Article: Integrating geolocation intelligence with ensemble machine learning models for enhanced darknet traffic classification Journal: International Journal of Information and Computer Security (IJICS) 2025 Vol.27 No.4 pp.515 - 535 Abstract: This study presents an innovative approach to darknet traffic classification, combining advanced machine learning techniques with hybrid LASSO-random forest (HLRF) feature selection and IP geolocation mapping. We propose a new ensemble model that significantly outperforms traditional classifiers, achieving an accuracy of 96.86% and an F1-score of 96.12%. Our research utilises an enhanced version of the CIC-Darknet2020 dataset, augmented with additional darknet traffic collected over a six-month period. The HLRF selector is employed to identify the most relevant features, improving the model's efficiency and interpretability. Furthermore, we incorporate IP geolocation mapping to provide insights into the global distribution of darknet activities. Our findings demonstrate the effectiveness of our ensemble method with HLRF feature selection in capturing complex darknet traffic patterns and highlight the challenges in geographical attribution due to sophisticated anonymisation techniques. This work contributes to the field of cybersecurity by offering an improved method for darknet traffic classification and providing a deeper understanding of the global nature of darknet operations. Inderscience Publishers - linking academia, business and industry through research

Title: Integrating geolocation intelligence with ensemble machine learning models for enhanced darknet traffic classification

Authors: Ngaira Mandela; Nilay R. Mistry

Addresses: School of Digital Forensics and Cyber Security, National Forensic Sciences University, Gandhinagar, India ' School of Digital Forensics and Cyber Security, National Forensic Sciences University, Gandhinagar, India

Abstract: This study presents an innovative approach to darknet traffic classification, combining advanced machine learning techniques with hybrid LASSO-random forest (HLRF) feature selection and IP geolocation mapping. We propose a new ensemble model that significantly outperforms traditional classifiers, achieving an accuracy of 96.86% and an F1-score of 96.12%. Our research utilises an enhanced version of the CIC-Darknet2020 dataset, augmented with additional darknet traffic collected over a six-month period. The HLRF selector is employed to identify the most relevant features, improving the model's efficiency and interpretability. Furthermore, we incorporate IP geolocation mapping to provide insights into the global distribution of darknet activities. Our findings demonstrate the effectiveness of our ensemble method with HLRF feature selection in capturing complex darknet traffic patterns and highlight the challenges in geographical attribution due to sophisticated anonymisation techniques. This work contributes to the field of cybersecurity by offering an improved method for darknet traffic classification and providing a deeper understanding of the global nature of darknet operations.

Keywords: darknet traffic classification; darknet; machine learning; XGBoost; neural networks; darkweb.

DOI: 10.1504/IJICS.2025.148111

International Journal of Information and Computer Security, 2025 Vol.27 No.4, pp.515 - 535

Received: 02 Sep 2024
Accepted: 16 Jan 2025
Published online: 25 Aug 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Integrating geolocation intelligence with ensemble machine learning models for enhanced darknet traffic classification

Keep up-to-date