A survey of inspiring swarm intelligence models for the design of a swarm-based ontology for addressing the cyber security problem

The increased use of the internet raises concerns about the security of data and other resources shared in cyberspace. Although efforts to improve data security are visible, the need to continuously explore other avenues for preventing and mitigating cyberattacks is apparent. Swarm intelligence models have, in the past, been considered in cybersecurity though there was no formal representation of the swarm intelligence knowledge domain that defines how these models fit into the cybersecurity body of knowledge. This article reviews the aspects of three swarm intelligence models that may inspire the design of the desired swarm intelligence ontology. The algorithms are the particle swarm optimization, ant colony optimization, and the artificial bee colony model. In each case, we investigate the main driving features of the model, the causal aspects, and the effects of those causal aspects on the resolution of the cybersecurity problem. We also investigate how these features can be recommended as the building blocks of the desired swarm intelligence ontology. Investigations indicate that the artificial bee colony model has three outstanding aspects considered for the design of the swarm intelligence ontology and that is the quality, popularity, and communication. Foraging through pheromone deposits is an outstanding component of ant colony optimization that aids in locating threats sources more quickly by using the shortest route or tracks with high pheromone deposits. The particle swarm optimization model, on the other hand, adds alignment, cohesion, and collision avoidance aspects to the ontology to augment the ant colony and artificial bee colony algorithms. In our view, although intrusion detection is a complex problem in cybersecurity, the power of integrated swarm intelligence models is more than the sum of the individual capabilities of each swarm intelligence model individually. The article, therefore, proposes a swarm intelligence ontology that will potentially bring us closer to resolving the general cybersecurity problem.


Introduction
The increased use of the internet has led to an upsurge in cyber threats. The number of interconnected devices has tremendously risen due to the increasing need for users to access shared data and other resources. This proliferated use of the internet has influenced the demand for various internet services which has seen sensitive data being exchanged between users and devices over the network. However, the need for data security (Rainie & J. Anderson, 2017) and more reliable systems to safeguard data (Tsohou, et al., n.d.) has also increased. The development and deployment of intrusion detection systems, firewalls, crypto models, and antimalware have not stopped cyber-criminal activities (Cascavilla, et al., 2021). Cybercriminals continue to exploit the vulnerability of cyberinfrastructures (Lallie, et al., 2020). More sophisticated cyber defense measures that are efficient, intelligent, flexible, scalable, robust, fault-tolerant, and reliable are apparently needed to augment hardware and user interventions (Jang-Jaccard & Nepal, 2014).
Swarm Intelligence is not a new concept in the cyber security body of knowledge. The concept is inspired by nature to define the collective behaviour of decentralized self-organized systems (Schranz, et al., 2020). Although discrete views of swarm intelligence have been connoted in the cyber security space, there lacks a formal standard for representing the swarm intelligence knowledge domain in this context of cyber security.
An ontology is an organized outline of terms in a discipline or subject area, their attributes, and their interactions or relationships (Guan, et al., 2016). Commonly ontologies are conceptual representations in the field of knowledge representation (Gruber, 1995). Ontologies have been applied to a variety of disciplines to provide a representation of knowledge and thereby allow for the classification, transfer, and reuse (Fernández-Breis & Martínez-Béjar, 2002) of the knowledge thereof. In detail, an ontology can be described as a formal representation of an entity and relationship which exists in a subject area and must also represent a general conceptualization to serve a useful purpose (Dobson & Sawyer, 2006).
A generalized swarm intelligence ontology may ensue from an understanding of the key aspects of various swarm intelligence models which cause emergent behaviour. In this context, emergent behaviour is the collective phenomena or behaviours in complex adaptive systems that are not present in their individual parts. This means that as the elements of a swarm interact with one another or their environment, the collective behaviour of the whole is different from that of its parts (Tang, et al., 2018).
This journal reviews related works in which three swarm intelligence models have been considered as inspiration for the design of a swarm intelligence ontology for detecting and mitigating cyber security threats. The review aims to identify the key component of each swarm intelligence model, and aspects that may be considered in the design of the generalized swarm intelligence ontology.
Relating to the problem under study, swarm intelligence may help automate the security response to provide a proactive protection mechanism to safeguard against Cyber security threats by raising alarms where they are detected (Pupillo, et al., 2021).
As a case study, this article focuses on three swarm intelligence models, namely particle swarm optimization, ant colony optimization, and the artificial bee colony. The main deliverables of the discussions undertaken in this study are the important aspects of each swarm intelligence model that form the component units for the design of a generalized swarm intelligence ontology. We pinpoint these key aspects, along with their intersection, and suggest how they can be represented as a knowledge domain for resolving the cyber security problem.
The rest of the article proceeds as follows: Section 2 discusses our general understanding of swarm intelligence and swarm intelligence ontologies and review of literature. We zoom into the features of the particle swarm optimization model and how it has been used in the cyber security domain, thereafter, we discuss the ant colony optimization model and the various features which have adopted to address the cyberthreats issue. In the same section, we close the review with a discussion of the artificial bee colony model and the various elements which have been used in cybersecurity. In section three, we justify why there is need to adopt swarm intelligence in cyber security while section 4 discusses the methodology employed in conducting this research. Section 5 discusses the results of the experiments. The observations and recommendations we make, of the key aspects that can be considered for the design of a generalized swarm intelligence ontology follow in section 6 which discuses the key aspects which could be considered in the detection and mitigation of cyberthreats. These aspects adopted are based on results obtained in section 5. Lastly, Section 8, 9 and 10 concludes the article, highlighting the key observations, the main contributions, as well as the direction for future studies respectively.

