Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
I
IDS-DataMining
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Admin message
During summer vacation, Gitlab will be restart frequently. Use it carefully.
Show more breadcrumbs
Jung Euicheol
IDS-DataMining
Commits
0e10b95c
Commit
0e10b95c
authored
Dec 6, 2021
by
지수
Browse files
Options
Downloads
Patches
Plain Diff
Accuracy update
parent
44fbba61
Branches
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
[DM]Apriori.ipynb
+2702
-0
2702 additions, 0 deletions
[DM]Apriori.ipynb
with
2702 additions
and
0 deletions
[DM]Apriori.ipynb
0 → 100644
+
2702
−
0
View file @
0e10b95c
{
"nbformat": 4,
"nbformat_minor": 0,
"metadata": {
"colab": {
"name": "[DM]Apriori.ipynb",
"provenance": [],
"collapsed_sections": [
"I9Hi3MkbKKnj",
"EZM836A85Jqt",
"YDkZ3V1RBRTt"
],
"authorship_tag": "ABX9TyNLvEUeNNOiMBA2vpJ872rC",
"include_colab_link": true
},
"kernelspec": {
"name": "python3",
"display_name": "Python 3"
},
"language_info": {
"name": "python"
}
},
"cells": [
{
"cell_type": "markdown",
"metadata": {
"id": "view-in-github",
"colab_type": "text"
},
"source": [
"<a href=\"https://colab.research.google.com/github/lani009/IDS-DataMining/blob/main/%5BDM%5DApriori.ipynb\" target=\"_parent\"><img src=\"https://colab.research.google.com/assets/colab-badge.svg\" alt=\"Open In Colab\"/></a>"
]
},
{
"cell_type": "code",
"metadata": {
"id": "HAY_lKeo6NUE"
},
"source": [
"import os\n",
"import pandas as pd\n",
"import numpy as np\n",
"import matplotlib.pyplot as plt\n",
"import seaborn as sns\n",
"import time"
],
"execution_count": 1,
"outputs": []
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "J02wdPhK76Yc",
"outputId": "1dc598e8-d972-4778-d786-ab3beaf670fb"
},
"source": [
"data = pd.read_csv('DM_data.csv')\n",
"data.info()"
],
"execution_count": 2,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"<class 'pandas.core.frame.DataFrame'>\n",
"RangeIndex: 25192 entries, 0 to 25191\n",
"Data columns (total 40 columns):\n",
" # Column Non-Null Count Dtype \n",
"--- ------ -------------- ----- \n",
" 0 duration 25192 non-null int64 \n",
" 1 protocol_type 25192 non-null int64 \n",
" 2 service 25192 non-null int64 \n",
" 3 flag 25192 non-null int64 \n",
" 4 src_bytes 25192 non-null int64 \n",
" 5 dst_bytes 25192 non-null int64 \n",
" 6 land 25192 non-null int64 \n",
" 7 wrong_fragment 25192 non-null int64 \n",
" 8 hot 25192 non-null int64 \n",
" 9 num_failed_logins 25192 non-null int64 \n",
" 10 logged_in 25192 non-null int64 \n",
" 11 num_compromised 25192 non-null int64 \n",
" 12 root_shell 25192 non-null int64 \n",
" 13 su_attempted 25192 non-null int64 \n",
" 14 num_root 25192 non-null int64 \n",
" 15 num_file_creations 25192 non-null int64 \n",
" 16 num_shells 25192 non-null int64 \n",
" 17 num_access_files 25192 non-null int64 \n",
" 18 is_guest_login 25192 non-null int64 \n",
" 19 count 25192 non-null int64 \n",
" 20 srv_count 25192 non-null int64 \n",
" 21 serror_rate 25192 non-null float64\n",
" 22 srv_serror_rate 25192 non-null float64\n",
" 23 rerror_rate 25192 non-null float64\n",
" 24 srv_rerror_rate 25192 non-null float64\n",
" 25 same_srv_rate 25192 non-null float64\n",
" 26 diff_srv_rate 25192 non-null float64\n",
" 27 srv_diff_host_rate 25192 non-null float64\n",
" 28 dst_host_count 25192 non-null int64 \n",
" 29 dst_host_srv_count 25192 non-null int64 \n",
" 30 dst_host_same_srv_rate 25192 non-null float64\n",
" 31 dst_host_diff_srv_rate 25192 non-null float64\n",
" 32 dst_host_same_src_port_rate 25192 non-null float64\n",
" 33 dst_host_srv_diff_host_rate 25192 non-null float64\n",
" 34 dst_host_serror_rate 25192 non-null float64\n",
" 35 dst_host_srv_serror_rate 25192 non-null float64\n",
" 36 dst_host_rerror_rate 25192 non-null float64\n",
" 37 dst_host_srv_rerror_rate 25192 non-null float64\n",
" 38 class 25192 non-null int64 \n",
" 39 index_num 25192 non-null int64 \n",
"dtypes: float64(15), int64(25)\n",
"memory usage: 7.7 MB\n"
]
}
]
},
{
"cell_type": "code",
"metadata": {
"id": "phplztW08CAV"
},
"source": [
"from sklearn.model_selection import train_test_split\n",
"from sklearn.preprocessing import MinMaxScaler, StandardScaler"
],
"execution_count": 3,
"outputs": []
},
{
"cell_type": "code",
"metadata": {
"id": "rWLrmiHs86KH"
},
"source": [
"from mlxtend.frequent_patterns import apriori,association_rules"
],
"execution_count": 4,
"outputs": []
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 383
},
"id": "KpeVfpxYTAHF",
"outputId": "217b0cea-8276-4e02-a974-444f64010bc0"
},
"source": [
"sc = StandardScaler() \n",
"sc_data = sc.fit_transform(data)\n",
"\n",
"sc_df = pd.DataFrame(sc_data, columns=data.columns)\n",
"sc_df.head(n=10)\n",
"\n",
"#StandardScaler로 data scaling"
],
"execution_count": 5,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>duration</th>\n",
" <th>protocol_type</th>\n",
" <th>service</th>\n",
" <th>flag</th>\n",
" <th>src_bytes</th>\n",
" <th>dst_bytes</th>\n",
" <th>land</th>\n",
" <th>wrong_fragment</th>\n",
" <th>hot</th>\n",
" <th>num_failed_logins</th>\n",
" <th>logged_in</th>\n",
" <th>num_compromised</th>\n",
" <th>root_shell</th>\n",
" <th>su_attempted</th>\n",
" <th>num_root</th>\n",
" <th>num_file_creations</th>\n",
" <th>num_shells</th>\n",
" <th>num_access_files</th>\n",
" <th>is_guest_login</th>\n",
" <th>count</th>\n",
" <th>srv_count</th>\n",
" <th>serror_rate</th>\n",
" <th>srv_serror_rate</th>\n",
" <th>rerror_rate</th>\n",
" <th>srv_rerror_rate</th>\n",
" <th>same_srv_rate</th>\n",
" <th>diff_srv_rate</th>\n",
" <th>srv_diff_host_rate</th>\n",
" <th>dst_host_count</th>\n",
" <th>dst_host_srv_count</th>\n",
" <th>dst_host_same_srv_rate</th>\n",
