Darknet traffic detection and characterization with models based on decision trees and neural networks

The Darknet is a set of networks and technologies, having as fundamental principles anonymity and security. In many cases, they are associated with illicit activities, opening space for malware traffic and attacks to legitimate services. To prevent Darknet misuse is necessary to classify and characterize its existing traffic. In this paper, we characterize and classify the real Darknet traffic available from the CIC-Darknet2020 dataset. In that sense, we performed the feature extraction and grouped the possible subnets with an n-gram approach. Furthermore, we evaluated the relevance of the best features selected by the Recursive Feature Elimination method for the problem. Our results indicate that simple models, like Decision Trees and Random Forests, reach an accuracy above 99% on traffic classification. Our methodology represents a gain of up to 13% in comparison with the state-of-the-art.