Analyze Dark Web and Security Threats

Abstract

The deepest area of data storage where data mining and data management are not possible without the Tor (network) Policy is known as the dark web. The dark web is a paradise for government and private sponsored cybercriminals. In another word, the dark web is known as the underworld of the Internet used for sponsored and organized cybercrime. Tor network at the entry relay/guard user source IP replaced with local IP (i.e., 10.0.2.15) by default and every user machine ID (IP) recognize as local IP (10.0.2.15). A single source IP allocated for each user without collision makes the user an anomaly or invisible over the Internet. Tor browser works similar to VPN by default as a function to hide the source IP, but the advantage is Tor network�s volunteer devices are used as a tunnel to establish communication and offer freedom from surveillance of user activity. Tor browser offers a circuit (IP Route) for user activity, where the circuit allows available Tor IP at the exit relay for the user. The dark web uses the same IP at entry relay around the world, but at exit relay, IP is different and available based on country. In a dark web network, data transfer as an encapsulation of packet/massage is placed after three-layer of different encryption. Proposed six different machine-learning classifiers (Logistic Regression, Random Forest, Gradient Boosting, Ada Boosts, K-Nearest Neighbors, Decision Tree) used to the optimal solution and proceed to analyze security threats perform in the Dark web based on the communication protocol and user activity as data flow and active state. � 2023, The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.