Darknet Traffic Classification and Adversarial Attacks
This work addresses the problem of detecting illegal activities in darknets for cybersecurity applications, but it is incremental as it builds on existing machine learning techniques.
The research tackled darknet traffic classification by evaluating SVM, Random Forest, CNN, and AC-GAN models, finding that Random Forest outperformed state-of-the-art methods on the CIC-Darknet2020 dataset, but it was vulnerable to simulated adversarial attacks.
The anonymous nature of darknets is commonly exploited for illegal activities. Previous research has employed machine learning and deep learning techniques to automate the detection of darknet traffic in an attempt to block these criminal activities. This research aims to improve darknet traffic detection by assessing Support Vector Machines (SVM), Random Forest (RF), Convolutional Neural Networks (CNN), and Auxiliary-Classifier Generative Adversarial Networks (AC-GAN) for classification of such traffic and the underlying application types. We find that our RF model outperforms the state-of-the-art machine learning techniques used in prior work with the CIC-Darknet2020 dataset. To evaluate the robustness of our RF classifier, we obfuscate select application type classes to simulate realistic adversarial attack scenarios. We demonstrate that our best-performing classifier can be defeated by such attacks, and we consider ways to deal with such adversarial attacks.