Classification of VPN/NoVPN and Tor/NoTor Using CIC-Darknet2020 Dataset in Cybersecurity: Utilizing Simple and Complex Models

Year 2023, Volume: 35 Issue: 2, 569 - 579, 01.09.2023

Yusuf Alaca

https://doi.org/10.35234/fumbd.1291388

Abstract

Internet usage is rapidly increasing today, and many transactions are being carried out in the digital environment. However, this situation also paves the way for the misuse of the internet. Cybercrimes and attacks are increasing day by day, and the issue of cybersecurity has become extremely important. The CIC-Darknet2020 dataset, prepared by researchers working in the field of cybersecurity, contains traffic occurring in Darknet networks. The analysis of this traffic can provide important information about activities on Darknet networks. In this study, VPN/NoVPN and Tor/NoTor classification were made using models on the CIC-Darknet2020 dataset. The classification results obtained using OneR and Ensemble OneR models were examined. The results showed that the ROC-AUC value of the Ensemble OneR model was 0.779 for VPN/NoVPN classification. For Tor/NoTor classification, the Ensemble OneR model achieved excellent results with a ROC-AUC value of 0.980. This study demonstrates that even simple models can achieve significant results in the field of cybersecurity and are usable. However, the use of more complex models also becomes necessary. It is concluded that both simple and complex models need to be used in the field of cybersecurity. In conclusion, the results obtained from the studies conducted on the CIC-Darknet2020 dataset demonstrate the possibility of performing VPN/NoVPN and Tor/NoTor classification using different models in the field of cybersecurity. Although the results of this study emphasize the necessity of using more complex models, they also demonstrate that even simple models can achieve significant results.

Keywords

Cybersecurity, VPN, Tor, Ensemble OneR model, classification

Siber Güvenlikte CIC-Darknet2020 Veri Seti Kullanarak VPN/NoVPN ve Tor/NoTor Sınıflandırması: Basit ve Karmaşık Modellerin Kullanımı

Abstract

İnternet kullanımı günümüzde hızla artmakta ve birçok işlem dijital ortamda gerçekleştirilmektedir. Ancak, bu durum aynı zamanda internetin kötüye kullanımına zemin hazırlamaktadır. Siber suçlar ve saldırılar her geçen gün artmaktadır ve siber güvenlik konusu son derece önemli hale gelmiştir. CIC-Darknet2020 adlı veri seti, siber güvenlik alanında çalışan araştırmacılar tarafından hazırlanmış ve Darknet ağlarında gerçekleşen trafiği içermektedir. Bu trafiğin analizi, Darknet ağlarındaki faaliyetler hakkında önemli bilgiler sağlayabilmektedir. Bu çalışmada, CIC-Darknet2020 veri seti üzerinde modeller kullanılarak VPN/NoVPN ve Tor/NoTor sınıflandırması yapılmıştır. OneR ve Ensemble OneR modelleri kullanılarak yapılan sınıflandırma sonuçları incelenmiştir. Sonuçlar, VPN/NoVPN sınıflandırması için Ensemble OneR modelinin ROC-AUC değerinin 0.779 olduğunu göstermiştir. Tor/NoTor sınıflandırması için ise Ensemble OneR modeli, son derece iyi sonuçlar elde ederek ROC-AUC değeri 0.980 olmuştur. Bu çalışma, siber güvenlik alanında basit modellerin bile önemli sonuçlar elde edebileceğini ve kullanılabilir olduğunu göstermektedir. Ancak, daha karmaşık modellerin kullanımının da gerekliliği ortaya çıkmaktadır. Siber güvenlik alanında hem basit hem de karmaşık modellerin kullanılması gerektiği sonucuna varılmaktadır. Sonuç olarak, CIC-Darknet2020 veri seti üzerinde yapılan çalışmalar sonucunda elde edilen sonuçlar siber güvenlik alanında farklı modeller kullanarak VPN/NoVPN ve Tor/NoTor sınıflandırması yapılabilirliğini göstermektedir. Bu çalışmanın sonuçları, daha karmaşık modellerin kullanımının gerekliliği ortaya koysa da, basit modellerin bile önemli sonuçlar elde edebileceğini göstermektedir.

