Darknet Traffic Classification using Machine Learning Techniques

A Darknet is an overlay network within the Internet, and packets’ traffic originating from it is usually termed as suspicious. In this paper common machine learning classification algorithms are employed to identify Darknet traffic. A ROC analysis along with a feature importance analysis for the best classifier was performed, to provide a better visualisation of the results. The experiments were conducted in the new dataset CIC-Darknet2020 and the classifiers were trained to both binary and multiclass classification. In the first classification task, there were two classes: "Benign" and "Darknet", whereas in the second there were four classes: "Tor", "Non Tor", "VPN" and "Non VPN". An average prediction accuracy of over 98% was achieved with the implementation of Random Forest algorithm for both classification tasks. This is the first work, to the best of our knowledge providing a comprehensive performance evaluation of machine learning classifiers employed for Darknet traffic classification in the new dataset CIC-Darknet2020.