Literature Review
We understand swarm intelligence as a concept where different robotic devices interact with each other in the same environment to achieve a collective goal (Raslan, et al., 2020). Swarm intelligence belongs to the field of artificial intelligence and is based on the collective behaviour of elements in decentralized and self-organizing systems (Raslan, et al., 2020). Related algorithms are well established and applied in well-known aptitude-based problems where tangible results have been noted in various fields (Raslan, et al., 2020).
On the other hand, swarm intelligence ontology ensues from an understanding of the key aspects of various swarm intelligence models which cause emergent behaviour. The swarm intelligence ontology presents a set of subjects or domain concepts and categories that have properties and relationships between them. In the context of this study, a swarm intelligence ontology breaks down the features of ant colony models, artificial bee colony models, and particle swarm optimisation models seeking robotic device communication mechanisms, popular actions, quality, causes for rapid convergence, velocity, position formulation, and inertia to better understand how these features fit together into defining the language for addressing cyber security issues.

Particle Swarm Optimization
Particle Swarm Optimization is a population-based algorithm that mimics the navigation and foraging of a flock of birds (Tan, 2016).The algorithm provides optimized solutions through enhanced cooperation of the individual members of the swarm (Sengupta, et al., 2018). The algorithm is based on three aspects namely keeping inertia, changing the position influenced by an individual's most ideal position, and changing the condition influenced by the swarm's ideal position (Daniel & James, 2001). In this context, keeping inertia refers to remaining in the same condition meaning moving in the same direction or alignment. On the other hand, changing position is about cohesion. Contrary, changing conditions means separation (Tang, et al., 2018). Each particle moves with a velocity and monitors adjacent particles to avoid collisions while moving (Dar, 2015). At any given time, each particle adjusts its velocity according to its pre-optimal location, which is considered a cognitive component, and to the influence of its neighbours, called social components (Sengupta, et al., 2018). Two components are bound to each particle. One is stochastic and the other is deterministic (Dar, 2015). Particles communicate while they keep checking their position and updating the group to converge at the global best position (Sengupta, et al., 2018). The key aspects are that all the particles in a swarm communicate and share their best or ideal position until the best position is achieved for the group (Daniel & James, 2001), with the group position remaining constant throughout the optimization (Freitas, et al., 2020). The separation rule is concerned with the drive of avoiding crowding of particles and alignment deals with the average heading of the particles (Reynolds, 1987). The third rule which is cohesion is concerned with the drive to move towards the average position of the local flockmates or swarm (Daniel & James, 2001). Particles move through a multidimensional search area and change their positions in response to their own and their neighbors' experiences. This suggests that a choice will be made based on the group's assessment of the quality of the food source. Particles act collectively to find solutions in the best areas of a high-dimensional search field.
This algorithm has an advantage in that it provides faster convergence and can find better solutions (Lin, et al., 2019). Because of this feature, it has been recommended for executing a scheme to search for potential attack sources between the victim and the attack source (Priyanka & Ramakrishnan, 2021). The PSO algorithm's search function has been used in cybersecurity where the concepts of particle fitness value, velocity and position have been applied to detect threats (Alterazi, et al., 2022). Individual particle's positions continue to be communicated and compared with the group position to decide the best group position as particles move through cyberspace looking for threats (best position) (Alterazi, et al., 2022). The highest fitness value will decide the best group position. To reduce cyberthreats, the PSO algorithm's position, velocity, and fitness features have been adopted to determine the threat with the highest fitness value causing particles to converge on the position (Priyanka & Ramakrishnan, 2021). Therefore, a complete PSO particle search determines the group's optimum position influenced by fitness value and velocity (cohesion and separation), to detect a true positive of a cyberthreat.