Keywords

Siber güvenlik, VPN, Tor, Ensemble OneR modeli, sınıflandırma

References

• Abu Al-Haija Q, Krichen M, Abu Elhaija W. Machine-learning-based darknet traffic detection system for IoT applications. Electronics 2022; 11: 556.
• Iliadis LA, Kaifas T. Darknet traffic classification using machine learning techniques. In: 2021 10th International Conference on Modern Circuits and Systems Technologies (MOCAST). IEEE, 2021, pp. 1–4.
• Lotfollahi M, Jafari Siavoshani M, Shirali Hossein Zade R, et al. Deep packet: A novel approach for encrypted traffic classification using deep learning. Soft Comput 2020; 24: 1999–2012.
• Afuwape AA, Xu Y, Anajemba JH, et al. Performance evaluation of secured network traffic classification using a machine learning approach. Comput Stand Interfaces 2021; 78: 103545.
• Lingyu J, Yang L, Bailing W, et al. A hierarchical classification approach for tor anonymous traffic. In: 2017 IEEE 9th International conference on communication software and networks (ICCSN). IEEE, 2017, pp. 239–243.
• Sarkar D, Vinod P, Yerima SY. Detection of Tor traffic using deep learning. In: 2020 IEEE/ACS 17th International Conference on Computer Systems and Applications (AICCSA). IEEE, 2020, pp. 1–8.
• Rao Z, Niu W, Zhang X, et al. Tor anonymous traffic identification based on gravitational clustering. Peer-to-Peer Netw Appl 2018; 11: 592–601.
• Hu X, Gao Y, Cheng G, et al. An Adversarial Learning-based Tor Malware Traffic Detection Model. In: GLOBECOM 2022-2022 IEEE Global Communications Conference. IEEE, 2022, pp. 74–79.
• Johnson C, Khadka B, Ruiz E, et al. Application of deep learning on the characterization of tor traffic using time based features. J Internet Serv Inf Secur 2021; 11: 44–63.
• Cuzzocrea A, Martinelli F, Mercaldo F, et al. Tor traffic analysis and detection via machine learning techniques. In: 2017 IEEE International Conference on Big Data (Big Data). IEEE, 2017, pp. 4474–4480.
• Ali BH, Sulaiman N, Al-Haddad SAR, et al. DDoS Detection Using Active and Idle Features of Revised CICFlowMeter and Statistical Approaches. In: 2022 4th International Conference on Advanced Science and Engineering (ICOASE). IEEE, 2022, pp. 148–153.
• Rahman O, Quraishi MAG, Lung C-H. DDoS attacks detection and mitigation in SDN using machine learning. In: 2019 IEEE world congress on services (SERVICES). IEEE, 2019, pp. 184–189.
• Polat H, Polat O, Cetin A. Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 2020; 12: 1035.
• Banitalebi Dehkordi A, Soltanaghaei M, Boroujeni FZ. The DDoS attacks detection through machine learning and statistical methods in SDN. J Supercomput 2021; 77: 2383–2415.
• Habibi Lashkari A, Kaur G, Rahali A. Didarknet: A contemporary approach to detect and characterize the darknet traffic using deep image learning. In: 2020 the 10th International Conference on Communication and Network Security. 2020, pp. 1–13.
• Rust-Nguyen N. Darknet Traffic Classification.
• Anyanwu GO, Lee J-M, Kim D-S. Optimized Ensemble Learning Algorithm for Hidden Malicious Traffic Detection in VANET. 2021; 111–112.
• Almomani A. Darknet traffic analysis, and classification system based on modified stacking ensemble learning algorithms. Inf Syst E-bus Manag 2023; 1–32.
• Holte RC. Very simple classification rules perform well on most commonly used datasets. Mach Learn 1993; 11: 63–90.
• Anuradha C, Velmurugan T. A comparative analysis on the evaluation of classification algorithms in the prediction of students performance. Indian J Sci Technol 2015; 8: 1–12.
• Gangavarapu T, Patil N. A novel filter–wrapper hybrid greedy ensemble approach optimized using the genetic algorithm to reduce the dimensionality of high-dimensional biomedical datasets. Appl Soft Comput 2019; 81: 105538.
• Liu X-Y, Wu J, Zhou Z-H. Exploratory undersampling for class-imbalance learning. IEEE Trans Syst Man, Cybern Part B 2008; 39: 539–550.
• Li Y, Lu Y, Li S. EZAC: Encrypted Zero-day Applications Classification using CNN and K-Means. In: 2021 IEEE 24th International Conference on Computer Supported Cooperative Work in Design (CSCWD). IEEE, 2021, pp. 378–383.
• Aswad SA, Sonuç E. Classification of VPN network traffic flow using time related features on Apache Spark. In: 2020 4th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). IEEE, 2020, pp. 1–8.
• Demertzis K, Tsiknas K, Takezis D, et al. Darknet traffic big-data analysis and network management for real-time automating of the malicious intent detection process by a weight agnostic neural networks framework. Electronics 2021; 10: 781.