" <th>dst_host_diff_srv_rate</th>\n",
" <th>dst_host_same_src_port_rate</th>\n",
" <th>dst_host_srv_diff_host_rate</th>\n",
" <th>dst_host_serror_rate</th>\n",
" <th>dst_host_srv_serror_rate</th>\n",
" <th>dst_host_rerror_rate</th>\n",
" <th>dst_host_srv_rerror_rate</th>\n",
" <th>class</th>\n",
" <th>index_num</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>0</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>-1.399448</td>\n",
" <td>0.744553</td>\n",
" <td>-0.009889</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>-0.720244</td>\n",
" <td>-0.354628</td>\n",
" <td>-0.640142</td>\n",
" <td>-0.633978</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>0.772109</td>\n",
" <td>-0.349282</td>\n",
" <td>-0.373886</td>\n",
" <td>-0.328634</td>\n",
" <td>-0.813985</td>\n",
" <td>-0.779157</td>\n",
" <td>-0.280673</td>\n",
" <td>0.073120</td>\n",
" <td>-0.287993</td>\n",
" <td>-0.641804</td>\n",
" <td>-0.627365</td>\n",
" <td>-0.221668</td>\n",
" <td>-0.374281</td>\n",
" <td>-0.934425</td>\n",
" <td>-1.731982</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1</th>\n",
" <td>-0.113551</td>\n",
" <td>1.325565</td>\n",
" <td>0.780883</td>\n",
" <td>0.744553</td>\n",
" <td>-0.010032</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>-0.624317</td>\n",
" <td>-0.368427</td>\n",
" <td>-0.640142</td>\n",
" <td>-0.633978</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>-1.320567</td>\n",
" <td>0.490836</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-1.030895</td>\n",
" <td>-1.157831</td>\n",
" <td>2.764403</td>\n",
" <td>2.375620</td>\n",
" <td>-0.287993</td>\n",
" <td>-0.641804</td>\n",
" <td>-0.627365</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>-0.934425</td>\n",
" <td>-1.731845</td>\n",
" </tr>\n",
" <tr>\n",
" <th>2</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>-1.377199</td>\n",
" <td>-0.917300</td>\n",
" <td>-0.010093</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>0.334947</td>\n",
" <td>-0.299430</td>\n",
" <td>1.595477</td>\n",
" <td>1.600209</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>-1.388806</td>\n",
" <td>0.042773</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-0.804947</td>\n",
" <td>-0.935081</td>\n",
" <td>-0.173828</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>1.603834</td>\n",
" <td>1.614454</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>1.070177</td>\n",
" <td>-1.731707</td>\n",
" </tr>\n",
" <tr>\n",
" <th>3</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>0.780883</td>\n",
" <td>0.744553</td>\n",
" <td>-0.009996</td>\n",
" <td>0.052473</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>1.238197</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>-0.694082</td>\n",
" <td>-0.313230</td>\n",
" <td>-0.193018</td>\n",
" <td>-0.187141</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>0.772109</td>\n",
" <td>-0.349282</td>\n",
" <td>-0.373886</td>\n",
" <td>-1.540854</td>\n",
" <td>1.264742</td>\n",
" <td>1.069663</td>\n",
" <td>-0.440940</td>\n",
" <td>-0.380894</td>\n",
" <td>0.073759</td>\n",
" <td>-0.574435</td>\n",
" <td>-0.604947</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.342768</td>\n",
" <td>-0.934425</td>\n",
" <td>-1.731570</td>\n",
" </tr>\n",
" <tr>\n",
" <th>4</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>0.780883</td>\n",
" <td>0.744553</td>\n",
" <td>-0.010010</td>\n",
" <td>-0.034582</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>1.238197</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>-0.476067</td>\n",
" <td>0.059355</td>\n",
" <td>-0.640142</td>\n",
" <td>-0.633978</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>0.772109</td>\n",
" <td>-0.349282</td>\n",
" <td>-0.023115</td>\n",
" <td>0.732059</td>\n",
" <td>1.264742</td>\n",
" <td>1.069663</td>\n",
" <td>-0.440940</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>-0.641804</td>\n",
" <td>-0.627365</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>-0.934425</td>\n",
" <td>-1.731432</td>\n",
" </tr>\n",
" <tr>\n",
" <th>5</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>-1.377199</td>\n",
" <td>-2.025203</td>\n",
" <td>-0.010093</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>0.317506</td>\n",
" <td>-0.120038</td>\n",
" <td>-0.640142</td>\n",
" <td>-0.633978</td>\n",
" <td>2.765176</td>\n",
" <td>2.729322</td>\n",
" <td>-1.138595</td>\n",
" <td>-0.013235</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-0.868212</td>\n",
" <td>-1.001906</td>\n",
" <td>-0.066984</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>-0.641804</td>\n",
" <td>-0.627365</td>\n",
" <td>2.884296</td>\n",
" <td>2.777041</td>\n",
" <td>1.070177</td>\n",
" <td>-1.731295</td>\n",
" </tr>\n",
" <tr>\n",
" <th>6</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>-1.377199</td>\n",
" <td>-0.917300</td>\n",
" <td>-0.010093</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>0.709933</td>\n",
" <td>-0.258032</td>\n",
" <td>1.595477</td>\n",
" <td>1.600209</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>-1.388806</td>\n",
" <td>-0.013235</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-0.958592</td>\n",
" <td>-1.068731</td>\n",
" <td>-0.173828</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>1.603834</td>\n",
" <td>1.614454</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>1.070177</td>\n",
" <td>-1.731157</td>\n",
" </tr>\n",
" <tr>\n",
" <th>7</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>-1.377199</td>\n",
" <td>-0.917300</td>\n",
" <td>-0.010093</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>0.282624</td>\n",
" <td>-0.161436</td>\n",
" <td>1.595477</td>\n",
