Proceedings ArticleDOI
Deep in the Dark: A Novel Threat Detection System using Darknet Traffic
Sanjay Kumar,Harald Vranken,Joost van Dijk,Timo Hämäläinen +3 more
- pp 4273-4279
TLDR
This paper proposes a threat detection system based on Machine Learning classifiers that are trained using darknet traffic that can easily distinguish between benign and malign traffic and are able to detect known and unknown threats effectively with an accuracy above 99%.Abstract:
This paper proposes a threat detection system based on Machine Learning classifiers that are trained using darknet traffic. Traffic destined to Darknet is either malicious or by misconfiguration. Darknet traffic contains traces of several threats such as DDoS attacks, botnets, spoofing, probes and scanning attacks. We analyse darknet traffic by extracting network traffic features from it that help in finding patterns of these advanced threats. We collected the darknet traffic from the network sensors deployed at SURFnet and extracted several network-based features. In this study, we proposed a framework that uses supervised machine learning and a concept drift detector. Our experimental results show that our classifiers can easily distinguish between benign and malign traffic and are able to detect known and unknown threats effectively with an accuracy above 99%.read more
Citations
More filters
Journal ArticleDOI
DarknetSec: A novel self-attentive deep learning method for darknet traffic classification and application identification
TL;DR: Wang et al. as discussed by the authors proposed a self-attentive deep learning method for darknet traffic classification and application identification, which utilizes a cascaded model with a 1D CNN and a bidirectional Long Short-Term Memory (Bi-LSTM) network to capture local spatial-temporal features from the payload content of packets, while the self attention mechanism is integrated into the abovementioned feature extraction network to mine the intrinsic relationships and hidden connections among the previously extracted content features.
Journal ArticleDOI
Deep transfer learning framework for the identification of malicious activities to combat cyberattack
TL;DR: In this article, the DeepInsight method was used to transform the numerical features into image data, which were then used in a proposed bi-level classification system to classify the input data into malicious activities.
Journal ArticleDOI
DarkDetect: Darknet Traffic Detection and Categorization Using Modified Convolution-Long Short-Term Memory
Muhammad Bilal Sarwar,Muhammad Kashif Hanif,Ramzan Talib,Muhammad Younas,Muhammad Umer Sarwar +4 more
TL;DR: In this paper, the authors proposed a generalized approach for darknet traffic detection and categorization using deep learning and applied fine-tuned machine learning (ML) algorithms which include Decision Tree (DT), Gradient Boosting (GB), Random Forest Regressor (RFR), and extreme gradient boosting (XGB) on selected features and compare the performance.
Journal ArticleDOI
The Anonymity of the Dark Web: A Survey
TL;DR: In this article , a detailed overview of existing threat detection techniques and their limitations is discussed for anonymity providing services like Tor, I2P, and Freenet, and significant weaknesses that make the dark web vulnerable to different attacks.
Proceedings ArticleDOI
Survey on Identification of Malicious Activities by Monitoring Darknet Access
Preeti S. Joshi,H. A. Dinesha +1 more
TL;DR: An overview of recent work done in the field of darknet monitoring is presented, highlighting the limitations and challenges related to identification of malicious traffic by passive monitoring of traffic.
References
More filters
Proceedings ArticleDOI
Characterization of Encrypted and VPN Traffic using Time-related Features
TL;DR: This paper studies the effectiveness of flow-based time-related features to detect VPN traffic and to characterize encrypted traffic into different categories, according to the type of traffic e.g., browsing, streaming, etc.
Proceedings ArticleDOI
Characterization of Tor Traffic using Time based Features.
TL;DR: A time analysis on Tor traffic flows is presented, captured between the client and the entry node, to detect the application type: Browsing, Chat, Streaming, Mail, Voip, P2P or File Transfer.
Proceedings ArticleDOI
Feature selection for robust backscatter DDoS detection
TL;DR: The experimental results show that it is possible to develop a robust detection system that can generalize well to the changing backscatter DDoS behaviours over time using a small number of selected features.
Proceedings ArticleDOI
Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets
TL;DR: It is confirmed that the proposed method can discriminate DDoS backscatter correctly from unknown dark net TCP packets with more than 90% accuracy.
Proceedings ArticleDOI
A neural network model for detecting DDoS attacks using darknet traffic features
TL;DR: The results indicate that the proposed system detects backscatter packets caused by DDoS attacks accurately and adapts to new attacks quickly.