This notebook takes the preprocessed data as input and starts to build learning models on it, while evaluating each variable as features

Loading Data (Preprocessed)



In [1]:

    
%pylab --no-import-all inline

%matplotlib inline









    



Populating the interactive namespace from numpy and matplotlib



In [2]:

    
import pandas as pd
import numpy as npm

## Load the preprocessed file
allDf = pd.read_csv('../data/vcdb_fully_processed.csv')



In [3]:

    
allDf.head()









    Out[3]:






  
    
      
      incident_id
      reference
      security_incident
      victim.country
      victim.employee_count
      victim.industry
      victim.revenue.amount
      victim.state
      victim.victim_id
      actor.external.motive.Espionage
      actor.external.motive.Financial
      actor.external.motive.Fun
      actor.external.motive.Grudge
      actor.external.motive.Ideology
      actor.external.motive.NA
      actor.external.motive.Other
      actor.external.motive.Unknown
      actor.external.variety.Acquaintance
      actor.external.variety.Activist
      actor.external.variety.Competitor
      
    
  
  
    
      0
       0012CC25-9167-40D8-8FE3-3D0DFD8FB6BB
       http://www.publicservice.co.uk/news_story.asp?...
       Confirmed
       GB
             Unknown
                      All Other Information Services
      NaN
       NaN
                                 Universal Jobmatch
       0
       1
       0
       0
       0
       0
       0
       0
       0
       0
       0
      ...
    
    
      1
       001A011B-8C28-46B9-BA86-186C18213E1A
                                                 VA FOIA
       Confirmed
       US
         Over 100000
                          All Other Support Services
      NaN
        TX
       United States Department of Veterans Affairs
       0
       0
       0
       0
       0
       0
       0
       0
       0
       0
       0
      ...
    
    
      2
       00224226-4A39-435C-BFFD-672B5D61C7C1
       http://www.cyberwarnews.info/2013/09/04/7gb-da...
       Confirmed
       AZ
             Unknown
                    Other Electric Power Generation 
      NaN
       NaN
                                         Azerenerji
       0
       0
       0
       0
       1
       0
       0
       0
       0
       1
       0
      ...
    
    
      3
       002599D4-A872-433B-9980-BD9F257B283F
       http://blog.trendmicro.com/sutter-health-sued-...
       Confirmed
       US
             1 to 10
                     Civic and Social Organizations 
      NaN
        CA
                          Sutter Medical Foundation
       0
       0
       0
       0
       0
       0
       0
       1
       0
       0
       0
      ...
    
    
      4
       005C42A3-3FE8-47B5-866B-AFBB5E3F5B95
                                                     NaN
       Confirmed
       US
       1001 to 10000
       Direct Health and Medical Insurance Carriers 
      NaN
        RI
         Blue Cross and Blue Shield of Rhode Island
       0
       0
       0
       0
       0
       0
       0
       0
       0
       0
       0
      ...
    
  

5 rows × 325 columns



In [4]:

    
"""
Get all the columns for the dataframe
"""
for i, col in enumerate(allDf.columns):
    print i, col, allDf[col].dtype









    