" <td>1.600209</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>-1.184088</td>\n",
" <td>-0.013235</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-0.904364</td>\n",
" <td>-1.024181</td>\n",
" <td>-0.066984</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>1.603834</td>\n",
" <td>1.614454</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>1.070177</td>\n",
" <td>-1.731019</td>\n",
" </tr>\n",
" <tr>\n",
" <th>8</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>0.780883</td>\n",
" <td>-0.917300</td>\n",
" <td>-0.010093</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>1.616874</td>\n",
" <td>-0.064840</td>\n",
" <td>1.595477</td>\n",
" <td>1.600209</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>-1.297820</td>\n",
" <td>-0.069243</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-0.832060</td>\n",
" <td>-0.957356</td>\n",
" <td>-0.173828</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>1.603834</td>\n",
" <td>1.614454</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>1.070177</td>\n",
" <td>-1.730882</td>\n",
" </tr>\n",
" <tr>\n",
" <th>9</th>\n",
" <td>-0.113551</td>\n",
" <td>-0.444009</td>\n",
" <td>-1.377199</td>\n",
" <td>-0.917300</td>\n",
" <td>-0.010093</td>\n",
" <td>-0.039310</td>\n",
" <td>-0.00891</td>\n",
" <td>-0.091223</td>\n",
" <td>-0.091933</td>\n",
" <td>-0.02622</td>\n",
" <td>-0.807626</td>\n",
" <td>-0.021873</td>\n",
" <td>-0.039377</td>\n",
" <td>-0.027665</td>\n",
" <td>-0.021724</td>\n",
" <td>-0.027808</td>\n",
" <td>-0.018905</td>\n",
" <td>-0.043917</td>\n",
" <td>-0.09599</td>\n",
" <td>0.422153</td>\n",
" <td>-0.271831</td>\n",
" <td>1.595477</td>\n",
" <td>1.600209</td>\n",
" <td>-0.372186</td>\n",
" <td>-0.373098</td>\n",
" <td>-1.366060</td>\n",
" <td>-0.013235</td>\n",
" <td>-0.373886</td>\n",
" <td>0.732059</td>\n",
" <td>-0.922440</td>\n",
" <td>-1.046456</td>\n",
" <td>-0.120406</td>\n",
" <td>-0.478183</td>\n",
" <td>-0.287993</td>\n",
" <td>1.603834</td>\n",
" <td>1.614454</td>\n",
" <td>-0.385140</td>\n",
" <td>-0.374281</td>\n",
" <td>1.070177</td>\n",
" <td>-1.730744</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" duration protocol_type ... class index_num\n",
"0 -0.113551 -0.444009 ... -0.934425 -1.731982\n",
"1 -0.113551 1.325565 ... -0.934425 -1.731845\n",
"2 -0.113551 -0.444009 ... 1.070177 -1.731707\n",
"3 -0.113551 -0.444009 ... -0.934425 -1.731570\n",
"4 -0.113551 -0.444009 ... -0.934425 -1.731432\n",
"5 -0.113551 -0.444009 ... 1.070177 -1.731295\n",
"6 -0.113551 -0.444009 ... 1.070177 -1.731157\n",
"7 -0.113551 -0.444009 ... 1.070177 -1.731019\n",
"8 -0.113551 -0.444009 ... 1.070177 -1.730882\n",
"9 -0.113551 -0.444009 ... 1.070177 -1.730744\n",
"\n",
"[10 rows x 40 columns]"
]
},
"metadata": {},
"execution_count": 5
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 383
},
"id": "LKK6fIznTzpy",
"outputId": "1f89ff56-7896-4eb4-a013-342d3ce812f8"
},
"source": [
"def encode_units(x):\n",
" if x <= 0 :\n",
" return 0\n",
" if x > 0 :\n",
" return 1\n",
"\n",
"train_df = sc_df.applymap(encode_units)\n",
"\n",
"train_df.head(n=10)\n",
"\n",
"#classification을 위해 scaling 시킨 data들을 음수면 0, 양수면 1로 encoding"
],
"execution_count": 6,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>duration</th>\n",
" <th>protocol_type</th>\n",
" <th>service</th>\n",
" <th>flag</th>\n",
" <th>src_bytes</th>\n",
" <th>dst_bytes</th>\n",
" <th>land</th>\n",
" <th>wrong_fragment</th>\n",
" <th>hot</th>\n",
" <th>num_failed_logins</th>\n",
" <th>logged_in</th>\n",
" <th>num_compromised</th>\n",
" <th>root_shell</th>\n",
" <th>su_attempted</th>\n",
" <th>num_root</th>\n",
" <th>num_file_creations</th>\n",
" <th>num_shells</th>\n",
" <th>num_access_files</th>\n",
" <th>is_guest_login</th>\n",
" <th>count</th>\n",
" <th>srv_count</th>\n",
" <th>serror_rate</th>\n",
" <th>srv_serror_rate</th>\n",
" <th>rerror_rate</th>\n",
" <th>srv_rerror_rate</th>\n",
" <th>same_srv_rate</th>\n",
" <th>diff_srv_rate</th>\n",
" <th>srv_diff_host_rate</th>\n",
" <th>dst_host_count</th>\n",
" <th>dst_host_srv_count</th>\n",
" <th>dst_host_same_srv_rate</th>\n",
" <th>dst_host_diff_srv_rate</th>\n",
" <th>dst_host_same_src_port_rate</th>\n",
" <th>dst_host_srv_diff_host_rate</th>\n",
" <th>dst_host_serror_rate</th>\n",
" <th>dst_host_srv_serror_rate</th>\n",
" <th>dst_host_rerror_rate</th>\n",
" <th>dst_host_srv_rerror_rate</th>\n",
" <th>class</th>\n",
" <th>index_num</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>0</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1</th>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>2</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>3</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>4</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>5</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>6</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>7</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>8</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>9</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" duration protocol_type service ... dst_host_srv_rerror_rate class index_num\n",
"0 0 0 0 ... 0 0 0\n",
"1 0 1 1 ... 0 0 0\n",
"2 0 0 0 ... 0 1 0\n",
"3 0 0 1 ... 0 0 0\n",
"4 0 0 1 ... 0 0 0\n",
"5 0 0 0 ... 1 1 0\n",
"6 0 0 0 ... 0 1 0\n",
"7 0 0 0 ... 0 1 0\n",
"8 0 0 1 ... 0 1 0\n",
"9 0 0 0 ... 0 1 0\n",
"\n",
"[10 rows x 40 columns]"
]
},
"metadata": {},
"execution_count": 6
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "JmfJO9mn9_Te",
"outputId": "2878a2d3-896d-4e3b-90bc-598aa92f4a24"
},
"source": [
"data_X = train_df.drop(columns = [\"index_num\"])\n",
"\n",
"X_train, X_test = train_test_split(data_X, test_size=0.3, shuffle=True)\n",
