Battle of Botcraft: Fighting Bots in Online Games

Download Report

Transcript Battle of Botcraft: Fighting Bots in Online Games

Battle of Botcraft:
Fighting Bots in Online Games
withHuman Observational Proofs
Steven Gianvecchio, Zhenyu Wu, Mengjun Xie,
and Haining Wang
The College of William and Mary, USA
ACM CCS 2009
OUTLINE
1.
2.
3.
4.
5.
6.
7.
8.
Introduction
Background
Related Work
Game Playing Characterization
HOP System
Experiments
Limitations
Conclusion
1. Introduction

About online games :




$7.6 billion revenues in 2008.
Massive multiplayer online games (MMOGs).
Game bots.
The existing methods for combating bots.


Human interactive proofs (HIPs).
Warden, a process monitor.
1. Introduction (cont.)

A game bot defense system based on human
observational proofs (HOPs).



Behavioral biometric systems.
A client-side exporter and a server-side analyzer.
The purpose of the HOP system is to raise
the bar against game bots.
2. Background

Game bots :



Standalone custom game client.
Standard game client.
Game playing behaviors :


Human
Bots
3. Related Work

Anti-Cheating :



Game cheating prevention
Game cheating detection
Behavioral Biometrics :


Keystroke dynamics and mouse dynamics
Identity matching
4. Game playing characterization

The Glider Bot :


Requires system administrator privileges.
Profile — a set of configurations including
several waypoints and options.
4. Game playing characterization (cont.)

Input Data Collection :

RUI — input data collection program.

clock resolution close to 0.015625 second
(approximate 64 times/sec).
4. Game playing characterization (cont.)
women
>45
35-44
25-34
men
18-24
4. Game playing characterization (cont.)



Game bot is runningwith 10 different
profiles in 7 locations in the game world for
40 hours.
Profiles are half run with a warrior and half
run with a mage.
Characters range from level 1 to over 30 in
the traces.
4. Game playing characterization (cont.)
4. Game playing characterization (cont.)

Game Playing Input Analysis :

keyboard and mouse input traces with respect
to timing patterns (duration and inter-arrival
time) and kinematics (distance, displacement,
and velocity).
4. Game playing characterization (cont.)
4. Game playing characterization (cont.)
4. Game playing characterization (cont.)
5. HOP System

Client-side exporter


sends a stream of user-input actions taken at a game
client to the game server.
Server-side analyzer

processes each input stream and decides whether the
corresponding client is operated by a bot or a human player.
5. HOP System (cont.)

Client-Side Exporter :


Derives input actions from raw user-input events.
A standalone external program
5. HOP System (cont.)

Server-Side Analyzer :



User-input action classifier
Decision maker
Neural Network Classification :

Eight input values for each user-input action


action duration, mouse travel distance,
displacement, efficiency, speed, angle of
displacement, virtual key and bias value.
Output Neuron
5. HOP System (cont.)

Decision Making :


A simple “voting” scheme
If the majority of the neural network output
classifies the user-input actions as those of a bot,
the decision will be that the game is operated by
a bot, and vice versa.
5. HOP System (cont.)


Performance Impact and Scalability :
Client side



16 bytes of data per user-input action.
additional bandwidth consumption induced by
the client-side exporter is negligible.
Server side

The server-side analyzer is very efficient in
terms of memory and CPU usage.
6. Experiments


In terms of detection accuracy, detection
speed, and system overhead
True positive rate and true negative rate
6. Experiments (cont.)

Experimental Setup :


95 hours of traces, including 55 hours of human
traces and 40 hours of game bot traces.
3,000,066 raw user-input events and 286,626
user-input actions, with 10 bot instances and 30
humans involved.
6. Experiments (cont.)

Detection Results :

The HOP system has four configurable
parameters :


# of actions per block, and # of nodes
The threshold, and # of outputs per output block.
6. Experiments (cont.)

Configure # of actions per block and # of nodes.
6. Experiments (cont.)

the threshold and # of outputs per block
6. Experiments (cont.)

Fully configured system (40 nodes, 4-action input,
the threshold of 0.75, and 9 outputs per block)

The true negative rates are 1.0 for all of the humans
6. Experiments (cont.)

Detection of Other Game Bots :


Test with Diablo 2without retraining the neural
network.
A true positive rate of 0.864 on the bot and a
true negative rate of 1.0 on the human players.
6. Experiments (cont.)

System Overhead :




To estimate the overhead of the analyzer for
supporting 5,000 users.
The analyzer consumes only 37 KBytes of memory
during operation.
The per-user memory requirement is
approximately 66 bytes, this is only 330 KBytes in
total.
The analyzer can process 95 hours of traces, over
286,626 user-input actions, in only 385
milliseconds on a Pentium 4 Xeon 3.0Ghz.
7. Limitations

Experimental Limitations :




Player group, 30, is insufficient
Mainly conducted in a lab environment
There are a number of other bots
Is HOP system effective for broader applications?
7. Limitations (cont.)

Potential Evasion :


Bots could either interfere with the user-input
collection or manipulate the user-input stream
at the client side.
Bots could mimic human behaviors to evade
detection.
8. Conclusion



A game bot defense system that utilizes
HOPs to detect game bots.
Compared to conventional HIPs such as
CAPTCHAs, HOPs are transparent to users
and work in a continuous manner.
The system can detect over 99% of current
game bots with no false positives within a
minute.