Design of Cybersecurity Threat Warning Model Based on Ant Colony Algorithm

: In this paper, a cybersecurity threat warning model based on ant colony algorithm is designed to strengthen the accuracy of the cybersecurity threat warning model in the warning process and optimize its algorithm structure. Through the ant colony algorithm structure, the local global optimal solution is obtained; and the cybersecurity threat warning index system is established. Next, the above two steps are integrated to build the cybersecurity threat warning model based on ant colony algorithm, and comparative experiment is also designed. The experimental results show that, compared with the traditional qualitative differential game-based cybersecurity threat warning model, the cybersecurity threat warning model based on ant colony algorithm has a higher correct rate in the warning process, and the algorithm program is simpler with higher use value.


Introduction
After the advent of the Internet era, crimes involving cybersecurity have also emerged in endlessly. The cybersecurity of international organizations and countries, as well as the cybersecurity of enterprises or individuals, is always at risk of being attacked and harassed by hackers. And because most people do not have the ability to defend against network intrusion, they are helpless in the face of cybersecurity threats and can only let Trojan horses attack the network [1]. In order to solve cybersecurity problems, to face the increasingly complex network situation in the future, and to improve the ability to solve cybersecurity threats, warning of cybersecurity threats has become a subject of widespread concern. In the past warning models of cybersecurity threats, some cannot achieve the warning effect well, and some have complex structures and poor computing effects. Therefore, based on the ant colony algorithm, a warning model of cybersecurity threats is designed to improve the warning model of cybersecurity threats that cannot achieve the desired effect in the past. Both the ant colony algorithm and the improved ant colony algorithm that is gradually designed and improved can be used to find the best path. It is an algorithm that can gradually approach the global optimal solution by enhancing the better solution. Therefore, the ant colony algorithm is widely used in the computer field [2]. First, the structure of the ant colony algorithm is designed to find a local optimization model that can realize the warning function of cybersecurity threats. Second, the indicator system of cybersecurity threat warning is comprehensively judged and designed from the three perspectives of relevant policies, warning capabilities and final warning effects. Third, a cybersecurity threat warning model based on ant colony algorithm is designed. Finally, an experiment is designed to verify that the designed cybersecurity threat warning model based on ant colony algorithm is better than the previous cybersecurity threat warning models, and the algorithm has low redundancy and practicality.

Ant Colony Algorithm Structure Design
Ant colonies in nature usually secrete a chemical substance in the process of foraging so that other ants nearby can detect this pheromone and find the shortest path from the starting point to the ending point based on the pheromone [3][4]. In the process of finding the optimal path, ants will also release this pheromone, so the more ants behind, the higher the probability of choosing the optimal path. Moreover, the unique pheromone of this ant colony is very adaptable. Even if an obstacle suddenly appears in the middle of the path, the ant colony can quickly find a new shortest path [5]. Based on this existing optimal path finding method in nature, some scholars in the computer field have proposed an ant colony algorithm to find the optimal solution. The mechanism of ant colony algorithm in computer can be roughly summarized as the following process. First, when the artificial ants in the computer solve problems with each other, they need to find a better solution according to the guidance of pheromone. In the process of finding a better solution, these artificial ants will also leave behind the same pheromone. According to the iterative effect of the algorithm, the artificial ants at the rear can enhance the better solution based on these increasingly rich pheromones to obtain a better solution. In this way, a positive feedback mechanism of information is formed, enabling artificial ants to find solutions that are getting closer and closer to the optimal solution. Finally, at the end of the iteration, an approximate optimal solution can be obtained [6].
In the iteration, assuming that the number of iterations is t, the probability of the ant choosing the path (i, j) is: where, ( ) represents the probability of choosing the path (i, j) when the artificial ant moves from the starting point i to the end point j during the t-th iteration; represents a collection of places that artificial ants can pass through at point i; ( ) represents the pheromone concentration left by artificial ants ahead when they pass the (i, j) path during the t-th iteration [7]; ( ) represents the heuristic information constructed by the path (i, j) and the pheromone of the artificial ant during the t-th iteration; Both and represent the weight factors of pheromone and heuristic information emitted by artificial ants [8].
When the artificial ant has traversed all the paths from point i to point j (that is, after traversing all the paths), it is necessary to update the pheromone everywhere in the set, and then a local optimization model can be obtained.

