Reinterpreting Usability of Semantic Segmentation Approach for Darknet Traffic Analysis

Abstract

With a growing number of smart interconnected devices and services, managing and controlling network traffic is getting more complicated. Among the network traffic, the Darknet-related one is particularly interesting, as it is often used for anonymous and illicit activities that pose cyber security threats. Therefore, designing and developing methods for detecting and categorizing Darknet traffic is essential. Applying Deep Learning (DL) is one of the most suitable options in this case. The main reasons are the ability to process a large amount of data and detect the hidden patterns and relationships in these data. This work proposes a DL architecture based on UNet++, which can detect and categorize anonymous traffic. The core idea of this model is semantic segmentation, which can identify meaningful segments that share some common patterns in given data. Hereby, semantic segmentation is postulated as a possible way to investigate Darknet traffic to find some common and related features instead of widely used Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM). According to the results on comparison with other Machine Learning (ML) and DL models, the UNet++ model outperforms the methods with a higher accuracy of 98.19% and 87.27% for Darknet detection and traffic categorization. Our work shows the potential of using UNet++ for network traffic analysis and Darknet traffic detection. We have also demonstrated that more advanced architecture with skip connections and trainable blocks provides more accurate results than pure U -Net, CNN, and other evaluated models.With a growing number of smart interconnected devices and services, managing and controlling network traffic is getting more complicated. Among the network traffic, the Darknet-related one is particularly interesting, as it is often used for anonymous and illicit activities that pose cyber security threats. Therefore, designing and developing methods for detecting and categorizing Darknet traffic is essential. Applying Deep Learning (DL) is one of the most suitable options in this case. The main reasons are the ability to process a large amount of data and detect the hidden patterns and relationships in these data. This work proposes a DL architecture based on UNet++, which can detect and categorize anonymous traffic. The core idea of this model is semantic segmentation, which can identify meaningful segments that share some common patterns in given data. Hereby, semantic segmentation is postulated as a possible way to investigate Darknet traffic to find some common and related features instead of widely used Convolutional Neural Network (CNN) and Long Short-Term Memory (LSTM). According to the results on comparison with other Machine Learning (ML) and DL models, the UNet++ model outperforms the methods with a higher accuracy of 98.19% and 87.27% for Darknet detection and traffic categorization. Our work shows the potential of using UNet++ for network traffic analysis and Darknet traffic detection. We have also demonstrated that more advanced architecture with skip connections and trainable blocks provides more accurate results than pure U -Net, CNN, and other evaluated models.