A Neural Network Model for Intrusion Detection Using a Game Theoretic Approach

  • Pallavi KaushikEmail author
  • Kamlesh Dutta
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 712)


The problem of intrusion detection in the computer networks is not new and various methodologies have been formulated to address the same. A game-theoretic representation was also formulated, using one of the oldest game playing techniques, the minimax algorithm to solve this problem. It exploited the adversary like situation between the intruder and the Intrusion Detection System (IDS) and the essence of this approach lies in the assumption that the intruder and the IDS have complete knowledge of the network and each other’s strategy. The solution for the intrusion detection problem via game theory gives the detection probability by which the IDS can detect the malicious packets on a given network when the probabilities with which the intruder sends the malicious packets on the various paths leading him to the target are known to the IDS. However, in the real world scenario, the role of the intruder and the IDS is dynamic, if the attack is detected or goes undetected the intruder tries to breach the network again with a different approach or the IDS tries to defend the network with a different strategy respectively. The next strategy for either of the two can be learnt by experience and thus, this paper, models an artificial neural network to represent this game-theoretic representation. The modeled neural network gives the detection probability of an attack by the IDS when the probabilities of sending malicious packets on the various paths leading the intruder to the target are given as an input pattern to the neural network.


Artificial intelligence Game theory Artificial neural network Intrusion detection 



The first author would also like to thank the Ministry of Human Resource and Development (MHRD), Government of India for funding her M.Tech program.


