research-article

Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2

Authors:

Pier Paolo Tricomi,

Giovanni Apruzzese,

Mauro ContiAuthors Info & Claims

CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

Pages 27 - 38

https://doi.org/10.1145/3577923.3583653

Published: 24 April 2023 Publication History

Abstract

Did you know that over 70 million of Dota2 players have their in-game data freely accessible? What if such data is used in malicious ways? This paper is the first to investigate such a problem. Motivated by the widespread popularity of video games, we propose the first threat model for Attribute Inference Attacks (AIA) in the Dota2 context. We explain how (and why) attackers can exploit the abundant public data in the Dota2 ecosystem to infer private information about its players. Due to lack of concrete evidence on the efficacy of our AIA, we empirically prove and assess their impact in reality. By conducting an extensive survey on 500 Dota2 players spanning over 26k matches, we verify whether a correlation exists between a player's Dota2 activity and their real-life. Then, after finding such a link (p < 0.01 and ρ > 0.3), we ethically perform diverse AIA. We leverage the capabilities of machine learning to infer real-life attributes of the respondents of our survey by using their publicly available in-game data. Our results show that, by applyingdomain expertise, some AIA can reach up to 98% precision and over 90% accuracy. This paper hence raises the alarm on a subtle, but concrete threat that can potentially affect the entire competitive gaming landscape. We alerted the developers of Dota2.

References

[1]

[n.d.]. Dendi - Liquipedia Dota2 Wiki. https://liquipedia.net/dota2/Dendi.

[2]

2022. The International. https://liquipedia.net/dota2/The_International.

[3]

Haldun Akoglu. 2018. User's guide to correlation coefficients. Turkish journal of emergency medicine (2018).

[4]

Faiyaz Al Zamal, Wendy Liu, and Derek Ruths. 2012. Homophily and latent attribute inference: Inferring latent attributes of twitter users from neighbors. In Proc. AAAI Int. Conf. Web Social Media.

[5]

Giovanni Apruzzese, Mauro Andreolini, Luca Ferretti, Mirco Marchetti, and Michele Colajanni. 2021. Modeling realistic adversarial attacks against network intrusion detection systems. ACM Digital Threats: Research and Practice (2021).

[6]

Giovanni Apruzzese et al. 2022. The Role of Machine Learning in Cybersecurity. ACM Digital Threats: Research and Practice (2022).

[7]

Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, ChristianWressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2022. Dos and don'ts of machine learning in computer security. In USENIX Security.

[8]

Michael Bailey, David Dittrich, Erin Kenneally, and Doug Maughan. 2012. The Menlo report. IEEE Security & Privacy (2012).

Digital Library

[9]

Matthew Barr and Alicia C. Stewart. 2022. Playing Video Games During the COVID-19 Pandemic and Effects on Players'Well-Being. Games & Culture (2022).

[10]

Battista Biggio and Fabio Roli. 2018. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition 84 (2018), 317--331.

Digital Library

[11]

Sara Bunian, Alessandro Canossa, Randy Colvin, and Magy Seif El-Nasr. 2017. Modeling individual differences in game behavior using HMM. In Artif. Intell. Interact. Digit. Entert. Conf.

[12]

Chadlantis. 2019. How to Improve in Any Video Game. https://medium.com/@c hadlantistv/how-to-improve-in-any-video-game-7d0efe5ed053.

[13]

Nitesh V Chawla, Kevin W Bowyer, Lawrence O Hall, and W Philip Kegelmeyer. 2002. SMOTE: synthetic minority over-sampling technique. Journal of artificial intelligence research 16 (2002), 321--357.

[14]

Terence Chen, Roksana Boreli, Mohamed-Ali Kaafar, and Arik Friedman. 2014. On the effectiveness of obfuscation techniques in online social networks. In Int. Priv. Enhancing Techn. Symp.

[15]

Yuan Cheng, Jaehong Park, and Ravi Sandhu. 2013. Preserving user privacy from third-party applications in online social networks. In Int. Conf. World Wide Web.

Digital Library

[16]

European Commission. [n.d.]. Sensitive Data. https://ec.europa.eu/info/law/lawtopic/ data-protection/reform/rules-business-and-organisations/legal-groundsprocessing- data/sensitive-data_en.

[17]

Mauro Conti and Pier Paolo Tricomi. 2020. PvP: Profiling Versus Player! Exploiting Gaming Data for Player Recognition. In Int. Conf. Inf. Secur.

Digital Library

[18]

Christina Cough. 2020. Share of gamers who want to become professional gamers in the future worldwide in 2020, by gender. https://www.statista.com/statistics/ 1132968/professionals-gamers-gender/. Accessed: June, 2022.

