La Trobe
1201658_Moraliyage,H_2022.pdf (1.9 MB)

Multimodal Classification of Onion Services for Proactive Cyber Threat Intelligence Using Explainable Deep Learning

Download (1.9 MB)
journal contribution
posted on 2023-10-17, 00:27 authored by Harsha Kumara MoraliyageHarsha Kumara Moraliyage, Vidura Yashan Sri SumanasenaVidura Yashan Sri Sumanasena, Daswin De SilvaDaswin De Silva, Rashmika NawaratneRashmika Nawaratne, Lina Sun, Damminda AlahakoonDamminda Alahakoon

The dark web has been confronted with a significant increase in the number and variety of onion services of illegitimate and criminal intent. Anonymity, encryption, and the technical complexity of the Tor network are key challenges in detecting, disabling, and regulating such services. Instead of tracking an operational location, cyber threat intelligence can become more proactive by utilizing recent advances in Artificial Intelligence (AI) to detect and classify onion services based on the content, as well as provide an interpretation of the classification outcome. In this paper, we propose a novel multimodal classification approach based on explainable deep learning that classifies onion services based on the image and text content of each site. A Convolutional Neural Network with Gradient-weighted Class Activation Mapping (Grad-CAM) and a pre-trained word embedding with Bahdanau additive attention are the core capabilities of this approach that classify and contextualize the representative features of an onion service. We demonstrate the superior classification accuracy of this approach as well as the role of explainability in decision-making that collectively enables proactive cyber threat intelligence in the dark web. 


Publication Date



IEEE Access




(p. 56044-56056)


Institute of Electrical and Electronics Engineers



Rights Statement

© The Authors 2022 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see

Usage metrics

    Journal Articles


    No categories selected