Encrypted darknet traffic utilizes robust encryption and obfuscation techniques to evade traditional signature-based Deep Packet Inspection (DPI) methods. Therefore, the detection systems rely on Machine Learning (ML) and Deep Learning (DL) to operate in real-time and identify malicious behaviour in encrypted traffic patterns. However, prior research ignored class imbalance, model resilience, and generalization, which resulted in biased classifiers that performed poorly on new data or under adversarial situations. To address these challenges, we propose a novel Resilient Explainable Artificial Intelligence (XAI) framework for darknet traffic detection by integrating transformer architecture with adversarial and interpretability models. Data imbalance is handled using Synthetic Minority Over-Sampling Technique (SMOTE), Adaptive Synthetic Sampling (ADASYN), and Borderline-SMOTE, combined through a soft-voting ensemble. This method achieves an accuracy of up to 98% while lowering bias and enhancing model stability. Among the ML models assessed, Light Gradient Boosting Machine (LightGBM) and Random Forest attained the highest accuracies of 99.93% and 99.91%, respectively, but their performance degraded under adversarial conditions. Therefore, Hybrid DL architectures like Convolutional Neural Network (CNN) combined with Long Short-Term Memory (LSTM) and a Sparse Autoencoder (SAE) integrated with a Support Vector Machine (SVM), and the recent transformer-based architecture Tabular Prior Data Fitted Network (TabPFN) were assessed. TabPFN outperformed with an accuracy of 98.8%, demonstrating strong potential for darknet traffic detection. Therefore, we propose a novel framework that has TabPFN as a foundation model, and it is integrated with adversarial learning techniques such as Fast Gradient Sign Method (FGSM) and Projected Gradient Descent (PGD) to evaluate resilience. The proposed framework outpaced other conventional architectures with an accuracy of 98% under FGSM and 99% under PGD, proving adversarial robustness and detecting zero-day threats. Also, the proposed framework demonstrated superior cross-data generalisation, yielding accuracies of 99.73% and 99.01% when trained on CIC-Darknet2020 and tested on BCCC-Darknet-2025 under FGSM and PGD, respectively. Finally, to make the framework interpretable, it is experimented with SHapley Additive exPlanations (SHAP), Local Interpretable Model-agnostic Explanations (LIME), and Permutation Feature Importance (PFI) to enhance explainability in threat detection. The proposed framework with SHAP provided the most consistent and interpretable explanations, achieving an Area Under Curve (AUC) of 99.32%. This proposed end-to-end framework combines transformer-based learning with class imbalance mitigation, adversarial robustness, and XAI for real-time darknet traffic detection in encrypted environments.
W. et al. (Fri,) studied this question.