Ant Colony Optimization
The ant Colony optimization algorithm was inspired by the observation of ant colonies (Mirjalili, 2018). The algorithms employ social ants to achieve optimization and find the shortest path to the source by following tracks with heavy pheromone deposits (Chhikara & Patel, 2013). The ant colony optimisation algorithm has been applied to build a solution to the Cyber Security problem by detecting vulnerability moving from one node to the other (Chhikara & Patel, 2013). The solution imitates the movement of Ants applying a stochastic local decision policy that makes use of the pheromone, when adding a component to the current partial solution, an ant can update the values of the pheromone trails that were used for this construction step (Chhikara & Patel, 2013). The aspects of ACO which have been used in cybersecurity include foraging by tracking high deposits of pheromone to determine the shortest path to a threat (food source). Threat hunting is made more effective through improved convergence on sources with tracks having high pheromone levels and once a path's pheromone deposit level tumbles, it will no longer be considered hence a new path will have to be determined. Pheromone, which helps foraging for a source is an aspect which has been implemented in cyber security to help quick convergence using the shortest path to the source. The principle of the ant colony optimisation algorithm implemented through an ant routing algorithm where ants deposit the pheromone, while they traverse the network moving from one node to the other through hops (Hudedagaddi, 2012). From each node on the network identified through the route which the packet has travelled before, several discovery packets (forward ants) will move towards the selected destination nodes (Hudedagaddi, 2012). Each node's routing tables consists of stochastic tables, used to select the next hops according to weighted probabilities. These probabilities are calculated based on the pheromone trails left by previous ants. The random search features adopt the concepts of shortest path through pheromone deposits to determine the food source meaning the route with highest pheromone deposits will be used to hunt for threats (Hudedagaddi, 2012).

Artificial Bee Colony Model
The algorithm mimics the movement of a colony of bees as they search for food sources. The colony consists of three groups of bees: employed bees, onlookers, and scouts. It is assumed that there is only one artificial employed bee for each food source (Gao, et al., 2011). The ABC adopts three features namely, communication, popularity, and quality(fitness). The employed bee exploit food sources and share information with onlooker bees, the onlooker bee which evaluates food sources selects good food sources with higher quality(fitness) based on the information supplied by the employed bee (Gao, et al., 2011).Bees leave a poor-quality 486 source and start over with new food sources. The size of the bee population and the number of cycles are the controls for the algorithm. The bees find the best food source influenced by the quality of the best food source and a decision will be reached by the group by converging on the source with the highest quality through popularity (Kulkarni & Desai, 2016). The artificial bee colony algorithm has been employed to train the machine learning models to be able to predict a novel of attacks (Amudh, et al., 2015). The aspects of quality, popularity and communication have been used to identify true and false positives in the environment. The quality has been used to check if a threat is a true positive or not and through popularity, agents will be able to decide and converge on a threat. Control parameters like iterations and colony size will be evenly distributed between the various groups of bees and help to find an optimal solution to detect and stop malicious activities with improved accuracy and reduced false positives (Amudh, et al., 2015). The algorithm has been used in cyber security to improve the search diversity of the source of an attack through its global searchability facility (Gao, et al., 2011). Popularity is achieved through proximity communication and a waggle dance w to advertise threat sources to enable their detection (Gao, et al., 2011).