0 incident_id object
1 reference object
2 security_incident object
3 victim.country object
4 victim.employee_count object
5 victim.industry object
6 victim.revenue.amount float64
7 victim.state object
8 victim.victim_id object
9 actor.external.motive.Espionage int64
10 actor.external.motive.Financial int64
11 actor.external.motive.Fun int64
12 actor.external.motive.Grudge int64
13 actor.external.motive.Ideology int64
14 actor.external.motive.NA int64
15 actor.external.motive.Other int64
16 actor.external.motive.Unknown int64
17 actor.external.variety.Acquaintance int64
18 actor.external.variety.Activist int64
19 actor.external.variety.Competitor int64
20 actor.external.variety.Customer int64
21 actor.external.variety.Force.majeure int64
22 actor.external.variety.Former.employee int64
23 actor.external.variety.Nation.state int64
24 actor.external.variety.Organized.crime int64
25 actor.external.variety.Other int64
26 actor.external.variety.State.affiliated int64
27 actor.external.variety.Unaffiliated int64
28 actor.external.variety.Unknown int64
29 actor.external int64
30 actor.internal.motive.Convenience int64
31 actor.internal.motive.Espionage int64
32 actor.internal.motive.Fear int64
33 actor.internal.motive.Financial int64
34 actor.internal.motive.Fun int64
35 actor.internal.motive.Grudge int64
36 actor.internal.motive.Ideology int64
37 actor.internal.motive.NA int64
38 actor.internal.motive.Other int64
39 actor.internal.motive.Unknown int64
40 actor.internal.variety.Call.center int64
41 actor.internal.variety.Cashier int64
42 actor.internal.variety.Developer int64
43 actor.internal.variety.End.user int64
44 actor.internal.variety.Executive int64
45 actor.internal.variety.Finance int64
46 actor.internal.variety.Helpdesk int64
47 actor.internal.variety.Human.resources int64
48 actor.internal.variety.Maintenance int64
49 actor.internal.variety.Manager int64
50 actor.internal.variety.Other int64
51 actor.internal.variety.System.admin int64
52 actor.internal.variety.Unknown int64
53 actor.internal int64
54 actor.partner.motive.Convenience int64
55 actor.partner.motive.Financial int64
56 actor.partner.motive.Fun int64
57 actor.partner.motive.NA int64
58 actor.partner.motive.Other int64
59 actor.partner.motive.Unknown int64
60 actor.partner int64
61 actor.unknown int64
62 action.malware.variety.Adminware int64
63 action.malware.variety.Backdoor int64
64 action.malware.variety.Brute.force int64
65 action.malware.variety.C2 int64
66 action.malware.variety.Capture.app.data int64
67 action.malware.variety.Capture.stored.data int64
68 action.malware.variety.Client.side.attack int64
69 action.malware.variety.Destroy.data int64
70 action.malware.variety.Disable.controls int64
71 action.malware.variety.DoS int64
72 action.malware.variety.Downloader int64
73 action.malware.variety.Exploit.vuln int64
74 action.malware.variety.Export.data int64
75 action.malware.variety.Other int64
76 action.malware.variety.Packet.sniffer int64
77 action.malware.variety.Password.dumper int64
78 action.malware.variety.Ram.scraper int64
79 action.malware.variety.Ransomware int64
80 action.malware.variety.Rootkit int64
81 action.malware.variety.Scan.network int64
82 action.malware.variety.Spam int64
83 action.malware.variety.Spyware.Keylogger int64
84 action.malware.variety.Unknown int64
85 action.malware.vector.Direct.install int64
86 action.malware.vector.Download.by.malware int64
87 action.malware.vector.Email.attachment int64
88 action.malware.vector.Email.autoexecute int64
89 action.malware.vector.Email.link int64
90 action.malware.vector.Other int64
91 action.malware.vector.Remote.injection int64
92 action.malware.vector.Unknown int64
93 action.malware.vector.Web.drive.by int64
94 action.malware int64
95 action.hacking.variety.Abuse.of.functionality int64
96 action.hacking.variety.Brute.force int64
97 action.hacking.variety.Cryptanalysis int64
98 action.hacking.variety.DoS int64
99 action.hacking.variety.Forced.browsing int64
100 action.hacking.variety.MitM int64
101 action.hacking.variety.Other int64
102 action.hacking.variety.Path.traversal int64
103 action.hacking.variety.RFI int64
104 action.hacking.variety.SQLi int64
105 action.hacking.variety.SSI.injection int64
106 action.hacking.variety.Unknown int64
107 action.hacking.variety.Use.of.backdoor.or.C2 int64
108 action.hacking.variety.Use.of.stolen.creds int64
109 action.hacking.variety.XSS int64
110 action.hacking.vector.3rd.party.desktop int64
111 action.hacking.vector.Backdoor.or.C2 int64
112 action.hacking.vector.Command.shell int64
113 action.hacking.vector.Desktop.sharing int64
114 action.hacking.vector.Other int64
115 action.hacking.vector.Partner int64
116 action.hacking.vector.Physical.access int64
117 action.hacking.vector.Unknown int64
118 action.hacking.vector.VPN int64
119 action.hacking.vector.Web.application int64
120 action.hacking int64
121 action.social.target.Call.center int64
122 action.social.target.Cashier int64
123 action.social.target.Customer int64
124 action.social.target.End.user int64
125 action.social.target.Executive int64
126 action.social.target.Finance int64
127 action.social.target.Maintenance int64
128 action.social.target.Manager int64
129 action.social.target.Other int64
130 action.social.target.Partner int64
131 action.social.target.System.admin int64
132 action.social.target.Unknown int64
133 action.social.variety.Baiting int64
134 action.social.variety.Bribery int64
135 action.social.variety.Elicitation int64
136 action.social.variety.Extortion int64
137 action.social.variety.Forgery int64
138 action.social.variety.Influence int64
139 action.social.variety.Other int64
140 action.social.variety.Phishing int64
141 action.social.variety.Pretexting int64
142 action.social.variety.Scam int64
143 action.social.variety.Unknown int64
144 action.social.vector.Documents int64
145 action.social.vector.Email int64
146 action.social.vector.IM int64
147 action.social.vector.In.person int64
148 action.social.vector.Phone int64
149 action.social.vector.SMS int64
150 action.social.vector.Software int64
151 action.social.vector.Unknown int64
152 action.social.vector.Website int64
153 action.social int64
154 action.misuse.variety.Data.mishandling int64
155 action.misuse.variety.Email.misuse int64
156 action.misuse.variety.Embezzlement int64
157 action.misuse.variety.Illicit.content int64
158 action.misuse.variety.Knowledge.abuse int64
159 action.misuse.variety.Net.misuse int64
160 action.misuse.variety.Privilege.abuse int64
161 action.misuse.variety.Unapproved.hardware int64
162 action.misuse.variety.Unapproved.software int64
163 action.misuse.variety.Unapproved.workaround int64
164 action.misuse.variety.Unknown int64
165 action.misuse.vector.LAN.access int64
166 action.misuse.vector.Non.corporate int64
167 action.misuse.vector.Other int64
168 action.misuse.vector.Physical.access int64
