nach oben

Information Systems and e-Business Management

28.02.2023 | Original Article

Darknet traffic analysis, and classification system based on modified stacking ensemble learning algorithms

verfasst von: Ammar Almomani

Erschienen in: Information Systems and e-Business Management

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Darknet, a source of cyber intelligence, refers to the internet’s unused address space, which people do not expect to interact with their computers. The establishment of security requires analyses of the threats characterizing the network. New machine learning classifiers known as stacking ensemble learning are proposed in this paper to analyze and classify darknet traffic. In dealing with darknet attack problems, this new system uses predictions formed by 3 base learning techniques. The system was tested on a dataset comprising more than 141,000 records analyzed from CIC-Darknet 2020. The experiment results demonstrated the study’s classifiers’ ability to distinguish between the malignant traffic and benign traffic easily. The classifiers can effectively detect known and unknown threats with high precision and accuracy greater than 99% in the training and 97% in the testing phases, with increments ranging from 4 to 64% by current algorithms. As a result, the proposed system becomes more robust and accurate as data grows. Also, the proposed system has the best standard deviation compared with current A.I. algorithms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Abu Al-Haija Q, Krichen M, Abu Elhaija W (2022) Machine-learning-based darknet traffic detection system for IoT applications. Electronics 11(4):556CrossRef

Ali SHA, Ozawa S, Ban T, Nakazato J, Shimamura J (2016) A neural network model for detecting DDoS attacks using darknet traffic features. In: 2016 International joint conference on neural networks (IJCNN).

Alieyan K, Anbar M, Almomani A, Abdullah R, Alauthman M (2018) Botnets detecting attack based on DNS features. In: 2018 International Arab conference on information technology (ACIT).

Al-Kasassbeh M, Mohammed S, Alauthman M, Almomani A (2020) Feature selection using a machine learning to classify a malware. In: Gupta BB, Perez GM, Agrawal DP, Gupta D (eds) Handbook of computer networks and cyber security. Springer, Berlin, pp 889–904CrossRef

Almomani A (2018) Fast-flux hunter: a system for filtering online fast-flux botnet. Neural Comput Appl 29(7):483–493CrossRef

Almomani A (2022) Classification of virtual private networks encrypted traffic using ensemble learning algorithms. Egypt Inf J 23:57

Almomani A, Gupta BB, Atawneh S, Meulenberg A, Almomani E (2013) A survey of phishing email filtering techniques. IEEE Commun Surv Tutor 15(4):2070–2090CrossRef

Al-Nawasrah A, Al-Momani A, Meziane F, Alauthman M (2018) Fast flux botnet detection framework using adaptive dynamic evolving spiking neural network algorithm. In: 2018 9th international conference on information and communication systems (ICICS).

Arash Habibi Lashkari GK, Abir Rahali (2020a) CIC-Darknet2020a. In: Canadian institute for cybersecurity. Retrieved July 1 2021 from https://www.unb.ca/cic/datasets/darknet2020a.html

Arash Habibi Lashkari GK, Abir Rahali (2020b) DIDarknet: a contemporary approach to detect and characterize the darknet traffic using deep image learning. In: 10th international conference on communication and network security, Tokyo, Japan. https://www.unb.ca/cic/datasets/darknet2020b.html

Ardabili S, Mosavi A, Várkonyi-Kóczy AR (2019) Advances in machine learning modeling reviewing hybrid and ensemble methods. In: International conference on global research and education.

Balkanli E, Zincir-Heywood AN, Heywood MI (2015) Feature selection for robust backscatter DDoS detection. In: 2015 IEEE 40th local computer networks conference workshops (LCN workshops).

Ben-Hur A, Horn D, Siegelmann HT, Vapnik V (2001) Support vector clustering. J Mach Learn Res 2(12):125–137

Bou-Harb E, Assi C, Debbabi M (2016) Csc-detector: a system to infer large-scale probing campaigns. IEEE Trans Dependable Secur Comput 15(3):364–377CrossRef

Bou-Harb E, Husák M, Debbabi M, Assi C (2017) Big data sanitization and cyber situational awareness: a network telescope perspective. IEEE Trans Big Data 5:439CrossRef

Breiman L (2001) Random forests. Mach Learn 45(1):5–32CrossRef

Cambiaso E, Vaccari I, Patti L, Aiello M (2019) Darknet security: a categorization of attacks to the tor network. In: ITASEC.

