The motion of bees, ants, and other insects looking for food and protecting their colony from attacks involves complex peer-to-peer communications, with no centralized command and control. Insects use a variety of communication methods – from auditory sounds to chemicals to transmit messages to peers – to convey a message and spread information about a situation. Once the message is passed and acknowledged (in some form) by others in the “swarm,” a decentralized mission is formed to manage the situation.

Based on the reaction of just one insect in the swarm and the passing of messages to others in a peer-to-peer fashion, an entire environment can react without the need of a central leader processing data and giving orders. This is a foreign concept to most people, who are accustomed to a hierarchical structure of authority. However, this swarm intelligence concept is crucial to understanding a potential modern approach to cybersecurity.

In the last few years, the world has embraced broad-scale digital transformation, with migration and deployments to the cloud as an engine for these advancements. This evolution has led to an explosion of Internet and cloud-enabled devices. The use cases for these IoT devices range from personal digital assistants to home appliances.

In 1989, the term swarm intelligence was coined by Gerardo Beni and Jing Wang applying basic artificial intelligence models to self-organized and decentralized systems. Then, in 2019, researchers at Glasgow Caledonian University and COMSATS University in Pakistan¹ developed an innovative model that could potentially protect the Internet and cloud resources from cyberattacks. The attack method was presented at the IEEE’s China Emerging Technologies Conference and is derived from an Artificial Bee Colony (ABC) and a Random Neural Network (RNN). Figure 10-1 represents the basics of this algorithm.

A flowchart of the innovative technique to defend Internet and cloud resources from hackers. Through the processing, the algorithm is based on a streamlined combination of artificial bee colonies and random neural networks.

To mitigate IoT cloud threats, an ABC algorithm is a swarm intelligence model that uses AI to simulate the searching behavior of honeybees and applies the concepts to solve real-world computational problems. To make this model work, an RNN is applied to the ABC model using machine learning that is based on the behavior of biological neural networks in the human brain.

“In this paper, an anomaly-based intrusion detection scheme is proposed that can protect sensitive information and detect novel cyber-attacks,” the researchers authored in their paper. “The artificial bee colony (ABC) algorithm is used to train the random neural network (RNN) based system (RNN-ABC).”

The researchers trained their intrusion detection model based on ABC and RNN using a dataset that established algorithms to detect a cyberattack and contain a large quantity of Internet traffic data for training and analysis. After priming their RNN-ABC, the researchers carried out a sequence of assessments to measure its performance in identifying and quantifying cyberattacks. The research produced findings that classified new attacks with an astonishing accuracy of 91.65%. The researchers also concluded that the model’s accuracy in classifying cyberattacks was greater when the “colony” size of its ABC swarm intelligence was larger. Therefore, the more “artificial bees” contributing to the model, the higher the overall confidence in the solution.

Today, IoT devices are proliferating and present on the Internet and connecting to the cloud. Can we realistically use these IoT devices as a part of the swarm to identify a potential threat and ultimately mitigate the risk?

First, and most importantly, swarm intelligence needs a large colony size to enable devices that can communicate information and process relevant data for the swarm, as opposed to just network traffic alone. With the increasing presence of IoT devices that have a simple behavioral model, this is possible. Second, we need a mesh-style Internet protocol that allows a reliable method for the devices to communicate and provide information to the ABC-RNN model and each other. At the time of the writing of this book, such a large-scale peer-to-peer protocol does not exist – yet. Third, the ABC and RNN model needs rules, policies, and output that can classify any findings into human-readable results.² TAXII (Trusted Automated Exchange of Intelligence Information) has begun to embrace and address this type of problem, but it falls short for peer-to-peer communications at scale (requirement number two). Finally, we need to consider cloud security for this model. The trust of data being processed in the model must be reliable and accurate or the entire system can be abused and undermined.

The purpose of swarm intelligence is to create a new method for determining the risk of cyberattacks. This concept, using something new, innovative, and potentially highly reliable, is what today’s increasingly complex cloud environments need for protection.

While you consider the protection you need for the cloud, sometimes you need to think outside the box. Swarm intelligence is just one potential method, and realistically, if you read this book ten years after publishing, this might be the de facto method for protecting the cloud and IoT devices.