Research Article
BibTex RIS Cite

Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması

Year 2023, Volume: 38 Issue: 3, 1737 - 1746, 06.01.2023
https://doi.org/10.17341/gazimmfd.1023147

Abstract

Dijitalleşme ile suç dünyası da dijital bir hale gelmiştir ve internet üzerinden işlenen suçların sayısı her geçen gün artmaktadır. Siber suçlular ve saldırganlar kimliklerini gizlemek ve şifreli iletişim sağlamak için Karanlık Ağ adı verilen ve internet üzerinde bulunan gizli ağları kullanmaktadırlar. Karanlık Ağlar normal internet altyapısından farklı ve özel erişim yöntemlerine sahiptirler. Bu ağlara yapılan tüm erişimler şüphelidir ve incelenmesi gerekmektedir. Karanlık Ağ, şifreli iletişim sağladığı için günümüz güvenlik araçları ile tespit edilmesi ve sınıflandırılması zordur. Bu çalışmada şifreli ağ trafiği deşifreleme işlemi yapılmadan sadece paketlerin istatistiki bilgileri makine öğrenmesi yaklaşımı kullanılarak analiz edilmiştir. Veri seti olarak açık kaynak olan CICDarknet2020 veri seti kullanılmıştır. Paket analizi için K En Yakın Komşu, Lojistik Regresyon, Rassal Orman, SVM, Karar Ağacı, Gaussian Naive Bayes, Doğrusal Ayrımcı Analiz, Gradyan Artırma, Ekstra Ağaç ve XGBoost algoritmalarını kapsayan detaylı bir deneysel çalışma gerçekleştirilmiştir. Yapılan deneysel çalışmalarda Karar Ağacı algoritmasının %93,32 doğruluk oranı ile en yüksek sınıflandırma başarısına sahip olduğu görülmüştür.

