Deep Neural Classification of Darknet Traffic [chapter]

Mahmoud Alimoradi, Mahdieh Zabihimayvan, Arman Daliri, Ryan Sledzik, Reza Sadeghi
2022 Frontiers in Artificial Intelligence and Applications  
Darknet is an encrypted portion of the internet for users who intend to hide their identity. Darknet's anonymous nature makes it an effective tool for illegal online activities such as drug trafficking, terrorist activities, and dark marketplaces. Darknet traffic recognition is essential in monitoring and detection of malicious online activities. However, due to the anonymizing strategies used for the darknet to conceal users' identity, traffic recognition is practically challenging. The
more » ... f-the-art recognition systems are empowered by artificial intelligence techniques to segregate the Darknet traffic data. Since they rely on processed features and balancing techniques, these systems suffer from low performance, inability to discover hidden relations in data, and high computational complexity. In this paper, we propose a novel decision support system named Tor-VPN detector to classify raw darknet traffic into four classes of Tor, non-Tor, VPN, and non-VPN. The detector discovers complex non-linear relations from raw darknet traffic by our deep neural network architecture with 79 input artificial neurons and 6 hidden layers. To evaluate the performance of the proposed method, analyses are conducted on a benchmark dataset of DIDarknet. Our model outperforms the state-of-the-art neural network for darknet traffic classification with an accuracy of 96%. These results demonstrate the power of our model in handling darknet traffic without using any preprocessing techniques, like feature extraction or balancing techniques.
doi:10.3233/faia220323 fatcat:pxa355sfnnfixiq7tijaze46fq