Why Swarm Intelligence in Cyber security
There has been an increase in cyber incidents world over and the pattern persisted to date, raising concerns and the need to curb the spike (Mcanyana, et al., 2020). Cybercriminals continue to exploit the vulnerability of cyberinfrastructures (Lallie, et al., 2020). More sophisticated cyber defense measures that are efficient, intelligent, flexible, scalable, robust, fault-tolerant, and reliable are apparently needed to augment hardware and user interventions (Jang-Jaccard & Nepal, 2014). On the other hand, Swarm Intelligence is not a new concept in the cyber security body of knowledge. The concept of swarm intelligence has been applied in health, in computing and various other sectors and has been seen to produce desired results. Various algorithms have been applied individually to address the cybersecurity problem but alone cannot address the growing concerns. As discussed in the previous section, each of the three algorithms has its own strengths and weakness. Swarm intelligence has been applied in cybersecurity through bio-inspired algorithms, population based, communication metaheuristics optimizers, global intelligence driven by local interactions, cooperative behaviour, autonomous systems, self-organizing systems and decentralised systems (Zelinka & Šenkeřík, 2020). The proposed generalised swarm intelligence ontology seeks to combine three swarm algorithms and integrate the concepts of cooperative behaviour, population based, communication and self organisation in detecting and mitigating cyberthreats. The integration of the aspects comes against a background that when deployed independently, they may not have the same impact as combined. The justification is that the aspects help complement each other may help in bringing closer the much-anticipated results and this therefore calls for an integrated solutions or hybridization of various swarm intelligence aspects to solve the cybersecurity problem. This research, therefore, seeks to identify those individual aspects which can be acquired from the particle swarm optimisation, ant colony and artificial bee colony to detect and mitigate cyberthreats.

Research and Methodology
We developed a simulator to evaluate the effectiveness of the suggested swarm intelligence ontology to identify and mitigate cyberthreats. The three algorithms namely the particle swarm, ant colony and artificial be colony had three different simulations to assess how each can address the cybersecurity problem separately. The aim was to identify the outstanding elements and aspects which could be put together to address the cyber security problem. The simulator has a deployment environment where agents and threats were generated at random, once generated, agents would scout targets that resemble threats. The simulations had 100 and 150 agents which got generated at random and deployed into the environment. The group of agents deployed search for and identify potential threats in the environment using various swarm aspects namely inertia, position, cohesion, alignment, communication, convergence, velocity popularity and quality being inherited from the three swarm algorithms. The agents converged at the best position which resembles the threats source using the various swarm intelligence algorithm aspects. The simulations were accrued out separately for each algorithm, the results were observed, the outstanding aspects were identified and recommended for the development of the swarm intelligence ontology.

Experiment
An experiment was conducted to determine how the three algorithms work while foraging for threat-like objects in cyberspace. The experiment was carried out as three separate simulations for the PSO, ACO and ABC in using Netlogo simulators. The computer which was used for the experiments is an Intel® CoreTM i5 10th generation computer with a 2.40GHz processor, 8GB of RAM, and running Windows 11Pro. The environments deployed three separate simulations of the PSO, ACO, and ABC algorithms which deployed particles, ants, and bees to converge on a threat source. Agents were created to converge at a threat and various aspects have been used to achieve this and all critical and outstanding aspects were noted for the consideration of the development of the swarm intelligence ontology. The agents communicated until they reached the optimal position determined by the instructions given. This swarm intelligence aspects served as inputs for the design of the swarm intelligence ontology. The most outstanding and crucial aspects which are deemed essential, have been adopted in the development of the swarm intelligence ontology to detect and mitigate cyber threats.

Environment setup
The environment in this research refers to a two-dimensional square like surface designed in Netlogo. The environment is made up of threat sources and agents which are randomly generated across the two-dimensional square. Once the simulations begin to run, agents scout around the area looking for threat sources. The agent's position keeps changing and being communicated through various techniques until the converge at the best location. From the ACO perspective, agents keep searching for threat sources and once a source has been neutralized, they move to the next closest source. The process continues until all threats have been neutralized. From the PSO perspective, agents keep scouting for the source with best quality and once neutralized they will move to the next with the highest quality value from those available. With the ABC algorithm, agents scout and use popularity to converge at the source with the highest quality value.