  1. 1.
    Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987). doi: 10.1109/TSE.1987.232894 CrossRefGoogle Scholar
  2. 2.
    Richard, A.K., Giovanni, V.: Intrusion detection: a brief history and overview. Computer 35, supl27–supl30 (2002). doi: 10.1109/MC.2002.1012428 Google Scholar
  3. 3.
    Chih, F.T., Yu, F.H., Chia, Y.L., Wei, Y.L.: Intrusion detection by machine learning: a review. Expert Syst. Appl. 36, 11994–12000 (2009). doi: 10.1016/j.eswa.2009.05.029 CrossRefGoogle Scholar
  4. 4.
    Wun, H.C., Sheng, H.H., Hwang, P.S.: Application of SVM and ANN for intrusion detection. Comput. Oper. Res. 32, 2617–2634 (2005). doi: 10.1016/j.cor.2004.03.019 CrossRefzbMATHGoogle Scholar
  5. 5.
    Gang, W., Jinxing, H., Jian, M., Lihua, H.: A new approach to intrusion detection using artificial neural networks and fuzzy clustering. Expert Syst. Appl. 37, 6225–6232 (2010). doi: 10.1016/j.eswa.2010.02.102 CrossRefGoogle Scholar
  6. 6.
    Mrutyunjaya, P., Manas, R.P.: Network intrusion detection using Naive Bayes. IJCSNS Int. J. Comput. Sci. Netw. Secur. 7, 258–263 (2007).
  7. 7.
    Donald, E.K., Ronald, W.M.: An analysis of alpha beta pruning. Artif. Intell. 6, 293–326 (1975). doi: 10.1016/0004-3702(75)90019-3 MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    George, T.H., Gary, P., Stanley, S.: Chapter 7: path finding in AI. In: Algorithms in a Nutshell, pp. 213–217. Oreilly Media (2008)Google Scholar
  9. 9.
    Stockman, G.C.: A minimax algorithm better than alpha-beta? Artif. Intell. 12, 179–196 (1979). doi: 10.1016/0004-3702(79)90016-X MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Cameron, B.B., Edward, P., Daniel, W., Simon, M.L., Peter, I.C., Philipp, R., Stephen, T., Diego, P., Spyridon, S., Simon, C.: A survey of Monte Carlo tree search methods. IEEE Trans. Comput. Intell. AI Games 4, 1–43 (2012). doi: 10.1109/TCIAIG.2012.2186810 CrossRefGoogle Scholar
  11. 11.
    Hadi, O., Mona, M., Chadi, A., Mourad, D., Prabir, B.: Game theoretic models for detecting network intrusions. Comput. Commun. 31, 1934–1944 (2008). doi: 10.1016/j.comcom.2007.12.028 CrossRefGoogle Scholar
  12. 12.
    Michalski, R.S., Jaime, G.C., Tom, M.M.: Machine Learning: An Artificial Intelligence Approach. Springer Science & Business Media, Heidelberg (2013)zbMATHGoogle Scholar
  13. 13.
    Yegnanarayana, B.: Chapter 1: basics of artificial neural networks. In: Artificial Neural Networks. PHI Learning Pvt. Ltd., pp. 15–39 (2009)Google Scholar
  14. 14.
    Chellapilla, K., David, B.F.: Evolving an expert checkers playing program without using human expertise. IEEE Trans. Evol. Comput. 5, 422–428 (2001). doi: 10.1109/4235.942536 CrossRefGoogle Scholar
  15. 15.
    David, S., Aja, H., Chris, J.M., Arthur, G., Laurent, S., George, V.D.D., Julian, S., et al.: Mastering the game of go with deep neural networks and tree search. Nature 529, 484–489 (2016)CrossRefGoogle Scholar
  16. 16.
    Andrew, N.L., Edward, G., Thomas, C.H.: Evolution of neural controllers for competitive game playing with teams of mobile robots. Robot. Auton. Syst. 46, 135–150 (2004). doi: 10.1016/j.robot.2004.01.001 CrossRefGoogle Scholar
  17. 17.
    Park, D.C., El-Sharkawi, M.A., Marks, R.J., Atlas, L.E., Damborg, M.J.: Electric load forecasting using an artificial neural network. IEEE Trans. Power Syst. 6, 442–449 (1991). doi: 10.1109/59.76685 CrossRefGoogle Scholar
  18. 18.
    Quan, H., Srinivasan, D., Khosravi, A.: Short-term load and wind power forecasting using neural network-based prediction intervals. IEEE Trans. Neural Netw. Learn. Syst. 25, 303–315 (2014). doi: 10.1109/TNNLS.2013.2276053 CrossRefGoogle Scholar
  19. 19.
    Ticknor, J.L.: A Bayesian regularized artificial neural network for stock market forecasting. Expert Syst. Appl. 40, 5501–5506 (2013). doi: 10.1016/j.eswa.2013.04.013 CrossRefGoogle Scholar
  20. 20.
    Kristjanpoller, W., Minutolo, M.C.: Gold price volatility: a forecasting approach using the artificial neural Network–GARCH model. Expert Syst. Appl. 42, 7245–7251 (2015). doi: 10.1016/j.eswa.2015.04.058 CrossRefGoogle Scholar
  21. 21.