169 action.misuse.vector.Remote.access int64
170 action.misuse.vector.Unknown int64
171 action.misuse int64
172 action.physical.location.Other int64
173 action.physical.location.Partner.facility int64
174 action.physical.location.Partner.vehicle int64
175 action.physical.location.Personal.residence int64
176 action.physical.location.Personal.vehicle int64
177 action.physical.location.Public.facility int64
178 action.physical.location.Public.vehicle int64
179 action.physical.location.Unknown int64
180 action.physical.location.Victim.grounds int64
181 action.physical.location.Victim.public.area int64
182 action.physical.location.Victim.secure.area int64
183 action.physical.location.Victim.work.area int64
184 action.physical.variety.Connection int64
185 action.physical.variety.Other int64
186 action.physical.variety.Snooping int64
187 action.physical.variety.Surveillance int64
188 action.physical.variety.Tampering int64
189 action.physical.variety.Theft int64
190 action.physical.variety.Unknown int64
191 action.physical.variety.Wiretapping int64
192 action.physical.vector.Bypassed.controls int64
193 action.physical.vector.Disabled.controls int64
194 action.physical.vector.Privileged.access int64
195 action.physical.vector.Uncontrolled.location int64
196 action.physical.vector.Unknown int64
197 action.physical.vector.Visitor.privileges int64
198 action.physical int64
199 action.error.variety.Classification.error int64
200 action.error.variety.Data.entry.error int64
201 action.error.variety.Disposal.error int64
202 action.error.variety.Gaffe int64
203 action.error.variety.Loss int64
204 action.error.variety.Maintenance.error int64
205 action.error.variety.Malfunction int64
206 action.error.variety.Misconfiguration int64
207 action.error.variety.Misdelivery int64
208 action.error.variety.Omission int64
209 action.error.variety.Other int64
210 action.error.variety.Programming.error int64
211 action.error.variety.Publishing.error int64
212 action.error.variety.Unknown int64
213 action.error.vector.Carelessness int64
214 action.error.vector.Inadequate.personnel int64
215 action.error.vector.Inadequate.processes int64
216 action.error.vector.Inadequate.technology int64
217 action.error.vector.Other int64
218 action.error.vector.Random.error int64
219 action.error.vector.Unknown int64
220 action.error int64
221 action.environmental.variety.Fire int64
222 action.environmental.variety.Humidity int64
223 action.environmental.variety.Power.failure int64
224 action.environmental int64
225 action.unknown int64
226 asset.accessibility object
227 asset.cloud object
228 asset.hosting object
229 asset.ownership object
230 asset.assets.Kiosk.Term int64
231 asset.assets.Media int64
232 asset.assets.Network int64
233 asset.assets.Person int64
234 asset.assets.Server int64
235 asset.assets.Unknown int64
236 asset.assets.User.Dev int64
237 asset.assets.variety.M...Disk.drive int64
238 asset.assets.variety.M...Disk.media int64
239 asset.assets.variety.M...Documents int64
240 asset.assets.variety.M...Flash.drive int64
241 asset.assets.variety.M...Other int64
242 asset.assets.variety.M...Payment.card int64
243 asset.assets.variety.M...Smart.card int64
244 asset.assets.variety.M...Tapes int64
245 asset.assets.variety.N...Access.reader int64
246 asset.assets.variety.N...Broadband int64
247 asset.assets.variety.N...Camera int64
248 asset.assets.variety.N...Firewall int64
249 asset.assets.variety.N...LAN int64
250 asset.assets.variety.N...Other int64
251 asset.assets.variety.N...PBX int64
252 asset.assets.variety.N...Private.WAN int64
253 asset.assets.variety.N...Router.or.switch int64
254 asset.assets.variety.N...SAN int64
255 asset.assets.variety.N...Telephone int64
256 asset.assets.variety.N...WLAN int64
257 asset.assets.variety.P...Call.center int64
258 asset.assets.variety.P...Cashier int64
259 asset.assets.variety.P...Customer int64
260 asset.assets.variety.P...End.user int64
261 asset.assets.variety.P...Executive int64
262 asset.assets.variety.P...Finance int64
263 asset.assets.variety.P...Maintenance int64
264 asset.assets.variety.P...Manager int64
265 asset.assets.variety.P...Other int64
266 asset.assets.variety.P...Partner int64
267 asset.assets.variety.P...System.admin int64
268 asset.assets.variety.S...Authentication int64
269 asset.assets.variety.S...Backup int64
270 asset.assets.variety.S...Code.repository int64
271 asset.assets.variety.S...Database int64
272 asset.assets.variety.S...Directory int64
273 asset.assets.variety.S...DNS int64
274 asset.assets.variety.S...File int64
275 asset.assets.variety.S...Mail int64
276 asset.assets.variety.S...Mainframe int64
277 asset.assets.variety.S...Other int64
278 asset.assets.variety.S...Payment.switch int64
279 asset.assets.variety.S...POS.controller int64
280 asset.assets.variety.S...Remote.access int64
281 asset.assets.variety.S...SCADA int64
282 asset.assets.variety.S...VM.host int64
283 asset.assets.variety.S...Web.application int64
284 asset.assets.variety.T...ATM int64
285 asset.assets.variety.T...Gas.terminal int64
286 asset.assets.variety.T...Kiosk int64
287 asset.assets.variety.T...Other int64
288 asset.assets.variety.T...PED.pad int64
289 asset.assets.variety.U...Desktop int64
290 asset.assets.variety.U...Laptop int64
291 asset.assets.variety.U...Media int64
292 asset.assets.variety.U...Mobile.phone int64
293 asset.assets.variety.U...Other int64
294 asset.assets.variety.U...Peripheral int64
295 asset.assets.variety.U...POS.terminal int64
296 asset.assets.variety.U...Tablet int64
297 asset.assets.variety.U...Telephone int64
298 asset.assets.variety.Unknown int64
299 attribute.confidentiality.data_disclosure object
300 attribute.confidentiality.data_total float64
301 attribute.integrity.variety.Alter.behavior int64
302 attribute.integrity.variety.Created.account int64
303 attribute.integrity.variety.Fraudulent.transaction int64
304 attribute.integrity.variety.Hardware.tampering int64
305 attribute.integrity.variety.Log.tampering int64
306 attribute.integrity.variety.Misappropriation int64
307 attribute.integrity.variety.Misrepresentation int64
308 attribute.integrity.variety.Modify.configuration int64
309 attribute.integrity.variety.Modify.data int64
310 attribute.integrity.variety.Modify.privileges int64
311 attribute.integrity.variety.Other int64
312 attribute.integrity.variety.Software.installation int64
313 attribute.integrity.variety.Unknown int64
314 attribute.availability.variety.Degradation int64
315 attribute.availability.variety.Destruction int64
316 attribute.availability.variety.Interruption int64
317 attribute.availability.variety.Loss int64
318 attribute.availability.variety.Obscuration int64
319 attribute.availability.variety.Other int64
320 timeline.discovery.day_count float64
321 timeline.incident.day float64
322 timeline.incident.month float64
323 timeline.incident.year int64
324 discovery_method object