References

  • Moore R., Cyber crime: Investigating High-Technology Computer Crime, Anderson Publishing, Mississippi, 2005.
  • Okutan A., Çebi Y., A Framework for Cyber Crime Investigation, Procedia Computer Science, 158, 287-294, 2019.
  • Holt T.J., Bossler A.M., Seigfried-Spellar K.C., Cybercrime and Digital Forensics, Routledge, New York, 2018.
  • Sağıroğlu Ş., Alkan M., Siber Güvenlik ve Savunma, Grafiker Yayınları, Ankara, 2018.
  • Meland P.H., Bayoumy Y.F.F., Sindre G., The Ransomware-as-a-Service economy within the darknet, Computers & Security, 92 (101762), 1-9, 2020.
  • Bancroft A., The Darknet and Smarter Crime, Palgrave Macmillan, Cham, 2020.
  • Rathod D., Darknet Forensics, International Journal of Emerging Trends & Technology in Computer Science, 6, (4), 77-79, 2017.
  • Ling Z., Luo J., Yu W., Fu X., Jia W., Zhao W., Protocol-level attacks against Tor, Computer Networks, 57, (4), 869-886, 2013.
  • Yang Q., Gasti P., Balagani K., Li Y., Zhou G., USB side-channel attack on Tor, Computer Networks, 141, 57-66, 2018.
  • Owenson G., Cortes S., Lewman A., The darknet's smaller than we thought: The life cycle of Tor Hidden Services, Digital Investigation, 27, 17-22, 2018.
  • Dingledine R., Mathewson N., Syverson P., Tor: The Second-Generation Onion Router, 13, 1-17, 2004.
  • Mansfield-Devine S., Darknets, Computer Fraud & Security, 12, 4-6, 2009.
  • Bou-Harb E., Debbabi M., Assi C., Cyber Scanning: A Comprehensive Survey, IEEE Communications Surveys & Tutorials, 16, (3), 1496-1519, 2014.
  • Lashkari A.H., Kaur G., Rahali A., DIDarknet: A Contemporary Approach to Detect and Characterize the Darknet Traffic using Deep Image Learning, 10th International Conference on Communication and Network Security, Tokyo, 1-13, November, 2020.
  • Barker J., Hannay P., Szewczyk P., Using traffic analysis to identify The Second Generation Onion Router, IFIP Ninth International Conference on Embedded and Ubiquitous Computing, Melbourne, 72-78, 2011.
  • Shahbar K., Zincir-Heywood A.N., Benchmarking Two Techniques for Tor Classification, IEEE Symposium on Computational Intelligence in Cyber Security, Orlando-USA, 1-8, 9-12 December, 2014.
  • Almubayed A., Hadi A., Atoum J., A Model for DetectingTor Encrypted Traffic using Supervised Machine Learning, Computer Network and Information Security, 7, 10-23, 2015.
  • Ali S.H.A., Ozawa S., Ban T., Nakazato J., Shimamura J., A neural network model for detecting DDoS attacks using darknet traffic features, International Joint Conference on Neural Networks, Vancouver-Canada, 2979-2985, 24-29 July, 2016.
  • Hodo E., Bellekens X., Iorkyase E., Hamilton A., Tachtatzis C., Atkinson R., Machine Learning Approach for Detection of nonTor Traffic, International Conference on Availability, Reliability and Security, Regio Callabria-Italy, 29 Agust – 1 September, 2017.
  • Lashkari A.H., Draper-Gil G., Mamun M.S.I., Ghorbani A.A., Characterization of Tor Traffic Using Time Based Features, International Conference on Information System Security and Privacy, Porto-Portugal, 19-21 February, 2017.
  • Cuzzocrea A., Martinelli F., Mercaldo F., Vercelli G., Tor Traffic Analysis and Detection, IEEE International Conference on Big Data , Boston-USA, 11-14 December, 2017.
  • Hu Y., Zou F., Li L., Yi P., Traffic Classification of User Behaviors in Tor, I2P, ZeroNet, Freenet, 19th International Conference on Trust, Security and Privacy in Computing and Communications, Guangzhou-China, 29-31 December, 2020.
  • Gurunarayanan A., Agrawal A., Bhatia A., Vishwakarma D.K., Improving the performance of Machine LearningAlgorithms for TOR detection, International Conference on Information Networking, Jeju Island-Korea, 13-16 January, 2021.
  • Huang J., Li Y., Xie M., An empirical analysis of data preprocessing for machine learning-based software cost estimation, Information and Software Technology, 67, 108-127, 2015.
  • Singh D., Singh B., Investigating the impact of data normalization on classification performance, Applied Soft Computing, 97, (B), 1-23, 2020.
  • Cai J., Luo J., Wang S., Yang S., Feature selection in machine learning: A new perspective, Neurocomputing, 300, 70-79, 2018.
  • Sheikhpour R., Sarram M.A., Gharaghani S., Chahooki M.A.Z., A Survey on semi-supervised feature selection methods, Pattern Recognition, 64, 141-158, 2017.
  • Thabtah F., Hammoud S., Kamalov F., Gonsalves A., Data imbalance in classification: Experimental evaluation, Information Sciences, 513, 429-441, 2020.
  • Ali H., Najib M.B., Salleh M., Saedudin R., Hussain K., Imbalance class problems in data mining: A review, Indonesian Journal of Electrical Engineering and Computer Science, 14, (3), 1552-1563, 2019.
  • Rustogi R., Prasad A., Swift Imbalance Data Classification using SMOTE and Extreme Learning Machine, International Conference on Computational Intelligence in Data Science, Chennai, 6-7 September, 2019.
  • Li S.A.Y., On Hyperparameter Optimization of Machine Learning Algorithms: Theory and Practice, Neurocomputing, 415, 295–316, 2020.
  • Tran N., Schneider J., Weber I., Qin A.K., Hyper-parameter optimization in classification: To-do or not-to-do, Pattern Recognition, 103, 2020.
  • Hutter F., Kotthoff L., Vanschoren J., Automated Machine, Springer, Cham, 2019.
  • Gülcü A., Kuş Z., Konvolüsyonel Sinir Ağlarında Hiper-Parametre Optimizasyonu Yöntemlerinin İncelenmesi, Gazi Üniversitesi Fen Bilimleri Dergisi Part C: Tasarım ve Teknoloji, 7, (2), 503-522, 2019.
  • Tanyıldızı E., Demirtaş F., Hiper Parametre Optimizasyonu Hyper Parameter Optimization, 1st International Informatics and Software Engineering Conference, Ankara-Turkey, 1-5, 6-7 November, 2019.
  • Uddin M.F., Addressing Accuracy Paradox Using Enhanched Weighted Performance Metric in Machine Learning, Sixth HCT Information Technology Trends, Ras Al Khaimah-United Arab Emirates, 319-324, 20-21 November 2019.
  • Deng X., Liu Q., Deng Y., Mahadevan S., An improved method to construct basic probability assignment based on the confusion matrix for classification problem, Information Sciences, 340, 250-261, 2016.
Year 2023, Volume: 38 Issue: 3, 1737 - 1746, 06.01.2023
https://doi.org/10.17341/gazimmfd.1023147

