Battle of Botcraft: Fighting Bots in Online Games withHuman Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang The College.

Slides:

Advertisements

Similar presentations

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Advertisements

來源： 2012 Seventh International Conference on P2P, Parallel, Grid, Cloud and Internet Computing 作者： Jagmohan Chauhan, Shaiful Alam Chowdhury and Dwight.

MapReduce Online Created by: Rajesh Gadipuuri Modified by: Ying Lu.

R2: An application-level kernel for record and replay Z. Guo, X. Wang, J. Tang, X. Liu, Z. Xu, M. Wu, M. F. Kaashoek, Z. Zhang, (MSR Asia, Tsinghua, MIT),

Xiaolong Zheng, Zhichao Cao, Jiliang Wang, Yuan He, and Yunhao Liu SenSys 2014 ZiSense Towards Interference Resilient Duty Cycling in Wireless Sensor Networks.

Battle of Botcraft: Fighting Bots in Online Games with Human Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang.

Managing Redundant Content in Bandwidth Constrained Wireless Networks Tuan Dao, Amit K. Roy- Chowdhury, Srikanth V. Krishnamurthy U.C. Riverside Harsha.

Behavior-based Authentication Systems

On-Line Probabilistic Classification with Particle Filters Pedro Højen-Sørensen, Nando de Freitas, and Torgen Fog, Proceedings of the IEEE International.

Detecting Computer Intrusions Using Behavioral Biometrics Ahmed Awad E. A, and Issa Traore University of Victoria PST’05 Oct 13,2005.

XENMON: QOS MONITORING AND PERFORMANCE PROFILING TOOL Diwaker Gupta, Rob Gardner, Ludmila Cherkasova 1.

CS CS 5150 Software Engineering Lecture 12 Usability 2.

1 Abstract This paper presents a novel modification to the classical Competitive Learning (CL) by adding a dynamic branching mechanism to neural networks.

Keystroke Biometric Studies Security Research at Pace Keystroke Biometric Drs. Charles Tappert and Allen Stix Seidenberg School of CSIS.

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Implementation of Proxy/Buffering Strategies in Mpeg transmission for intermittent connectivity CS218 Samarth Pal, Ujjwal Lahoti, Xiaoyong Su Tutor: Dr.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Adaptive Content Delivery for Scalable Web Servers Authors: Rahul Pradhan and Mark Claypool Presented by: David Finkel Computer Science Department Worcester.

1 CAPTCHA Challenges for Massively Multiplayer Online Games 2010 International Conference on Cyberworlds Authors: Yang-Wai Chow, Willy Susilo, Hua-Yu Zhou.

Dr. Steven Gianvecchio.  Internet of Things botnet  Includes TV and refrigerator  Flashback hits Mac OS X  800K Macs infected  Explosion of Android.

Lecture 11 Intrusion Detection (cont)

2009/9/151 Rishi : Identify Bot Contaminated Hosts By IRC Nickname Evaluation Reporter : Fong-Ruei, Li Machine Learning and Bioinformatics Lab In Proceedings.

1 Efficient Management of Data Center Resources for Massively Multiplayer Online Games V. Nae, A. Iosup, S. Podlipnig, R. Prodan, D. Epema, T. Fahringer,

Performance and Power Efficient On-Chip Communication Using Adaptive Virtual Point-to-Point Connections M. Modarressi, H. Sarbazi-Azad, and A. Tavakkol.

An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.

23 September 2004 Evaluating Adaptive Middleware Load Balancing Strategies for Middleware Systems Department of Electrical Engineering & Computer Science.

OpenConflict: Preventing Real Time Map Hacks in Online Games Elie Bursztein, Mike Hamburg, Jocelyn Lagarenne, Dan Boneh (Stanford University) IEEE Symposium.

Trust Management in Mobile Ad Hoc Networks Using a Scalable Maturity-Based Model Authors: Pedro B. Velloso, Rafael P. Laufer, Daniel de O. Cunha, Otto.

Module 18 Monitoring SQL Server 2008 R2. Module Overview Monitoring Activity Capturing and Managing Performance Data Analyzing Collected Performance Data.

Jani Pousi Supervisor: Jukka Manner Espoo,

Research on cloud computing application in the peer-to-peer based video-on-demand systems Speaker : 吳靖緯 MA0G rd International Workshop.

University of Zagreb MMVE 2012 workshop1 Towards Reinterpretation of Interaction Complexity for Load Prediction in Cloud-based MMORPGs Mirko Sužnjević,

IIT Indore © Neminah Hubballi

Improving Intrusion Detection System Taminee Shinasharkey CS689 11/2/00.

