Performance of Machine Learning and other Artificial Intelligence Paradigms In Cybersecurity

Cybersecurity systems are required at the application, network, host, and data levels. The research is purposed to evaluate Artificial Intelligence paradigms for use in network detection and prevention systems. This is purposed to develop a Cybersecurity system that uses artificial intelligence paradigms and can handle a high degree of complexity. The Pragmatism paradigm is elaborately associated with the Mixed Method Research (MMR), and is the research philosophy used in this research. Pragmatism recognizes the full rationale of the congruence between knowledge and action. The Pragmatic paradigm advocates a relational epistemology, a non-singular reality ontology, a mixed methods methodology, and a value-laden axiology. A qualitative approach where Focus Group discussions were held was used. The Artificial Intelligence paradigms evaluated include machine learning methods, autonomous robotic vehicle, artificial neural networks, and fuzzy logic. A discussion was held on the performance of Support Vector Machines, Artificial Neural Network, K-Nearest Neighbour, Naive-Bayes and Decision Tree Algorithms. CONTACT Gabriel Kabanda gabrielkabanda@gmail.com Atlantic International University, 900 Fort Street Mall 40, Honolulu,


Introduction Background
Cyber security is the collection of policies, techniques, technologies, and processes that work together to protect the confifidentiality, integrity, and availability of computing resources, networks, software programs, and data from attack (Berman, D.S., et al., 2019). The process of instructing computers to learn is called machine learning. Machine learning (ML) algorithms inspired by the central nervous system are referred to as Artifificial neural networks (ANNs), and this involves programming computers to teach themselves from data instead of instructing them to perform specific tasks. Deep Learning (DL) is a special category of ML purposed to bring it to closer to Artificial Intelligence (AI). ML is known for automating the analysis of large data sets and producing models of the general relationships found among the data. KABANDA, Orient. J. Comp. Sci. & Technol., Vol. 13(1) 01- 21 (2020) According to Truong  The research is purposed to evaluate the performance of Machine Learning and other Artificial Intellligence paradigms use in Cybsersecurity. The phenomenal growth in the use of the internet and its associated threats have precipitated the Network Intrusion Detection Systems (NIDS). The NIDS is a category of computer software that monitors system behaviour with a view to ascertain anomalous violation of security policies and distinguishes between the legitimate network users from malicious ones (Bringas, P.B., and Santos, I., 2010, p.229).
NIDS exist in two categories, anomaly detectors and misuse network detectors. Misuse detection systems invigilate all incoming traffic to detect any sequence that appears in that knowledge base. On the contrary, anomaly detection systems focus on discovering new unknown threats (Bringas, P.B., and Santos, I., 2010, p.229). Research conducted by Bringas and Santos (2010, p.229) on Artificial Intelligence paradigms for use in network anaomaly detection focused on neural networks, genetic algorithms, fuzzy logic, support-vector machines, finite automata, and other diverse data-mining-based approaches.
Information Systems Security (ISS) comprises computer security and communications security. The normal requirement for network security is an Intrusion Detection Systems(IDS) and Intrusion Prevention Systems (IPS). A firewall provides network security against external threats in order to preserve sensitive files on computers within the network (Stallings, W., 2015, p.10). Each of the devices on the network can be thought of as a node; each node has a unique address. The phenomenal growth of the use of wireless technology has increased the vulnerability of networks (Stefanova, Z.S., 2018, p.2). Consequently, the use of a firewall as one of the classical security measures has proved to be inadequate. The cyber-criminals have now become innovative with their new techniques.
Cybersecurity is purposed to protect internetconnected systems from cyberattacks. Gercke (2012) defined cybercrime as a computer related crime, and Oxford English Dictionary (2019) defined it as criminal activities carried out by means of computers or the internet. Governments, companies, organisation and individuals throughout the world are struggling to deal with cybercrimes, and the most forms of cyberattacks are ransomware, email phishing, cyber bullying, online extortions, etc (Yedaly, M., and Wright, B., 2016; Norton Symantec, 2017). Cybersecurity culture is defined as the beliefs, assumptions, attitudes, values, perceptions and knowledge that people have pertaining to cybersecurity and how these manifest in their interaction with ICTs (European Union Agency for Network and Information Security, 2017). Technology alone cannot be a cushion against cyber-threats, but instead humans should occupy a centre stage through cyber security culture (Gcaza et al., 2017). A strong cybersecurity culture changes the mindsets of people and their security behaviour (European Union Agency for