## timestamp src_ip dst_ip src_port dst_port ## 1 2025-10-01 00:12:54 188.176.27.165 253.240.113.218 56377 445 ## 2 2025-10-01 00:23:43 68.59.26.43 212.75.38.111 51165 1433 ## 3 2025-10-01 00:25:46 119.204.243.78 90.28.90.234 14948 1433 ## 4 2025-10-01 00:27:21 122.119.194.175 175.140.78.230 36097 443 ## 5 2025-10-01 00:40:09 181.199.242.68 55.99.177.69 445 21255 ## 6 2025-10-01 00:56:45 38.222.6.74 191.130.7.118 58858 445 ## protocol bytes_sent bytes_received ## 1 TCP 8029 17204 ## 2 TCP 676368 2643374 ## 3 TCP 316502 38571 ## 4 TCP 70933 21935 ## 5 TCP 12721 9939 ## 6 UDP 150393 94993 ## user_agent ## 1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 2 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 3 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 ## 4 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 5 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 6 curl/8.4.0 ## url is_internal_traffic ## 1 https://webmail.corp/login?id=385071 False ## 2 https://portal.example.org/owa/auth/logon.aspx?id=280743 False ## 3 False ## 4 https://webmail.corp/phpmyadmin?id=114701 False ## 5 https://portal.example.org/config.php?id=345569 False ## 6 False ## label attack_type ## 1 0 benign ## 2 0 benign ## 3 0 benign ## 4 0 benign ## 5 0 benign ## 6 0 benign
2026-03-24
Dataset Preview
Summary Statistics
## bytes_sent bytes_received src_port dst_port ## Min. : 17 Min. : 3 Min. : 21 Min. : 5 ## 1st Qu.: 7148 1st Qu.: 10961 1st Qu.: 6092 1st Qu.: 25 ## Median : 21816 Median : 37473 Median :25432 Median : 443 ## Mean : 141257 Mean : 262088 Mean :27052 Mean : 2027 ## 3rd Qu.: 65095 3rd Qu.: 121380 3rd Qu.:45216 3rd Qu.: 1433 ## Max. :139170405 Max. :291482959 Max. :65524 Max. :65491 ## label ## Min. :0.00 ## 1st Qu.:0.00 ## Median :0.00 ## Mean :0.04 ## 3rd Qu.:0.00 ## Max. :1.00
Data Description
The dataset includes:
- timestamp
- src-ip and dst_ip
- src_port and dst_port
- protocol
- bytes_sent and bytes received
- label
- attack_type
These will be useful to allow comparisons between normal and attack traffic, protocol behavior, and traffic changes over time.
Attack vs Normal Traffic (Plot 1)
The increased variability of high value outliers in attack traffic suggest that abnormal data transmission patterns can be used as indicators for detecting malicious activity.
Attack Type (Plot 2)
## <theme> List of 144 ## $ line : <ggplot2::element_line> ## ..@ colour : chr "black" ## ..@ linewidth : num 0.5 ## ..@ linetype : num 1 ## ..@ lineend : chr "butt" ## ..@ linejoin : chr "round" ## ..@ arrow : logi FALSE ## ..@ arrow.fill : chr "black" ## ..@ inherit.blank: logi TRUE ## $ rect : <ggplot2::element_rect> ## ..@ fill : chr "white" ## ..@ colour : chr "black" ## ..@ linewidth : num 0.5 ## ..@ linetype : num 1 ## ..@ linejoin : chr "round" ## ..@ inherit.blank: logi TRUE ## $ text : <ggplot2::element_text> ## ..@ family : chr "" ## ..@ face : chr "plain" ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : chr "black" ## ..@ size : num 11 ## ..@ hjust : num 0.5 ## ..@ vjust : num 0.5 ## ..@ angle : num 0 ## ..@ lineheight : num 0.9 ## ..@ margin : <ggplot2::margin> num [1:4] 0 0 0 0 ## ..@ debug : logi FALSE ## ..@ inherit.blank: logi TRUE ## $ title : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : NULL ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ point : <ggplot2::element_point> ## ..@ colour : chr "black" ## ..@ shape : num 19 ## ..@ size : num 1.5 ## ..@ fill : chr "white" ## ..@ stroke : num 0.5 ## ..@ inherit.blank: logi TRUE ## $ polygon : <ggplot2::element_polygon> ## ..@ fill : chr "white" ## ..@ colour : chr "black" ## ..@ linewidth : num 0.5 ## ..@ linetype : num 1 ## ..@ linejoin : chr "round" ## ..@ inherit.blank: logi TRUE ## $ geom : <ggplot2::element_geom> ## ..@ ink : chr "black" ## ..@ paper : chr "white" ## ..@ accent : chr "#3366FF" ## ..@ linewidth : num 0.5 ## ..@ borderwidth: num 0.5 ## ..@ linetype : int 1 ## ..@ bordertype : int 1 ## ..@ family : chr "" ## ..@ fontsize : num 3.87 ## ..@ pointsize : num 1.5 ## ..@ pointshape : num 19 ## ..@ colour : NULL ## ..@ fill : NULL ## $ spacing : 'simpleUnit' num 5.5points ## ..- attr(*, "unit")= int 8 ## $ margins : <ggplot2::margin> num [1:4] 5.5 5.5 5.5 5.5 ## $ aspect.ratio : NULL ## $ axis.title : NULL ## $ axis.title.x : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : num 1 ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 2.75 0 0 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.title.x.top : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : num 0 ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 0 2.75 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.title.x.bottom : NULL ## $ axis.title.y : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : num 1 ## ..