Deep in the Dark: A Novel Threat Detection System using Darknet Traffic

Sanjay Kumar, H.P.E. Vranken, Joost van Dijk, Timo Hämäläinen

Research output: Chapter in Book/Report/Conference proceedingConference Article in proceedingAcademicpeer-review

149 Downloads (Pure)


This paper proposes a threat detection system based on Machine Learning classifiers that are trained using darknet traffic. Traffic destined to Darknet is either malicious or by misconfiguration. Darknet traffic contains traces of several threats such as DDoS attacks, botnets, spoofing, probes and scanning attacks. We analyse darknet traffic by extracting network traffic features from it that help in finding patterns of these advanced threats. We collected the darknet traffic from the network sensors deployed at SURFnet and extracted several network-based features. In this study, we proposed a framework that uses supervised machine learning and a concept drift detector. Our experimental results show that our classifiers can easily distinguish between benign and malign traffic and are able to detect known and unknown threats effectively with an accuracy above 99%.
Original languageEnglish
Title of host publication2019 IEEE International Conference on Big Data
Place of PublicationLos Angeles, USA
Number of pages7
ISBN (Electronic)978-1-7281-0858-2
ISBN (Print)978-1-7281-0859-9
Publication statusPublished - Dec 2019
Event2019 IEEE International Conference on Big Data - Los Angeles, United States
Duration: 9 Dec 201912 Dec 2019


Conference2019 IEEE International Conference on Big Data
Abbreviated titleIEEE BigData 2019
Country/TerritoryUnited States
CityLos Angeles
Internet address


Dive into the research topics of 'Deep in the Dark: A Novel Threat Detection System using Darknet Traffic'. Together they form a unique fingerprint.

Cite this