入侵檢測實驗一般使用的是KDD CUP99中的kddcup.data_10percent數據集。由於數據集中包含有符號型的數據屬性,不適合直接處理,所以需要進行預處理,數據集的預處理一般由三個步驟:
1.將字符型特徵轉換成數值型特徵
2.數值標準化
3.數值歸一化
關於KDD CUP99的數據預處理看了兩個博客,兩個博客合在一起比較完整,所以這裏轉載過來,記錄下來方便學習。
!!!以下部分轉自:https://blog.csdn.net/asialee_bird/article/details/80491256
1、數據集下載:http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
2、KDDCup99網絡入侵檢測數據集介紹:
https://blog.csdn.net/com_stu_zhang/article/details/6987632
https://www.cnblogs.com/gongyanc/p/6703532.html
3、Weka進階——基於KDD99數據集的入侵檢測分析:
https://blog.csdn.net/jbfsdzpp/article/details/44099849
4、符號型特徵數值化
採用one-hot方法進行數值化:https://blog.csdn.net/qq_28617019/article/details/79717184
5、KDD CUP99數據集預處理
(1)字符型特徵轉換爲數值型特徵(即符號型特徵數值化)
Python3對KDD CUP99數據集預處理代碼實現(僅實現字符型特徵轉爲數值型特徵)
#kdd99數據集預處理
#將kdd99符號型數據轉化爲數值型數據
#coding:utf-8
import numpy as np
import pandas as pd
import csv
import time
global label_list #label_list爲全局變量
#定義kdd99數據預處理函數
def preHandel_data():
source_file='kddcup.data_10_percent_corrected'
handled_file='kddcup.data_10_percent_corrected.csv'
data_file=open(handled_file,'w',newline='') #python3.x中添加newline=''這一參數使寫入的文件沒有多餘的空行
with open(source_file,'r') as data_source:
csv_reader=csv.reader(data_source)
csv_writer=csv.writer(data_file)
count=0 #記錄數據的行數,初始化爲0
for row in csv_reader:
temp_line=np.array(row) #將每行數據存入temp_line數組裏
temp_line[1]=handleProtocol(row) #將源文件行中3種協議類型轉換成數字標識
temp_line[2]=handleService(row) #將源文件行中70種網絡服務類型轉換成數字標識
temp_line[3]=handleFlag(row) #將源文件行中11種網絡連接狀態轉換成數字標識
temp_line[41]=handleLabel(row) #將源文件行中23種攻擊類型轉換成數字標識
csv_writer.writerow(temp_line)
count+=1
#輸出每行數據中所修改後的狀態
print(count,'status:',temp_line[1],temp_line[2],temp_line[3],temp_line[41])
data_file.close()
#將相應的非數字類型轉換爲數字標識即符號型數據轉化爲數值型數據
def find_index(x,y):
return [i for i in range(len(y)) if y[i]==x]
#定義將源文件行中3種協議類型轉換成數字標識的函數
def handleProtocol(input):
protocol_list=['tcp','udp','icmp']
if input[1] in protocol_list:
return find_index(input[1],protocol_list)[0]
#定義將源文件行中70種網絡服務類型轉換成數字標識的函數
def handleService(input):
service_list=['aol','auth','bgp','courier','csnet_ns','ctf','daytime','discard','domain','domain_u',
'echo','eco_i','ecr_i','efs','exec','finger','ftp','ftp_data','gopher','harvest','hostnames',
'http','http_2784','http_443','http_8001','imap4','IRC','iso_tsap','klogin','kshell','ldap',
'link','login','mtp','name','netbios_dgm','netbios_ns','netbios_ssn','netstat','nnsp','nntp',
'ntp_u','other','pm_dump','pop_2','pop_3','printer','private','red_i','remote_job','rje','shell',
'smtp','sql_net','ssh','sunrpc','supdup','systat','telnet','tftp_u','tim_i','time','urh_i','urp_i',
'uucp','uucp_path','vmnet','whois','X11','Z39_50']
if input[2] in service_list:
return find_index(input[2],service_list)[0]
#定義將源文件行中11種網絡連接狀態轉換成數字標識的函數
def handleFlag(input):
flag_list=['OTH','REJ','RSTO','RSTOS0','RSTR','S0','S1','S2','S3','SF','SH']
if input[3] in flag_list:
return find_index(input[3],flag_list)[0]
#定義將源文件行中攻擊類型轉換成數字標識的函數(訓練集中共出現了22個攻擊類型,而剩下的17種只在測試集中出現)
def handleLabel(input):
#label_list=['normal.', 'buffer_overflow.', 'loadmodule.', 'perl.', 'neptune.', 'smurf.',
