Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning
The dark web has been confronted with a significant increase in the number and variety of onion services of illegitimate and criminal intent. Anonymity, encryption, and the technical complexity of the Tor network are key challenges in detecting, disabling, and regulating such services. Instead of tr...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2022-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9779740/ |
| _version_ | 1818213712273604608 |
|---|---|
| author | Harsha Moraliyage Vidura Sumanasena Daswin De Silva Rashmika Nawaratne Lina Sun Damminda Alahakoon |
| author_facet | Harsha Moraliyage Vidura Sumanasena Daswin De Silva Rashmika Nawaratne Lina Sun Damminda Alahakoon |
| author_sort | Harsha Moraliyage |
| collection | DOAJ |
| description | The dark web has been confronted with a significant increase in the number and variety of onion services of illegitimate and criminal intent. Anonymity, encryption, and the technical complexity of the Tor network are key challenges in detecting, disabling, and regulating such services. Instead of tracking an operational location, cyber threat intelligence can become more proactive by utilizing recent advances in Artificial Intelligence (AI) to detect and classify onion services based on the content, as well as provide an interpretation of the classification outcome. In this paper, we propose a novel multimodal classification approach based on explainable deep learning that classifies onion services based on the image and text content of each site. A Convolutional Neural Network with Gradient-weighted Class Activation Mapping (Grad-CAM) and a pre-trained word embedding with Bahdanau additive attention are the core capabilities of this approach that classify and contextualize the representative features of an onion service. We demonstrate the superior classification accuracy of this approach as well as the role of explainability in decision-making that collectively enables proactive cyber threat intelligence in the dark web. |
| first_indexed | 2024-12-12T06:08:39Z |
| format | Article |
| id | doaj.art-dca83c715a1b4330885fd1db2f53f8cb |
| institution | Directory Open Access Journal |
| issn | 2169-3536 |
| language | English |
| last_indexed | 2024-12-12T06:08:39Z |
| publishDate | 2022-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj.art-dca83c715a1b4330885fd1db2f53f8cb2022-12-22T00:35:13ZengIEEEIEEE Access2169-35362022-01-0110560445605610.1109/ACCESS.2022.31769659779740Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep LearningHarsha Moraliyage0https://orcid.org/0000-0002-6212-8312Vidura Sumanasena1Daswin De Silva2https://orcid.org/0000-0003-3878-5969Rashmika Nawaratne3https://orcid.org/0000-0001-6641-2153Lina Sun4Damminda Alahakoon5Research Centre for Data Analytics and Cognition, La Trobe University, Melbourne, VIC, AustraliaResearch Centre for Data Analytics and Cognition, La Trobe University, Melbourne, VIC, AustraliaResearch Centre for Data Analytics and Cognition, La Trobe University, Melbourne, VIC, AustraliaResearch Centre for Data Analytics and Cognition, La Trobe University, Melbourne, VIC, AustraliaResearch Centre for Data Analytics and Cognition, La Trobe University, Melbourne, VIC, AustraliaResearch Centre for Data Analytics and Cognition, La Trobe University, Melbourne, VIC, AustraliaThe dark web has been confronted with a significant increase in the number and variety of onion services of illegitimate and criminal intent. Anonymity, encryption, and the technical complexity of the Tor network are key challenges in detecting, disabling, and regulating such services. Instead of tracking an operational location, cyber threat intelligence can become more proactive by utilizing recent advances in Artificial Intelligence (AI) to detect and classify onion services based on the content, as well as provide an interpretation of the classification outcome. In this paper, we propose a novel multimodal classification approach based on explainable deep learning that classifies onion services based on the image and text content of each site. A Convolutional Neural Network with Gradient-weighted Class Activation Mapping (Grad-CAM) and a pre-trained word embedding with Bahdanau additive attention are the core capabilities of this approach that classify and contextualize the representative features of an onion service. We demonstrate the superior classification accuracy of this approach as well as the role of explainability in decision-making that collectively enables proactive cyber threat intelligence in the dark web.https://ieeexplore.ieee.org/document/9779740/AttentionBahdanaucybersecuritycyber threat intelligencedark webdeep learning |
| spellingShingle | Harsha Moraliyage Vidura Sumanasena Daswin De Silva Rashmika Nawaratne Lina Sun Damminda Alahakoon Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning IEEE Access Attention Bahdanau cybersecurity cyber threat intelligence dark web deep learning |
| title | Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning |
| title_full | Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning |
| title_fullStr | Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning |
| title_full_unstemmed | Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning |
| title_short | Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning |
| title_sort | multimodal classification of onion services for proactive cyber threat intelligence using explainable deep learning |
| topic | Attention Bahdanau cybersecurity cyber threat intelligence dark web deep learning |
| url | https://ieeexplore.ieee.org/document/9779740/ |
| work_keys_str_mv | AT harshamoraliyage multimodalclassificationofonionservicesforproactivecyberthreatintelligenceusingexplainabledeeplearning AT vidurasumanasena multimodalclassificationofonionservicesforproactivecyberthreatintelligenceusingexplainabledeeplearning AT daswindesilva multimodalclassificationofonionservicesforproactivecyberthreatintelligenceusingexplainabledeeplearning AT rashmikanawaratne multimodalclassificationofonionservicesforproactivecyberthreatintelligenceusingexplainabledeeplearning AT linasun multimodalclassificationofonionservicesforproactivecyberthreatintelligenceusingexplainabledeeplearning AT dammindaalahakoon multimodalclassificationofonionservicesforproactivecyberthreatintelligenceusingexplainabledeeplearning |