skip to main content
research-article

Server-side verification of client behavior in online games

Published:26 December 2008Publication History
Skip Abstract Section

Abstract

Online gaming is a lucrative and growing industry but one that is slowed by cheating that compromises the gaming experience and hence drives away players (and revenue). In this paper we develop a technique by which game developers can enable game operators to validate the behavior of game clients as being consistent with valid execution of the sanctioned client software. Our technique employs symbolic execution of the client software to extract constraints on client-side state implied by each client-to-server message, and then uses constraint solving to determine whether the sequence of client-to-server messages can be “explained” by any possible user inputs, in light of the server-to-client messages already received. The requisite constraints and solving components can be developed either simultaneously with the game or retroactively for existing games. We demonstrate our approach in three case studies on the open-source game XPilot, a game similar to Pac-Man of our own design, and an open-source multiplayer version of Tetris.

References

  1. Alexander, L. 2008. World of warcraft hits 10 million subscribers. http://www.gamasutra.com/php-bin/news_index.php?story=17062.Google ScholarGoogle Scholar
  2. Baughman, N. E. and Levine, B. N. 2001. Cheat-proof playout for centralized and distributed online games. In Proceedings of IEEE INFOCOM.Google ScholarGoogle Scholar
  3. Bethea, D., Cochran, R. A., and Reiter, M. K. 2010. Server-side verification of client behavior in online games. In Proceedings of the 17th ISOC Network and Distributed System Security Symposium. 21--36.Google ScholarGoogle Scholar
  4. Brumley, D., Newsome, J., Song, D., Wang, H., and Jha, S. 2006. Towards automatic generation of vulnerability-based signatures. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Brumley, D., Wang, H., Jha, S., and Song, D. 2007. Creating vulnerability signatures using weakest pre-conditions. In Proceedings of the Computer Security Foundations Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Cadar, C., Dunbar, D., and Engler, D. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Cadar, C., Ganesh, V., Pawlowski, P. M., Dill, D. L., and Engler, D. R. 2006. EXE: Automatically generating inputs of death. In Proceedings of the 13th ACM Conference on Computer and Communications Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Chen, K.-T., Jiang, J.-W., Huang, P., Chu, H.-H., Lei, C.-L., and Chen, W.-C. 2006. Identifying MMORPG bots: A traffic analysis approach. In Proceedings of the ACM SIGCHI International Conference on Advances in Computer Entertainment Technology. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Chen, K.-T., Pao, H.-K. K., and Chang, H.-C. 2008. Game bot identification based on manifold learning. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 21--26. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Chong, S., Liu, J., Myers, A. C., Qi, X., Vikram, N., Zheng, L., and Zheng, X. 2007. Secure web applications via automatic partitioning. In Proceedings of the 21st ACM Symposium on Operating Systems Principles. 31--44. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Cronin, E., Filstrup, B., and Jamin, S. 2003. Cheat-proofing dead reckoned multiplayer games. In Proceedings of the 2nd International Conference on Application and Development of Computer Games.Google ScholarGoogle Scholar
  12. DeLap, M., Knutsson, B., Lu, H., Sokolsky, O., Sammapun, U., Lee, I., and Tsarouchis, C. 2004. Is runtime verification applicable to cheat detection? In Proceedings of the 3rd ACM SIGCOMM Workshop on Network and System Support for Games. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Feng, W., Kaiser, E., and Schluessler, T. 2008. Stealth measurements for cheat detection in on-line games. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 15--20. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Gamasutra Staff. 2009. Analyst: Online games now $11b of $44b worldwide game market. http://www. gamasutra.com/php-bin/news_index.php?story=23954.Google ScholarGoogle Scholar
  15. Ganesh, V. and Dill, D. L. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV'07). 519--531. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Giffin, J. T., Jha, S., and Miller, B. P. 2002. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Goodman, J. and Verbrugge, C. 2008. A peer auditing scheme for cheat elimination in MMOGs. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 9--14. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Guha, A., Krishnamurthi, S., and Jim, T. 2009. Using static analysis for Ajax intrusion detection. In Proceedings of the 18th International World Wide Web Conference. 561--570. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Hoglund, G. and McGraw, G. 2007. Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Huffman, D. A. 1952. A method for the construction of minimum-redundancy codes. Proc. Institute Radio Engin. 40, 9, 1098--1101.Google ScholarGoogle ScholarCross RefCross Ref
