CICIoT2023-attack-classifier

1. import pandas as pd
2. import sys
3. import os
4.  
5. # Define the attack classification mapping
6. attack_mapping = {
7.     # DDoS Attacks
8.     'DDoS-ICMP_Flood': 'DDoS Attacks',
9.     'DDoS-UDP_Flood': 'DDoS Attacks',
10.     'DDoS-TCP_Flood': 'DDoS Attacks',
11.     'DDoS-RSTFINFlood': 'DDoS Attacks',
12.     'DDoS-PSHACK_Flood': 'DDoS Attacks',
13.     'DDoS-SYN_Flood': 'DDoS Attacks',
14.     'DDoS-SynonymousIP_Flood': 'DDoS Attacks',
15.     'DDoS-ICMP_Fragmentation': 'DDoS Attacks',
16.     'DDoS-UDP_Fragmentation': 'DDoS Attacks',
17.     'DDoS-ACK_Fragmentation': 'DDoS Attacks',
18.     'DDoS-HTTP_Flood': 'DDoS Attacks',
19.     'DDoS-SlowLoris': 'DDoS Attacks',
20.    
21.     # DoS Attacks
22.     'DoS-UDP_Flood': 'DoS Attacks',
23.     'DoS-TCP_Flood': 'DoS Attacks',
24.     'DoS-SYN_Flood': 'DoS Attacks',
25.     'DoS-HTTP_Flood': 'DoS Attacks',
26.    
27.     # Mirai Botnet Attacks
28.     'Mirai-greeth_flood': 'Mirai Botnet Attacks',
29.     'Mirai-udpplain': 'Mirai Botnet Attacks',
30.     'Mirai-greip_flood': 'Mirai Botnet Attacks',
31.    
32.     # Reconnaissance
33.     'Recon-HostDiscovery': 'Reconnaissance',
34.     'Recon-OSScan': 'Reconnaissance',
35.     'Recon-PortScan': 'Reconnaissance',
36.     'Recon-PingSweep': 'Reconnaissance',
37.    
38.     # Web Application Attacks
39.     'XSS': 'Web Application Attacks',
40.     'SqlInjection': 'Web Application Attacks',
41.     'CommandInjection': 'Web Application Attacks',
42.     'DictionaryBruteForce': 'Web Application Attacks',
43.     'Uploading_Attack': 'Web Application Attacks',
44.    
45.     # Man-in-the-Middle Attacks
46.     'MITM-ArpSpoofing': 'Man-in-the-Middle Attacks',
47.     'DNS_Spoofing': 'Man-in-the-Middle Attacks',
48.    
49.     # Malware
50.     'BrowserHijacking': 'Malware',
51.     'Backdoor_Malware': 'Malware',
52.    
53.     # Vulnerability Assessment
54.     'VulnerabilityScan': 'Vulnerability Assessment',
55.    
56.     # Benign Traffic
57.     'BenignTraffic': 'Benign Traffic'
58. }
59.  
60. def reclassify_attacks(csv_path):
61.     try:
62.         # Read CSV file
63.         df = pd.read_csv(csv_path)
64.        
65.         # Get the name of the last column
66.         last_column = df.columns[-1]
67.        
68.         # Replace values in the last column using the mapping
69.         df[last_column] = df[last_column].map(attack_mapping)
70.        
71.         # Create output filename
72.         base_filename = os.path.splitext(csv_path)[0]
73.         output_filename = f"{base_filename}_reclassified.csv"
74.        
75.         # Save the modified dataset
76.         df.to_csv(output_filename, index=False)
77.         print(f"Successfully reclassified attacks. Saved to: {output_filename}")
78.        
79.         # Print summary of new classifications
80.         print("\nSummary of reclassified attacks:")
81.         print(df[last_column].value_counts())
82.        
83.     except Exception as e:
84.         print(f"Error processing file: {e}")
85.         sys.exit(1)
86.  
87. def main():
88.     if len(sys.argv) != 2:
89.         print("Usage: python3 script.py <path_to_csv_file>")
90.         sys.exit(1)
91.    
92.     csv_path = sys.argv[1]
93.     if not os.path.exists(csv_path):
94.         print(f"Error: File {csv_path} does not exist")
95.         sys.exit(1)
96.    
97.     reclassify_attacks(csv_path)
98.  
99. if __name__ == "__main__":
100.     main()
101.