Network and Information Security, 2017) and will stand as a human firewall against threats without coercion. The emergence of information and communication technologies (ICTs) has precipitated a dependent information society supportive of business management, information sharing and provision of electronic services (Malyuk and Miloslavskaya, 2016). In Africa, most organizations are not ready to respond to information security threats (Africa Cyber Security Report, 2016). These range from online visa applications to e-government platforms and this has made them prime targets for cyber-attacks (Africa Cyber Security Report, 2017). New technologies and business process automation is being done without ensuring that adequate security controls are put in place to safeguard these systems (Africa Cyber Security Report, 2016). There is a dire need to nurture an information society that exhibits a culture of respecting values, rights and freedoms in terms of accessing information so as to build confidence and trust in the use of ICTs in Africa (United Nations, 2014). In Africa, twenty-one countries have Data Protection Legislations and 13 have both Data and Cyber Security Legislation.
The overall security in Cybersecurity is only as strong as the weakest link (Nielsen, R., 2015, p.8). It is of primordial importance that the company objectives clearly reflect access controls and security mechanisms. Common practice shows that employees are given access to only what they need, the internet is segregated into separate networks that compartmentalize security and access privileges are limited to minimise any security breaches (Nielsen, R., 2015, p.11). Nielsen (2015, p.12) argues that Virtual Private Networks or VPNs are known to provide secure access to internal company internet by employees on the Internet working from elsewhere outside the company premises. The recommended network structure that provides a secure internet environment is shown on Figure 2 below (Neilsen, R., 2015, p.14). Convergence of wired and wireless services is dependent upon the progress made by the nextgeneration access networks. The broad-band evolution coupled with the phenomenal growth in the Internet has precipitated intense traffic patterns in access networks (Yu, J., et al., 2009, p.1). A unified networking platform for fixed and mobile users is now clothed with mobility features that deliver voice, data, and video services (Yu, J., et al., 2009, p.1).
The first step in Network Security is to redirect all network traffic through a single point and only open the ports on the firewall necessary for business traffic. This can be strengthened by providing VPN support (Nielsen, R., 2015, p.18). Separation of duties is one of the key principles of information security which can be supported by authentication and authorization systems that give access only to those business resources needed to perform one's duties. As shown on Figure 1, this separation can be achieved through VPNs. A VPN provides mobility to the users to work on-site or off-site. However, in this separation of duties, there is need for an Intrusion Detection Systems(IDS) and Intrusion Prevention Systems (IPS) that prevents the detected attack from taking place and to protect the network (Nielsen, R., 2015, p.19). The IDS often operates with sensors, analyzers and a user interface, as shown Figure 3 below. A firewall provides network security against external threats (Stallings, W., 2015, p.10). Operating Systems Hardening is one of the basic steps to secure an operating system (Stallings, W., 2015, p.28). This involves installing and patching the operation system, and then hardening and/ or configuring the operating system to adequately provide acceptable security measures. The phenomenal increase in internet-connected systems has precipiated an increase in the attack surface which has led to greater risk of cyber attack (Berman, D.S., et al., 2019). The cyber attacks are increasigly getting sophisticated with zero-day exploits and malware that evade security measures. Furthermore, commercial interest in cyber attacks has increased. We may need to leverage data analytics in cyber defense systems. Truong, T.C.
(2020) observed that cybersecurity systems are increasingly getting used to improve operational efficiencies and reduce costs in critical areas, such as finance, transportation, defence, healthcare.

Statement of the Problem
The phenomenal growth in the use of the internet and its associated threats have precipitated the Network Intrusion Detection Systems (NIDS). The rapid growth of the use of wireless technology has increased the vulnerability of networks. Classical security measures have proved to be grossly inadequate under the circumstances. The focus for Cybersecurity has now shifted to the use of Artificial Intelligence paradigms for use in network anomaly detection such as neural networks, genetic algorithms, fuzzy logic, support-vector machines, finite automata, and other diverse data-miningbased approaches. The key problem is to evaluate various Artificial Intelligence paradigms for use in Cybersecurity in support of Bayesian Networks.

Purpose of Study
The research is purposed to evaluate machine learning and other artificial intelligence algorithms for use in Cybersecurity.