Understanding the Data

Histogram



In [5]:

    
import matplotlib as mpl
import matplotlib.pyplot as plt
import seaborn as sns

# setting the palette
sns.set_palette("deep", desat=.6)
sns.set_context(rc={"figure.figsize": (10, 10)})

for i, col in enumerate(allDf.columns):
    ## type check the column
    if (allDf[col].dtype == 'int64'):
        print i, col
        
        f = plt.figure(figsize=(10, 10))
        
        plt.hist(allDf[col].values)
        sns.axlabel(col, "values")









    



9 actor.external.motive.Espionage
10 actor.external.motive.Financial
11 actor.external.motive.Fun
12 actor.external.motive.Grudge
13 actor.external.motive.Ideology
14 actor.external.motive.NA
15 actor.external.motive.Other
16 actor.external.motive.Unknown
17 actor.external.variety.Acquaintance
18 actor.external.variety.Activist
19 actor.external.variety.Competitor
20 actor.external.variety.Customer
21 actor.external.variety.Force.majeure
22 actor.external.variety.Former.employee
23 actor.external.variety.Nation.state
24 actor.external.variety.Organized.crime
25 actor.external.variety.Other
26 actor.external.variety.State.affiliated
27 actor.external.variety.Unaffiliated
28 actor.external.variety.Unknown
29 actor.external
30 actor.internal.motive.Convenience
31 actor.internal.motive.Espionage
32 actor.internal.motive.Fear
33 actor.internal.motive.Financial
34 actor.internal.motive.Fun
35 actor.internal.motive.Grudge
36 actor.internal.motive.Ideology
37 actor.internal.motive.NA
38 actor.internal.motive.Other
39 actor.internal.motive.Unknown
40 actor.internal.variety.Call.center
41 actor.internal.variety.Cashier
42 actor.internal.variety.Developer
43 actor.internal.variety.End.user
44 actor.internal.variety.Executive
45 actor.internal.variety.Finance
46 actor.internal.variety.Helpdesk
47 actor.internal.variety.Human.resources
48 actor.internal.variety.Maintenance
49 actor.internal.variety.Manager
50 actor.internal.variety.Other
51 actor.internal.variety.System.admin
52 actor.internal.variety.Unknown
53 actor.internal
54 actor.partner.motive.Convenience
55 actor.partner.motive.Financial
56 actor.partner.motive.Fun
57 actor.partner.motive.NA
58 actor.partner.motive.Other
59 actor.partner.motive.Unknown
60 actor.partner
61 actor.unknown
62 action.malware.variety.Adminware
63 action.malware.variety.Backdoor
64 action.malware.variety.Brute.force
65 action.malware.variety.C2
66 action.malware.variety.Capture.app.data
67 action.malware.variety.Capture.stored.data
68 action.malware.variety.Client.side.attack
69 action.malware.variety.Destroy.data
70 action.malware.variety.Disable.controls
71 action.malware.variety.DoS
72 action.malware.variety.Downloader
73 action.malware.variety.Exploit.vuln
74 action.malware.variety.Export.data
75 action.malware.variety.Other
76 action.malware.variety.Packet.sniffer
77 action.malware.variety.Password.dumper
78 action.malware.variety.Ram.scraper
79 action.malware.variety.Ransomware
80 action.malware.variety.Rootkit
81 action.malware.variety.Scan.network
82 action.malware.variety.Spam
83 action.malware.variety.Spyware.Keylogger
84 action.malware.variety.Unknown
85 action.malware.vector.Direct.install
86 action.malware.vector.Download.by.malware
87 action.malware.vector.Email.attachment
88 action.malware.vector.Email.autoexecute
89 action.malware.vector.Email.link
90 action.malware.vector.Other
91 action.malware.vector.Remote.injection
92 action.malware.vector.Unknown
93 action.malware.vector.Web.drive.by
94 action.malware
95 action.hacking.variety.Abuse.of.functionality
96 action.hacking.variety.Brute.force
97 action.hacking.variety.Cryptanalysis
98 action.hacking.variety.DoS
99 action.hacking.variety.Forced.browsing
100 action.hacking.variety.MitM
101 action.hacking.variety.Other
102 action.hacking.variety.Path.traversal
103 action.hacking.variety.RFI
104 action.hacking.variety.SQLi
105 action.hacking.variety.SSI.injection
106 action.hacking.variety.Unknown
107 action.hacking.variety.Use.of.backdoor.or.C2
108 action.hacking.variety.Use.of.stolen.creds
109 action.hacking.variety.XSS
110 action.hacking.vector.3rd.party.desktop
111 action.hacking.vector.Backdoor.or.C2
112 action.hacking.vector.Command.shell
113 action.hacking.vector.Desktop.sharing
114 action.hacking.vector.Other
115 action.hacking.vector.Partner
116 action.hacking.vector.Physical.access
117 action.hacking.vector.Unknown
118 action.hacking.vector.VPN
119 action.hacking.vector.Web.application
120 action.hacking
121 action.social.target.Call.center
122 action.social.target.Cashier
123 action.social.target.Customer
124 action.social.target.End.user
125 action.social.target.Executive
126 action.social.target.Finance
127 action.social.target.Maintenance
128 action.social.target.Manager
129 action.social.target.Other
130 action.social.target.Partner
131 action.social.target.System.admin
132 action.social.target.Unknown
133 action.social.variety.Baiting
134 action.social.variety.Bribery
135 action.social.variety.Elicitation
136 action.social.variety.Extortion
137 action.social.variety.Forgery
138 action.social.variety.Influence
139 action.social.variety.Other
140 action.social.variety.Phishing
141 action.social.variety.Pretexting
142 action.social.variety.Scam
143 action.social.variety.Unknown
144 action.social.vector.Documents
145 action.social.vector.Email
146 action.social.vector.IM
147 action.social.vector.In.person
148 action.social.vector.Phone
149 action.social.vector.SMS
150 action.social.vector.Software
151 action.social.vector.Unknown
152 action.social.vector.Website
153 action.social
154 action.misuse.variety.Data.mishandling
155 action.misuse.variety.Email.misuse
156 action.misuse.variety.Embezzlement
157 action.misuse.variety.Illicit.content
158 action.misuse.variety.Knowledge.abuse
159 action.misuse.variety.Net.misuse
160 action.misuse.variety.Privilege.abuse
161 action.misuse.variety.Unapproved.hardware
