Server-side Verification of Client Behavior in Online Games

Proceedings of the Symposium on Network and Distributed System Security, NDSS 2010

Volumn , Issue , 2010, Pages

  Bethea, Darrell ^a   Cochran, Robert A ^a   Reiter, Michael K ^a  

^a UNIVERSITY OF NORTH CAROLINA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK SECURITY;

CLIENT BEHAVIOUR; CLIENT SIDES; CLIENT SOFTWARE; CONSTRAINT SOLVING; GAMING EXPERIENCES; ON-LINE GAMES; ON-LINE GAMING; SERVER SIDES; SYMBOLIC EXECUTION; USER INPUT;

OPEN SOURCE SOFTWARE;

EID: 84863702961     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (41)

1. L. Alexander. World of warcraft hits 10 million subscribers, Jan. 2008. http://www.gamasutra.com/php-bin/news_index.php?story=17062.
2. N. E. Baughman and B. N. Levine. Cheat-proof playout for centralized and distributed online games. In Proceedings of IEEE INFOCOM, Apr. 2001.
3. D. Brumley, J. Newsome, D. Song, H. Wang, and S. Jha. Towards automatic generation of vulnerability-based signatures. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006.
4. D. Brumley, H. Wang, S. Jha, and D. Song. Creating vulnerability signatures using weakest pre-conditions. In Proceedings of the 2007 Computer Security Foundations Symposium, July 2007.
5. C. Cadar, D. Dunbar, and D. Engler. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation, Dec. 2008.
6. C. Cadar, V. Ganesh, P. M. Pawlowski, D. L. Dill, and D. R. Engler. EXE: Automatically generating inputs of death. In Proceedings of the 13th ACM Conference on Computer and Communications Security, Nov. 2006.
7. K.-T. Chen, J.-W. Jiang, P. Huang, H.-H. Chu, C.-L. Lei, and W.-C. Chen. Identifying MMORPG bots: A traffic analysis approach. In Proceedings of the 2006 ACM SIGCHI International Conference on Advances in Computer Entertainment Technology, June 2006.
8. K.-T. Chen, H.-K. K. Pao, and H.-C. Chang. Game bot identification based on manifold learning. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games, pages 21–26, Oct. 2008.
9. S. Chong, J. Liu, A. C. Myers, X. Qi, N. Vikram, L. Zheng, and X. Zheng. Secure web applications via automatic partitioning. In Proceedings of the 21st ACM Symposium on Operating Systems Principles, pages 31–44, Oct. 2007.
10. E. Cronin, B. Filstrup, and S. Jamin. Cheat-proofing dead reckoned multiplayer games. In Proceedings of the 2nd International Conference on Application and Development of Computer Games, Jan. 2003.
11. M. DeLap, B. Knutsson, H. Lu, O. Sokolsky, U. Sammapun, I. Lee, and C. Tsarouchis. Is runtime verification applicable to cheat detection? In Proceedings of 3rd ACM SIGCOMM Workshop on Network and System Support for Games, Aug. 2004.
12. W. Feng, E. Kaiser, and T. Schluessler. Stealth measurements for cheat detection in on-line games. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games, pages 15–20, Oct. 2008.
13. V. Ganesh and D. L. Dill. A decision procedure for bit-vectors and arrays. In Computer Aided Verification, 19th International Conference, CAV 2007, pages 519–531, July 2007.
14. J. T. Giffin, S. Jha, and B. P. Miller. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium, Aug. 2002.
15. J. Goodman and C. Verbrugge. A peer auditing scheme for cheat elimination in MMOGs. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games, pages 9–14, Oct. 2008.
16. A. Guha, S. Krishnamurthi, and T. Jim. Using static analysis for Ajax intrusion detection. In Proceedings of the 18th International World Wide Web Conference, pages 561–570, Apr. 2009.
17. S. Hawkins, consultant for Sega of America. Quoted [29, p. 182].
18. G. Hoglund and G. McGraw. Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional, 2007.
19. D. A. Huffman. A method for the construction of minimum-redundancy codes. Proceedings of the Institute of Radio Engineers, 40(9):1098–1101, Sept. 1952.