Research Objectives
The research objectives are to: Which artificial intelligence paradigm is most effective in developing a Cybersecurity system than can handle a higher degree of complexity?
The sub questions are: • How are the Artificial Intelligence paradigms for use in network detection and prevention systems ? • How is a Cybersecurity system developed that uses artificial intelligence paradigms and can handle a high degree of complexity?

Literature Review Overview
Each of the devices on the network can be thought of as a node; each node has a unique address. The first step in Network Security is to redirect all network traffic through a single point and only open the ports on the firewall necessary for business traffic. Intrusion detection and prevention systems (IDPS) include all protective actions or identification of possible incidents, analysing log information of such incidents, how to block them in the beginning itself and generate reports for the concern of security personnel (Umamaheswari, K., and Sujatha, S., 2017, p.1). Stallings (2015, p.31-38) recommends the use of various security control measures in an organisation.   Table 2.
The research article by Demir and Dalkilic (2017) came out with a threat model which assumed that there is a monitoring system that collects information on the packet level. However, these assumptions may not always hold water. According to Umamaheswari and Sujatha (2017), the components in IDPSs can be sensors or agents, management and database servers, user and administrator consoles for interaction and management networks. There is need for protection of the software-based IDPS components such that their operating systems and applications are kept fully up-to-date. Umamaheswari and Sujatha (2017) proposed a model of defence framework which arranges intrusion detection components in a maze-like structure so as to capture and dynamically correlate unknown attacks as early as possible.
According to Williams (2014), cyberspace is a human made information environment created when computers and related telecommunication equipment and other components that allow fast movement of large amounts of data are connected. The use of IP addresses exposes the nonphysical nature of cyberspace. In the physical domain, addresses reference a physical location but IP addresses tell the user where to go, without necessarily pointing to a physical location. All the interconnected devices and data that comprise cyberspace are manmade. Cyberspace is categorized into three layers namely the physical layer, the logical layer and the social layer.
The Internet of Things (IoT) relates to interconnected devices via communication channels and methods that transmit and communicate with each other. The transmission method can be wired or wireless depending on the devices. According to Symantec (2016), the Internet of Things is now a prime target for hackers. Risks include data falsification, data manipulation, data and identity theft or IP theft. The number of Internet of Things (IoT) devices is increasing and those devices are being used every day (Concierge Security report, 2018).The Internet of Things (IoT) industry is expected to be worth $US19 trillion by 2020 globally (ACS, 2016). Furthermore, the growth in big data and cloud computing industries also present great chances for the Internet of Things (IoT) industry to flourish. However, cybersecurity is a key challenge in the Internet of Things (IoT) realm. This is because hackers can penetrate an organization's network through the Internet of Things (IoT) devices (MacAfee, 2018) or through the cloud environment which the Internet of Things (IoT) devices heavily rely on (KPMG, 2018).The security of those devices together with the people that use them is very important as cybersecurity risk is high (Concierge Security report, 2018).
According to Fehling et al., (2014), the cloud symbol is usually used to symbolize the internet. Cloud computing is now frequently used to describe the delivery of software, middleware platforms, infrastructure, whole business processes and storage services over the internet. These services are delivered when they are needed in the quantity needed at a certain time. Put differently, cloud computing is very much similar to the rent-a-car model. The cost effectiveness and efficiency of the cloud platforms is tempting most organizations to migrate to the cloud and enjoy a wide range of benefits (Sharma, 2012) which according to KPMG (2018) include: • free capital expenditure • accessibility from anywhere at anytime • no maintenance headaches • improved control over documents as files will be centrally managed The cloud computing market grew 4 times between 2015 and 2020 from US73 billion to US270 billion as depicted on Figure 4 above (KPMG, 2018). Cybersecurity is also a key challenge in this industry as cybercriminals use cloud services as warehouses to store their malicious software and as targets that will be used as launchpads for Denial of Service

