@article{ART003280518},
author={Jinwoo Shin and Dong-Won Kang and Jiyeon Kim},
title={Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification},
journal={Journal of The Korea Society of Computer and Information},
issn={1598-849X},
year={2025},
volume={30},
number={12},
pages={195-204}
TY - JOUR
AU - Jinwoo Shin
AU - Dong-Won Kang
AU - Jiyeon Kim
TI - Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification
JO - Journal of The Korea Society of Computer and Information
PY - 2025
VL - 30
IS - 12
PB - The Korean Society Of Computer And Information
SP - 195
EP - 204
SN - 1598-849X
AB - As drug and hacking crimes exploiting the anonymity of the Dark Web have rapidly increased, automated technologies capable of detecting them quickly are needed. Previous approaches such as HTML-based static content analysis are vulnerable to content concealment and dynamic changes, and transport layer (L3/4) traffic analysis is limited to network transmission characteristics such as packet size and transmission rate, failing to reflect the structural and content characteristics of websites. To overcome these limitations, this paper collects not only L3/4 metrics but also application layer (L7) metrics, and analyzes effective metrics for classifying service types of Dark Web crime sites through machine learning-based learning. To this end, approximately 12,847 Dark Web sites related to drugs and hacking were collected, and a dataset was constructed by extracting 46 network metrics of L3/4 and L7 generated during site access. Furthermore, machine learning algorithms such as XGBoost, Random Forest, Logistic Regression, and SVM were developed as single models learning metrics of each layer and hybrid models integrating metrics of both layers. As a result, the XGBoost model trained only on L7 metrics recorded the highest performance with F1-scores of 0.996 for drug crime site type classification and 0.933 for hacking crime site type classification.
KW - Dark Web;Cyber Crime;Digital Investigation;Fingerprint;Machine Learning
DO -
UR -
ER -
Jinwoo Shin, Dong-Won Kang and Jiyeon Kim. (2025). Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification. Journal of The Korea Society of Computer and Information, 30(12), 195-204.
Jinwoo Shin, Dong-Won Kang and Jiyeon Kim. 2025, "Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification", Journal of The Korea Society of Computer and Information, vol.30, no.12 pp.195-204.
Jinwoo Shin, Dong-Won Kang, Jiyeon Kim "Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification" Journal of The Korea Society of Computer and Information 30.12 pp.195-204 (2025) : 195.
Jinwoo Shin, Dong-Won Kang, Jiyeon Kim. Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification. 2025; 30(12), 195-204.
Jinwoo Shin, Dong-Won Kang and Jiyeon Kim. "Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification" Journal of The Korea Society of Computer and Information 30, no.12 (2025) : 195-204.
Jinwoo Shin; Dong-Won Kang; Jiyeon Kim. Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification. Journal of The Korea Society of Computer and Information, 30(12), 195-204.
Jinwoo Shin; Dong-Won Kang; Jiyeon Kim. Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification. Journal of The Korea Society of Computer and Information. 2025; 30(12) 195-204.
Jinwoo Shin, Dong-Won Kang, Jiyeon Kim. Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification. 2025; 30(12), 195-204.
Jinwoo Shin, Dong-Won Kang and Jiyeon Kim. "Machine Learning-based Application-Layer Network Fingerprinting for Dark Web Criminal Service Classification" Journal of The Korea Society of Computer and Information 30, no.12 (2025) : 195-204.