Chui KT, Gupta BB, Vasant P (2021) A genetic algorithm optimized rnn-lstm model for remaining useful life prediction of turbofan engine. Electronics 10(3):285CrossRef

Cortes C, Vapnik V (1995) Support-vector networks. Mach Learn 20(3):273–297CrossRef

Cvitić I, Peraković D, Gupta B, Choo K-KR (2021) Boosting-based DDoS detection in internet of things systems. IEEE Internet Things J 9:2109 CrossRef

Dainotti A, King A, Claffy K, Papale F, Pescapé A (2014) Analysis of a “/0” stealth scan from a botnet. IEEE/ACM Trans Networking 23(2):341–354CrossRef

Demertzis K, Tsiknas K, Takezis D, Skianis C, Iliadis LJE (2021) Darknet traffic big-data analysis and network management for real-time automating of the malicious intent detection process by a weight agnostic neural networks framework. Electronics 10(7):781 CrossRef

Dietterich TG (2000) Ensemble methods in machine learning. In: International workshop on multiple classifier systems.

Divina F, Gilson A, Goméz-Vela F, García Torres M, Torres JF (2018) Stacking ensemble learning for short-term electricity consumption forecasting. Energies 11(4):949CrossRef

Du P, Xia J, Zhang W, Tan K, Liu Y, Liu S (2012) Multiple classifier system for remote sensing image classification: a review. Sensors 12(4):4764–4792CrossRef

Furutani N, Ban T, Nakazato J, Shimamura J, Kitazono J, Ozawa S (2014) Detection of DDoS backscatter based on traffic features of darknet TCP packets. In: 2014 Ninth Asia Joint conference on information security.

Gdata (2022) What actually is the Darknet? In: Gdata-rust in gurman sicherheit. Retrieved June 7 2022 from https://www.gdatasoftware.com/guidebook/what-is-the-darknet-exactly

Habibi Lashkari A, Kaur G, Rahali A (2020) DIDarknet: a contemporary approach to detect and characterize the darknet traffic using deep image learning. In: 2020 the 10th international conference on communication and network security.

Hansen LK, Salamon P (1990) Neural network ensembles. IEEE Trans Pattern Anal Mach Intell 12(10):993–1001CrossRef

Hollemans M (2021) Binary classification with logistic regression. In: Tensorflow. Retrieved 1–3 from http://machinethink.net/blog/tensorflow-on-ios/

Hopfield JJ (1988) Artificial neural networks. IEEE Circuits Devices Mag 4(5):3–10CrossRef

Hu Y, Zou F, Li L, Yi P (2020) Traffic classification of user behaviors in tor, i2p, zeronet, freenet. In: 2020 IEEE 19th international conference on trust, security and privacy in computing and communications (TrustCom).

Iliadis LA, Kaifas T (2021) Darknet traffic classification using machine learning techniques. In: 2021 10th international conference on modern circuits and systems technologies (MOCAST).

Kallitsis M, Honavar V, Prajapati R, Wu D, Yen J (2021) Zooming into the darknet: characterizing internet background radiation and its structural changes. https://arxiv.org/abs/2108.00079

Kumar S, Vranken H, van Dijk J, Hamalainen T (2019) Deep in the dark: a novel threat detection system using darknet traffic. In: 2019 IEEE International conference on big data (big data).

Lagraa S, François J (2017) Knowledge discovery of port scans from darknet. In: 2017 IFIP/IEEE symposium on integrated network and service management (IM).

Lashkari AH, Draper-Gil G, Mamun MSI, Ghorbani AA (2017) Characterization of tor traffic using time based features. In: ICISSp

Mishra A, Gupta N, Gupta B (2021) Defense mechanisms against DDoS attack based on entropy in SDN-cloud using POX controller. Telecommun Syst 77(1):47–62CrossRef

Morgan S (2021) Cybercrime to cost the world $10.5 trillion annually by 2025. Cybercrime Magazine. Retrieved August 26 2021 from https://cybersecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025

Niranjana R, Kumar VA, Sheen S (2020) Darknet traffic analysis and classification using numerical AGM and mean shift clustering algorithm. SN Comput Sci 1(1):16CrossRef

oreilly (2022) Bagging—building an ensemble of classifiers from bootstrap samples. orilly. Retrieved June 6 2022 from https://www.oreilly.com/library/view/python-real-world-data/9781786465160/ch41s04.html

Ozawa S, Ban T, Hashimoto N, Nakazato J, Shimamura J (2020) A study of IoT malware activities using association rule learning for darknet sensor data. Int J Inf Secur 19(1):83–92CrossRef

Pang R, Yegneswaran V, Barford P, Paxson V, Peterson L (2004) Characteristics of internet background radiation. In: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement.