Establishment of Indicator System for Cybersecurity Threat Warning
To establish a cybersecurity threat warning model based on ant colony algorithm, it is also necessary to design a cybersecurity threat warning indicator system [9]. The network structure is a complex system, as shown in Fig. 1. At present, there are few research on the indicator system of cybersecurity threat warning, and the research framework and weight judgment are different. Based on the research of a large number of cybersecurity related research documents, the cybersecurity threat warning indicator system is designed, and details are shown in the following table. According to Table 1, the warning indicators for cybersecurity threats are mainly judged from three perspectives: relevant policies, warning capabilities, and final warning effects. National policies and regulations on cybersecurity threat warning, methods and technical measures in the specific implementation process, the detection, warning, and defense capabilities of cybersecurity threat warning, and the effects and benefits of cybersecurity threat warning are comprehensively considered [10][11].

Cybersecurity Threat Warning Model Construction Based on Ant Colony Algorithm
Through the use of ant colony algorithm, the network security threat early warning model established based on the above network security threat early warning indicator system pays more attention to the weight evaluation of various indicators [11]. The specific model building steps are shown in the figure below.
As shown in the Fig. 2, first, the model structure of the ant colony algorithm is built inside the computer, and then the obtained optimal solution is substituted into the initial network security threat warning indicator system matrix to calculate the comprehensive impact matrix. The centrality and cause degree of indicators are determined according to the comprehensive influence matrix, and finally the weight of each indicator is determined [12][13][14]. Then the comprehensive evaluation value is solved based on the weight value, the evaluation value can indicate whether a network data stream is threat data [15][16][17][18]. If the evaluation value is higher than the dangerous value, it is dangerous data and warning is issued; if the evaluation value is lower than the dangerous value, it is safety data and no warning is required [19][20].

Experimental Design
In order to judge whether the designed cybersecurity threat warning model has a better cybersecurity threat warning function, whether the algorithm structure is more concise and clear, the cybersecurity threat warning model based on ant colony algorithm and the cybersecurity threat warning model based on qualitative differential game are compared and analyzed.

Experiment Preparation
First, the experimental environment needs to be set up. The software and hardware settings required for the experiment are shown in the Table 2. Then it is necessary to establish a data set of cybersecurity threat to test the functions of the design model and the cybersecurity threat warning model based on qualitative differential games. 10,000 pieces of network-related data are collected, including 100 pieces of data with threats, and the ratio of security data to threat data is 99:1. The 10,000 pieces of network data are randomly divided into 10 data groups with different security data and threat data, and the designed cybersecurity threat warning model based on ant colony algorithm and the cybersecurity threat warning model based on qualitative differential game are used respectively for detection. The accuracy and detection time of the two models in the detection process are compared to determine the warning effect and algorithm redundancy of the two models.

Analysis of Results
The experimental data are analyzed through Matlab software, and the experimental results obtained are shown in the Table 3. As shown in the Table 3, Fig. 3 and Fig. 4, the established network security threat early warning model based on ant colony algorithm has a correct probability of 80%, while the traditional network security threat early warning model based on qualitative differential game has a correct probability of only 40%, which is far less accurate than the established one. In terms of running time, the designed warning model takes an average of 19.4 s, while the calculation time of the traditional warning model is 30.1 s, which is about 1.5 times that of the designed warning model. Therefore, it can be known that the designed cybersecurity threat warning model has better threat detection methods, can enhance the warning accuracy of traditional models, and the program algorithm is more concise and clear.

Conclusion
According to the ant colony algorithm, the cybersecurity threats are screened by variables, and a cybersecurity threat warning model based on ant colony algorithm is constructed through the cybersecurity threat index system. There are 11 indicator factors in this model, and the selection of variables is more comprehensive. Through comparative experiments, it can be judged that, compared with the cybersecurity threat warning model based on qualitative differential game, the cybersecurity threat warning model based on ant colony algorithm has better computational effect and data simplicity.

Conflicts of Interest:
The authors declare that they have no conflicts of interest to report regarding the present study.