"print(X_train.shape, X_test.shape)\n",
"\n",
"#train data와 test data를 7:3 의 비율로 split"
],
"execution_count": 7,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"(17634, 39) (7558, 39)\n"
]
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 226
},
"id": "FAqOwB0oVeAK",
"outputId": "6474ff88-727f-4ef5-b0d6-a28603ea156c"
},
"source": [
"df = pd.DataFrame(X_train, columns=data.drop(columns = [\"index_num\"]).columns)\n",
"\n",
"df.head()"
],
"execution_count": 8,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>duration</th>\n",
" <th>protocol_type</th>\n",
" <th>service</th>\n",
" <th>flag</th>\n",
" <th>src_bytes</th>\n",
" <th>dst_bytes</th>\n",
" <th>land</th>\n",
" <th>wrong_fragment</th>\n",
" <th>hot</th>\n",
" <th>num_failed_logins</th>\n",
" <th>logged_in</th>\n",
" <th>num_compromised</th>\n",
" <th>root_shell</th>\n",
" <th>su_attempted</th>\n",
" <th>num_root</th>\n",
" <th>num_file_creations</th>\n",
" <th>num_shells</th>\n",
" <th>num_access_files</th>\n",
" <th>is_guest_login</th>\n",
" <th>count</th>\n",
" <th>srv_count</th>\n",
" <th>serror_rate</th>\n",
" <th>srv_serror_rate</th>\n",
" <th>rerror_rate</th>\n",
" <th>srv_rerror_rate</th>\n",
" <th>same_srv_rate</th>\n",
" <th>diff_srv_rate</th>\n",
" <th>srv_diff_host_rate</th>\n",
" <th>dst_host_count</th>\n",
" <th>dst_host_srv_count</th>\n",
" <th>dst_host_same_srv_rate</th>\n",
" <th>dst_host_diff_srv_rate</th>\n",
" <th>dst_host_same_src_port_rate</th>\n",
" <th>dst_host_srv_diff_host_rate</th>\n",
" <th>dst_host_serror_rate</th>\n",
" <th>dst_host_srv_serror_rate</th>\n",
" <th>dst_host_rerror_rate</th>\n",
" <th>dst_host_srv_rerror_rate</th>\n",
" <th>class</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>21843</th>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" </tr>\n",
" <tr>\n",
" <th>10713</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1773</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>6797</th>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>23799</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" duration protocol_type ... dst_host_srv_rerror_rate class\n",
"21843 0 1 ... 0 1\n",
"10713 0 0 ... 0 1\n",
"1773 0 0 ... 0 0\n",
"6797 0 1 ... 0 0\n",
"23799 0 0 ... 0 1\n",
"\n",
"[5 rows x 39 columns]"
]
},
"metadata": {},
"execution_count": 8
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 424
},
"id": "gwCt90Db-kC9",
"outputId": "33599c80-2483-4b28-de2a-4d3b5755958c"
},
"source": [
"frequent_itemsets = apriori( df, min_support = 0.1, use_colnames=True, max_len = 2)\n",
"\n",
"result_desc = frequent_itemsets.sort_values(['support'],ascending =[False])\n",
"result_desc"
],
"execution_count": 9,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>support</th>\n",
" <th>itemsets</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>13</th>\n",
" <td>0.644267</td>\n",
" <td>(dst_host_count)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>10</th>\n",
" <td>0.623001</td>\n",
" <td>(same_srv_rate)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>1</th>\n",
" <td>0.617444</td>\n",
" <td>(service)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>2</th>\n",
" <td>0.609221</td>\n",
" <td>(flag)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>45</th>\n",
" <td>0.568334</td>\n",
" <td>(flag, same_srv_rate)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>...</th>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>79</th>\n",
" <td>0.101962</td>\n",
" <td>(class, rerror_rate)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>82</th>\n",
" <td>0.101565</td>\n",
" <td>(class, srv_rerror_rate)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>27</th>\n",
" <td>0.101225</td>\n",
" <td>(protocol_type, dst_host_srv_count)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>29</th>\n",
" <td>0.100488</td>\n",
" <td>(protocol_type, dst_host_same_src_port_rate)</td>\n",
" </tr>\n",
" <tr>\n",
" <th>103</th>\n",
" <td>0.100374</td>\n",
" <td>(class, dst_host_same_src_port_rate)</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"<p>109 rows × 2 columns</p>\n",
"</div>"
],
"text/plain": [
" support itemsets\n",
"13 0.644267 (dst_host_count)\n",
"10 0.623001 (same_srv_rate)\n",
"1 0.617444 (service)\n",
"2 0.609221 (flag)\n",
"45 0.568334 (flag, same_srv_rate)\n",
".. ... ...\n",
"79 0.101962 (class, rerror_rate)\n",
"82 0.101565 (class, srv_rerror_rate)\n",
"27 0.101225 (protocol_type, dst_host_srv_count)\n",
"29 0.100488 (protocol_type, dst_host_same_src_port_rate)\n",
"103 0.100374 (class, dst_host_same_src_port_rate)\n",
"\n",
"[109 rows x 2 columns]"
]
},
"metadata": {},
"execution_count": 9
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 424
},
"id": "DTT1_SWX-btw",
"outputId": "a38fda7e-b16a-4677-873f-5448d5071c70"
},
"source": [
"rules = association_rules(result_desc , metric = \"confidence\" , min_threshold = 0.8)\n",
"rules = rules.sort_values(['confidence','lift'], ascending=[False , False])\n",
"rules"
],
"execution_count": 10,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>antecedents</th>\n",
" <th>consequents</th>\n",
" <th>antecedent support</th>\n",
" <th>consequent support</th>\n",
" <th>support</th>\n",
" <th>confidence</th>\n",
" <th>lift</th>\n",
" <th>leverage</th>\n",
" <th>conviction</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>40</th>\n",
" <td>(protocol_type)</td>\n",
" <td>(flag)</td>\n",
" <td>0.184757</td>\n",
" <td>0.609221</td>\n",
" <td>0.184757</td>\n",
" <td>1.000000</td>\n",
" <td>1.641441</td>\n",
" <td>0.072199</td>\n",
" <td>inf</td>\n",
" </tr>\n",
" <tr>\n",
" <th>50</th>\n",
" <td>(srv_count)</td>\n",
" <td>(flag)</td>\n",
