Layered classification method for darknet traffic based on Weighted K-NN

Abstract

In recent years, anonymous networks are used very frequently. Difficulties in tracking user's identities increase with the frequent usage of anonymity networks. This increases the difficulty of detecting cybercriminal activity. To prevent crime, darknet traffic needs to be monitored. Most of the existing dark-net researches focuses on the Tor without adequate consideration of other darknets. Moreover, most of the work content focuses on distinguishing normal traffic and darknet traffic, and lacks a fine-grained classification method for darknet traffic. This paper proposes a hierarchical classification method for the network traffic of FreeNet, one of the most frequently used darknets, which can distinguish between normal traffic and FreeNet traffic, as well as five FreeNet user behaviors. We train the classifier based on the weighted K-NN. The experimental results show that the proposed classifier distinguishes normal traffic from FreeNet traffic with an average accuracy of 99.6% and five user behaviors with an average accuracy of 95.8%. We compared our classifier with existing works such as decision tree (DT), Gaussian naive Bayes (Gaussian NB), and K-NN. The results show that the accuracy of the classifier is the highest when distinguishing user behavior. Compared with the above three models, the accuracy of the classifier is improved by 1.86%, 57.95%, and 3.10% respectively.