An intelligent network monitoring approach for online classification of Darknet traffic

The Internet plays a crucial role in supporting global applications and businesses, but security remains a major challenge. Within the Internet, there exists a parallel network known as the Darknet, where malicious activities and traffic are present and require real-time classification. Many methods aim to classify this Darknet traffic in real-time due to its significant volume within Internet traffic. However, online Darknet traffic classification faces challenges, particularly in determining the optimal packet sampling amount for achieving a high classification rate in high-performance networks. To address this, our paper presents a novel approach that combines Convolutional Neural Network (CNN) and Reinforcement Learning (RL) techniques for intelligent and adaptive packet sampling rates in high-performance network interfaces. This method reduces overhead on monitored entities, especially in high-speed networks with a high bit rate. Our findings demonstrate a TOR traffic prediction accuracy of 99.84% and successful classification tasks in high-throughput networks using our method.