" <td>0.131507</td>\n",
" <td>0.609221</td>\n",
" <td>0.130997</td>\n",
" <td>0.996119</td>\n",
" <td>1.635071</td>\n",
" <td>0.050880</td>\n",
" <td>100.690768</td>\n",
" </tr>\n",
" <tr>\n",
" <th>17</th>\n",
" <td>(srv_serror_rate)</td>\n",
" <td>(serror_rate)</td>\n",
" <td>0.284110</td>\n",
" <td>0.286832</td>\n",
" <td>0.282919</td>\n",
" <td>0.995808</td>\n",
" <td>3.471745</td>\n",
" <td>0.201427</td>\n",
" <td>170.141448</td>\n",
" </tr>\n",
" <tr>\n",
" <th>20</th>\n",
" <td>(dst_host_srv_serror_rate)</td>\n",
" <td>(dst_host_serror_rate)</td>\n",
" <td>0.279403</td>\n",
" <td>0.285585</td>\n",
" <td>0.276738</td>\n",
" <td>0.990461</td>\n",
" <td>3.468186</td>\n",
" <td>0.196945</td>\n",
" <td>74.892007</td>\n",
" </tr>\n",
" <tr>\n",
" <th>51</th>\n",
" <td>(srv_count)</td>\n",
" <td>(same_srv_rate)</td>\n",
" <td>0.131507</td>\n",
" <td>0.623001</td>\n",
" <td>0.130203</td>\n",
" <td>0.990082</td>\n",
" <td>1.589214</td>\n",
" <td>0.048274</td>\n",
" <td>38.011332</td>\n",
" </tr>\n",
" <tr>\n",
" <th>...</th>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" <td>...</td>\n",
" </tr>\n",
" <tr>\n",
" <th>37</th>\n",
" <td>(dst_host_serror_rate)</td>\n",
" <td>(count)</td>\n",
" <td>0.285585</td>\n",
" <td>0.364920</td>\n",
" <td>0.232108</td>\n",
" <td>0.812748</td>\n",
" <td>2.227195</td>\n",
" <td>0.127893</td>\n",
" <td>3.391583</td>\n",
" </tr>\n",
" <tr>\n",
" <th>68</th>\n",
" <td>(rerror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.125496</td>\n",
" <td>0.466258</td>\n",
" <td>0.101962</td>\n",
" <td>0.812472</td>\n",
" <td>1.742536</td>\n",
" <td>0.043448</td>\n",
" <td>2.846193</td>\n",
" </tr>\n",
" <tr>\n",
" <th>36</th>\n",
" <td>(serror_rate)</td>\n",
" <td>(count)</td>\n",
" <td>0.286832</td>\n",
" <td>0.364920</td>\n",
" <td>0.232449</td>\n",
" <td>0.810399</td>\n",
" <td>2.220759</td>\n",
" <td>0.127778</td>\n",
" <td>3.349567</td>\n",
" </tr>\n",
" <tr>\n",
" <th>69</th>\n",
" <td>(srv_rerror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.126460</td>\n",
" <td>0.466258</td>\n",
" <td>0.101565</td>\n",
" <td>0.803139</td>\n",
" <td>1.722519</td>\n",
" <td>0.042602</td>\n",
" <td>2.711262</td>\n",
" </tr>\n",
" <tr>\n",
" <th>13</th>\n",
" <td>(dst_host_srv_count)</td>\n",
" <td>(service)</td>\n",
" <td>0.435522</td>\n",
" <td>0.617444</td>\n",
" <td>0.349155</td>\n",
" <td>0.801693</td>\n",
" <td>1.298406</td>\n",
" <td>0.080245</td>\n",
" <td>1.929109</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"<p>70 rows × 9 columns</p>\n",
"</div>"
],
"text/plain": [
" antecedents consequents ... leverage conviction\n",
"40 (protocol_type) (flag) ... 0.072199 inf\n",
"50 (srv_count) (flag) ... 0.050880 100.690768\n",
"17 (srv_serror_rate) (serror_rate) ... 0.201427 170.141448\n",
"20 (dst_host_srv_serror_rate) (dst_host_serror_rate) ... 0.196945 74.892007\n",
"51 (srv_count) (same_srv_rate) ... 0.048274 38.011332\n",
".. ... ... ... ... ...\n",
"37 (dst_host_serror_rate) (count) ... 0.127893 3.391583\n",
"68 (rerror_rate) (class) ... 0.043448 2.846193\n",
"36 (serror_rate) (count) ... 0.127778 3.349567\n",
"69 (srv_rerror_rate) (class) ... 0.042602 2.711262\n",
"13 (dst_host_srv_count) (service) ... 0.080245 1.929109\n",
"\n",
"[70 rows x 9 columns]"
]
},
"metadata": {},
"execution_count": 10
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 300
},
"id": "vy-AH96DXMYb",
"outputId": "fc9becf6-9b68-414b-b1a9-49ddf373436b"
},
"source": [
"rules_list = rules[rules['consequents'] == {\"class\"}]\n",
"rules_list"
],
"execution_count": 11,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>antecedents</th>\n",
" <th>consequents</th>\n",
" <th>antecedent support</th>\n",
" <th>consequent support</th>\n",
" <th>support</th>\n",
" <th>confidence</th>\n",
" <th>lift</th>\n",
" <th>leverage</th>\n",
" <th>conviction</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>31</th>\n",
" <td>(dst_host_srv_serror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.279403</td>\n",
" <td>0.466258</td>\n",
" <td>0.274980</td>\n",
" <td>0.984169</td>\n",
" <td>2.110780</td>\n",
" <td>0.144706</td>\n",
" <td>33.714680</td>\n",
" </tr>\n",
" <tr>\n",
" <th>30</th>\n",
" <td>(srv_serror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.284110</td>\n",
" <td>0.466258</td>\n",
" <td>0.275264</td>\n",
" <td>0.968862</td>\n",
" <td>2.077952</td>\n",
" <td>0.142795</td>\n",
" <td>17.141318</td>\n",
" </tr>\n",
" <tr>\n",
" <th>29</th>\n",
" <td>(dst_host_serror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.285585</td>\n",
" <td>0.466258</td>\n",
" <td>0.275320</td>\n",
" <td>0.964059</td>\n",
" <td>2.067649</td>\n",
" <td>0.142164</td>\n",
" <td>14.850403</td>\n",
" </tr>\n",
" <tr>\n",
" <th>22</th>\n",
" <td>(serror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.286832</td>\n",
" <td>0.466258</td>\n",
" <td>0.275831</td>\n",
" <td>0.961645</td>\n",
" <td>2.062472</td>\n",
" <td>0.142093</td>\n",
" <td>13.915800</td>\n",
" </tr>\n",
" <tr>\n",
" <th>15</th>\n",
" <td>(count)</td>\n",
" <td>(class)</td>\n",
" <td>0.364920</td>\n",
" <td>0.466258</td>\n",
" <td>0.323409</td>\n",
" <td>0.886247</td>\n",
" <td>1.900764</td>\n",
" <td>0.153262</td>\n",
" <td>4.692114</td>\n",
" </tr>\n",
" <tr>\n",
" <th>48</th>\n",
" <td>(diff_srv_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.170296</td>\n",
" <td>0.466258</td>\n",
" <td>0.145911</td>\n",
" <td>0.856810</td>\n",
" <td>1.837629</td>\n",
" <td>0.066509</td>\n",
" <td>3.727503</td>\n",
" </tr>\n",
" <tr>\n",
" <th>68</th>\n",
" <td>(rerror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.125496</td>\n",
" <td>0.466258</td>\n",
" <td>0.101962</td>\n",
" <td>0.812472</td>\n",