@ angle : num 90 ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 2.75 0 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.title.y.left : NULL ## $ axis.title.y.right : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : num 1 ## ..@ angle : num -90 ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 0 0 2.75 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : chr "#4D4D4DFF" ## ..@ size : 'rel' num 0.8 ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : NULL ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.x : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : num 1 ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 2.2 0 0 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.x.top : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 0 4.95 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.x.bottom : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 4.95 0 0 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.y : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : num 1 ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 2.2 0 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.y.left : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 4.95 0 0 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.y.right : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 0 0 4.95 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.text.theta : NULL ## $ axis.text.r : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : num 0.5 ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : <ggplot2::margin> num [1:4] 0 2.2 0 2.2 ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ axis.ticks : <ggplot2::element_blank> ## $ axis.ticks.x : NULL ## $ axis.ticks.x.top : NULL ## $ axis.ticks.x.bottom : NULL ## $ axis.ticks.y : NULL ## $ axis.ticks.y.left : NULL ## $ axis.ticks.y.right : NULL ## $ axis.ticks.theta : NULL ## $ axis.ticks.r : NULL ## $ axis.minor.ticks.x.top : NULL ## $ axis.minor.ticks.x.bottom : NULL ## $ axis.minor.ticks.y.left : NULL ## $ axis.minor.ticks.y.right : NULL ## $ axis.minor.ticks.theta : NULL ## $ axis.minor.ticks.r : NULL ## $ axis.ticks.length : 'rel' num 0.5 ## $ axis.ticks.length.x : NULL ## $ axis.ticks.length.x.top : NULL ## $ axis.ticks.length.x.bottom : NULL ## $ axis.ticks.length.y : NULL ## $ axis.ticks.length.y.left : NULL ## $ axis.ticks.length.y.right : NULL ## $ axis.ticks.length.theta : NULL ## $ axis.ticks.length.r : NULL ## $ axis.minor.ticks.length : 'rel' num 0.75 ## $ axis.minor.ticks.length.x : NULL ## $ axis.minor.ticks.length.x.top : NULL ## $ axis.minor.ticks.length.x.bottom: NULL ## $ axis.minor.ticks.length.y : NULL ## $ axis.minor.ticks.length.y.left : NULL ## $ axis.minor.ticks.length.y.right : NULL ## $ axis.minor.ticks.length.theta : NULL ## $ axis.minor.ticks.length.r : NULL ## $ axis.line : <ggplot2::element_blank> ## $ axis.line.x : NULL ## $ axis.line.x.top : NULL ## $ axis.line.x.bottom : NULL ## $ axis.line.y : NULL ## $ axis.line.y.left : NULL ## $ axis.line.y.right : NULL ## $ axis.line.theta : NULL ## $ axis.line.r : NULL ## $ legend.background : <ggplot2::element_blank> ## $ legend.margin : NULL ## $ legend.spacing : 'rel' num 2 ## $ legend.spacing.x : NULL ## $ legend.spacing.y : NULL ## $ legend.key : <ggplot2::element_blank> ## $ legend.key.size : 'simpleUnit' num 1.2lines ## ..- attr(*, "unit")= int 3 ## $ legend.key.height : NULL ## $ legend.key.width : NULL ## $ legend.key.spacing : NULL ## $ legend.key.spacing.x : NULL ## $ legend.key.spacing.y : NULL ## $ legend.key.justification : NULL ## $ legend.frame : NULL ## $ legend.ticks : NULL ## $ legend.ticks.length : 'rel' num 0.2 ## $ legend.axis.line : NULL ## $ legend.text : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : 'rel' num 0.8 ## ..@ hjust : NULL ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : NULL ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ legend.text.position : NULL ## $ legend.title : <ggplot2::element_text> ## ..@ family : NULL ## ..@ face : NULL ## ..@ italic : chr NA ## ..@ fontweight : num NA ## ..@ fontwidth : num NA ## ..@ colour : NULL ## ..@ size : NULL ## ..@ hjust : num 0 ## ..@ vjust : NULL ## ..@ angle : NULL ## ..@ lineheight : NULL ## ..@ margin : NULL ## ..@ debug : NULL ## ..@ inherit.blank: logi TRUE ## $ legend.title.position : NULL ## $ legend.position : chr "right" ## $ legend.position.inside : NULL ## $ legend.direction : NULL ## $ legend.byrow : NULL ## $ legend.justification : chr "center" ## $ legend.justification.top : NULL ## $ legend.justification.bottom : NULL ## $ legend.justification.left : NULL ## $ legend.justification.right : NULL ## $ legend.justification.inside : NULL ## [list output truncated] ## @ complete: logi TRUE ## @ validate: logi TRUE
DDoS attacks generate significantly higher traffic than other attack types. A log scale was used to better visualize data.