162 action.misuse.variety.Unapproved.software
163 action.misuse.variety.Unapproved.workaround
164 action.misuse.variety.Unknown
165 action.misuse.vector.LAN.access
166 action.misuse.vector.Non.corporate
167 action.misuse.vector.Other
168 action.misuse.vector.Physical.access
169 action.misuse.vector.Remote.access
170 action.misuse.vector.Unknown
171 action.misuse
172 action.physical.location.Other
173 action.physical.location.Partner.facility
174 action.physical.location.Partner.vehicle
175 action.physical.location.Personal.residence
176 action.physical.location.Personal.vehicle
177 action.physical.location.Public.facility
178 action.physical.location.Public.vehicle
179 action.physical.location.Unknown
180 action.physical.location.Victim.grounds
181 action.physical.location.Victim.public.area
182 action.physical.location.Victim.secure.area
183 action.physical.location.Victim.work.area
184 action.physical.variety.Connection
185 action.physical.variety.Other
186 action.physical.variety.Snooping
187 action.physical.variety.Surveillance
188 action.physical.variety.Tampering
189 action.physical.variety.Theft
190 action.physical.variety.Unknown
191 action.physical.variety.Wiretapping
192 action.physical.vector.Bypassed.controls
193 action.physical.vector.Disabled.controls
194 action.physical.vector.Privileged.access
195 action.physical.vector.Uncontrolled.location
196 action.physical.vector.Unknown
197 action.physical.vector.Visitor.privileges
198 action.physical
199 action.error.variety.Classification.error
200 action.error.variety.Data.entry.error
201 action.error.variety.Disposal.error
202 action.error.variety.Gaffe
203 action.error.variety.Loss
204 action.error.variety.Maintenance.error
205 action.error.variety.Malfunction
206 action.error.variety.Misconfiguration
207 action.error.variety.Misdelivery
208 action.error.variety.Omission
209 action.error.variety.Other
210 action.error.variety.Programming.error
211 action.error.variety.Publishing.error
212 action.error.variety.Unknown
213 action.error.vector.Carelessness
214 action.error.vector.Inadequate.personnel
215 action.error.vector.Inadequate.processes
216 action.error.vector.Inadequate.technology
217 action.error.vector.Other
218 action.error.vector.Random.error
219 action.error.vector.Unknown
220 action.error
221 action.environmental.variety.Fire
222 action.environmental.variety.Humidity
223 action.environmental.variety.Power.failure
224 action.environmental
225 action.unknown
230 asset.assets.Kiosk.Term
231 asset.assets.Media
232 asset.assets.Network
233 asset.assets.Person
234 asset.assets.Server
235 asset.assets.Unknown
236 asset.assets.User.Dev
237 asset.assets.variety.M...Disk.drive
238 asset.assets.variety.M...Disk.media
239 asset.assets.variety.M...Documents
240 asset.assets.variety.M...Flash.drive
241 asset.assets.variety.M...Other
242 asset.assets.variety.M...Payment.card
243 asset.assets.variety.M...Smart.card
244 asset.assets.variety.M...Tapes
245 asset.assets.variety.N...Access.reader
246 asset.assets.variety.N...Broadband
247 asset.assets.variety.N...Camera
248 asset.assets.variety.N...Firewall
249 asset.assets.variety.N...LAN
250 asset.assets.variety.N...Other
251 asset.assets.variety.N...PBX
252 asset.assets.variety.N...Private.WAN
253 asset.assets.variety.N...Router.or.switch
254 asset.assets.variety.N...SAN
255 asset.assets.variety.N...Telephone
256 asset.assets.variety.N...WLAN
257 asset.assets.variety.P...Call.center
258 asset.assets.variety.P...Cashier
259 asset.assets.variety.P...Customer
260 asset.assets.variety.P...End.user
261 asset.assets.variety.P...Executive
262 asset.assets.variety.P...Finance
263 asset.assets.variety.P...Maintenance
264 asset.assets.variety.P...Manager
265 asset.assets.variety.P...Other
266 asset.assets.variety.P...Partner
267 asset.assets.variety.P...System.admin
268 asset.assets.variety.S...Authentication
269 asset.assets.variety.S...Backup
270 asset.assets.variety.S...Code.repository
271 asset.assets.variety.S...Database
272 asset.assets.variety.S...Directory
273 asset.assets.variety.S...DNS
274 asset.assets.variety.S...File
275 asset.assets.variety.S...Mail
276 asset.assets.variety.S...Mainframe
277 asset.assets.variety.S...Other
278 asset.assets.variety.S...Payment.switch
279 asset.assets.variety.S...POS.controller
280 asset.assets.variety.S...Remote.access
281 asset.assets.variety.S...SCADA
282 asset.assets.variety.S...VM.host
283 asset.assets.variety.S...Web.application
284 asset.assets.variety.T...ATM
285 asset.assets.variety.T...Gas.terminal
286 asset.assets.variety.T...Kiosk
287 asset.assets.variety.T...Other
288 asset.assets.variety.T...PED.pad
289 asset.assets.variety.U...Desktop
290 asset.assets.variety.U...Laptop
291 asset.assets.variety.U...Media
292 asset.assets.variety.U...Mobile.phone
293 asset.assets.variety.U...Other
294 asset.assets.variety.U...Peripheral
295 asset.assets.variety.U...POS.terminal
296 asset.assets.variety.U...Tablet
297 asset.assets.variety.U...Telephone
298 asset.assets.variety.Unknown
301 attribute.integrity.variety.Alter.behavior
302 attribute.integrity.variety.Created.account
303 attribute.integrity.variety.Fraudulent.transaction
304 attribute.integrity.variety.Hardware.tampering
305 attribute.integrity.variety.Log.tampering
306 attribute.integrity.variety.Misappropriation
307 attribute.integrity.variety.Misrepresentation
308 attribute.integrity.variety.Modify.configuration
309 attribute.integrity.variety.Modify.data
310 attribute.integrity.variety.Modify.privileges
311 attribute.integrity.variety.Other
312 attribute.integrity.variety.Software.installation
313 attribute.integrity.variety.Unknown
314 attribute.availability.variety.Degradation
315 attribute.availability.variety.Destruction
316 attribute.availability.variety.Interruption
317 attribute.availability.variety.Loss
318 attribute.availability.variety.Obscuration
319 attribute.availability.variety.Other
323 timeline.incident.year