    Pedro, G.T., Verdejo, J.D., Gabriel, M.F., Enrique, V.: Anomaly-based network intrusion detection: techniques, systems and challenges. Comput. Secur. 28, 18–28 (2009). doi: 10.1016/j.cose.2008.08.003 CrossRefGoogle Scholar
  22. 22.
    Tarek, S.S.: Wired and wireless intrusion detection system: classifications, good characteristics and state-of-the-art. Comput. Stand. Interfaces 28, 670–694 (2006). doi: 10.1016/j.csi.2005.07.002 CrossRefGoogle Scholar
  23. 23.
    Wenke, L., Salvatore, J.S., Kui, W.M.: Adaptive intrusion detection: a data mining approach. Artif. Intell. Rev. 14, 533–567 (2000). doi: 10.1023/A:1006624031083 CrossRefzbMATHGoogle Scholar
  24. 24.
    Lee, W., Nimbalkar, R.A., Yee, K.K., Patil, S.B., Desai, P.H., Tran, T.T., Stolfo, S.J.: A data mining and CIDF based approach for detecting novel and distributed intrusions. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 49–65. Springer, Heidelberg (2000). doi: 10.1007/3-540-39945-3_4 CrossRefGoogle Scholar
  25. 25.
    Valdes, A., Skinner, K.: Adaptive, model-based monitoring for cyber attack detection. In: Debar, H., Mé, L., Wu, S.Felix (eds.) RAID 2000. LNCS, vol. 1907, pp. 80–93. Springer, Heidelberg (2000). doi: 10.1007/3-540-39945-3_6 CrossRefGoogle Scholar
  26. 26.
    Nong, Y., Mingming, X., Syed, M.E.: Probabilistic networks with undirected links for anomaly detection. In: Proceedings of the IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, NY, pp. 175–179 (2000)Google Scholar
  27. 27.
    Gun, K., Nur, Z.H., Malcolm, I.H.: A hierarchical SOM-based intrusion detection system. Eng. Appl. Artif. Intell. 20, 439–451 (2007). doi: 10.1016/j.engappai.2006.09.005 CrossRefGoogle Scholar
  28. 28.
    Mei-Ling, S., Shu-Ching, C., Kanoksri, S., LiWu, C.: A novel anomaly detection scheme based on principal component classifier. In: Proceedings of the IEEE Foundations and New Directions of Data Mining Workshop, Melbourne, FL, USA, pp. 172–179 (2003)Google Scholar
  29. 29.
    Stuart, S., James, A.H., Joseph, M.M.: Practical automated detection of stealthy portscans. J. Comput. Secur. 10, 105–136 (2002). doi: 10.3233/JCS-2002-101-205 CrossRefGoogle Scholar
  30. 30.
    Nong, Y., Syed, M.E., Qiang, C., Sean, V.: Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans. Comput. 51, 810–820 (2002). doi: 10.1109/TC.2002.1017701 CrossRefGoogle Scholar
  31. 31.
    Alan, B., Chandrika, P., Rasheda, S., Boleslaw, S., Mark, E.: Network-based intrusion detection using neural networks. Intell. Eng. Syst. Through Artif. Neural Netw. 12, 579–584 (2002)Google Scholar
  32. 32.
    Kathleen, A.J., David, H.D., Cathy, A.S.: An expert system application for network intrusion detection. In: National Computer Security Conference, Washington, DC (United States), 1–4 October (1991)Google Scholar
  33. 33.
    Wenke, L., Savatore, J.S., Kui, W.M.: Data mining in work flow environments- experiments in intrusion detection. In: Proceedings of the 1999 Conference on Knowledge Discovery and Data Mining (KDD 1999) (1999)Google Scholar
  34. 34.
    John, L.Z., Ali, G.: Network intrusion detection using an improved competitive learning neural network. In: Proceedings of Second Annual Conference on Communication Networks and Services Research, pp. 190–197. IEEE-Computer Society (2004). doi: 10.1109/DNSR.2004.1344728
  35. 35.
    Mehdi, M., Mohammad, Z.: A neural network based system for intrusion detection and classification of attacks. In: Proceedings of the 2004 IEEE International Conference on Advances in Intelligent Systems-Theory and Applications. Luxembourg-Kirchberg, Luxembourg. IEEE Press, 15–18 November 2004Google Scholar
  36. 36.
    Susan, C.L., David, V.H.: Training a neural network based intrusion detector to recognize novel attacks. IEEE Trans. Syst. Man Cybern.-Part A: Syst. Hum. 31, 294–299 (2001). doi: 10.1109/3468.935046 CrossRefGoogle Scholar
  37. 37.
    Weiming, H., Wei, H., Steve, M.: Adaboost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 38, 577–583 (2008). doi: 10.1109/TSMCB.2007.914695 CrossRefGoogle Scholar
  38. 38.
    Bezalel, P., Peter, S.: Introduction to the Theory of Cooperative Games, vol. 34. Springer Science and Business Media, Heidelberg (2007)zbMATHGoogle Scholar
  39. 39.