  21. Izaiku, T., Yamamoto, S., Murata, Y., Shibata, N., Yasumoto, K., and Ito, M. 2006. Cheat detection for MMORPG on P2P environments. In Proceedings of the 5th ACM SIGCOMM Workshop on Network and System Support for Games. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Jager, I. and Brumley, D. 2010. Efficient directionless weakest preconditions. Tech. rep. CMU-CyLab-10-002, Cylab, Carnegie Mellon University.Google ScholarGoogle Scholar
  23. Jha, S., Katzenbeisser, S., Schallhart, C., Veith, H., and Chenney, S. 2007. Enforcing semantic integrity on untrusted clients in networked virtual environments (extended abstract). In Proceedings of the IEEE Symposium on Security and Privacy. 179--186. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Kabus, P., Terpstra, W. W., Cilia, M., and Buchmann, A. P. 2005. Addressing cheating in distributed MMOGs. In Proceedings of 4th ACM SIGCOMM Workshop on Network and System Support for Games. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Kaiser, E., Feng, W., and Schluessler, T. 2009. Fides: Remote anomaly-based cheat detection using client emulation. In Proceedings of the 16th ACM Conference on Computer and Communications Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Kruegel, C., Kirda, E., Mutz, D., Robertson, W., and Vigna, G. 2005. Automating mimicry attacks using static binary analysis. In Proceedings of the 14th USENIX Security Symposium. 161--176. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Lyhyaoui, Y., Lyhyaoui, A., and Natkin, S. 2005. Online games: Categorization of attacks. In Proceedings of the International Conference on Computer as a Tool (EUROCON).Google ScholarGoogle Scholar
  28. Magiera, M. 2009. Videogames sales bigger than DVD-Blu-ray for first time. http://www.videobusiness. com/article/CA6631456.html.Google ScholarGoogle Scholar
  29. Mitterhofer, S., Platzer, C., Kruegel, C., and Kirda, E. 2009. Server-side bot detection in massive multiplayer online games. IEEE Secu. Priv. 7, 3, 18--25. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Mönch, C., Grimen, G., and Midtstraum, R. 2006. Protecting online games against cheating. In Proceedings of the 5th ACM SIGCOMM Workshop on Network and System Support for Games. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Mulligan, J. and Patrovsky, B. 2003. Developing Online Games: An Insider's Guide. New Riders Publishing. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Rosenblum, M. and Ousterhout, J. K. 1992. The design and implementation of a log-structured file system. ACM Trans. Comput. Syst. 10, 1, 26--52. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Schluessler, T., Goglin, S., and Johnson, E. 2007. Is a bot at the controls? Detecting input data attacks. In Proceedings of the 6th ACM SIGCOMM Workshop on Network and System Support for Games. 1--6. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Spohn, D. Cheating in online games. http://internetgames.about.com/od/gamingnews/a/cheating.htm.Google ScholarGoogle Scholar
  35. Vikram, K., Prateek, A., and Livshits, B. 2009. Ripley: Automatically securing Web 2.0 applications through replicated execution. In Proceedings of the 16th ACM Conference on Computer and Communications Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Wang, R., Wang, X., Li, Z., Tang, H., Reiter, M. K., and Dong, Z. 2009. Privacy-preserving genomic computation through program specialization. In Proceedings of the 16th ACM Conference on Computer and Communications Security. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Ward, M. 2005. Warcraft game maker in spying row. http://news.bbc.co.uk/2/hi/technology/4385050.stm.Google ScholarGoogle Scholar
  38. Webb, S. and Soh, S. 2008. A survey on network game cheats and P2P solutions. Aust. J. Intell. Inform. Process. Syst. 9, 4, 34--43.Google ScholarGoogle Scholar
  39. Yampolskly, R. V. and Govindaraju, V. 2007. Embedded noninteractive continuous bot detection. Comput. Entertain. 5, 4, 1--11. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Yan, J. and Randell, B. 2005. A systematic classification of cheating in online games. In Proceedings of the 4th ACM SIGCOMM Workshop on Network and System Support for Games. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Yang, J., Sar, C., Twohey, P., Cadar, C., and Engler, D. 2006. Automatically generating malicious disks using symbolic execution. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Server-side verification of client behavior in online games

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM Transactions on Information and System Security
        ACM Transactions on Information and System Security  Volume 14, Issue 4
        December 2011
        138 pages
        ISSN:1094-9224
        EISSN:1557-7406
        DOI:10.1145/2043628
        Issue’s Table of Contents

        Copyright © 2008 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Accepted: 1 July 2011
        • Revised: 1 March 2011
        • Received: 1 July 2010
        • Published: 26 December 2008
        Published in tissec Volume 14, Issue 4

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • research-article
        • Research
        • Refereed

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!