• Journal of Korea Game Society
• /
• v.15 no.4
• /
• pp.69-78
• /
• 2015

As the online game industry has been growing rapidly, more and more malicious activities to gain economic benefits have been reported as well. Game bot is one of the biggest problems in the online game industry. So we proposed a bot detection method based on the ERG theory of motivation for the first time. Most of the previous studies focused on behavior-based detection by monitoring patterns of the specific actions. In this paper, we applied the motivation theory to analyze user behaviors on a real game dataset. The result shows that normal users in the game followed the ERG theory of motivation in the same way as it works in real world. But in the case of game bots, the theory could not be applied because the game bot has specific reasons, unlike normal game users. We applied the ERG theory to users to distinguish game bot users from normal users. We detected the game bot with high accuracy of 99.78% by applying the theory.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.16 no.12
• /
• pp.2689-2694
• /
• 2012

In recent years, cyber crimes were intended to get financial benefits through malicious attempts such as DDoS attacks, stealing financial information and spam. Botnets, a network composed of large pool of infected hosts, lead such malicious attacks. The botnets have adopted several evasion techniques and variations. Therefore, it is difficult to detect and eliminate them. Current botnet solutions use a signature based detection mechanism. Furthermore, the solutions cannot cover broad areas enough to detect world-wide botnets. In this paper, we propose IRC (Internet Relay Chat) that is used to control the botnet communication in a session channel of IRC servers connected through the analysis of the relationship of the channel and the connection with the server bot-infected hosts and how to detect.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2023.05a
• /
• pp.222-223
• /
• 2023

글로벌 게임 시장 규모가 2023년까지 2,000억 달러를 넘게 성장할 것이라는 전망과 대중적인 온라인 FPS(First Person Shooter) 게임들이 출시되면서 게임 내 치팅(Cheating) 도구들을 배포, 판매하는 사례가 등장하고 있다. 이러한 사례들은 게임 이용에 불편을 초래하고 게임 매출액 감소로 이어질 수 있다. 따라서 본 논문에서는 과거 FPS 게임들에 사용되었던 AimBot들의 사례와 악성코드 탐지에 사용되었던 연구 사례들을 분석해 메모리 변조를 사용하는 AimBot의 탐지 방안을 연구하였다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1131-1141
• /
• 2015

In this paper, we proposed a new approach of machine learning based method for detecting game-bots from normal players in MMORPG by inspecting the player's action log data especially in-game money increasing/decreasing event log data. DBSCAN (Density Based Spatial Clustering of Applications with Noise), an one of density based clustering algorithms, is used to extract the attributes of spatial characteristics of each players such as a number of clusters, a ratio of core points, member points and noise points. Most of all, even game-bot developers know principles of this detection system, they cannot avoid the system because moving a wide area to hunt the monster is very inefficient and unproductive. As the result, game-bots show definite differences from normal players in spatial characteristics such as very low ratio, less than 5%, of noise points while normal player's ratio of noise points is high. In experiments on real action log data of MMORPG, our game-bot detection system shows a good performance with high game-bot detection accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1115-1122
• /
• 2015

In recent years, the use of game bots by illegal programs has been expanded from individual to group scale; this brings about serious problems in online game industry. The gold farmers group creates an in-game social community so-called "guild" to obtain a large amount of game money and manage game bots efficiently. Although game developers detect game bots by detection algorithms, the algorithms can detect only part of the gold farmers group. In this paper, we propose a detection method for the gold farmers group on a basis of normal and bot guilds characteristic analysis. In order to differentiate normal and bots guild, we analyze transaction patterns for individuals, auction house and chatting. With the analyzed results, we can detect game bot guilds. We demonstrate the feasibility of the proposed methods with real datasets from one of the popular online games named AION in Korea.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.93-107
• /
• 2016

