin([np.inf, -np.inf]).sum().sum()

4376

# Deleting Duplicaed rows and imputing the infinite values with nulls (retain the nulls)

In [38]:
network_data = network_data.loc[:, ~network_data.columns.duplicated(keep="last")]

In [39]:
network_data.replace([np.inf, -np.inf], np.nan, inplace = True)

In [40]:
network_data.drop_duplicates(inplace = True)

In [41]:
network_data.reset_index(drop = True, inplace = True)

# Attacks on Each Day

In [88]:
weekday_order = ["Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday"]

In [90]:
weekday_attack_count = network_data[(network_data['attack'] == 1)].groupby(by = 'weekday').count()[['attack']].reset_index()
weekday_attack_count['weekday'] = pd.Categorical(
    weekday_attack_count['weekday'],
    categories = weekday_order,
    ordered = True
)
weekday_attack_count.sort_values(by = "weekday", ascending = True, inplace = True)
weekday_attack_count.to_csv(r"D:\Analytixlabs\Internship\Project 4\Cyber Security\output\aggregation tables\weekday_attack_count.csv", index = False)

In [91]:
weekday_attack_count

Unnamed: 0,weekday,attack
2,Tuesday,9152
3,Wednesday,193759
1,Thursday,2179
0,Friday,220788


# Mormal Traffic Each Day

In [86]:
weekday_normal_count = network_data[(network_data['attack'] == 0)].groupby(by = 'weekday').count()[['attack']].reset_index()
weekday_normal_count['weekday'] = pd.Categorical(
    weekday_normal_count['weekday'],
    categories = weekday_order,
    ordered = True
)
weekday_normal_count.sort_values(by = "weekday", ascending = True, inplace = True)
weekday_normal_count.to_csv(r"D:\Analytixlabs\Internship\Project 4\Cyber Security\output\aggregation tables\weekday_normal_count.csv", index = False)

In [87]:
weekday_normal_count

Unnamed: 0,weekday,attack
1,Monday,502983
3,Tuesday,412692
4,Wednesday,417035
2,Thursday,411028
0,Friday,395106


# Total Traffic

In [92]:
weekday_total_count = network_data.groupby(by = 'weekday').count()[['attack']].reset_index()
weekday_total_count['weekday'] = pd.Categorical(
    weekday_total_count['weekday'],
    categories = weekday_order,
    ordered = True
)
weekday_total_count.sort_values(by = "weekday", ascending = True, inplace = True)
weekday_total_count.to_csv(r"D:\Analytixlabs\Internship\Project 4\Cyber Security\output\aggregation tables\weekday_total_count.csv", index = False)

In [93]:
weekday_total_count

Unnamed: 0,weekday,attack
1,Monday,502983
3,Tuesday,421844
4,Wednesday,610794
2,Thursday,413207
0,Friday,615894


# Exporting the entire data

In [100]:
network_data[
    ['destination_port', 'flow_duration', 'total_fwd_packets',
       'total_backward_packets', 'total_length_of_fwd_packets',
       'total_length_of_bwd_packets', 'fwd_packet_length_max',
       'fwd_packet_length_min', 'fwd_packet_length_mean',
       'fwd_packet_length_std', 'bwd_packet_length_max',
       'bwd_packet_length_min', 'bwd_packet_length_mean',
       'bwd_packet_length_std', 'flow_bytes_per_sec', 'flow_packets_per_sec',
       'flow_iat_mean', 'flow_iat_std', 'flow_iat_max', 'flow_iat_min',
       'fwd_iat_total', 'fwd_iat_mean', 'fwd_iat_std', 'fwd_iat_max',
       'fwd_iat_min', 'bwd_iat_total', 'bwd_iat_mean', 'bwd_iat_std',
       'bwd_iat_max', 'bwd_iat_min', 'fwd_psh_flags', 'bwd_psh_flags',
       'fwd_urg_flags', 'bwd_urg_flags', 'bwd_header_length',
       'fwd_packets_per_sec', 'bwd_packets_per_sec', 'min_packet_length',
       'max_packet_length', 'packet_length_mean', 'packet_length_std',
       'packet_length_variance', 'fin_flag_count', 'syn_flag_count',
       'rst_flag_count', 'psh_flag_count', 'ack_flag_count', 'urg_flag_count',
       'cwe_flag_count', 'ece_flag_count', 'down_up_ratio',
       'average_packet_size', 'avg_fwd_segment_size', 'avg_bwd_segment_size',
       'fwd_header_length', 'fwd_avg_bytes_per_bulk',
       'fwd_avg_packets_per_bulk', 'fwd_avg_bulk_rate',
       'bwd_avg_bytes_per_bulk', 'bwd_avg_packets_per_bulk',
       'bwd_avg_bulk_rate', 'subflow_fwd_packets', 'subflow_fwd_bytes',
       'subflow_bwd_packets', 'subflow_bwd_bytes', 'init_win_bytes_forward',
       'init_win_bytes_backward', 'act_data_pkt_fwd', 'min_seg_size_forward',
       'active_mean', 'active_std', 'active_max', 'active_min', 'idle_mean',
       'idle_std', 'idle_max', 'idle_min', 'label', 'attack',
       'attack_type']
].to_parquet(r"D:\Analytixlabs\Internship\Project 4\Cyber Security\output\network_data.parquet")

In [97]:
fordashboard = network_data[
['weekday','attack','attack_type',
 'label', 'fwd_packet_length_mean', 
 'bwd_packet_length_std', 'avg_bwd_segment_size', 
 'urg_flag_count', 'average_packet_size']
]

# Exporting only required columns for dashboards

In [98]:
fordashboard.to_parquet(r"D:\Analytixlabs\Internship\Project 4\Cyber Security\output\dashboard_data.parquet")

In [99]:
network_data.columns

Index(['destination_port', 'flow_duration', 'total_fwd_packets',
       'total_backward_packets', 'total_length_of_fwd_packets',
       'total_length_of_bwd_packets', 'fwd_packet_length_max',
       'fwd_packet_length_min', 'fwd_packet_length_mean',
       'fwd_packet_length_std', 'bwd_packet_length_max',
       'bwd_packet_length_min', 'bwd_packet_length_mean',
       'bwd_packet_length_std', 'flow_bytes_per_sec', 'flow_packets_per_sec',
       'flow_iat_mean', 'flow_iat_std', 'flow_iat_max', 'flow_iat_min',
       'fwd_iat_total', 'fwd_iat_mean', 'fwd_iat_std', 'fwd_iat_max',
       'fwd_iat_min', 'bwd_iat_total', 'bwd_iat_mean', 'bwd_iat_std',
       'bwd_iat_max', 'bwd_iat_min', 'fwd_psh_flags', 'bwd_psh_flags',
       'fwd_urg_flags', 'bwd_urg_flags', 'bwd_header_length',
       'fwd_packets_per_sec', 'bwd_packets_per_sec', 'min_packet_length',
       'max_packet_length', 'packet_length_mean', 'packet_length_std',
       'packet_length_variance', 'fin_flag_count', 'syn_flag_count'