Findings
This section presents the findings of the experiments conducted and presents the results obtained. The section is divided into three different sections looking at each algorithm independently. The results discuss the number of agents deployed, noting the convergency times when the number of agents deployed is varied. Lastly section 5, discusses these findings and makes recommendations for the aspects to be adopted for the design of the generalised swarm intelligence ontology.  . shows agents having converged at the best group position where the target is located. The figure therefore shows that the agents have identified the threat by converging at that position which is the global best value. Once they have exploited the target, they will search for the nest best position and the process gets repeated infinity times. Figure 4: Convergency 100 Agents Figure 3 shows that the best position is found in 40 milliseconds with 50 agents and in 20 seconds with 100 agents respectively. These results point to the fact that to improve convergency more agents need to be added over a constant number of threat sources. Figure 3 shows the environment with three threat sources where the purple section shows the ant nest where the agents will be deployed from. Figure 4 shows the agents searching around the environment and start to identify the threat source following tracks with the highest pheromone deposits. It is the responsibility of the scouting ant agent to look for threats sources and as they scout, they secrete pheromone on the tracks. The worker ants agents sense the chemical deposits and follow tracks having high pheromone deposits to get to the source. The worker agents get the source depleted or neutralized(finished) as they carry particles to the nest before they can look for new tracks laid by scouting agents for new sources. As the worker ants will be carrying particles to the nest depleting the source, the scouting ants keep searching for new sources which the worker ants will be able to track once the source they were feeding on is finished through pheromone deposits. Figure 5 shows that the three sources which were the closest neutralized in that the ants' feed on the food source (threat source) until its finished and move on to the next until all sources are finished. The ant agents neutralize the closest source first until they reach the furthest source.   Figure 6 shows all the threats sources or threat like targets having been neutralized and the agents keep searching the environment and once any other threat like target is identified it will be neutralized. Figure 7 shows agents converging and having neutralized all the threat like targets in the time indicated on the graph. The graph shows that agents quickly converge on sources closer to the nest and neutralize it. The white one will be neutralized first, brown being the second last and the blues source being the last since it is the furthest. shows that the agents converge on the last source after 1150 milliseconds and figure 10, with 150 agents converge after 988 milliseconds. Thus, therefore shows improved convergency speed with more agents deployed over a constant number of threat sources. Figure 8 shows the search environment with threat sources and agents that have been generated at random. The threat sources or threat like target have values assigned to them indicating the quality value. The central part shows bees in a hive where they will search threat sources from a hive. The bee agents are divided into scouts, employees, and onlookers. As the scouting bees search as indicated by figure 9, they keep communicating the quality of the sources they have identified. Once a scout finds a source, the employed bee exploits food sources and share information with onlooker bees, the onlooker bee which evaluates food sources selects good food sources with higher quality(fitness) based on the information supplied by the employed bee. The bee agents keep advertising the source with the highest quality and once a quorum of the population is reached all the bees will converge at the source with the highest popularity. While the employed bees are working on the identified source, the scouting bees keep looking for another source which will be advertised to the onlooker and employed bees and once a quorum is reached, they converge at, yet another source and the process gets repeated. Figure 12: Searching. Figure 10 shows that as the advertising continues, the agents once they reach a quorum regarding the target being advertised, they will converge at the source identifying it as the target with the highest value based on popularity influenced by the advertising. The agents in this case only converge at a position with the highest quality value and neutralizes it. Once its neutralized or food source is depleted, they move to the next position which becomes the current best position. The process goes on like that moving from one threat target to the other. Figure 11 shows the interactions between agents until they converge.  Figure 12 shows that with 100 scouts the agents converge after 1120 interactions while on figure 13, agents converge after 895 interactions. This therefore illustrates that the more agents deployed in the environment, less time will be taken to converge with a constant number of threats sources generated.

