Examining the Rat in the Tunnel: Interpretable Multi-Label Classification of Tor-based Malware

TL;DR

This paper presents an interpretable multi-label classification approach using Message-Passing Neural Networks to accurately identify malware in Tor traffic, significantly outperforming previous methods and analyzing model robustness with adversarial attacks.

Contribution

It introduces a novel multi-label classification method with XAI interpretation for malware detection in Tor traffic, achieving over 90% precision and recall, and evaluates robustness against adversarial perturbations.

Findings

Achieved over 90% micro-average precision and recall.

Significant performance improvements over previous methods.

Demonstrated robustness analysis with adversarial perturbations.

Abstract

Despite being the most popular privacy-enhancing network, Tor is increasingly adopted by cybercriminals to obfuscate malicious traffic, hindering the identification of malware-related communications between compromised devices and Command and Control (C&C) servers. This malicious traffic can induce congestion and reduce Tor's performance, while encouraging network administrators to block Tor traffic. Recent research, however, demonstrates the potential for accurately classifying captured Tor traffic as malicious or benign. While existing efforts have addressed malware class identification, their performance remains limited, with micro-average precision and recall values around 70%. Accurately classifying specific malware classes is crucial for effective attack prevention and mitigation. Furthermore, understanding the unique patterns and attack vectors employed by different malware classes helps the development of robust and adaptable defence mechanisms. We utilise a multi-label classification technique based on Message-Passing Neural Networks, demonstrating its superiority over previous approaches such as Binary Relevance, Classifier Chains, and Label Powerset, by achieving micro-average precision (MAP) and recall (MAR) exceeding 90%. Compared to previous work, we significantly improve performance by 19.98%, 10.15%, and 59.21% in MAP, MAR, and Hamming Loss, respectively. Next, we employ Explainable Artificial Intelligence (XAI) techniques to interpret the decision-making process within these models. Finally, we assess the robustness of all techniques by crafting adversarial perturbations capable of manipulating classifier predictions and generating false positives and negatives.