Qiang Zhang, Cheng Huang, Jiaxuan Han, Shuyi Jiang, Jiayong Liu
{"title":"LowPTor: A lightweight method for detecting extremely low-proportion darknet traffic","authors":"Qiang Zhang, Cheng Huang, Jiaxuan Han, Shuyi Jiang, Jiayong Liu","doi":"10.1016/j.cose.2025.104420","DOIUrl":null,"url":null,"abstract":"<div><div>The darknet’s accessibility has increased significantly in recent years, making it more susceptible to exploitation by cybercriminals. The darknet’s inherent characteristics of high concealment, strong anonymity, and resistance to tracing have created a fertile ground for illicit activities, which are becoming increasingly prevalent. Deep learning models’ complex computations in high-dimensional feature spaces result in significant computational overhead and prolonged inference times, hindering their deployment in backbone networks where real-time detection is crucial. Dealing these challenges requires innovative solutions for efficient traffic sampling, feature engineering, model simplification, memory optimization and inference acceleration. Therefore, this paper introduces a collaborative filtering algorithm, an extensible channel-wise feature group, and a lightweight detection algorithm, designed to optimize performance through operator fusion and channel alignment. The proposed algorithm combines the advantages of lightweight CNNs (Convolutional Neural Networks), leverages GPU (Graphics Processing Unit) parallelism, and reduces memory allocation overhead, resulting in a CUDA (Compute Unified Device Architecture) core-optimized neural network model that achieves significant inference speedup. We utilize extensible channel-wise feature group derived from short traffic packet sequences to improve detection accuracy. Our approach targets the detection and prevention of illicit darknet traffic during the connection phase, rather than interfering with data transmission. By integrating rule-based filtering with small flow sampling within collaborative filtering, we facilitate early detection while maintaining minimal complexity overhead. To the best of our knowledge, the methodology proposed in this paper is the first to be designed based on operator fusion and channel alignment strategies, specifically aimed at detecting extremely low-proportion darknet traffic within backbone networks. Our approach synthesizes three extremely low-proportion darknet traffic datasets, utilizing the self-built, CIC-Darknet2020, and TCUB datasets as Tor sources. Notably, our approach achieves a 45.79% reduction in actual inference time compared to current state-of-the-art (SOTA) method, while maintaining SOTA detection accuracy. Furthermore, our method exhibits the capability to filter out up to 91.26% (with a minimum of 78.01%) of the packets to be processed, without compromising any flows.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"154 ","pages":"Article 104420"},"PeriodicalIF":4.8000,"publicationDate":"2025-03-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825001099","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The darknet’s accessibility has increased significantly in recent years, making it more susceptible to exploitation by cybercriminals. The darknet’s inherent characteristics of high concealment, strong anonymity, and resistance to tracing have created a fertile ground for illicit activities, which are becoming increasingly prevalent. Deep learning models’ complex computations in high-dimensional feature spaces result in significant computational overhead and prolonged inference times, hindering their deployment in backbone networks where real-time detection is crucial. Dealing these challenges requires innovative solutions for efficient traffic sampling, feature engineering, model simplification, memory optimization and inference acceleration. Therefore, this paper introduces a collaborative filtering algorithm, an extensible channel-wise feature group, and a lightweight detection algorithm, designed to optimize performance through operator fusion and channel alignment. The proposed algorithm combines the advantages of lightweight CNNs (Convolutional Neural Networks), leverages GPU (Graphics Processing Unit) parallelism, and reduces memory allocation overhead, resulting in a CUDA (Compute Unified Device Architecture) core-optimized neural network model that achieves significant inference speedup. We utilize extensible channel-wise feature group derived from short traffic packet sequences to improve detection accuracy. Our approach targets the detection and prevention of illicit darknet traffic during the connection phase, rather than interfering with data transmission. By integrating rule-based filtering with small flow sampling within collaborative filtering, we facilitate early detection while maintaining minimal complexity overhead. To the best of our knowledge, the methodology proposed in this paper is the first to be designed based on operator fusion and channel alignment strategies, specifically aimed at detecting extremely low-proportion darknet traffic within backbone networks. Our approach synthesizes three extremely low-proportion darknet traffic datasets, utilizing the self-built, CIC-Darknet2020, and TCUB datasets as Tor sources. Notably, our approach achieves a 45.79% reduction in actual inference time compared to current state-of-the-art (SOTA) method, while maintaining SOTA detection accuracy. Furthermore, our method exhibits the capability to filter out up to 91.26% (with a minimum of 78.01%) of the packets to be processed, without compromising any flows.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