[19]

Anders Drachen, Christian Thurau, Rafet Sifa, and Christian Bauckhage. 2014. A comparison of methods for player clustering via behavioral telemetry. arXiv preprint arXiv:1407.3950 (2014).

[20]

Esport Earnings. 2022. Top Games Awarding Prize Money. https://www.esportse arnings.com/games. Accessed: July, 2022.

[21]

Sanaz Eidizadehakhcheloo, Bizhan Alipour Pijani, Abdessamad Imine, and Michaël Rusinowitch. 2021. Divide-and-Learn: A Random Indexing Approach to Attribute Inference Attacks in Online Social Networks. In IFIP Ann. Conf. Data Appl. Secur. Privacy.

Digital Library

[22]

Into The Breach Esports. 2021. r/DotA2 Demographic Survey. https://www.docd roid.net/ZeJTLar/rdota2-demographics-report-2021-pdf. Accessed: June, 2022.

[23]

Quan Fang, Jitao Sang, Changsheng Xu, andMShamim Hossain. [n.d.]. Relational user attribute inference in social media. IEEE T. Multimedia ([n. d.]).

[24]

European Union Agency for Fundamental Rights. 2014. Child participation in research. https://fra.europa.eu/en/publication/2019/child-participation-research.

[25]

Meg Fryling, Jami Lynn Cotler, Jack Rivituso, Lauren Mathews, and Shauna Pratico. 2015. Cyberbullying or normal game play? Impact of age, gender, and experience on cyberbullying in multi-player online gaming environments: Perceptions from one gaming forum. J. Inf. Syst. Appl. Res. (2015).

[26]

Jennifer Golbeck, Cristina Robles, and Karen Turner. 2011. Predicting personality with social media. In CHI-Human Factors in Computing Systems. 253--262.

[27]

Neil Zhenqiang Gong and Bin Liu. 2016. You are who you know and how you behave: Attribute inference attacks via users' social friends and behaviors. In 25th USENIX Security Symposium (USENIX Security 16). 979--995.

[28]

Neil Zhenqiang Gong and Bin Liu. 2018. Attribute inference attacks in online social networks. ACM T. Privacy Secur. (2018).

[29]

Mark D Griffiths. 2017. The psychosocial impact of professional gambling, professional video gaming & eSports. Casino & Gaming International (2017).

[30]

Wenbo Guo, Xian Wu, Sui Huang, and Xinyu Xing. 2021. Adversarial policy learning in two-player competitive games. In Int. Conf. Machin. Learn.

[31]

Juho Hamari and Max Sjöblom. 2017. What is eSports and why do people watch it? Internet research (2017).

[32]

howlongis.io. 2022. Dota 2 Playtime. https://howlongis.io/app/570/Dota2.

[33]

Panagiotis Ilia, Iasonas Polakis, Elias Athanasopoulos, Federico Maggi, and Sotiris Ioannidis. 2015. Face/off: Preventing privacy leakage from photos in social networks. In Proc. ACM CCS.

Digital Library

[34]

Ismat Jarin and Birhanu Eshete. 2021. Pricure: privacy-preserving collaborative inference in a multi-party setting. In Proc. ACMWorkshop Secur. Privacy Analytics.

Digital Library

[35]

David Jurgens, Tyler Finethy, James McCorriston, Yi Xu, and Derek Ruths. 2015. Geolocation prediction in twitter using social networks: A critical analysis and review of current practice. In Proc. Int. AAAI Conf. Web Social Media.

[36]

Panicos Karkallis, Jorge Blasco, Guillermo Suarez-Tangil, and Sergio Pastrana. 2021. Detecting video-game injectors exchanged in game cheating communities. In Europ. Symp. Res. Comp. Secur.

Digital Library

[37]

Mehdi Kaytoue, Arlei Silva, Loïc Cerf, Wagner Meira Jr, and Chedy Raïssi. 2012. Watch me playing, i am a professional: a first study on video game live streaming. In Proc. Int. Conf. World Wide Web.

Digital Library

[38]

Michal Kosinski, David Stillwell, and Thore Graepel. 2013. Private traits and attributes are predictable from digital records of human behavior. Proc. Nat. Academy Sciences (2013).

[39]

J. Kotrlik and C. Higgins. 2001. Organizational research: Determining appropriate sample size in survey research. Inf. Tech. Learn. Perf. J. (2001).

[40]

Peter Likarish, Oliver Brdiczka, Nicholas Yee, Nicholas Ducheneaut, and Les Nelson. 2011. Demographic Profiling from MMOG Gameplay. In 11th Privacy Enhancing Technologies Symposium. Waterloo, Canada. Citeseer.

[41]

Dragana Martinovic, Victor Ralevich, Joshua McDougall, and Michael Perklin. 2014. "You are what you play": Breaching privacy and identifying users in online gaming. In Proc. IEEE Ann. Int. Conf. Priv. Secur. Trust.