20. T. Izaiku, S. Yamamoto, Y. Murata, N. Shibata, K. Yasumoto, and M. Ito. Cheat detection for MMORPG on P2P environments. In Proceedings of 5th ACM SIGCOMM Workshop on Network and System Support for Games, Oct. 2006.
21. S. Jha, S. Katzenbeisser, C. Schallhart, H. Veith, and S. Chenney. Enforcing semantic integrity on untrusted clients in networked virtual environments (extended abstract). In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 179–186, May 2007.
22. P. Kabus, W. W. Terpstra, M. Cilia, and A. P. Buchmann. Addressing cheating in distributed MMOGs. In Proceedings of 4th ACM SIGCOMM Workshop on Network and System Support for Games, Oct. 2005.
23. E. Kaiser, W. Feng, and T. Schluessler. Fides: Remote anomaly-based cheat detection using client emulation. In Proceedings of the 16th ACM Conference on Computer and Communications Security, Nov. 2009.
24. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. Automating mimicry attacks using static binary analysis. In Proceedings of the 14th USENIX Security Symposium, pages 161–176, July 2005.
25. Y. Lyhyaoui, A. Lyhyaoui, and S. Natkin. Online games: Categorization of attacks. In Proceedings of the 2005 International Conference on Computer as a Tool (EUROCON), Nov. 2005.
26. M. Magiera. Videogames sales bigger than DVD-Blu-ray for first time, Jan. 2009. http://www.videobusiness.com/article/CA6631456.html.
27. S. Mitterhofer, C. Platzer, C. Kruegel, and E. Kirda. Server-side bot detection in massive multiplayer online games. IEEE Security and Privacy, 7:18–25, 3 2009.
28. C. Mönch, G. Grimen, and R. Midtstraum. Protecting online games against cheating. In Proceedings of 5th ACM SIGCOMM Workshop on Network and System Support for Games, Oct. 2006.
29. J. Mulligan and B. Patrovsky. Developing Online Games: An Insider’s Guide. New Riders Publishing, 2003.
30. M. Rosenblum and J. K. Ousterhout. The design and implementation of a log-structured file system. ACM Transactions on Computer Systems, 10(1):26–52, 1992.
31. T. Schluessler, S. Goglin, and E. Johnson. Is a bot at the controls? Detecting input data attacks. In Proceedings of the 6th ACM SIGCOMM Workshop on Network and System Support for Games, pages 1–6, Sept. 2007.
32. D. Schubert, former lead designer for Meridian 59. Quoted [29, p. 221].
33. D. Spohn. Cheating in online games. http://internetgames.about.com/od/gamingnews/ a/cheating.htm.
34. G. Staff. Analyst: Online games now $11b of $44b worldwide game market, June 2009. http://www.gamasutra.com/php-bin/news_index.php?story=23954.
35. K. Vikram, A. Prateek, and B. Livshits. Ripley: Automatically securing Web 2.0 applications through replicated execution. In Proceedings of the 16th ACM Conference on Computer and Communications Security, Nov. 2009.
36. R. Wang, X. Wang, Z. Li, H. Tang, M. K. Reiter, and Z. Dong. Privacy-preserving genomic computation through program specialization. In Proceedings of the 16th ACM Conference on Computer and Communications Security, Nov. 2009.
37. M. Ward. Warcraft game maker in spying row, Oct. 2005. http://news.bbc.co.uk/2/hi/technology/4385050.stm.
38. S. Webb and S. Soh. A survey on network game cheats and P2P solutions. Australian Journal of Intelligent Information Processing Systems, 9(4):34–43, 2008.
39. R. V. Yampolskly and V. Govindaraju. Embedded noninteractive continuous bot detection. Computers in Entertainment, 5(4):1–11, Oct. 2007.
40. J. Yan and B. Randell. A systematic classification of cheating in online games. In Proceedings of 4th ACM SIGCOMM Workshop on Network and System Support for Games, Oct. 2005.
41. J. Yang, C. Sar, P. Twohey, C. Cadar, and D. Engler. Automatically generating malicious disks using symbolic execution. In Proceedings of the 2006 IEEE Symposium on Security and Privacy, May 2006.