    



/Users/shreyas/anaconda/lib/python2.7/site-packages/matplotlib/pyplot.py:412: RuntimeWarning: More than 20 figures have been opened. Figures created through the pyplot interface (`matplotlib.pyplot.figure`) are retained until explicitly closed and may consume too much memory. (To control this warning, see the rcParam `figure.max_num_figures`).
  max_open_warning, RuntimeWarning)

For Key Features

Histograms



In [6]:

    
"""
Instead of calculating joint probability distribution taking 
all possible combinations of features taken 2 at a time, I chose
to calculate distribution for some key columns

KeyCols :
- actor.external int64
- actor.internal int64
- actor.partner int64
- actor.unknown int64
- action.malware int64
- action.hacking int64
- action.social int64
- action.misuse int64
- action.physical int64
- action.error int64
- action.environmental int64
- action.unknown int64
- timeline.discovery.day_count float64
- timeline.incident.day float64
- timeline.incident.month float64
- timeline.incident.year int64
"""

keyCols = [
'actor.external', # int64
'actor.internal', # int64
'actor.partner', # int64
'actor.unknown', # int64
'action.malware', # int64
'action.hacking', # int64
'action.social', # int64
'action.misuse', # int64
'action.physical', # int64
'action.error', # int64
'action.environmental', # int64
'action.unknown', # int64'
# 'timeline.discovery.day_count', #float64
# 'timeline.incident.day',  #float64
# 'timeline.incident.month', # float64
'timeline.incident.year' #int64
]



In [7]:

    
for i, col in enumerate(keyCols):
    print i, col
    
    f = plt.figure(figsize=(10, 10))    
    plt.hist(allDf[col].values)
    sns.axlabel(col, "values")









    



0 actor.external
1 actor.internal
2 actor.partner
3 actor.unknown
4 action.malware
5 action.hacking
6 action.social
7 action.misuse
8 action.physical
9 action.error
10 action.environmental
11 action.unknown
12 timeline.incident.year