Fig.5: Differences between Information Security and Cybersecurity. Source: Center for Cyber and Information Security (https://ccis.no/cyber-security-versus-information-security/)
The NIST Cybersecurity Framework According to National Institute of Standards and Technology (2018), the NIST Cybersecurity framework was crafted with the view of reducing cyber risk and improve security to critical infrastructure. It is based on standards such as Control Objectives for Information and Related Technologies (COBIT), International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC). This framework is not a one size fits all (Purdy, 2016) framework since different organizations face different cybersecurity risks. The framework targets companies, Non-Governmental Organizations, government agencies as well as communities regardless of their size and focus. The framework consists of three main components which include the framework core, implementation tiers and the framework profile.
The NIST (2018) indicates that this component of the framework consists of five sub-components or activities which are to identify, protect, detect, respond and recover from cyber-attacks as shown below on Figure 6.
The framework core can also be viewed as a set of cybersecurity activities, desired outcomes and references applicable and common across all sectors. Each function has categories (total of 22) and subcategories (total of 98) (Angelini et al., 2017). Subcategories are basically practical activities that have to be done such as data collection on the organization's software and hardware or even documenting legal requirements for cybersecurity (Angelini et al., 2017). Informative references are the international standards that are associated with each category and subcategory. The implementation of all the subcategories by an organization will result in a high cybersecurity level. However, it is important to note that the cybersecurity framework was primarily designed for critical infrastructure although it can be used by smaller companies and communities. According to Alcaraz and Zeadally (2015), critical infrastructure is made up of assets and systems which can be either virtual or physical that are so important to a nation such that any interruption of their services could have a serious impact on economic well-being, national security, public health or safety or a combination of all of these. Critical infrastructure includes power grids, hospital systems as well as public transportation.

Machine Learning
Computers have always operated on commands with a set of known responses programmed into them, with no room for deviation. Technology has developed to allow computers to learn new responses based on data they receive. This helps them complete tasks that were not originally programmed into them as they interact with their users. This technology is called Machine Learning and forms part of artificial intelligence (AI). In Machine Learning (ML) we focus on the computer programs that have access to large volumes of data from which they can learn by themselves. There are unlimited opportunities in ML for detecting network intrusion without using a signature database.
The use of AI and ML in Cybersecurity realises benefits which include faster response and protection, automated protection, learning to adapt to various challenging situations, personalization, and usabaility. The major applications of ML are as follows:

Virtual Personal Assistants
Computing smart devices are equipped with voice recognition applications that respond to commands given by the user. In the beginning the responses are basic and at times have errors. However, over time as the application develops the user's patterns and preferences, the responses become more complex and accurate. Examples of such applications are Siri, Alexa, Google, etc., the more popular virtual personal assistants that can be asked to recommend a good restaurant in an area the user is visiting.

Predictions while Commuting
Utilising GPS navigation services, motorists can be advised by a machine learning computer of the least congested or shortest to a predetermined destination. Users seeking public transport, can book a taxi using an application of their device. This application will search for the closest available taxi and provide an estimated cost of the journey to the desired destination.

Videos Surveillance
Artificial intelligence is characterised by the ability to learn, comprehend and and predict human behaviour. This assists users to prevent possible mishaps in public areas.

Social Media Services
ML is now being utilized in targeting advertisements, personalization of news, and social media platforms. In this way, ML enables online connection with people whose learning profiles arae available on various platforms such as Facebook. Facial recognition can also help identify the established connection of people from pictures uploaded online.

Email Spam and Malware Filtering
ML can filter possible spam from email patterns of users and common recipients, machine learning can filter possible spam. Also, by learning certain code, it can detect different malware

Customer Support Services
To reduce the dependence on large number of call centre support agents, organisations are utilising chatbots that respond to basic customer queries. With time they are learning to respond to more complex questions as they continuously interact with the clients with better answers.

Search Engine Result Refining
The manner in which users respond to a set of search results provide machine learning with data to build a predictive pattern to improve future search results. Google, Bing, etc., use such backend algorithms.

Product Recommendations
ML is useful in predicting and recommending the desired products to users on shopping websites.

Online Fraud Detection
Funds transfer patterns are learnt by ML through determination of genuine and potentially fraudulent online transactions.