" <td>1.742536</td>\n",
" <td>0.043448</td>\n",
" <td>2.846193</td>\n",
" </tr>\n",
" <tr>\n",
" <th>69</th>\n",
" <td>(srv_rerror_rate)</td>\n",
" <td>(class)</td>\n",
" <td>0.126460</td>\n",
" <td>0.466258</td>\n",
" <td>0.101565</td>\n",
" <td>0.803139</td>\n",
" <td>1.722519</td>\n",
" <td>0.042602</td>\n",
" <td>2.711262</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" antecedents consequents ... leverage conviction\n",
"31 (dst_host_srv_serror_rate) (class) ... 0.144706 33.714680\n",
"30 (srv_serror_rate) (class) ... 0.142795 17.141318\n",
"29 (dst_host_serror_rate) (class) ... 0.142164 14.850403\n",
"22 (serror_rate) (class) ... 0.142093 13.915800\n",
"15 (count) (class) ... 0.153262 4.692114\n",
"48 (diff_srv_rate) (class) ... 0.066509 3.727503\n",
"68 (rerror_rate) (class) ... 0.043448 2.846193\n",
"69 (srv_rerror_rate) (class) ... 0.042602 2.711262\n",
"\n",
"[8 rows x 9 columns]"
]
},
"metadata": {},
"execution_count": 11
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/",
"height": 383
},
"id": "9jVN92COXRsJ",
"outputId": "7aca9040-6cfd-4e4b-8327-19a37ae3eb8f"
},
"source": [
"test = pd.DataFrame(X_test, columns=data.drop(columns = [\"index_num\"]).columns)\n",
"test.head(n=10)"
],
"execution_count": 12,
"outputs": [
{
"output_type": "execute_result",
"data": {
"text/html": [
"<div>\n",
"<style scoped>\n",
" .dataframe tbody tr th:only-of-type {\n",
" vertical-align: middle;\n",
" }\n",
"\n",
" .dataframe tbody tr th {\n",
" vertical-align: top;\n",
" }\n",
"\n",
" .dataframe thead th {\n",
" text-align: right;\n",
" }\n",
"</style>\n",
"<table border=\"1\" class=\"dataframe\">\n",
" <thead>\n",
" <tr style=\"text-align: right;\">\n",
" <th></th>\n",
" <th>duration</th>\n",
" <th>protocol_type</th>\n",
" <th>service</th>\n",
" <th>flag</th>\n",
" <th>src_bytes</th>\n",
" <th>dst_bytes</th>\n",
" <th>land</th>\n",
" <th>wrong_fragment</th>\n",
" <th>hot</th>\n",
" <th>num_failed_logins</th>\n",
" <th>logged_in</th>\n",
" <th>num_compromised</th>\n",
" <th>root_shell</th>\n",
" <th>su_attempted</th>\n",
" <th>num_root</th>\n",
" <th>num_file_creations</th>\n",
" <th>num_shells</th>\n",
" <th>num_access_files</th>\n",
" <th>is_guest_login</th>\n",
" <th>count</th>\n",
" <th>srv_count</th>\n",
" <th>serror_rate</th>\n",
" <th>srv_serror_rate</th>\n",
" <th>rerror_rate</th>\n",
" <th>srv_rerror_rate</th>\n",
" <th>same_srv_rate</th>\n",
" <th>diff_srv_rate</th>\n",
" <th>srv_diff_host_rate</th>\n",
" <th>dst_host_count</th>\n",
" <th>dst_host_srv_count</th>\n",
" <th>dst_host_same_srv_rate</th>\n",
" <th>dst_host_diff_srv_rate</th>\n",
" <th>dst_host_same_src_port_rate</th>\n",
" <th>dst_host_srv_diff_host_rate</th>\n",
" <th>dst_host_serror_rate</th>\n",
" <th>dst_host_srv_serror_rate</th>\n",
" <th>dst_host_rerror_rate</th>\n",
" <th>dst_host_srv_rerror_rate</th>\n",
" <th>class</th>\n",
" </tr>\n",
" </thead>\n",
" <tbody>\n",
" <tr>\n",
" <th>3445</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>17461</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>14662</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" </tr>\n",
" <tr>\n",
" <th>4043</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" </tr>\n",
" <tr>\n",
" <th>9161</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>3396</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" </tr>\n",
" <tr>\n",
" <th>16768</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>19271</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>11404</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" <tr>\n",
" <th>10421</th>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>1</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" <td>0</td>\n",
" </tr>\n",
" </tbody>\n",
"</table>\n",
"</div>"
],
"text/plain": [
" duration protocol_type ... dst_host_srv_rerror_rate class\n",
"3445 0 0 ... 0 0\n",
"17461 0 0 ... 0 0\n",
"14662 0 0 ... 0 1\n",
"4043 0 0 ... 1 1\n",
"9161 0 0 ... 0 0\n",
"3396 0 0 ... 1 1\n",
"16768 0 0 ... 0 0\n",
"19271 0 0 ... 0 0\n",
"11404 0 0 ... 0 0\n",
"10421 0 0 ... 0 0\n",
"\n",
"[10 rows x 39 columns]"
]
},
"metadata": {},
"execution_count": 12
}
]
},
{
"cell_type": "code",
"metadata": {
"id": "hBLP3xt-ulXS"
},
"source": [
"col = ['dst_host_srv_serror_rate', 'srv_serror_rate', 'serror_rate', 'dst_host_serror_rate', 'count', 'diff_srv_rate', 'rerror_rate', 'srv_rerror_rate']"
],
"execution_count": null,
"outputs": []
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "4Db7WFnwGsUx",
"outputId": "87ad3864-13d8-48c4-b692-69559cab983e"
},
"source": [
"idx_a = test[(test['dst_host_srv_serror_rate'] == 0) & (test['srv_serror_rate'] == 0) & (test['serror_rate'] == 0) & (test['dst_host_serror_rate'] == 0) & (test['count'] == 0) & (test['diff_srv_rate'] == 0) & (test['rerror_rate'] == 0) & (test['srv_rerror_rate'] == 0) ].index\n",
"test_df = test.drop(idx_a) #attack 예측\n",
"\n",
"idx_class = test_df[test_df['class'] == 0 ].index\n",
"test_err = test_df.drop(idx_class) #attack 결과\n",
"\n",
"print(test_df.shape)\n",
"print(test_err.shape)"
],
"execution_count": 13,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"(3927, 39)\n",
"(3072, 39)\n"
]
}
]
},
{
"cell_type": "code",
"metadata": {
"colab": {
"base_uri": "https://localhost:8080/"
},
"id": "u_kTQn-yJ-Ve",
"outputId": "0dce58e1-10bc-4284-fb50-2ad778e275a7"
},
"source": [
"idx_a = test[(test['dst_host_srv_serror_rate'] == 1) | (test['srv_serror_rate'] == 1) | (test['serror_rate'] == 1) | (test['dst_host_serror_rate'] == 1) | (test['count'] == 1) | (test['diff_srv_rate'] == 1) | (test['rerror_rate'] == 1) | (test['srv_rerror_rate'] == 1)].index\n",
"test_df = test.drop(idx_a) #non 이라고 예측\n",