[42]

Shagufta Mehnaz et al. 2022. Are your sensitive attributes private? Novel model inversion attribute inference attacks on classification models. In USENIX Security.

[43]

Bo Mei, Yinhao Xiao, Ruinian Li, Hong Li, Xiuzhen Cheng, and Yunchuan Sun. [n.d.]. Image and attribute based convolutional neural network inference attacks in social networks. IEEE T. Netw. Sci. Eng. ([n. d.]).

[44]

Gregory J Meyer, Stephen E Finn, Lorraine D Eyde, Gary G Kay, Kevin L Moreland, Robert R Dies, Elena J Eisman, Tom W Kubiszyn, and Geoffrey M Reed. 2001. Psychological testing and psychological assessment: A review of evidence and issues. American psychologist 56, 2 (2001), 128.

[45]

Hooman Mohajeri Moghaddam, Gunes Acar, Ben Burgess, Arunesh Mathur, Danny Yuxing Huang, Nick Feamster, Edward W Felten, Prateek Mittal, and Arvind Narayanan. 2019. Watching you watch: The tracking ecosystem of overthe- top tv streaming devices. In Proc. ACM Conf. Comp. Commun. Secur.

Digital Library

[46]

Joshua Morris, Sara Newman, Kannappan Palaniappan, Jianping Fan, and Dan Lin. 2021. "Do you know you are tracked by photos that you didnt take: large-scale location-aware multi-party image privacy protection. IEEE TDSC (2021).

[47]

BBC News. 2019. Fortnite predator 'groomed children on voice chat'. https: //www.bbc.com/news/technology-46923789. Accessed: June 2022.

[48]

Kristine L Nowak and Christian Rauh. 2005. The influence of the avatar on online perceptions of anthropomorphism, androgyny, credibility, homophily, and attraction. Journal of Computer-Mediated Communication 11, 1 (2005), 153--178.

[49]

US Department of the Treasury. [n.d.]. Sensitive Personal Data. https://home.tre asury.gov/taxonomy/term/7651.

[50]

Jean Oggins and Jeffrey Sammis. 2012. Notions of video game addiction and their relation to self-reported addiction among players of World of Warcraft. International Journal of Mental Health and Addiction 10, 2 (2012), 210--230.

[51]

Bizhan Alipour Pijani, Abdessamad Imine, and Michaël Rusinowitch. 2020. You are what emojis say about your pictures: language-independent gender inference attack on Facebook. In Proc. ACM Symp. Appl. Comp.

Digital Library

[52]

Active Player. 2022. Live Player Count and Statistics. https://activeplayer.io/.

[53]

Beatrice Rammstedt and Oliver P John. 2007. Measuring personality in one minute or less: A 10-item short version of the Big Five Inventory in English and German. Journal of research in Personality 41, 1 (2007), 203--212.

[54]

Olivia Richman. 2020. Hashinshin responds to accusations of grooming a minor. https://win.gg/news/hashinshin-responds-to-accusations-of-grooming-aminor/. Accessed: June 2022.

[55]

Bruce Schneier. 2015. Data and Goliath: The hidden battles to collect your data and control your world. WW Norton & Company.

Digital Library

[56]

Rafet Sifa, Anders Drachen, and Christian Bauckhage. 2018. Profiling in games: Understanding behavior from telemetry. Social interactions in virtual worlds: An interdisciplinary perspective (2018).

[57]

Jonathan M Spring, Tyler Moore, and David Pym. 2017. Practicing a science of security: a philosophy of science perspective. In New Secur. Paradig. Workshop.

Digital Library

[58]

Pieter Spronck, Iris Balemans, and Giel Van Lankveld. 2012. Player profiling with fallout 3. In Artif. Intell. Interactive Dig. Entertainment Conf.

[59]

Steam. 2022. An ongoing analysis of Steam's concurrent players. https://steamc harts.com/. Accessed: July, 2022.

[60]

Stratz. 2022. Accounts and matches analyzed by STRATZ. https://stratz.com/wel come. Accessed: July, 2022.

[61]

Carl Symborski, Gary M Jackson, Meg Barton, Geoffrey Cranmer, Byron Raines,and Mary Magee Quinn. 2014. The use of social science methods to predict player characteristics from avatar observations. In Predicting real world behaviors from virtual world data. Springer, 19--37.

[62]

Anne Clara Tally, Yu Ra Kim, Katreen Boustani, and Christena Nippert-Eng. 2021. Protect and Project: Names, Privacy, and the Boundary Negotiations of Online Video Game Players. Proc. ACM Human-Comp. Inter. (2021).