An Efficient and Secure Event Signature (EASES) Protocol for Peer-to-Peer Massively Multiplayer Online Games Mo-Che Chan, Shun-Yun Hu and Jehn-Ruey Jiang.

1 Measurement and Classification of Humans and Bots in Internet Chat By Steven Gianvecchio, Mengjun Xie, Zhenyu Wu, and Haining Wang College of William.

Using Identity Credential Usage Logs to Detect Anomalous Service Accesses Daisuke Mashima Dr. Mustaque Ahamad College of Computing Georgia Institute of.

1 Characterizing Botnet from Spam Records Presenter: Yi-Ren Yeh ( 葉倚任 ) Authors: L. Zhuang, J. Dunagan, D. R. Simon, H. J. Wang, I. Osipkov, G. Hulten,

A Framework for Elastic Execution of Existing MPI Programs Aarthi Raveendran Tekin Bicer Gagan Agrawal 1.

Enhancing Link Duration and Path Stability of Routing Protocols in VANETs Presented by: Sanjay Kumar, Haresh Kumar and Zahid Yousuf Supervised by: Dr.

Jhih-sin Jheng 2009/09/01 Machine Learning and Bioinformatics Laboratory.

Data and Computer Communications Chapter 10 – Circuit Switching and Packet Switching (Wide Area Networks)

A Survey of Spectrum Sensing Algorithm for Cognitive Radio Applications YaGun Wu netlab.

1 ROIA 2009 – CAMEO: Continuous Analytics for Massively Multiplayer Online Games CAMEO: Continuous Analytics for Massively Multiplayer Online Games Alexandru.

Not So Fast Flux Networks for Concealing Scam Servers Theodore O. Cochran; James Cannady, Ph.D. Risks and Security of Internet and Systems (CRiSIS), 2010.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin In First Workshop on Hot Topics in Understanding Botnets,

1 Data Naming in Vehicle-to-Vehicle Communications HU Yao Goto Lab

Server to Server Communication Redis as an enabler Orion Free

©2009 Mladen Kezunovic. Improving Relay Performance By Off-line and On-line Evaluation Mladen Kezunovic Jinfeng Ren, Chengzong Pang Texas A&M University,

Unconstrained Endpoint Profiling Googling the Internet Ionut Trestian, Supranamaya Ranjan, Alekandar Kuzmanovic, Antonio Nucci Reviewed by Lee Young Soo.

Embedded System Lab. 정범종 A_DRM: Architecture-aware Distributed Resource Management of Virtualized Clusters H. Wang et al. VEE, 2015.

Chapter 3 System Performance and Models Introduction A system is the part of the real world under study. Composed of a set of entities interacting.

Efficient AOI-Cast for Peer-to-Peer Networked Virtual Environments.

An Adaptive Load Balancing Management for Distributed Virtual Environment Systems Yuanxing Yao 1, Tae-Hyung Kim 1, 1 Department of Computer Science and.

Windows Server 2003 系統效能監視林寶森

Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

Library Online Resource Analysis (LORA) System Introduction Electronic information resources and databases have become an essential part of library collections.

ONLINE INTRUSION ALERT AGGREGATION WITH GENERATIVE DATA STREAM MODELING.

Risk-Aware Mitigation for MANET Routing Attacks Submitted by Sk. Khajavali.

 Using Touchloggers To Build User Profiles Through Machine Learning Craig Dezangle.

DIVYA K 1RN09IS016 RNSIT1. Cloud computing provides a framework for supporting end users easily through internet. One of the security issues is how to.

National Taiwan Normal A System to Detect Complex Motion of Nearby Vehicles on Freeways C. Y. Fang Department of Information.

Distributed Network Traffic Feature Extraction for a Real-time IDS

Cisco Prime NAM Network Traffic Analysis Use Case

A Framework for Automatic Resource and Accuracy Management in A Cloud Environment Smita Vijayakumar.

Vlad Nae, Radu Prodan, Thomas Fahringer Institute of Computer Science

IP Control Gateway (IPCG)

Firewall Installation

Presentation transcript:

Battle of Botcraft: Fighting Bots in Online Games withHuman Observational Proofs Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang The College of William and Mary, USA ACM CCS 2009

OUTLINE 1. Introduction 2. Background 3. Related Work 4. Game Playing Characterization 5. HOP System 6. Experiments 7. Limitations 8. Conclusion

1. Introduction  About online games :  $7.6 billion revenues in  Massive multiplayer online games (MMOGs).  Game bots.  The existing methods for combating bots.  Human interactive proofs (HIPs).  Warden, a process monitor.

1. Introduction (cont.)  A game bot defense system based on human observational proofs (HOPs).  Behavioral biometric systems.  A client-side exporter and a server-side analyzer.  The purpose of the HOP system is to raise the bar against game bots.

2. Background  Game bots :  Standalone custom game client.  Standard game client.  Game playing behaviors :  Human  Bots

3. Related Work  Anti-Cheating :  Game cheating prevention  Game cheating detection  Behavioral Biometrics :  Keystroke dynamics and mouse dynamics  Identity matching

4. Game playing characterization  The Glider Bot :  Requires system administrator privileges.  Profile — a set of configurations including several waypoints and options.

4. Game playing characterization (cont.)  Input Data Collection :  RUI — input data collection program.  clock resolution close to second (approximate 64 times/sec).

4. Game playing characterization (cont.) men women >45

4. Game playing characterization (cont.)  Game bot is runningwith 10 different profiles in 7 locations in the game world for 40 hours.  Profiles are half run with a warrior and half run with a mage.  Characters range from level 1 to over 30 in the traces.

4. Game playing characterization (cont.)

 Game Playing Input Analysis :  keyboard and mouse input traces with respect to timing patterns (duration and inter-arrival time) and kinematics (distance, displacement, and velocity).

4. Game playing characterization (cont.)

5. HOP System  Client-side exporter  sends a stream of user-input actions taken at a game client to the game server.  Server-side analyzer  processes each input stream and decides whether the corresponding client is operated by a bot or a human player.

5. HOP System (cont.)  Client-Side Exporter :  Derives input actions from raw user-input events.  A standalone external program

5. HOP System (cont.)  Server-Side Analyzer :  User-input action classifier  Decision maker  Neural Network Classification :  Eight input values for each user-input action  action duration, mouse travel distance, displacement, efficiency, speed, angle of displacement, virtual key and bias value.  Output Neuron

5. HOP System (cont.)  Decision Making :  A simple “voting” scheme  If the majority of the neural network output classifies the user-input actions as those of a bot, the decision will be that the game is operated by a bot, and vice versa.

5. HOP System (cont.)  Performance Impact and Scalability :  Client side  16 bytes of data per user-input action.  additional bandwidth consumption induced by the client-side exporter is negligible.  Server side  The server-side analyzer is very efficient in terms of memory and CPU usage.

6. Experiments  In terms of detection accuracy, detection speed, and system overhead  True positive rate and true negative rate

6. Experiments (cont.)  Experimental Setup :  95 hours of traces, including 55 hours of human traces and 40 hours of game bot traces.  3,000,066 raw user-input events and 286,626 user-input actions, with 10 bot instances and 30 humans involved.

6. Experiments (cont.)  Detection Results :  The HOP system has four configurable parameters :  # of actions per block, and # of nodes  The threshold, and # of outputs per output block.

6. Experiments (cont.)  Configure # of actions per block and # of nodes.

6. Experiments (cont.)  the threshold and # of outputs per block

6. Experiments (cont.)  Fully configured system (40 nodes, 4-action input, the threshold of 0.75, and 9 outputs per block)  The true negative rates are 1.0 for all of the humans

6. Experiments (cont.)  Detection of Other Game Bots :  Test with Diablo 2without retraining the neural network.  A true positive rate of on the bot and a true negative rate of 1.0 on the human players.

6. Experiments (cont.)  System Overhead :  To estimate the overhead of the analyzer for supporting 5,000 users.  The analyzer consumes only 37 KBytes of memory during operation.  The per-user memory requirement is approximately 66 bytes, this is only 330 KBytes in total.  The analyzer can process 95 hours of traces, over 286,626 user-input actions, in only 385 milliseconds on a Pentium 4 Xeon 3.0Ghz.

7. Limitations  Experimental Limitations :  Player group, 30, is insufficient  Mainly conducted in a lab environment  There are a number of other bots  Is HOP system effective for broader applications?

7. Limitations (cont.)  Potential Evasion :  Bots could either interfere with the user-input collection or manipulate the user-input stream at the client side.  Bots could mimic human behaviors to evade detection.

8. Conclusion  A game bot defense system that utilizes HOPs to detect game bots.  Compared to conventional HIPs such as CAPTCHAs, HOPs are transparent to users and work in a continuous manner.  The system can detect over 99% of current game bots with no false positives within a minute.