Complexity of Cyber-Physical Systems
Cybercrimes are monotonically increasing and there is a growing concern on the security, confidentiality and computer assurance of the stored data. Intrusion detection and prevention systems (IDPS) include all protective actions or identification of possible incidents, analysing log information of such incidents, how to block them in the beginning itself and generate reports for the concern of security personnel (Umamaheswari, K., and Sujatha, S., 2017, p.1).
The complexity of cyber-physical systems (CPS), the roles and responsibilities of the humans that interact with them, and the cyber-security of these highly interconnected systems now requires a resilient CPS (Ghafouri, A., 2018, p.1). According to Ghafouri, resilient CPS provide interdisciplinary solutions for problems such as how to tailor the control system to enable it to respond to disturbances quickly and efficiently, how to better integrate widely distributed CPS to prevent faults that result in disruptions to operations of critical infrastructure, and how to design cyber-security protection mechanisms so that the system defends itself from cyber-attacks by changing its behaviors. Advanced control algorithms deployed in CPS are dependent upon data from multiple sensors to predict the behaviors of the system and make corrective responses. However, such systems can become brittle to the extent that any unrecognized fault or degradation in the sensors can lead to incorrect responses by the control algorithm and potentially compromise the desired operation. Ghafouri, A. (2018, p.1) argued that advanced control algorithms in resilient CPS require the implementation of detection and diagnosis architectures to recognize sensor faults and degradations.
A significant challenge is the design of anomaly detectors that effectively detect failures and cyberattacks in CPS. In design and evaluation of anomaly detectors, realistic attack models that represent the harmful effects of cyber-attacks on CPS are needed (Ghafouri, A., 2018, p.2). Resilience in CPS is defined as protecting the operational goals (e.g., stability) as well as other non-operational goals (e.g., privacy) in the presence of both expected events (e.g., failures) and unexpected events (e.g., cyber-attacks) (Ghafouri, A., 2018, p.6). According to Ghafouri, A. (2018, p.6), resilience in CPS must attain three goals: • Integrity which represents the trustworthiness of data or resources, • Availability which is the ability to access and use information on demand as specified, and • Confidentiality, which is the ability to keep information secret or private from unauthorized users.

Research Methodology Presentation of the Methodology
The Pragmatism paradigm which is intricately related to the Mixed Methods Research (MMR) was used in this research. Pragmatism makes use of the rationale of the congruence between knowledge and action. The Mixed Methods approach consisted of a qualitative aspect whose research design was Focus Group discussions, and the quantitative aspect whose research design was an Experiment.
A research design symbolises advance planning or a research master plan (Kothari, C.R., 2004). This planning caters for the research methods to be used, techniques to analyse the data whilst addressing the objectives of the research and taking into account the resources available. Research design is required because it helps the smooth flow of the several research processes, thereby making research efficient in getting more information with less investment in time, effort and money (Kothari, C.R., 2004). The relationship between research methodology and research design are amply illustrated by the research onion shown on Figure  7 below.
With unsupervised classification, it is assumed that there is no external teacher that can train the classifier. The desirable position in cases of applications where the expected results are not known in advance is to train the classifier. In AI the algorithms can be improved by employing problem solving techniques used by human beings, such as learning, or gaining the ability to perform tasks from examples and training.
Qualitative data for this research was collected on the cybersecurity framework and industry practice. Focus Group discussions were held in order for the participants to interact and share their experiences whilst influencing one another's views and contributions. The researcher facilitated the Focus Group discussions on a Cybersecurity workshop with a total of 8 participants held at the Harare International Conference Centre (HICC), on Thursday 7th and Friday 8 th March, 2019.
The first aim for analysis of qualitative data is to describe a phenomenon in some or greater detail. According to Flick, U. (2013, p.7), the first approach in the qualitative data analysis puts subjective experiences as the focus. A second approach focuses on describing the making of a social situation. A third approach is to go beyond the first two approaches and into spheres of implicit and even unconscious aspects of a social phenomenon.
For the research to be credible special attention has to be paid to reliability and validity. Reliability measures consistency of the instrument in measuring.
To test for reliability of the instrument, the Cronbach's alpha coefficient was used to check for internal consistency. To be reliable the minimum threshold for the Cronbach's alpha coefficient is 0.7 (Saunders et al.,2009). Reliability tests were conducted for the observation data and the key variables chosen.
There are two types of validity which are internal and external validity. Internal validity consists of face validity and construct validity. According to Saunders et al., (2009) reliability is the extent to which the techniques used for data collection and analysis could give the same results . It also concerns issues of whether same results would be found if the same study would be concluded by a different researcher or from a different observer. The other issue is whether there is transparency in the way raw data was analysed and processed to draw conclusions.

Possible Outcomes
The expected accuracy rate for the research should be according to Table 3 below, which shows the international benchmark.

