server-side bot detection in massive multiplayer Online Games
One of the greatest threats that massive multiplayer online games face today is a form of cheating called botting. The authors propose an automated approach that detects bots on the server side based on character activity and is completely transparent to end users.
Stefan Mitterhofer and ChriStian Platzer ViennaUniversity of Technology ChriStoPher Kruegel University of California, Santa Barbara engin Kirda Eurecom, Sophia Antipolis, France assive multiplayer online games (MMOGs) have soared in popularity in the past few years, with a rapidly growing user base and game studios pouring tens of millions of dollars into developing their next big title. The market leader alone—Blizzard Entertainment’s World ofWarcraft (WoW)—surpassed 11.5 million subscribers in December 2008, raking in an estimated US$150 million in subscription fees per month. With such amounts of money at stake, it’s not surprising that game companies want to keep their paying customers satisfied and threats to their revenue base at bay. One of these threats is botting, a form of cheating1 in which players use a program that can playthe game with a minimum of (or sometimes even zero) human interaction. To the best of our knowledge, the only automated tool against bot programs is the Warden, an application that monitors WoW.2 The Warden runs on a player’s computer while he or she plays WoW and checks for suspicious programs such as debuggers or bots. It reports back to Blizzard, and any violations result in temporary orpermanent account bans. However, the Warden has several shortcomings: it can only perform signature checks for known programs, which means it’s always a step behind bot writers, and it runs on the client’s computer, which is completely out of Blizzard’s control. This ultimately means that its results can’t be trusted. Additionally, players have already created some simple workarounds, such as startingthe game in guest mode on an administrator account, which prevents the Warden from accessing the processes at higher privilege levels. Not surprisingly, privacy
COPublished by the ieee COmPuter and reliability sOCieties ■
issues have also emerged.3 We propose a novel approach that relies solely on a server-side analysis of character (or avatar) behavior to expose bots and avoid many of thedrawbacks found in client-side solutions. To this end, we exploit an intrinsic bot feature—namely, the fact that it’s controlled by a script that automates a specific sequence of constantly repeated actions. We focus specifically on the game character’s movement by extracting waypoints that describe the traveled path and finding repeated patterns in the route taken. (Here, a route is the course ofmovement that a character performs in the game world, and a path is a sequence of locations that the character visits; a route can follow the same path several times over.) We implemented and evaluated our approach in WoW.
How Bots Work
Players gravitate to bots because parts of a game can be inherently repetitive or boring. In particular, a player might need to kill large numbers of enemiesto gain experience points and earn gold (a process called farming in the gaming community), which is often required to improve the character and progress further in the game. Running a farming bot means that the character reaps experience points and gold without the player investing any time in the game, as the bot can reap those rewards very efficiently 24 hours a day, without fatigue or boredom.Interestingly, players don’t use bots just to improve their own characters. There’s a booming market for points, gold, and fully realized characters on the Inter1540-7993/09/$25.00 © 2009 ieee ■ may/June 2009
Related Work in Game Bot Detection
nline gaming has only recently started to receive interest from the security research community. To date, there isn’t much...