Abstract

References

  • Moore R., Cyber crime: Investigating High-Technology Computer Crime, Anderson Publishing, Mississippi, 2005.
  • Okutan A., Çebi Y., A Framework for Cyber Crime Investigation, Procedia Computer Science, 158, 287-294, 2019.
  • Holt T.J., Bossler A.M., Seigfried-Spellar K.C., Cybercrime and Digital Forensics, Routledge, New York, 2018.
  • Sağıroğlu Ş., Alkan M., Siber Güvenlik ve Savunma, Grafiker Yayınları, Ankara, 2018.
  • Meland P.H., Bayoumy Y.F.F., Sindre G., The Ransomware-as-a-Service economy within the darknet, Computers & Security, 92 (101762), 1-9, 2020.
  • Bancroft A., The Darknet and Smarter Crime, Palgrave Macmillan, Cham, 2020.
  • Rathod D., Darknet Forensics, International Journal of Emerging Trends & Technology in Computer Science, 6, (4), 77-79, 2017.
  • Ling Z., Luo J., Yu W., Fu X., Jia W., Zhao W., Protocol-level attacks against Tor, Computer Networks, 57, (4), 869-886, 2013.
  • Yang Q., Gasti P., Balagani K., Li Y., Zhou G., USB side-channel attack on Tor, Computer Networks, 141, 57-66, 2018.
  • Owenson G., Cortes S., Lewman A., The darknet's smaller than we thought: The life cycle of Tor Hidden Services, Digital Investigation, 27, 17-22, 2018.
  • Dingledine R., Mathewson N., Syverson P., Tor: The Second-Generation Onion Router, 13, 1-17, 2004.
  • Mansfield-Devine S., Darknets, Computer Fraud & Security, 12, 4-6, 2009.
  • Bou-Harb E., Debbabi M., Assi C., Cyber Scanning: A Comprehensive Survey, IEEE Communications Surveys & Tutorials, 16, (3), 1496-1519, 2014.
  • Lashkari A.H., Kaur G., Rahali A., DIDarknet: A Contemporary Approach to Detect and Characterize the Darknet Traffic using Deep Image Learning, 10th International Conference on Communication and Network Security, Tokyo, 1-13, November, 2020.
  • Barker J., Hannay P., Szewczyk P., Using traffic analysis to identify The Second Generation Onion Router, IFIP Ninth International Conference on Embedded and Ubiquitous Computing, Melbourne, 72-78, 2011.
  • Shahbar K., Zincir-Heywood A.N., Benchmarking Two Techniques for Tor Classification, IEEE Symposium on Computational Intelligence in Cyber Security, Orlando-USA, 1-8, 9-12 December, 2014.
  • Almubayed A., Hadi A., Atoum J., A Model for DetectingTor Encrypted Traffic using Supervised Machine Learning, Computer Network and Information Security, 7, 10-23, 2015.
  • Ali S.H.A., Ozawa S., Ban T., Nakazato J., Shimamura J., A neural network model for detecting DDoS attacks using darknet traffic features, International Joint Conference on Neural Networks, Vancouver-Canada, 2979-2985, 24-29 July, 2016.
  • Hodo E., Bellekens X., Iorkyase E., Hamilton A., Tachtatzis C., Atkinson R., Machine Learning Approach for Detection of nonTor Traffic, International Conference on Availability, Reliability and Security, Regio Callabria-Italy, 29 Agust – 1 September, 2017.
  • Lashkari A.H., Draper-Gil G., Mamun M.S.I., Ghorbani A.A., Characterization of Tor Traffic Using Time Based Features, International Conference on Information System Security and Privacy, Porto-Portugal, 19-21 February, 2017.
  • Cuzzocrea A., Martinelli F., Mercaldo F., Vercelli G., Tor Traffic Analysis and Detection, IEEE International Conference on Big Data , Boston-USA, 11-14 December, 2017.
  • Hu Y., Zou F., Li L., Yi P., Traffic Classification of User Behaviors in Tor, I2P, ZeroNet, Freenet, 19th International Conference on Trust, Security and Privacy in Computing and Communications, Guangzhou-China, 29-31 December, 2020.
  • Gurunarayanan A., Agrawal A., Bhatia A., Vishwakarma D.K., Improving the performance of Machine LearningAlgorithms for TOR detection, International Conference on Information Networking, Jeju Island-Korea, 13-16 January, 2021.
  • Huang J., Li Y., Xie M., An empirical analysis of data preprocessing for machine learning-based software cost estimation, Information and Software Technology, 67, 108-127, 2015.
  • Singh D., Singh B., Investigating the impact of data normalization on classification performance, Applied Soft Computing, 97, (B), 1-23, 2020.
  • Cai J., Luo J., Wang S., Yang S., Feature selection in machine learning: A new perspective, Neurocomputing, 300, 70-79, 2018.
  • Sheikhpour R., Sarram M.A., Gharaghani S., Chahooki M.A.Z., A Survey on semi-supervised feature selection methods, Pattern Recognition, 64, 141-158, 2017.
  • Thabtah F., Hammoud S., Kamalov F., Gonsalves A., Data imbalance in classification: Experimental evaluation, Information Sciences, 513, 429-441, 2020.
  • Ali H., Najib M.B., Salleh M., Saedudin R., Hussain K., Imbalance class problems in data mining: A review, Indonesian Journal of Electrical Engineering and Computer Science, 14, (3), 1552-1563, 2019.
  • Rustogi R., Prasad A., Swift Imbalance Data Classification using SMOTE and Extreme Learning Machine, International Conference on Computational Intelligence in Data Science, Chennai, 6-7 September, 2019.
  • Li S.A.Y., On Hyperparameter Optimization of Machine Learning Algorithms: Theory and Practice, Neurocomputing, 415, 295–316, 2020.
  • Tran N., Schneider J., Weber I., Qin A.K., Hyper-parameter optimization in classification: To-do or not-to-do, Pattern Recognition, 103, 2020.
  • Hutter F., Kotthoff L., Vanschoren J., Automated Machine, Springer, Cham, 2019.
  • Gülcü A., Kuş Z., Konvolüsyonel Sinir Ağlarında Hiper-Parametre Optimizasyonu Yöntemlerinin İncelenmesi, Gazi Üniversitesi Fen Bilimleri Dergisi Part C: Tasarım ve Teknoloji, 7, (2), 503-522, 2019.
  • Tanyıldızı E., Demirtaş F., Hiper Parametre Optimizasyonu Hyper Parameter Optimization, 1st International Informatics and Software Engineering Conference, Ankara-Turkey, 1-5, 6-7 November, 2019.
  • Uddin M.F., Addressing Accuracy Paradox Using Enhanched Weighted Performance Metric in Machine Learning, Sixth HCT Information Technology Trends, Ras Al Khaimah-United Arab Emirates, 319-324, 20-21 November 2019.
  • Deng X., Liu Q., Deng Y., Mahadevan S., An improved method to construct basic probability assignment based on the confusion matrix for classification problem, Information Sciences, 340, 250-261, 2016.
There are 37 citations in total.