Analysis and Research Outcomes
The landscape for intrusion detection is shown on Figure 8 below. It must be noted that network traffic behaviour differs according to the service provision by each specific equipment with a known IP address By using sensibility analysis the knowledge representation model can be accomplished in order to avoid denial of service attacks (Bringas, P.B., and Santos, I., 2010, p.242). The simple rules for the analysis of attack are shown on Figure 9 below. An alarm is triggered on the IDS in an anomaly-based intrusion detection if some type of unusual behaviour occurs on the network. An autonomous robotic vehicles can be attractive targets for cyber attacks to prevent them from navigating and of completing the mission of intrusion prevention. The limitation of such detection is confined to knowledge-based and vehicle-specific methods, which are applicable to only specific known attacks ( Bezemskij, A., et al., 2017, p.1). The attack vectors of the attack scenarios used by Bezemskij, A., et al., (2017, p.2) is shown on Figure 10 below. In this experiment, the system is allowed to undertake several missions by the robotic vehicle which is destined to reach on the ground with stochastic elements that divert the robotic vehicle testbed. The practical experimental setup for the attack vectors used is shown on Figure 11 below.
The methodology used by Bezemskij, A., et al., (2017, p.3) is a self-learning approach which generalizes the sensor data into signatures and uses these signatures as the data source's unique description. Bezemskij, A., et al.,(2017, p.5) presented a Bayesian network which can receives real-time information from a vehicle's sensors, processes and communicates the modules in determining whether or not there is an attack. However, a limitation of this mechanism is its perfect performance only in low sampling frequency of one sample per second. A higher sampling frequency attracts lack of precise synchronisation between the heterogeneous data sources used..  Figure 12 below.

Fig.12: An IDS with a Bayesian Network and Inference Analyser
Profiles of network software behaviour can be built with Neural Networks and distinguish between normal and anomalous/malicious software behavior (Napanda, K., et al., 2015, p.2). The use of Neural   The pros and cons of each algorithm using the NSL-KDD dataset are shown on Table 5 below.   SBSs are summarised on table, Table 6, below. Synchronize the autonomous CIDS, whereby the collaborated intrusion detection systems must be synchronized in order to detect attacks in real-time.
The intrusion detection situation can be considered as a classification problem.

Challenges and Future Direction
Cyber attacks are advancing rapidly and outpacing the technical measures in cybersecurity that deploy new signatures to detect these new attacks (Berman, D.S., et al., 2019). This challenging situation in combination with advances in machine learning (ML) presents unlimited opportunities to apply neural network-based deep learning (DL) approaches to cyber security applications to detect new variants of malware and zero-day attacks. The future direction of research in this area should the cascading connection of malicious activities throughout an attack lifecycle and the metrics for evaluation of DL performance. However, new datasets are required to develop new DL approaches for cybersecurity systems.

Conclusion
An intrusion detection system monitors and determines whether or not a malicious event has occurred, and raises an alert each time a malicious event is detected (Bolzoni, D., 2009, p.13). The main research question was: Which artificial intelligence paradigm is most effective in developing a Cybersecurity system than can handle a higher degree of complexity? The first step in Network Security is to redirect all network traffic through a single point and only open the ports on the firewall necessary for business traffic. It must be noted that network traffic behaviour differs according to the service provision by each specific equipment with a known IP address.
Intrusion detection and prevention systems (IDPS) include all protective actions or identification of possible incidents, analysing log information of such incidents, how to block them in the beginning itself and generate reports for the concern of security personnel (Umamaheswari, K., and Sujatha, S., 2017, p.1). The complexity of cyber-physical systems (CPS), the roles and responsibilities of the humans that interact with them, and the cybersecurity of these highly interconnected systems now requires a resilient CPS (Ghafouri, A., 2018, p.1). According to Ghafouri, resilient CPS provide interdisciplinary solutions for problems such as how to tailor the control system to enable it to respond to disturbances quickly and efficiently, how to better integrate widely distributed CPS to prevent faults that result in disruptions to operations of critical infrastructure, and how to design cyber-security protection mechanisms so that the system defends itself from cyber-attacks by changing its behaviors.
The Artificial Neural Networks (ANN) have been found to be quite effective, especially when they use multilayer perceptrons, as was used by Aljebreen, M.J. (2018, p.32) in intrusion detection. The multilayer perceptron learns the model from the training data using an algorithm called backpropagation. The Error data at the output layer is back propagated to earlier ones, which allows incoming weights to these layers to be updated.

Acknowledgement
I deeply appreciate the Atlantic International University for supporting this research work as part of my Doctor of Science degree in Computer Science.

Funding
The author(s) received no financial support for the research, authorship, and/or publication of this article.

Conflict of interest
There is no conflict of interest associated with this publication.