Distribution Plot



In [8]:

    
for i, col in enumerate(keyCols):
    print i, col
    
    f = plt.figure(figsize=(10, 10))    
    sns.distplot(allDf[col].values, rug=True)
    sns.axlabel(col, "values")









    



0 actor.external
1 actor.internal
2 actor.partner






    



---------------------------------------------------------------------------
OverflowError                             Traceback (most recent call last)
<ipython-input-8-7428895f4394> in <module>()
      3 
      4     f = plt.figure(figsize=(10, 10))
----> 5     sns.distplot(allDf[col].values, rug=True)
      6     sns.axlabel(col, "values")

/Users/shreyas/anaconda/lib/python2.7/site-packages/seaborn/distributions.pyc in distplot(a, bins, hist, kde, rug, fit, hist_kws, kde_kws, rug_kws, fit_kws, color, vertical, axlabel, label, ax)
    486         hist_color = hist_kws.pop("color", color)
    487         ax.hist(a, bins, normed=True, orientation=orientation,
--> 488                 color=hist_color, **hist_kws)
    489         if hist_color != color:
    490             hist_kws["color"] = hist_color

/Users/shreyas/anaconda/lib/python2.7/site-packages/matplotlib/axes.pyc in hist(self, x, bins, range, normed, weights, cumulative, bottom, histtype, align, orientation, rwidth, log, color, label, stacked, **kwargs)
   8324             # this will automatically overwrite bins,
   8325             # so that each histogram uses the same bins
-> 8326             m, bins = np.histogram(x[i], bins, weights=w[i], **hist_kwargs)
   8327             m = m.astype(float) # causes problems later if it's an int
   8328             if mlast is None:

/Users/shreyas/anaconda/lib/python2.7/site-packages/numpy/lib/function_base.pyc in histogram(a, bins, range, normed, weights, density)
    178             mn -= 0.5
    179             mx += 0.5
--> 180         bins = linspace(mn, mx, bins+1, endpoint=True)
    181     else:
    182         bins = asarray(bins)

/Users/shreyas/anaconda/lib/python2.7/site-packages/numpy/core/function_base.pyc in linspace(start, stop, num, endpoint, retstep)
     74 
     75     """
---> 76     num = int(num)
     77     if num <= 0:
     78         return array([], float)

OverflowError: cannot convert float infinity to integer

Bivariate analysis



In [15]:

    
"""
To get 2 features at a time
"""

from itertools import combinations

HexBin Plots



In [16]:

    
for col1, col2 in combinations(keyCols, r=2):
    f = plt.figure(figsize=(10, 10))
    plt.hexbin(allDf[col1], allDf[col2], gridsize=100, cmap="BuGn")
    plt.hexbin(allDf[col1], allDf[col2], gridsize=100, cmap="BuGn")
    sns.axlabel(col1, col2)

Density Estimation



In [17]:

    
for col1, col2 in combinations(keyCols, r=2):
    print col1, col2
    
    f = plt.figure(figsize=(10, 10))
    sns.kdeplot(allDf[col1], allDf[col2], shade=True)
    sns.axlabel(col1, col2)









    



actor.external actor.internal
actor.external actor.partner
actor.external actor.unknown
actor.external action.malware
actor.external action.hacking
actor.external action.social
actor.external action.misuse
actor.external action.physical
actor.external action.error
actor.external action.environmental
actor.external action.unknown
actor.internal actor.partner
actor.internal actor.unknown
actor.internal action.malware
actor.internal action.hacking
actor.internal action.social
actor.internal action.misuse
actor.internal action.physical
actor.internal action.error
actor.internal action.environmental
actor.internal action.unknown
actor.partner actor.unknown
actor.partner action.malware
actor.partner action.hacking
actor.partner action.social
actor.partner action.misuse
actor.partner action.physical
actor.partner action.error
actor.partner action.environmental
actor.partner action.unknown
actor.unknown action.malware
actor.unknown action.hacking
actor.unknown action.social
actor.unknown action.misuse
actor.unknown action.physical
actor.unknown action.error
actor.unknown action.environmental
actor.unknown action.unknown
action.malware action.hacking
action.malware action.social
action.malware action.misuse
action.malware action.physical
action.malware action.error
action.malware action.environmental
action.malware action.unknown
action.hacking action.social
action.hacking action.misuse
action.hacking action.physical
action.hacking action.error
action.hacking action.environmental
action.hacking action.unknown
action.social action.misuse
action.social action.physical
action.social action.error
action.social action.environmental
action.social action.unknown
action.misuse action.physical
action.misuse action.error
action.misuse action.environmental
action.misuse action.unknown
action.physical action.error
action.physical action.environmental
action.physical action.unknown
action.error action.environmental
action.error action.unknown
action.environmental action.unknown



In [18]:

    
"""
Combined Bivariate and Univariate Plots

@Ashley: review the bug
"""


for col1, col2 in combinations(keyCols, r=2):
    print col1, col2
    
    jointDf = pd.concat([allDf[col1], allDf[col2]])
    f = plt.figure(figsize=(10, 10))
    sns.jointplot(col1, col2, jointDf.values, kind="kde")
    sns.axlabel(col1, col2)









    



actor.external actor.internal






    