Patel A (2020). https://medium.com/ml-research-lab/stacking-ensemble-meta-algorithms-for-improve-predictions-f4b4cf3b9237. ML Research Lab. Retrieved June 7 2022 from https://medium.com/ml-research-lab/stacking-ensemble-meta-algorithms-for-improve-predictions-f4b4cf3b9237

Perrone MP, Cooper LN (1992) When networks disagree: Ensemble methods for hybrid neural networks. World scientific, Hackensack

Ponti Jr MP (2011) Combining classifiers: from the creation of ensembles to the decision fusion. In: 2011 24th SIBGRAPI conference on graphics, patterns, and images tutorials.

Rajawat AS, Bedi P, Goyal S, Kautish S, Xihua Z, Aljuaid H, Mohamed AW (2022) Dark web data classification using neural network. Comput Intell Neurosci 2022:1–11CrossRef

Rey D, Neuhäuser M (2011) Wilcoxon-signed-rank test. In: Lovric M (ed) International encyclopedia of statistical science. Springer, Berlin, pp 1658–1659 CrossRef

Sahoo SR, Gupta BB (2021) Multiple features based approach for automatic fake news detection on social networks using deep learning. Appl Soft Comput 100:106983CrossRef

Sarkar D, Vinod P, Yerima SY (2020) Detection of Tor traffic using deep learning. In: 2020 IEEE/ACS 17th international conference on computer systems and applications (AICCSA).

Sarwar MB, Hanif MK, Talib R, Younas M, Sarwar MU (2021a) DarkDetect: Darknet traffic detection and categorization using modified convolution-long short-term memory. IEEE Access 9:113705–113713CrossRef

Sinnott R, Duan H, Sun Y (2016) Chapter 15-a case study in big data analytics: exploring twitter sentiment analysis and the weather. Big Data, 357–388

Škrjanc I, Ozawa S, Dovžan D, Tao B, Nakazato J, Shimamura J (2017) Evolving cauchy possibilistic clustering and its application to large-scale cyberattack monitoring. In: 2017 IEEE symposium series on computational intelligence (SSCI).

Tolles J, Meurer WJ (2016) Logistic regression: relating patient characteristics to outcomes. JAMA 316(5):533–534CrossRef

UNODC (2021) Darknet cybercrime threats to Southeast Asia 2020 (UNODC report: darknet cybercrime is on the rise in Southeast Asia, Issue). https://www.unodc.org/southeastasiaandpacific/en/2021/02/darknet-cybercrime-southeast-asia/story.html

Walker SH, Duncan DB (1967) Estimation of the probability of an event as a function of several independent variables. Biometrika 54(1–2):167–179CrossRef

Wang Q, Chen Z, Chen C (2011) Darknet-based inference of internet worm temporal characteristics. IEEE Trans Inf Forensics Secur 6(4):1382–1393CrossRef

Wood T (2020) Random forests. Deep AI. Retrieved 1–3 from https://deepai.org/machine-learning-glossary-and-terms/random-forest

Woźniak M, Grana M, Corchado E (2014) A survey of multiple classifier systems as hybrid systems. Inf Fusion 16:3–17CrossRef

Young S, Abdou T, Bener A (2018) Deep super learner: a deep ensemble for classification problems. In: Canadian conference on artificial intelligence.

Zhang R, Yang C, Pang S, Sarrafzadeh H (2017) Unitecdeamp: flow feature profiling for malicious events identification in darknet space. In: International conference on applications and techniques in information security.

Zhang Z (2019) Boosting algorithms explained, theory, implementation, and visualization. Retrieved June 7 2022 from https://towardsdatascience.com/boosting-algorithms-explained-d38f56ef3f30

Zhou Z-H (2019) Ensemble methods: foundations and algorithms. Chapman and Hall/CRC, Boca Raton

Titel: Darknet traffic analysis, and classification system based on modified stacking ensemble learning algorithms
verfasst von: Ammar Almomani
Publikationsdatum: 28.02.2023
Verlag: Springer Berlin Heidelberg
Erschienen in: Information Systems and e-Business Management
Print ISSN: 1617-9846
Elektronische ISSN: 1617-9854
DOI: https://doi.org/10.1007/s10257-023-00626-2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"