# 'guess_passwd.', 'pod.', 'teardrop.', 'portsweep.', 'ipsweep.', 'land.', 'ftp_write.',
# 'back.', 'imap.', 'satan.', 'phf.', 'nmap.', 'multihop.', 'warezmaster.', 'warezclient.',
# 'spy.', 'rootkit.']
global label_list #在函數內部使用全局變量並修改它
if input[41] in label_list:
return find_index(input[41],label_list)[0]
else:
label_list.append(input[41])
return find_index(input[41],label_list)[0]
if __name__=='__main__':
start_time=time.clock()
global label_list #聲明一個全局變量的列表並初始化爲空
label_list=[]
preHandel_data()
end_time=time.clock()
print("Running time:",(end_time-start_time)) #輸出程序運行時間
該代碼僅對10%的訓練集(kddcup.data_10_percent_corrected)進行處理
!!!以下部分轉自:https://blog.csdn.net/jsh306/article/details/86536707
(2)數值標準化
首先計算各屬性的平均值和平均絕對誤差,公式爲
其中,X_k 表示第k個屬性的均值,S_k表示第k個屬性的平均絕對誤差,X_ik表示第i條記錄的第k個屬性。
然後對每條數據記錄進行標準化度量,即
其中,Z_ik表示標準化後的第i條數據記錄的第k個屬性值。
Python3 對數據集的數據標準化方法實現如下:
def Handle_data():
source_file = "kddcup.data_10_percent_corrected.csv"
handled_file = "kddcup1.data_10_percent_corrected.csv"
data_file = open(handled_file,'w',newline='')
with open(source_file,'r') as data_source:
csv_reader = csv.reader(data_source)
count = 0
row_num = ""
for row in csv_reader:
count = count+1
row_num = row
sum = np.zeros(len(row_num)) #和
sum.astype(float)
avg = np.zeros(len(row_num)) #平均值
avg.astype(float)
stadsum = np.zeros(len(row_num)) #絕對誤差
stadsum.astype(float)
stad = np.zeros(len(row_num)) #平均絕對誤差
stad.astype(float)
dic = {}
lists = []
for i in range(0,len(row_num)):
with open(source_file,'r') as data_source:
csv_reader = csv.reader(data_source)
for row in csv_reader:
sum[i] += float(row[i])
avg[i] = sum[i] / count #每一列的平均值求得
with open(source_file,'r') as data_source:
csv_reader = csv.reader(data_source)
for row in csv_reader:
stadsum[i] += math.pow(abs(float(row[i]) - avg[i]), 2)
stad[i] = stadsum[i] / count #每一列的平均絕對誤差求得
with open(source_file,'r') as data_source:
csv_reader = csv.reader(data_source)
list = []
for row in csv_reader:
temp_line=np.array(row) #將每行數據存入temp_line數組裏
if avg[i] == 0 or stad[i] == 0:
temp_line[i] = 0
else:
temp_line[i] = abs(float(row[i]) - avg[i]) / stad[i]
list.append(temp_line[i])
lists.append(list)
for j in range(0,len(lists)):
dic[j] = lists[j] #將每一列的元素值存入字典中
df = pd.DataFrame(data = dic)
df.to_csv(data_file,index=False,header=False)
data_file.close()
(3)數值歸一化
將標準化後的每個數值歸一化到[0,1]區間。公式爲
其中max爲樣本數據的最大值,min爲樣本數據的最小值,x爲標準化後的數據。
Python3 對數據集的數據歸一化方法實現如下:
def Find_Maxmin():
source_file = "kddcup1.data_10_percent_corrected.csv"
handled_file = "kddcup2.data_10_percent_corrected.csv"
dic = {}
data_file = open(handled_file,'w',newline='')
with open(source_file,'r') as data_source:
csv_reader=csv.reader(data_source)
count = 0
row_num = ""
for row in csv_reader:
count = count+1
row_num = row
with open(source_file,'r') as data_source:
csv_reader=csv.reader(data_source)
final_list = list(csv_reader)
print(final_list)
jmax = []
jmin = []
for k in range(0, len(final_list)):
jmax.append(max(final_list[k]))
jmin.append(min(final_list[k]))
jjmax = float(max(jmax))
jjmin = float(min(jmin))
listss = []
for i in range(0,len(row_num)):
lists = []
with open(source_file,'r') as data_source:
csv_reader=csv.reader(data_source)
for row in csv_reader:
if (jjmax-jjmin) == 0:
x = 0
else:
x = (float(row[i])-jjmin) / (jjmax-jjmin)
lists.append(x)
listss.append(lists)
for j in range(0,len(listss)):
dic[j] = listss[j]
df = pd.DataFrame(data = dic)
df.to_csv(data_file,index=False,header=False)
data_file.close()