Game bot playing is one of the main risks in Massively Multi-Online Role Playing Games(MMORPG) because it damages overall game playing environment, especially the balance of the in-game economy. There have been many studies to detect game bot. However, the previous detection models require continuous maintenance efforts to train and learn the game bots' patterns whenever the game contents change. In this work, we have proposed a machine learning technique using the self-similarity property that is an intrinsic attribute in game bots and automated maintenance system. We have tested our method and implemented a system to major three commercial games in South Korea. As a result, our proposed system can detect and classify game bots with high accuracy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.28 no.6
• /
• pp.1415-1425
• /
• 2018

MMORPG genre is based on the belief that all users in virtual world are equal. All users are able to obtain the corresponding wealth or status as they strive under the same resource, time. However, game bot is the main factor for harming this fair competition, causing benign gamers to feel a relative deprivation and deviate from the game. Game bots mainly form GFG(Gold Farming Group), which collects the goods in the game indiscriminately and adversely affects the economic system of the game. A general game bot detection algorithm is useful for detecting each bot, but it only covers few portions of GFG, not the whole, so it needs a wider range of detecting method. In this paper, we propose a method of detecting GFG based on items used in MMORPG genre. Several items that are mainly traded in the game were selected and the flows of those items were represented by a network. We Identified the characteristics of exchanging items of GFG bots and can identify the GFG's item trade network with real datasets from one of the popular online games.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.4
• /
• pp.51-61
• /
• 2009

Recently, the cyber-attacks using botnets are being increased, Because these attacks pursue the money, the criminal aspect is also being increased, There are spreading of spam mail, DDoS(Distributed Denial of Service) attacks, propagations of malicious codes and malwares, phishings. leaks of sensitive informations as cyber-attacks that used botnets. There are many studies about detection and mitigation techniques against centralized botnets, namely IRC and HITP botnets. However, P2P botnets are still in an early stage of their studies. In this paper, we analyzed the traffics of the Peacomm bot that is one of P2P-based storm bot by using honeynet which is utilized in active analysis of network attacks. As a result, we could see that the Peacomm bot sends a large number of UDP packets to the zombies in wide network through P2P. Furthermore, we could know that the Peacomm bot makes the scale of botnet maintained and extended through these results. We expect that these results are used as a basis of detection and mitigation techniques against P2P botnets.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.12
• /
• pp.2878-2884
• /
• 2015

Twitter, one of online social network services, is one of the most popular micro-blogs, which generates a large number of automated programs, known as tweet bots because of the open structure of Twitter. While these tweet bots are categorized to legitimate bots and malicious bots, it is important to detect tweet bots since malicious bots spread spam and malicious contents to human users. In the conventional work, temporal information was utilized for the classficiation of human and bot. In this paper, by utilizing geo-tagged tweets that provide high-precision location information of users, we first identify both Twitter users' exact location. Then, we propose a new tweet bot detection algorithm by using both an entropy based on geographic variable of each user and device information of each user. As a main result, the proposed algorithm shows superior bot detection and false alarm probabilities over the conventional result which only uses temporal information.

• Journal of the Korean Institute of Intelligent Systems
• /
• v.20 no.3
• /
• pp.422-427
• /
• 2010

Korean Game industry, especially MMORPG(Massively Multiplayer Online Game) has been rapidly expanding in these days. But As game industry is growing, lots of online game security incidents have also been increasing and getting prevailing. One of the most critical security incidents is 'Game Bots', which are programs to play MMORPG instead of human players. If player let the game bots play for them, they can get a lot of benefic game elements (experience points, items, etc.) without any effort, and it is considered unfair to other players. Plenty of game companies try to prevent bots, but it does not work well. In this paper, we propose a behavior pattern model for detecting bots. We analyzed behaviors of human players as well as bots and identified six game features to build the model to differentiate game bots from human players. Based on these features, we made a Naive Bayesian classifier to reasoning the game bot or not. To evaluated our method, we used 10 game bot data and 6 human Player data. As a result, we classify Game bot and human player with 88% accuracy.