Discussion
The purpose of this section is to give suggestions for the design of the swarm intelligence ontology based on the study's key findings. Furthermore, it also looks at how different aspects of the particle swarm optimisation, ant colony, and artificial bee colony algorithms which were identified as outstanding could be combined and work together to solve the cyber security issue. From the experiment conducted through simulations, for the particle swarm optimisation algorithm, it has been noted that particle swarm agents keep communication their positions to avoid collision and congestion to allow for alignment. As they search for threats, they continue to communicate the best individual position and keep comparing with the group position until a decision will be reached for the best group position. These agents arrive at the threat position using the best fitness value and ensuring that there is cohesion, alignment, and communication. Once the threat has been identified, the agents converge at that position with the best fitness value. There are three aspects which have been identified and recommended for inclusion in the design of the swarm intelligence ontology and they are cohesion, alignment, and communication.
The simulation of the ant colony optimisation algorithm has shown that pheromone deposits play a critical role which influences how ants forage for a threat source. Once the agents are generated, they forage for threat source by following tracks with the highest pheromone deposits. Once the treat source is depleted or gets neutralized pheromone deposit values starts to tumble indicating that the current source is neutralized. This facilitates the scouting of ne tracks leading to new threats sources. The results indicate that threat sources near the nest are depleted or neutralized first before the agents can identify new further sources.
The simulation for the artificial bee colony algorithm showed that as agents are generated in the environment, they scout from the hive. The scout agents search for threat sources and advertise to the onlooker and employed bees which will assess the quality of the source before a decision is reached to converge on a source with the highest popularity. The aspects identify are quality, communication, and popularity. Once they converge at a source, they will neutralize or deplete while the scouting agents are looking for the next source with the highest quality.
These findings therefore indicates that cohesion, alignment, foraging through pheromone to identify closest threats sources using shortest path, communication, popularity, and quality are the outstanding aspects of the three swarm intelligence algorithms discussed by this paper. This therefore suggests that there is a need to have ways in which they can interact together to address the cyber security problem. These are, therefore, aspects which are input to the design of the swarm intelligence algorithm to be discussed in the next section. The experiment aimed at identifying aspects which enable rapid convergency and the other aspects not mentioned were not seen as crucial in developing the proposed swarm intelligence ontology. The simulations were done with 100 and 150 agents on all the three respective experiments. The results indicated that there is fast convergence when the number of agents deployed increases with a constant number of threats sources as shown by the results. This therefore suggests that in the development of the solution, more agents should be deployed.

Swarm Intelligence aspects for consideration in the design of the Swarm Intelligence Ontology
The diagram below Venn diagrams shows the various aspects which have been adopted from the three algorithms in the design for a SIO to detect and mitigate cyberthreats.

Figure 16:
Venn diagram with aspects adopted for the design of the SIO Figure 17 shows the proposed swarm intelligence ontology to address the cyber security problem.

Figure 17: Proposed Swarm Intelligence Ontology
The figure shows the aspects which were adopted for the development of a swarm intelligence ontology. The design combines three swarm algorithms to detect and mitigate cyber security threats. Various aspects were adopted from the models, and they include proximity communication, cohesion and alignment adopted from the particle swarm algorithm. These features will be used by the agents for enhanced communication and influence their movement as they move towards a threat source. From the ant colony optimisation algorithm, the foraging aspect is adopted through pheromone deposits for enhancing foraging of threat sources. This aids in selecting the shortest path by following tracks with the highest pheromone deposits to hunt threats. The artificial bee colony's quality, popularity and proximity communication augments the model to cause for fast convergence. The agents generated by the hybrid swarm are scouts, onlookers and employed agents. The scouts forage for threats sources and once they identify a source, they advertise it by doing a waggle dance at the source. The onlooker agents will hunt for the threats sources by following tracks with high pheromone deposits and check the quality of the sources. If they are happy with the quality, they also perform a waggle dance and once a quorum is reached in the agent's population, the peep and converge at that source. The agents employ proximity communication by advertising at the source to agents within their proximity reducing convergence time unlike in a case where they must go back to the nest or hive to advertise. While the employed agents are neutralizing the threat source, scouting agents keep looking for new sources and keep advertising to the onlookers. As the scouting agents forage, they keep communicating their positions to ensure they are aligned to avoid collision and keep comparing individual agents' position against the group position to determine the best position.

