Robust stacking ensemble model for darknet traffic classification under adversarial settings

Abstract

Encrypted traffic tunnelled by Tor or VPN is referred to as darknet traffic. The ability to detect, identify, and characterize darknet traffic is critical for detecting network traffic generated by a cyber-attack. Darknet classification models based on Machine Learning / Deep Learning (ML/DL) usually demonstrate high False Positive Rate (FPR) and lower F1-score which are essential metrics for network traffic analysis. Additionally, ML/DL models used in such tasks are susceptible to adversarial perturbed samples that can cause the network security solution to malfunction. This work proposes a Stacking Ensemble (SE) model to combine the predictions of three base learners, 1) Random Forest, 2) K-Nearest Neighbors, and 3) Decision Tree in the most efficient way for improving the overall performance of darknet characterization. A two-layered autoencoder-based defence mechanism consisting of a detector and denoiser is devised to increase the robustness of the network security system against adversarial attacks. The performance of the proposed model is demonstrated through extensive experiments using the CIC-Darknet-2020 dataset. The robustness of the model is tested against three highly transferable adversarial attacks, 1) Fast Gradient Sign Method (FGSM), 2) Basic Iterative Method (BIM), 3) DeepFool and a realistic 4) Boundary attack. The experimental results show that the SE model outperforms the baseline Deep Image and other competitor models by achieving an accuracy score of 98.89% and an FPR of 0.43% in the case of darknet traffic identification. Furthermore, an accuracy of 97.88% is achieved in the case of darknet traffic flow characterization. In addition, the statistical properties of the packet flow are identified as the most commonly affected features by adversarial attacks through the Mean Adversarial Perturbation (MAP) metric.