Enhancing Darknet Traffic Classification: Integrating Traffic-Aware SMOTE and Adaptive Weighted Feature Aggregation

With the widespread adoption of anonymity networks such as Tor, I2P, and JonDonym, reliably classifying darknet traffic remains challenging due to feature redundancy and severe class imbalance in encrypted flows. Existing approaches often rely on static feature-selection strategies and generic oversampling methods, which limit robustness and may distort traffic semantics. This study proposes an adaptive classification framework integrating Adaptive Weighted Feature Aggregation (AWFA) for reliability-aware feature selection and Traffic-Aware SMOTE (TA-SMOTE) for semantically constrained perturbations of packet-size and timing features while preserving flow-level structure. The framework is evaluated on a two-layer hierarchy comprising browser-level (L1) and application-level (L2) classification. At the L2, the proposed AWFA and TA-SMOTE pipeline attains a macro-F1 score of 73.81%, significantly exceeding PCA-based reduction and traditional RF-based selection with SMOTE. At the browser level (L1), macro-F1 rises from 91.58% to 96.09% while reducing the feature space from 84 to 40 attributes, highlighting both performance improvements and structural efficiency gains. Additional semantic validation confirms that the balancing process preserves the statistical and structural characteristics of genuine darknet traffic. These results indicate that reliability-aware feature aggregation and traffic-aware balancing provide a practical, trustworthy approach to modern darknet traffic classification.