"\n",
"idx_class = test_df[test_df['class'] == 1 ].index\n",
"test_err = test_df.drop(idx_class) #non 결과\n",
"\n",
"print(test_df.shape)\n",
"print(test_err.shape)"
],
"execution_count": 14,
"outputs": [
{
"output_type": "stream",
"name": "stdout",
"text": [
"(3631, 39)\n",
"(3182, 39)\n"
]
}
]
},
{
"cell_type": "markdown",
"metadata": {
"id": "I9Hi3MkbKKnj"
},
"source": [
"min_support = 0.1 / max_len = 2 / min_threshold = 0.8 \n",
"\n",
" ('dst_host_srv_serror_rate', 'srv_serror_rate', 'serror_rate', 'dst_host_serror_rate', 'count', 'diff_srv_rate', 'rerror_rate', 'srv_rerror_rate')\n",
"\n",
"\n",
"\n",
" | Prediction of Attack | Prediction of Non-Attack\n",
"---\n",
" Attack | True Positive : 3072 | False Negative : 449\n",
"---\n",
" Non-Attack | False Positive : 855 | True Negative : 3182\n",
"\n",
"\n",
"\n",
"**Apriori Test**\n",
"\n",
"* Accuracy (82.75)\n",
"* Precision (78.23)\n",
"* Recall (87.25)\n",
"* F1 score (82.49)\n"
]
}
]
}
\ No newline at end of file
%% Cell type:markdown id: tags:
<a
href=
"https://colab.research.google.com/github/lani009/IDS-DataMining/blob/main/%5BDM%5DApriori.ipynb"
target=
"_parent"
><img
src=
"https://colab.research.google.com/assets/colab-badge.svg"
alt=
"Open In Colab"
/></a>
%% Cell type:code id: tags:
```
import os
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns
import time
```
%% Cell type:code id: tags:
```
data = pd.read_csv('DM_data.csv')
data.info()
```
%% Output
<class 'pandas.core.frame.DataFrame'>
RangeIndex: 25192 entries, 0 to 25191
Data columns (total 40 columns):
# Column Non-Null Count Dtype
--- ------ -------------- -----
0 duration 25192 non-null int64
1 protocol_type 25192 non-null int64
2 service 25192 non-null int64
3 flag 25192 non-null int64
4 src_bytes 25192 non-null int64
5 dst_bytes 25192 non-null int64
6 land 25192 non-null int64
7 wrong_fragment 25192 non-null int64
8 hot 25192 non-null int64
9 num_failed_logins 25192 non-null int64
10 logged_in 25192 non-null int64
11 num_compromised 25192 non-null int64
12 root_shell 25192 non-null int64
13 su_attempted 25192 non-null int64
14 num_root 25192 non-null int64
15 num_file_creations 25192 non-null int64
16 num_shells 25192 non-null int64
17 num_access_files 25192 non-null int64
18 is_guest_login 25192 non-null int64
19 count 25192 non-null int64
20 srv_count 25192 non-null int64
21 serror_rate 25192 non-null float64
22 srv_serror_rate 25192 non-null float64
23 rerror_rate 25192 non-null float64
24 srv_rerror_rate 25192 non-null float64
25 same_srv_rate 25192 non-null float64
26 diff_srv_rate 25192 non-null float64
27 srv_diff_host_rate 25192 non-null float64
28 dst_host_count 25192 non-null int64
29 dst_host_srv_count 25192 non-null int64
30 dst_host_same_srv_rate 25192 non-null float64
31 dst_host_diff_srv_rate 25192 non-null float64
32 dst_host_same_src_port_rate 25192 non-null float64
33 dst_host_srv_diff_host_rate 25192 non-null float64
34 dst_host_serror_rate 25192 non-null float64
35 dst_host_srv_serror_rate 25192 non-null float64
36 dst_host_rerror_rate 25192 non-null float64
37 dst_host_srv_rerror_rate 25192 non-null float64
38 class 25192 non-null int64
39 index_num 25192 non-null int64
dtypes: float64(15), int64(25)
memory usage: 7.7 MB
%% Cell type:code id: tags:
```
from sklearn.model_selection import train_test_split
from sklearn.preprocessing import MinMaxScaler, StandardScaler
```
%% Cell type:code id: tags:
```
from mlxtend.frequent_patterns import apriori,association_rules
```
%% Cell type:code id: tags:
```
sc = StandardScaler()
sc_data = sc.fit_transform(data)
sc_df = pd.DataFrame(sc_data, columns=data.columns)
sc_df.head(n=10)
#StandardScaler로 data scaling
```
%% Output
duration protocol_type ... class index_num
0 -0.113551 -0.444009 ... -0.934425 -1.731982
1 -0.113551 1.325565 ... -0.934425 -1.731845
2 -0.113551 -0.444009 ... 1.070177 -1.731707
3 -0.113551 -0.444009 ... -0.934425 -1.731570
4 -0.113551 -0.444009 ... -0.934425 -1.731432
5 -0.113551 -0.444009 ... 1.070177 -1.731295
6 -0.113551 -0.444009 ... 1.070177 -1.731157
7 -0.113551 -0.444009 ... 1.070177 -1.731019
8 -0.113551 -0.444009 ... 1.070177 -1.730882
9 -0.113551 -0.444009 ... 1.070177 -1.730744
[10 rows x 40 columns]
%% Cell type:code id: tags:
```
def encode_units(x):
if x <= 0 :
return 0
if x > 0 :
return 1
train_df = sc_df.applymap(encode_units)
train_df.head(n=10)
#classification을 위해 scaling 시킨 data들을 음수면 0, 양수면 1로 encoding
```
%% Output
duration protocol_type service ... dst_host_srv_rerror_rate class index_num
0 0 0 0 ... 0 0 0
1 0 1 1 ... 0 0 0
2 0 0 0 ... 0 1 0
3 0 0 1 ... 0 0 0
4 0 0 1 ... 0 0 0
5 0 0 0 ... 1 1 0
6 0 0 0 ... 0 1 0
7 0 0 0 ... 0 1 0
8 0 0 1 ... 0 1 0
9 0 0 0 ... 0 1 0
[10 rows x 40 columns]
%% Cell type:code id: tags:
```
data_X = train_df.drop(columns = ["index_num"])
X_train, X_test = train_test_split(data_X, test_size=0.3, shuffle=True)
print(X_train.shape, X_test.shape)
#train data와 test data를 7:3 의 비율로 split
```
%% Output
(17634, 39) (7558, 39)
%% Cell type:code id: tags:
```
df = pd.DataFrame(X_train, columns=data.drop(columns = ["index_num"]).columns)
df.head()
```
%% Output
duration protocol_type ... dst_host_srv_rerror_rate class
21843 0 1 ... 0 1
10713 0 0 ... 0 1
1773 0 0 ... 0 0
6797 0 1 ... 0 0
23799 0 0 ... 0 1
[5 rows x 39 columns]
%% Cell type:code id: tags:
```
frequent_itemsets = apriori( df, min_support = 0.1, use_colnames=True, max_len = 2)
result_desc = frequent_itemsets.sort_values(['support'],ascending =[False])
result_desc
```
%% Output
support itemsets
13 0.644267 (dst_host_count)
10 0.623001 (same_srv_rate)
1 0.617444 (service)
2 0.609221 (flag)
45 0.568334 (flag, same_srv_rate)
.. ... ...