How the Swarm Intelligence Ontology Works
The algorithms begin by randomly initializing the population of the swarm. From the population, random agents are generated.
Having agents generated, the various agents will be set as scouts, employed or onlookers. Agents generated adopt the random foraging aspect from ACO. The agents generated employ the shortest path from to hunt for threats for fast convergence by adopting the foraging concept employed from ants through following tracks with high pheromone deposits to mitigate threats. Once agents have been generated, the new individual position keeps changing as it gets generated based on the evaluation of the agent position which 492 are the aspects of position and cohesion adopted from PSO. The agent's position keeps changing by comparing the initial and new position to assume a better position. As the positions change, agents keep communicating to continuously evaluate the best position.
A comparison between the new and initial position will be done leading to the selection of a better position for the agent. As the agents keep changing the position, they keep comparing the quality of the threat source (food source) and keep communicating. The agent's positions keep being evaluated and communicated. A popular position will be advertised through proximity communication, raising an alarm indicating there is a threat which has been detected causing agents to converge at that position to neutralize the threat. Once agents converge at the threat source, they reduce the quality value by one (1) and check if there is no other source with a quality value higher than the neutralized one. While the employed agents are neutralizing the threat source, scouting agents keep looking for new sources with higher quality values, advertise them, reduce by one (1). This keeps happening until sources' quality values are reduced to zero (0). Assuming that all sources have been reduced to zero, the agents keep scouting and repeat the process to infinity.

Conclusions
The findings of the research are that in our view, although intrusion detection is a complex problem in cybersecurity, the power of integrated swarm intelligence models is more than the sum of the individual capabilities of each swarm intelligence model individually. The findings of the research conclude that intrusion detection is complex and this, therefore, suggests that there is need to keep exploring measures to detect and mitigate cyber security threats. This paper therefore recommended for the fusion of the particle swarm, ant colony and artificial bee colony algorithms in the design of a generalised swarm intelligence ontology to address the cybersecurity problem. This might help us get closer in detecting and mitigating cyberthreats and complementing the existing signature-based, behavioural based, and anomaly-based techniques already in place.
The survey established some key points to note regarding how the integration of the particle swarm optimisation, ant colony optimisation, and artificial bee colony could influence the design of a swarm intelligence ontology for addressing cybersecurity issues. The following important points are made: i. The ant colony optimisation's concept of pheromone deposits helps for quick convergence through the adoption of the shortest path in tracking threat like targets which can form a crucial aspect of SIO in reaching the targets in less time. ii.
The particle swarm's alignment best fits and has been noted to enhance communication between agents and aids in collision avoidance. iii.
Quality, popularity, and proximity communication have been inherited from the artificial bee colony. The concept of proximity communication through waggle dancing influences popularity and causes fast convergence since the agent does not need to go and advertise at the nest or hive hence reason for fast convergence.
The paper made contributions through the provision to review on how swarm intelligence algorithms have been adopted in cyber security: The paper also looked at how the three swarm intelligence models have been considered for detecting, protecting, or mitigating cyber security threats.
Identification of the key aspects for the design of the swarm intelligence ontology: The paper managed to identify the various aspect from the particle swarm optimisation, ant colony optimisation and the artificial bee colony algorithms that may be considered in the design of the generalized swarm intelligence ontology.
Development of generalized swarm intelligence ontology: this section used the identified key aspect from the three swarm intelligence models in the development of the proposed swarm intelligence ontology. The design incorporated various aspects which we felt could be combined to help detect and mitigate cyber security threats. The aspects from the particle swarm algorithm include alignment and cohesion. The ant colony model has foraging through shortest path while the artificial bee brought in proximity communication, popularity, and quality. These aspects combined can bring better threat search results than in each individual swarm algorithm being implemented separately.
The directions for future work arise as follows: i. Development and testing the proposed swarm intelligence ontology: this involved the modelling of hybrid algorithms which includes the particle swarm optimisation, ant colony optimisation and the artificial bee colony while adopting key features which could be used to address cybersecurity problems. ii.
Evaluation of the swarm intelligence ontology on the cyber security problem: this entails making an evaluation of the proposed swarm intelligence ontology to assess the extent to which it can be adopted to address the identified cyber security problems. iii.
Invention of the swarm intelligence ontology: this includes the design of a standardised ontology which could be adopted to address cyber security problems and be adopted in other knowledge domains.