Comparative study of a Hybrid Model for network traffic identification and its optimization using Firefly Algorithm

Considerable effort has been made by researchers in the area of network traffic classification, since the Internet grows exponentially in both traffic volume and number of protocols and applications. The task of traffic identification is a complex task due to the constantly changing Internet and an increase in encrypted data. There are several methods for classifying network traffic such as port-based and Deep Packet Inspection (DPI), but they are not effective since many applications use random ports and the payload could be encrypted. This paper proposes an Optimized Hybrid Model (OHM) that makes use of a rule-based model (Apriori) along with a self-organizing map (SOM) model to tackle the problem of traffic classification without making use of the payload or ports. The proposed method also allows the generation of association rules for new unknown applications and further labeling by experts. Besides that, a optimizer called Firefly Algorithm was also used to enhance the results by optimizing both Apriori and SOM parameters and a comparative study was performed on both optimized and non-optimized models. The OHM showed to be superior to a non-optimized model for both eMule and Skype applications, reaching levels superior to 94% for correctness rate. The OHM was also validated against another model based on computational intelligence, named Realtime, and the OHM proposed in this work presented better results when tested in real time.