Details

Primary Language Turkish
Subjects Engineering
Journal Section Makaleler
Authors

Mesut Uğurlu 0000-0001-5784-9230

İbrahim Dogru 0000-0001-9324-7157

Recep Sinan Arslan 0000-0002-3028-0416

Publication Date January 6, 2023
Submission Date November 13, 2021
Acceptance Date August 18, 2022
Published in Issue Year 2023 Volume: 38 Issue: 3

Cite

APA Uğurlu, M., Dogru, İ., & Arslan, R. S. (2023). Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, 38(3), 1737-1746. https://doi.org/10.17341/gazimmfd.1023147
AMA Uğurlu M, Dogru İ, Arslan RS. Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması. GUMMFD. January 2023;38(3):1737-1746. doi:10.17341/gazimmfd.1023147
Chicago Uğurlu, Mesut, İbrahim Dogru, and Recep Sinan Arslan. “Karanlık Ağ trafiğinin Makine öğrenmesi yöntemleri kullanılarak Tespiti Ve sınıflandırılması”. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 38, no. 3 (January 2023): 1737-46. https://doi.org/10.17341/gazimmfd.1023147.
EndNote Uğurlu M, Dogru İ, Arslan RS (January 1, 2023) Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 38 3 1737–1746.
IEEE M. Uğurlu, İ. Dogru, and R. S. Arslan, “Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması”, GUMMFD, vol. 38, no. 3, pp. 1737–1746, 2023, doi: 10.17341/gazimmfd.1023147.
ISNAD Uğurlu, Mesut et al. “Karanlık Ağ trafiğinin Makine öğrenmesi yöntemleri kullanılarak Tespiti Ve sınıflandırılması”. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi 38/3 (January 2023), 1737-1746. https://doi.org/10.17341/gazimmfd.1023147.
JAMA Uğurlu M, Dogru İ, Arslan RS. Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması. GUMMFD. 2023;38:1737–1746.
MLA Uğurlu, Mesut et al. “Karanlık Ağ trafiğinin Makine öğrenmesi yöntemleri kullanılarak Tespiti Ve sınıflandırılması”. Gazi Üniversitesi Mühendislik Mimarlık Fakültesi Dergisi, vol. 38, no. 3, 2023, pp. 1737-46, doi:10.17341/gazimmfd.1023147.
Vancouver Uğurlu M, Dogru İ, Arslan RS. Karanlık ağ trafiğinin makine öğrenmesi yöntemleri kullanılarak tespiti ve sınıflandırılması. GUMMFD. 2023;38(3):1737-46.