Time Based Trends (Plot 3)
This way of viewing the data is good to detect anomalies, however the data set only covers a limited time frame and does not really capture seasonal trends or variations in network behavior.
Interactive Scatter (plotly)
This scatter plot shows the relationship between bytes sent and received. A log scale was used to better visualize the data.
3D Plot
The plot shows a relationship between bytes sent and bytes received.
Stats Analysis
## # A tibble: 2 × 8 ## traffic_type total_records avg_bytes_sent med_bytes_sent sd_bytes_sent ## <chr> <int> <dbl> <dbl> <dbl> ## 1 Attack 400 1631307. 16965 10472710. ## 2 Normal 9600 79172. 22090. 249757. ## # ℹ 3 more variables: avg_bytes_received <dbl>, med_bytes_received <dbl>, ## # sd_bytes_received <dbl>
## ## Welch Two Sample t-test ## ## data: bytes_sent by traffic_type ## t = 2.9641, df = 399.02, p-value = 0.003218 ## alternative hypothesis: true difference in means between group Attack and group Normal is not equal to 0 ## 95 percent confidence interval: ## 522694 2581577 ## sample estimates: ## mean in group Attack mean in group Normal ## 1631307.23 79171.83
Statistical Analysis Commentary
The previous slide helps understand cyber attacks verses normal traffic using descriptive statistics and a t-test.
- The table shows the average, median, and standard deviation of network activity by traffic type
- These results help explain whether attacks tend to behave differently from normal traffic
Example Code
## timestamp src_ip dst_ip src_port dst_port ## 1 2025-10-01 00:12:54 188.176.27.165 253.240.113.218 56377 445 ## 2 2025-10-01 00:23:43 68.59.26.43 212.75.38.111 51165 1433 ## 3 2025-10-01 00:25:46 119.204.243.78 90.28.90.234 14948 1433 ## 4 2025-10-01 00:27:21 122.119.194.175 175.140.78.230 36097 443 ## 5 2025-10-01 00:40:09 181.199.242.68 55.99.177.69 445 21255 ## 6 2025-10-01 00:56:45 38.222.6.74 191.130.7.118 58858 445 ## protocol bytes_sent bytes_received ## 1 TCP 8029 17204 ## 2 TCP 676368 2643374 ## 3 TCP 316502 38571 ## 4 TCP 70933 21935 ## 5 TCP 12721 9939 ## 6 UDP 150393 94993 ## user_agent ## 1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 2 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 3 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0 ## 4 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 5 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 ## 6 curl/8.4.0 ## url is_internal_traffic ## 1 https://webmail.corp/login?id=385071 False ## 2 https://portal.example.org/owa/auth/logon.aspx?id=280743 False ## 3 False ## 4 https://webmail.corp/phpmyadmin?id=114701 False ## 5 https://portal.example.org/config.php?id=345569 False ## 6 False ## label attack_type traffic_type day ## 1 0 benign Normal 2025-10-01 ## 2 0 benign Normal 2025-10-01 ## 3 0 benign Normal 2025-10-01 ## 4 0 benign Normal 2025-10-01 ## 5 0 benign Normal 2025-10-01 ## 6 0 benign Normal 2025-10-01
Conclusion
- I picked this cyber security data set to help visualize attacks by comparing normal verses cyber attack types
- Its significant to understand what protocol behaviors are utilized
- Looking over time and how trends of cyber attacks accumulate verses regular network traffic
- The data shows strong representation because it includes numerical, categorical, and time-based variables.
Thank you.