79 0.101962 (class, rerror_rate)
82 0.101565 (class, srv_rerror_rate)
27 0.101225 (protocol_type, dst_host_srv_count)
29 0.100488 (protocol_type, dst_host_same_src_port_rate)
103 0.100374 (class, dst_host_same_src_port_rate)
[109 rows x 2 columns]
%% Cell type:code id: tags:
```
rules = association_rules(result_desc , metric = "confidence" , min_threshold = 0.8)
rules = rules.sort_values(['confidence','lift'], ascending=[False , False])
rules
```
%% Output
antecedents consequents ... leverage conviction
40 (protocol_type) (flag) ... 0.072199 inf
50 (srv_count) (flag) ... 0.050880 100.690768
17 (srv_serror_rate) (serror_rate) ... 0.201427 170.141448
20 (dst_host_srv_serror_rate) (dst_host_serror_rate) ... 0.196945 74.892007
51 (srv_count) (same_srv_rate) ... 0.048274 38.011332
.. ... ... ... ... ...
37 (dst_host_serror_rate) (count) ... 0.127893 3.391583
68 (rerror_rate) (class) ... 0.043448 2.846193
36 (serror_rate) (count) ... 0.127778 3.349567
69 (srv_rerror_rate) (class) ... 0.042602 2.711262
13 (dst_host_srv_count) (service) ... 0.080245 1.929109
[70 rows x 9 columns]
%% Cell type:code id: tags:
```
rules_list = rules[rules['consequents'] == {"class"}]
rules_list
```
%% Output
antecedents consequents ... leverage conviction
31 (dst_host_srv_serror_rate) (class) ... 0.144706 33.714680
30 (srv_serror_rate) (class) ... 0.142795 17.141318
29 (dst_host_serror_rate) (class) ... 0.142164 14.850403
22 (serror_rate) (class) ... 0.142093 13.915800
15 (count) (class) ... 0.153262 4.692114
48 (diff_srv_rate) (class) ... 0.066509 3.727503
68 (rerror_rate) (class) ... 0.043448 2.846193
69 (srv_rerror_rate) (class) ... 0.042602 2.711262
[8 rows x 9 columns]
%% Cell type:code id: tags:
```
test = pd.DataFrame(X_test, columns=data.drop(columns = ["index_num"]).columns)
test.head(n=10)
```
%% Output
duration protocol_type ... dst_host_srv_rerror_rate class
3445 0 0 ... 0 0
17461 0 0 ... 0 0
14662 0 0 ... 0 1
4043 0 0 ... 1 1
9161 0 0 ... 0 0
3396 0 0 ... 1 1
16768 0 0 ... 0 0
19271 0 0 ... 0 0
11404 0 0 ... 0 0
10421 0 0 ... 0 0
[10 rows x 39 columns]
%% Cell type:code id: tags:
```
col = ['dst_host_srv_serror_rate', 'srv_serror_rate', 'serror_rate', 'dst_host_serror_rate', 'count', 'diff_srv_rate', 'rerror_rate', 'srv_rerror_rate']
```
%% Cell type:code id: tags:
```
idx_a = test[(test['dst_host_srv_serror_rate'] == 0) & (test['srv_serror_rate'] == 0) & (test['serror_rate'] == 0) & (test['dst_host_serror_rate'] == 0) & (test['count'] == 0) & (test['diff_srv_rate'] == 0) & (test['rerror_rate'] == 0) & (test['srv_rerror_rate'] == 0) ].index
test_df = test.drop(idx_a) #attack 예측
idx_class = test_df[test_df['class'] == 0 ].index
test_err = test_df.drop(idx_class) #attack 결과
print(test_df.shape)
print(test_err.shape)
```
%% Output
(3927, 39)
(3072, 39)
%% Cell type:code id: tags:
```
idx_a = test[(test['dst_host_srv_serror_rate'] == 1) | (test['srv_serror_rate'] == 1) | (test['serror_rate'] == 1) | (test['dst_host_serror_rate'] == 1) | (test['count'] == 1) | (test['diff_srv_rate'] == 1) | (test['rerror_rate'] == 1) | (test['srv_rerror_rate'] == 1)].index
test_df = test.drop(idx_a) #non 이라고 예측
idx_class = test_df[test_df['class'] == 1 ].index
test_err = test_df.drop(idx_class) #non 결과
print(test_df.shape)
print(test_err.shape)
```
%% Output
(3631, 39)
(3182, 39)
%% Cell type:markdown id: tags:
min_support = 0.1 / max_len = 2 / min_threshold = 0.8
('dst_host_srv_serror_rate', 'srv_serror_rate', 'serror_rate', 'dst_host_serror_rate', 'count', 'diff_srv_rate', 'rerror_rate', 'srv_rerror_rate')
| Prediction of Attack | Prediction of Non-Attack
---
Attack | True Positive : 3072 | False Negative
:
449
---
Non-Attack | False Positive : 855 | True Negative : 3182
**Apriori Test**
*
Accuracy (82.75)
*
Precision (78.23)
*
Recall (87.25)
*
F1 score (82.49)
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
