Swarm Intelligence May Be Just the Ticket for Improved Network & Device Security

Based on the reaction of a single insect in a swarm, messages are passed along peer to peer, and an entire environment can respond without a central leader processing data and giving orders.

Morey Haber, Chief Security Officer, BeyondTrust

November 18, 2021

4 Min Read
Swarm of bees
Source: Andreas Häuslbetz via Alamy Stock Photo

The motion of bees, ants, and other insects looking for food and protecting their colony from attacks involves complex peer-to-peer communications with no centralized command and control. Insects use a variety of communication methods, from auditory sounds to chemicals, in order to transmit messages to peers, conveying a message and spreading information about a situation.

Once the message is passed and acknowledged (in some form) by others in the "swarm," a decentralized mission is formed to manage the situation. Based on the reaction of just one insect in the swarm, and the passing of messages to others in a peer-to-peer fashion, an entire environment can react without the need of a central leader processing data and giving orders. This is a foreign concept to most people who are accustomed to a hierarchy of authority, but it's a crucial development in understanding a potential modern approach to cybersecurity.

In the last few years, the world has embraced a massive digital transformation, moving to the cloud. With this metamorphosis, new technology has led to an explosion of Internet and cloud-enabled devices. The use cases for these devices range from personal digital assistants to home appliances and are classified as Internet of Things (IoT).

In 1989, the term "swarm intelligence" was coined by Gerardo Beni and Jing Wang based on basic artificial intelligence models using self-organized and decentralized systems. Then in 2019, researchers at Glasglow Caledonian University and COMSATS University in Pakistan developed a model that could potentially protect the Internet and cloud resources from cyberattacks. The attack method was presented at the IEEE's China Emerging Technologies Conference and is derived from an artificial bee colony (ABC) and a random neural network (RNN).

To mitigate IoT cloud threats, an ABC algorithm is a swarm intelligence model that uses AI to simulate the searching behavior of honeybees and applies the concepts to solve real-world computational problems. To make this work, an RNN is applied to the ABC model using machine learning based on the behavior of biological neural networks in the human brain.

"In this paper, an anomaly-based intrusion detection scheme is proposed that can protect sensitive information and detect novel cyber-attacks," the researchers noted in their paper. "The artificial bee colony (ABC) algorithm is used to train the random neural network (RNN) based system (RNN-ABC)".

The researchers trained their intrusion detection model based on ABC and RNN using a dataset that was used to establish algorithms to detect a cyberattack and contained a large quantity of Internet traffic data for training and analysis. After priming their RNN-ABC, the researchers carried out a sequence of assessments to measure its performance in identifying and quantifying cyberattacks.

The research produced findings that were highly effective in classifying new attacks with an astonishing accuracy of 91.65%. The researchers also concluded that the model's accuracy in classifying cyberattacks was greater when the "colony" size of its ABC swarm intelligence was larger. Therefore, a greater number of "artificial bees" contributing to the model improved the overall confidence in the solution. With the increasing number of IoT devices present on the Internet and connecting to the cloud, the potential increase in using these devices as a part of a swarm to identity a potential threat can ultimately lead to mitigating the risk. So, how do we pull this all together?

First, and most importantly, swarm intelligence needs a large colony size to enable devices that can communicate information and process relevant data for the swarm versus just network traffic alone. With the increasing presence of IoT devices that have a simple behavioral model, this is possible. 

Second, we need a mesh-style Internet protocol that allows a reliable method for the devices to communicate and provide information to the ABC-RNN model and each other. This large-scale, peer-to-peer protocol does not yet exist at the time of writing this article. 

Third, the ABC-RNN model needs rules, policies, and output that can classify any findings in human-readable, actionable results and for machine-to-machine automation. Technology like STIX and TAXII have begun to embrace and address this type of problem but fall short for peer-to-peer communications at scale (requirement No. 2). Finally, there is cloud security. The trust of data being processed in the model must be reliable and accurate or the entire system can be abused.

The purpose of swarm intelligence is to create a new method for determining the risk of cyberattacks via an untraditional method. This concept, using something new, innovative, and potentially highly reliable, is what the cloud needs for protection versus traditional methods migrated to the cloud. While you consider the protection you need for the cloud, sometimes you need to think outside of the box. Swarm intelligence is just one potential method and, realistically, if you read this 10 years from now, it might be the de facto method for protecting the cloud and/or IoT devices.

About the Author

Morey Haber

Chief Security Officer, BeyondTrust

With more than 20 years of IT industry experience and author of Privileged Attack Vectors and Asset Attack Vectors, Morey Haber joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition. He currently oversees the vision for BeyondTrust technology encompassing intelligent identity and access security solutions, as well as BeyondTrust's own internal information security strategies.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights