Abstract
Online gaming is a lucrative and growing industry but one that is slowed by cheating that compromises the gaming experience and hence drives away players (and revenue). In this paper we develop a technique by which game developers can enable game operators to validate the behavior of game clients as being consistent with valid execution of the sanctioned client software. Our technique employs symbolic execution of the client software to extract constraints on client-side state implied by each client-to-server message, and then uses constraint solving to determine whether the sequence of client-to-server messages can be “explained” by any possible user inputs, in light of the server-to-client messages already received. The requisite constraints and solving components can be developed either simultaneously with the game or retroactively for existing games. We demonstrate our approach in three case studies on the open-source game XPilot, a game similar to Pac-Man of our own design, and an open-source multiplayer version of Tetris.
- Alexander, L. 2008. World of warcraft hits 10 million subscribers. http://www.gamasutra.com/php-bin/news_index.php?story=17062.Google Scholar
- Baughman, N. E. and Levine, B. N. 2001. Cheat-proof playout for centralized and distributed online games. In Proceedings of IEEE INFOCOM.Google Scholar
- Bethea, D., Cochran, R. A., and Reiter, M. K. 2010. Server-side verification of client behavior in online games. In Proceedings of the 17th ISOC Network and Distributed System Security Symposium. 21--36.Google Scholar
- Brumley, D., Newsome, J., Song, D., Wang, H., and Jha, S. 2006. Towards automatic generation of vulnerability-based signatures. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
- Brumley, D., Wang, H., Jha, S., and Song, D. 2007. Creating vulnerability signatures using weakest pre-conditions. In Proceedings of the Computer Security Foundations Symposium. Google Scholar
Digital Library
- Cadar, C., Dunbar, D., and Engler, D. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation. Google Scholar
Digital Library
- Cadar, C., Ganesh, V., Pawlowski, P. M., Dill, D. L., and Engler, D. R. 2006. EXE: Automatically generating inputs of death. In Proceedings of the 13th ACM Conference on Computer and Communications Security. Google Scholar
Digital Library
- Chen, K.-T., Jiang, J.-W., Huang, P., Chu, H.-H., Lei, C.-L., and Chen, W.-C. 2006. Identifying MMORPG bots: A traffic analysis approach. In Proceedings of the ACM SIGCHI International Conference on Advances in Computer Entertainment Technology. Google Scholar
Digital Library
- Chen, K.-T., Pao, H.-K. K., and Chang, H.-C. 2008. Game bot identification based on manifold learning. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 21--26. Google Scholar
Digital Library
- Chong, S., Liu, J., Myers, A. C., Qi, X., Vikram, N., Zheng, L., and Zheng, X. 2007. Secure web applications via automatic partitioning. In Proceedings of the 21st ACM Symposium on Operating Systems Principles. 31--44. Google Scholar
Digital Library
- Cronin, E., Filstrup, B., and Jamin, S. 2003. Cheat-proofing dead reckoned multiplayer games. In Proceedings of the 2nd International Conference on Application and Development of Computer Games.Google Scholar
- DeLap, M., Knutsson, B., Lu, H., Sokolsky, O., Sammapun, U., Lee, I., and Tsarouchis, C. 2004. Is runtime verification applicable to cheat detection? In Proceedings of the 3rd ACM SIGCOMM Workshop on Network and System Support for Games. Google Scholar
Digital Library
- Feng, W., Kaiser, E., and Schluessler, T. 2008. Stealth measurements for cheat detection in on-line games. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 15--20. Google Scholar
Digital Library
- Gamasutra Staff. 2009. Analyst: Online games now $11b of $44b worldwide game market. http://www. gamasutra.com/php-bin/news_index.php?story=23954.Google Scholar
- Ganesh, V. and Dill, D. L. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV'07). 519--531. Google Scholar
Digital Library
- Giffin, J. T., Jha, S., and Miller, B. P. 2002. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium. Google Scholar
Digital Library
- Goodman, J. and Verbrugge, C. 2008. A peer auditing scheme for cheat elimination in MMOGs. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 9--14. Google Scholar
Digital Library
- Guha, A., Krishnamurthi, S., and Jim, T. 2009. Using static analysis for Ajax intrusion detection. In Proceedings of the 18th International World Wide Web Conference. 561--570. Google Scholar
Digital Library
- Hoglund, G. and McGraw, G. 2007. Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional. Google Scholar
Digital Library
- Huffman, D. A. 1952. A method for the construction of minimum-redundancy codes. Proc. Institute Radio Engin. 40, 9, 1098--1101.Google Scholar
Cross Ref
- Izaiku, T., Yamamoto, S., Murata, Y., Shibata, N., Yasumoto, K., and Ito, M. 2006. Cheat detection for MMORPG on P2P environments. In Proceedings of the 5th ACM SIGCOMM Workshop on Network and System Support for Games. Google Scholar
Digital Library
- Jager, I. and Brumley, D. 2010. Efficient directionless weakest preconditions. Tech. rep. CMU-CyLab-10-002, Cylab, Carnegie Mellon University.Google Scholar
- Jha, S., Katzenbeisser, S., Schallhart, C., Veith, H., and Chenney, S. 2007. Enforcing semantic integrity on untrusted clients in networked virtual environments (extended abstract). In Proceedings of the IEEE Symposium on Security and Privacy. 179--186. Google Scholar
Digital Library
- Kabus, P., Terpstra, W. W., Cilia, M., and Buchmann, A. P. 2005. Addressing cheating in distributed MMOGs. In Proceedings of 4th ACM SIGCOMM Workshop on Network and System Support for Games. Google Scholar
Digital Library
- Kaiser, E., Feng, W., and Schluessler, T. 2009. Fides: Remote anomaly-based cheat detection using client emulation. In Proceedings of the 16th ACM Conference on Computer and Communications Security. Google Scholar
Digital Library
- Kruegel, C., Kirda, E., Mutz, D., Robertson, W., and Vigna, G. 2005. Automating mimicry attacks using static binary analysis. In Proceedings of the 14th USENIX Security Symposium. 161--176. Google Scholar
Digital Library
- Lyhyaoui, Y., Lyhyaoui, A., and Natkin, S. 2005. Online games: Categorization of attacks. In Proceedings of the International Conference on Computer as a Tool (EUROCON).Google Scholar
- Magiera, M. 2009. Videogames sales bigger than DVD-Blu-ray for first time. http://www.videobusiness. com/article/CA6631456.html.Google Scholar
- Mitterhofer, S., Platzer, C., Kruegel, C., and Kirda, E. 2009. Server-side bot detection in massive multiplayer online games. IEEE Secu. Priv. 7, 3, 18--25. Google Scholar
Digital Library
- Mönch, C., Grimen, G., and Midtstraum, R. 2006. Protecting online games against cheating. In Proceedings of the 5th ACM SIGCOMM Workshop on Network and System Support for Games. Google Scholar
Digital Library
- Mulligan, J. and Patrovsky, B. 2003. Developing Online Games: An Insider's Guide. New Riders Publishing. Google Scholar
Digital Library
- Rosenblum, M. and Ousterhout, J. K. 1992. The design and implementation of a log-structured file system. ACM Trans. Comput. Syst. 10, 1, 26--52. Google Scholar
Digital Library
- Schluessler, T., Goglin, S., and Johnson, E. 2007. Is a bot at the controls? Detecting input data attacks. In Proceedings of the 6th ACM SIGCOMM Workshop on Network and System Support for Games. 1--6. Google Scholar
Digital Library
- Spohn, D. Cheating in online games. http://internetgames.about.com/od/gamingnews/a/cheating.htm.Google Scholar
- Vikram, K., Prateek, A., and Livshits, B. 2009. Ripley: Automatically securing Web 2.0 applications through replicated execution. In Proceedings of the 16th ACM Conference on Computer and Communications Security. Google Scholar
Digital Library
- Wang, R., Wang, X., Li, Z., Tang, H., Reiter, M. K., and Dong, Z. 2009. Privacy-preserving genomic computation through program specialization. In Proceedings of the 16th ACM Conference on Computer and Communications Security. Google Scholar
Digital Library
- Ward, M. 2005. Warcraft game maker in spying row. http://news.bbc.co.uk/2/hi/technology/4385050.stm.Google Scholar
- Webb, S. and Soh, S. 2008. A survey on network game cheats and P2P solutions. Aust. J. Intell. Inform. Process. Syst. 9, 4, 34--43.Google Scholar
- Yampolskly, R. V. and Govindaraju, V. 2007. Embedded noninteractive continuous bot detection. Comput. Entertain. 5, 4, 1--11. Google Scholar
Digital Library
- Yan, J. and Randell, B. 2005. A systematic classification of cheating in online games. In Proceedings of the 4th ACM SIGCOMM Workshop on Network and System Support for Games. Google Scholar
Digital Library
- Yang, J., Sar, C., Twohey, P., Cadar, C., and Engler, D. 2006. Automatically generating malicious disks using symbolic execution. In Proceedings of the IEEE Symposium on Security and Privacy. Google Scholar
Digital Library
Index Terms
Server-side verification of client behavior in online games
Recommendations
Scaling multiplayer online games using proxy-server replication: a case study of Quake 2
HPDC '07: Proceedings of the 16th international symposium on High performance distributed computingMassively Multiplayer Online Games (MMOGs) are an increasingly popular class of real-time interactive distributed applications that require scalable architectures and parallelization approaches. While games of the role-playing genre already allow ...
Behaviour-Based cheat detection in multiplayer games with event-b
IFM'12: Proceedings of the 9th international conference on Integrated Formal MethodsCheating is a key issue in multiplayer games as it causes unfairness which reduces legitimate users' satisfaction and is thus detrimental to game revenue. Many commercial solutions prevent cheats by reacting to specific implementations of cheats. As a ...
Client-side adaptive search optimisation for online game server discovery
NETWORKING'08: Proceedings of the 7th international IFIP-TC6 networking conference on AdHoc and sensor networks, wireless networks, next generation internetThis paper describes a client-side, adaptive search technique to reduce both the time taken to discover playable online First Person Shooter (FPS) game servers and the number of network flows created during game server discovery. Online FPS games ...






Comments