    Eric, D.: Non-cooperative games. Ann. Math. 54, 286–295 (2014). doi: 10.2307/1969529 MathSciNetGoogle Scholar
  40. 40.
    Robert, A.H., Erik, D.D.: Games, Puzzles and Computation. AK Peters, Limited, Natick (2009)zbMATHGoogle Scholar
  41. 41.
    Walid, S., Zhu, H., Mérouane, D., Are, H., Tamer, B.: Coalitional game theory for communication networks. IEEE Sig. Process. Mag. 26, 77–97 (2009). doi: 10.1109/MSP.2009.000000 CrossRefGoogle Scholar
  42. 42.
    Kai, M., Xinping, G., Bin, Z.: Symmetrical cooperative strategies in wireless networks: a cooperative game approach. In: 29th Chinese Control Conference (CCC), Beijing, China, pp. 4175–4179. IEEE, 29–31 July 2010Google Scholar
  43. 43.
    Tanya, R., Shridhar, M.M., Ali, G.: Robust estimation and detection in ad hoc and sensor networks. In: IEEE International Conference on Mobile Adhoc and Sensor Systems (MASS), Vancouver, BC, Canada, pp. 236–245. IEEE, 9–12 October 2006. doi: 10.1109/MOBHOC.2006.278562
  44. 44.
    Vanbien, L., Zhiyong, F., Ping, Z., Yi, H., Xiaomeng, W.: A dynamic spectrum allocation scheme with interference mitigation in cooperative networks. In: Wireless Communications and Networking Conference, WCNC 2008, pp. 3175–3180. IEEE (2008). doi: 10.1109/WCNC.2008.554
  45. 45.
    Hadi, O., Noman, M., Lingyu, W., Mourad, D., Prabir, B.: A game-theoretic intrusion detection model for mobile ad hoc networks. Comput. Commun. 31, 708–721 (2008). doi: 10.1016/j.comcom.2007.10.024 CrossRefGoogle Scholar
  46. 46.
    Haksub, K., Hyungkeuk, L., Sanghoon, L.: A cross-layer optimization for energy-efficient MAC protocol with delay and rate constraints. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), Prague, Czech Republic, pp. 2336–2339. IEEE, 22–27 May 2011. doi: 10.1109/ICASSP.2011.5946951
  47. 47.
    Kodialam, M., Lakshman, T. V.: Detecting network intrusions via sampling: a game theoretic approach. In: INFOCOM 2003 Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, San Francisco, California, USA, vol. 3, pp. 1880–1889, March 2003. doi: 10.1109/INFCOM.2003.1209210
  48. 48.
    Shamik, S., Mainak, C., Kevin, K.: A game theoretic framework for power control in wireless sensor networks. IEEE Trans. Comput. 59, 231–242 (2010). doi: 10.1109/TC.2009.82 MathSciNetCrossRefGoogle Scholar
  49. 49.
    Animesh, P., Park, J-M.: A game theoretic approach to modeling intrusion detection in mobile ad hoc networks. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 280–284. IEEE (2004).doi: 10.1109/IAW.2004.1437828
  50. 50.
    He, W., Xia, C., Wang, H., Zhang, C., Ji, Y.: A game theoretical attack-defense model oriented to network security risk assessment. In: International Conference on Computer Science and Software Engineering, vol. 3, pp. 1097–1103. IEEE (2008). doi: 10.1109/CSSE.2008.1062
  51. 51.
    Tansu, A., Tamer, B.: A game theoretic analysis of intrusion detection in access control systems. In: 43rd IEEE Conference on Decision and Control, vol. 2, pp. 1568–1573. IEEE (2004). doi: 10.1109/CDC.2004.1430267
  52. 52.
    Sintayehu, D., Kyle, G., Ladan, G., Reza, G., Srikanta, K.: Reliable data fusion in wireless sensor networks: a dynamic bayesian game approach. In: Proceedings of 2009 IEEE Military Communications Conference, Boston, MA, USA, 18–21 October. IEEE Press (2009). doi: 10.1109/MILCOM.2009.5379987
  53. 53.
    Afrand, A., Sajal, K.D.: Preventing DoS attacks in wireless sensor networks: a repeated game theory approach. Int. J. Netw. Secur. 5, 145–153 (2007)Google Scholar
  54. 54.
    Charles, P., Zhu, H., Liu, K.J.R.: Cooperation enforcement and learning for optimizing packet forwarding in autonomous wireless networks. IEEE Trans. Wirel. Commun. 7, 3150–3163 (2008). doi: 10.1109/TWC.2008.070213 CrossRefGoogle Scholar
  55. 55.
    Zhang, X., Cai, Y., Zhang, H.: A game-theoretic dynamic power management policy on wireless sensor network. In: International Conference on Communication Technology, ICCT 2006, Guilin, China, pp. 1–4. IEEE (2006).doi: 10.1109/ICCT.2006.341932

Copyright information

© Springer Nature Singapore Pte Ltd. 2017

Authors and Affiliations

  1. 1.Computer Science and EngineeringNIT-HamirpurHimachal PradeshIndia

Personalised recommendations