Evaluation and performance analysis of machine learning models for Identity and Access Management (IAM) attack detection

This chapter documents how the experiment was implemented as well as a brief explanation of evaluation metrics. To begin, all libraries required to carry out the experiment and prepare the data are imported as shown in the figure below. 

4.1.1 Loading the Data into r and Preprocessing Here, the data generated from the server in the form of logs have been transformed into two datasets called ben_IAM and mal_IAM which are then loaded/imported into the R studio IDE for exploration. Although the datasets were already cleaned, some basic cleaning like checking for missing values was done. There was no need to remove any feature as relevant features had already been selected during the process of data transformation. Handling missing values is as important as training because it could determine the accuracy of results. The mathematics underlying most models assumes that data is numeric and so should be free of missing values. Missing values in R codes could trigger errors while training.