Digital Library

[63]

Shoshannah Tekofsky, Jaap Van Den Herik, Pieter Spronck, and Aske Plaat. 2013. Psyops: Personality assessment through gaming behavior. In In Proceedings of the International Conference on the Foundations of Digital Games. Citeseer.

[64]

Udi Weinsberg, Smriti Bhagat, Stratis Ioannidis, and Nina Taft. 2012. BlurMe: Inferring and obfuscating user gender based on ratings. In Proceedings of the sixth ACM conference on Recommender systems. 195--202.

Digital Library

[65]

Jerry S Wiggins. 1996. The five-factor model of personality: Theoretical perspectives. Guilford Press.

[66]

Tom Wijman. 2021. The Games Market and Beyond in 2021: The Year in Numbers. https://newzoo.com/insights/articles/the-games-market-in-2021-the-year-innumbers- esports-cloud-gaming. Accessed: June 2022.

[67]

Dennis L Wilson. 1972. Asymptotic properties of nearest neighbor rules using edited data. IEEE Transactions on Systems, Man, and Cybernetics 3 (1972), 408--421.

[68]

Kelce S Wilson and Müge Ayse Kiy. 2014. Some fundamental cybersecurity concepts. IEEE access (2014).

[69]

Take Yo and Kazutoshi Sasahara. 2017. Inference of personal attributes from tweets using machine learning. In IEEE Int. Conf. Big Data.

[70]

Shijie Zhang, Hongzhi Yin, Tong Chen, Zi Huang, Lizhen Cui, and Xiangliang Zhang. 2021. Graph embedding for recommendation against attribute inference attacks. In Proc. Web Conf.

Digital Library

[71]

Yifei Zhang, Neng Gao, and Junsha Chen. 2020. A practical defense against attribute inference attacks in session-based recommendations. In IEEE Int. Conf. Web Serv.

[72]

Da Zhong, Haipei Sun, Jun Xu, Neil Gong, and Wendy Hui Wang. 2022. Understanding Disparate Effects of Membership Inference Attacks and their Countermeasures. In Proc. ACM AsiaCCS.

Digital Library

Cited By

Merino ÁGonzález-Cabañas JCuevas ÁCuevas R(2024)Analysis and Implementation of Nanotargeting on LinkedIn Based on Publicly Available Non-PIIProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642107(1-22)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642107
Tricomi PPajola LPasa LConti MChua TNgo CKumar RLauw HKa-Wei Lee R(2024)"All of Me": Mining Users' Attributes from their Public Spotify PlaylistsCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651459(963-966)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651459

Index Terms

Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2
1. Applied computing
  1. Arts and humanities
    1. Media arts
2. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

The interplay between immersion and appeal in video games

A 2í 2 study on immersion and appeal of video games is presented.Immersion and appeal are found to be highly related.Immersion is found to be unaffected by playing experience.Appeal is found to be affected both by game played and playing experience. ...
Effects of Mentoring on Player Performance in Massively Multiplayer Online Role-Playing Games (MMORPGs)
ASONAM '11: Proceedings of the 2011 International Conference on Advances in Social Networks Analysis and Mining

Massively Multiplayer Online Role-Playing Games (MMORPGs) have become increasingly popular and have communities comprising millions of subscribers. With their increasing popularity, researchers are realizing that video games can be a means to fully ...
DraftRec: Personalized Draft Recommendation for Winning in Multi-Player Online Battle Arena Games
WWW '22: Proceedings of the ACM Web Conference 2022

This paper presents a personalized character recommendation system for Multiplayer Online Battle Arena (MOBA) games which are considered as one of the most popular online video game genres around the world. When playing MOBA games, players go through a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '23: Proceedings of the Thirteenth ACM Conference on Data and Application Security and Privacy

April 2023

304 pages

ISBN:9798400700675

DOI:10.1145/3577923

General Chair:
Mohamed Shehab
University of North Carolina at Charlotte, USA
,
Program Chairs:
Maribel Fernandez
King's College London, UK
,
Ninghui Li
Purdue University, USA

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 April 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Hilti Corporation

Conference

CODASPY '23

Sponsor:

SIGSAC

CODASPY '23: Thirteenth ACM Conference on Data and Application Security and Privacy

April 24 - 26, 2023

NC, Charlotte, USA

Acceptance Rates

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
149
Total Downloads

Downloads (Last 12 months)89
Downloads (Last 6 weeks)3

Reflects downloads up to 22 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Merino ÁGonzález-Cabañas JCuevas ÁCuevas R(2024)Analysis and Implementation of Nanotargeting on LinkedIn Based on Publicly Available Non-PIIProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642107(1-22)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642107
Tricomi PPajola LPasa LConti MChua TNgo CKumar RLauw HKa-Wei Lee R(2024)"All of Me": Mining Users' Attributes from their Public Spotify PlaylistsCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3651459(963-966)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3651459

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents