• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• ETRI Journal
• /
• v.45 no.4
• /
• pp.713-723
• /
• 2023

Game bots are illegal programs that facilitate account growth and goods acquisition through continuous and automatic play. Early detection is required to minimize the damage caused by evolving game bots. In this study, we propose a game bot detection method based on action time intervals (ATIs). We observe the actions of the bots in a game and identify the most frequently occurring actions. We extract the frequency, ATI average, and ATI standard deviation for each identified action, which is to used as machine learning features. Furthermore, we measure the performance using actual logs of the Aion game to verify the validity of the proposed method. The accuracy and precision of the proposed method are 97% and 100%, respectively. Results show that the game bots can be detected early because the proposed method performs well using only data from a single day, which shows similar performance with those proposed in a previous study using the same dataset. The detection performance of the model is maintained even after 2 months of training without any revision process.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.11
• /
• pp.2866-2879
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. Previous studies on game bot detection have proposed many methods to find out discriminable behaviors of bots from humans based on the fact that a bot's playing pattern is different from that of a human. In this paper, we look at the chatting data that reflects gamers' communication patterns and propose a communication pattern analysis framework for online game bot detection. In massive multi-user online role playing games (MMORPGs), game bots use chatting message in a different way from normal users. We derive four features; a network feature, a descriptive feature, a diversity feature and a text feature. To measure the diversity of communication patterns, we propose lightly summarized indices, which are computationally inexpensive and intuitive. For text features, we derive lexical, syntactic and semantic features from chatting contents using text mining techniques. To build the learning model for game bot detection, we test and compare three classification models: the random forest, logistic regression and lazy learning. We apply the proposed framework to AION operated by NCsoft, a leading online game company in Korea. As a result of our experiments, we found that the random forest outperforms the logistic regression and lazy learning. The model that employs the entire feature sets gives the highest performance with a precision value of 0.893 and a recall value of 0.965.

• ETRI Journal
• /
• v.35 no.6
• /
• pp.1058-1067
• /
• 2013

An approach for game bot detection in massively multiplayer online role-playing games (MMORPGs) based on the analysis of game playing behavior is proposed. Since MMORPGs are large-scale games, users can play in various ways. This variety in playing behavior makes it hard to detect game bots based on play behaviors. To cope with this problem, the proposed approach observes game playing behaviors of users and groups them by their behavioral similarities. Then, it develops a local bot detection model for each player group. Since the locally optimized models can more accurately detect game bots within each player group, the combination of those models brings about overall improvement. Behavioral features are selected and developed to accurately detect game bots with the low resolution data, considering common aspects of MMORPG playing. Through the experiment with the real data from a game currently in service, it is shown that the proposed local model approach yields more accurate results.

• Communications of the Korean Institute of Information Scientists and Engineers
• /
• v.31 no.7
• /
• pp.56-62
• /
• 2013

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.13 no.2
• /
• pp.199-207
• /
• 2013

Recently, hacking is seen as a criminal activity beyond an activity associated with curiosity in the beginning. The malignant bot which is used as an attack technique is one of the examples. Malignant Bot is one of IRC Bots and it leaks user's information with attacker's command by attacking specified IP range. This paper will discuss an access method and a movement process by analyzing shadowbot which is a kind of a malignant Bot and will suggest possible countermeasure. This study has two distinct features. First, we analyze malignant Bot by analyzing tools such as VM ware. Second, we formulate a hypothesis and will suggest possible countermeasure through analyzing malignant Bot's access method and movement. Performance evaluation will be conducted by applying possible countermeasure to see if it can prevent attacks from malignant bot.

• The Journal of the Institute of Internet, Broadcasting and Communication
• /
• v.15 no.1
• /
• pp.61-68
• /
• 2015

Recently, with increasing use of smartphones, the security threats also have increased rapidly. Especially, the compromised smartphone is very dangerous because it could be exploited in a DDOS attacks such as cyberterrorism as well as in the leakage of personal information. However, most bot detection mechanisms are still unsuitable for smartphone with its lower computing capability and limited battery capacity because they incur additional computational overheads or require pre-defined signatures. In this paper, we present an efficient bot detection mechanism in smartphones. Our mechanism detects effectively bots in outgoing traffic by using a correlation between user events and network traffic. We have implemented its prototype in Android smartphone and measured its performance. The evaluation results show that our mechanism provides low overhead to detect bots in smartphones.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1097-1104
• /
• 2021

Online game-bots are already known for a lot of persons by various ways. It leads to problems such as declining game player's interest, in-game financial crisis, etc. Detecting and restricting of game-bot is now essential. Because both publishers and players get disadvantages from their long term abnormal working. But it is not easy to restrict, because of false restriction risks. Game publishers need to distinguish game-bot from server-side game logs. At last, it should can make reasons for game-bot restriction. In this paper, we classified game-bot users by using daily separated game logs for testing data. For daily-driven detection, we separated total dataset into one day logs. Preliminary detects game-bots with one day logs, and determines total results by using these data. Daily driven detection advantages on detection which contains combined game playing style. Which shows like normal user and game-bot. These methodology shows better F1-score, which one of indicator which demonstrate classification accuracy. It increases from 0.898 to 0.945 by using Random Forest classifier.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.12
• /
• pp.2885-2891
• /
• 2015

Twitter, one of online social network services, is one of the most popular micro-blogs, which generates a large number of automated programs, known as tweet bots because of the open structure of Twitter. While these tweet bots are categorized to legitimate bots and malicious bots, it is important to detect tweet bots since malicious bots spread spam and malicious contents to human users. In the conventional work, temporal information was utilized for the classficiation of human and bot. In this paper, by utilizing geo-tagged tweets that provide high-precision location information of users, we first identify both Twitter users' exact location and the corresponding timestamp, and then propose an improved two-stage tweet bot detection algorithm by computing an entropy based on spatio-temporal information. As a main result, the proposed algorithm shows superior bot detection and false alarm probabilities over the conventional result which only uses temporal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.2
• /
• pp.225-238
• /
• 2012

Among the various security threats in online games, the use of game bots is the most serious problem. In this paper, we propose a framework for user behavior analysis for bot detection in online games. Specifically, we focus on party play that reflects the social activities of gamers: In a Massively Multi-user Online Role Playing Game (MMORPG), party play log includes a distinguished information that can classify game users under normal-user and abnormal-user. That is because the bot users' main activities target on the acquisition of cyber assets. Through a statistical analysis of user behaviors in game activity logs, we establish the threshold levels of the activities that allow us to identify game bots. Also, we build a knowledge base of detection rules based on this statistical analysis. We apply these rule reasoner to the sixth most popular online game in the world. As a result, we can detect game bot users with a high accuracy rate of 95.92%.