---------------------------------------------------------------------------
ValueError                                Traceback (most recent call last)
<ipython-input-18-ca9a159e1471> in <module>()
     11     jointDf = pd.concat([allDf[col1], allDf[col2]])
     12     f = plt.figure(figsize=(10, 10))
---> 13     sns.jointplot(col1, col2, jointDf.values, kind="kde")
     14     sns.axlabel(col1, col2)

/Users/shreyas/anaconda/lib/python2.7/site-packages/seaborn/distributions.pyc in jointplot(x, y, data, kind, stat_func, color, size, ratio, space, dropna, xlim, ylim, joint_kws, marginal_kws, annot_kws)
    887     elif kind.startswith("kde"):
    888 
--> 889         grid.plot_joint(kdeplot, shade=True, cmap=cmap, **joint_kws)
    890         grid.plot_marginals(kdeplot, shade=True, color=color, **marginal_kws)
    891 

/Users/shreyas/anaconda/lib/python2.7/site-packages/seaborn/axisgrid.pyc in plot_joint(self, func, **kwargs)
    724         """
    725         plt.sca(self.ax_joint)
--> 726         func(self.x, self.y, **kwargs)
    727 
    728         return self

/Users/shreyas/anaconda/lib/python2.7/site-packages/seaborn/distributions.pyc in kdeplot(data, data2, shade, vertical, kernel, bw, gridsize, cut, clip, legend, ax, cumulative, **kwargs)
    735         ax = plt.gca()
    736 
--> 737     data = data.astype(np.float64, copy=False)
    738     if data2 is not None:
    739         data2 = data2.astype(np.float64, copy=False)

ValueError: could not convert string to float: c





    





<matplotlib.figure.Figure at 0x120bddcd0>

All Variables taken together



In [9]:

    
## remove year from keyCols 
keyCols.remove('timeline.incident.year')

sns.boxplot(allDf[keyCols], names=keyCols, whis=np.inf, color="PaleGreen")









    Out[9]:





<matplotlib.axes.AxesSubplot at 0x112a48450>



In [10]:

    
sns.violinplot(allDf[keyCols], names=keyCols, color="pastel")









    Out[10]:





<matplotlib.axes.AxesSubplot at 0x1139ab690>



In [13]:

    
sns.corrplot(allDf[keyCols], names=keyCols, cmap="RdBu_r")









    Out[13]:





<matplotlib.axes.AxesSubplot at 0x112a0ce90>



In [11]:

    
numericCols = list()
for col in allDf.columns:
    if allDf[col].dtype == 'int64':
        numericCols.append(col)



In [12]:

    
sns.corrplot(allDf[numericCols])









    Out[12]:





<matplotlib.axes.AxesSubplot at 0x120bc0a90>

Clustering



In [ ]:

    
from sklearn import metrics
from sklearn.cluster import KMeans
from sklearn.decomposition import PCA
from sklearn.preprocessing import scale



In [ ]:

    
from time import time
(sample_size, features) = allDf[keyCols].shape

def bench_k_means(estimator, name, data):
    t0 = time()
    estimator.fit(data)
    print('% 9s   %.2fs    %i   %.3f   %.3f   %.3f   %.3f   %.3f    %.3f'
          % (name, (time() - t0), estimator.inertia_,
             metrics.homogeneity_score(labels, estimator.labels_),
             metrics.completeness_score(labels, estimator.labels_),
             metrics.v_measure_score(labels, estimator.labels_),
             metrics.adjusted_rand_score(labels, estimator.labels_),
             metrics.adjusted_mutual_info_score(labels,  estimator.labels_),
             metrics.silhouette_score(data, estimator.labels_,
                                      metric='euclidean',
                                      sample_size=sample_size)))



In [ ]:

    
data = allDf[keyCols].values
bench_k_means(KMeans(init='k-means++', n_clusters=10, n_init=10),name="k-means++", data=data)



In [ ]:

	incident_id	reference	security_incident	victim.country	victim.employee_count	victim.industry	victim.revenue.amount	victim.state	victim.victim_id	actor.external.motive.Financial	actor.external.motive.Ideology	actor.external.motive.Unknown	actor.external.variety.Activist
0	0012CC25-9167-40D8-8FE3-3D0DFD8FB6BB	http://www.publicservice.co.uk/news_story.asp?...	Confirmed	GB	Unknown	All Other Information Services	NaN	NaN	Universal Jobmatch	1	0	0	0	...
1	001A011B-8C28-46B9-BA86-186C18213E1A	VA FOIA	Confirmed	US	Over 100000	All Other Support Services	NaN	TX	United States Department of Veterans Affairs	0	0	0	0	...
2	00224226-4A39-435C-BFFD-672B5D61C7C1	http://www.cyberwarnews.info/2013/09/04/7gb-da...	Confirmed	AZ	Unknown	Other Electric Power Generation	NaN	NaN	Azerenerji	0	1	0	1	...
3	002599D4-A872-433B-9980-BD9F257B283F	http://blog.trendmicro.com/sutter-health-sued-...	Confirmed	US	1 to 10	Civic and Social Organizations	NaN	CA	Sutter Medical Foundation	0	0	1	0	...
4	005C42A3-3FE8-47B5-866B-AFBB5E3F5B95	NaN	Confirmed	US	1001 to 10000	Direct Health and Medical Insurance Carriers	NaN	RI	Blue Cross and Blue Shield of Rhode Island	0	0	0	0	...