research-article

Server-side verification of client behavior in online games

Authors:

Darrell Bethea,

Robert A. Cochran,

Michael K. ReiterAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 14, Issue 4

Article No.: 32, Pages 1 - 27

https://doi.org/10.1145/2043628.2043633

Published: 26 December 2008 Publication History

Abstract

Online gaming is a lucrative and growing industry but one that is slowed by cheating that compromises the gaming experience and hence drives away players (and revenue). In this paper we develop a technique by which game developers can enable game operators to validate the behavior of game clients as being consistent with valid execution of the sanctioned client software. Our technique employs symbolic execution of the client software to extract constraints on client-side state implied by each client-to-server message, and then uses constraint solving to determine whether the sequence of client-to-server messages can be “explained” by any possible user inputs, in light of the server-to-client messages already received. The requisite constraints and solving components can be developed either simultaneously with the game or retroactively for existing games. We demonstrate our approach in three case studies on the open-source game XPilot, a game similar to Pac-Man of our own design, and an open-source multiplayer version of Tetris.

References

[1]

Alexander, L. 2008. World of warcraft hits 10 million subscribers. http://www.gamasutra.com/php-bin/news_index.php?story=17062.

[2]

Baughman, N. E. and Levine, B. N. 2001. Cheat-proof playout for centralized and distributed online games. In Proceedings of IEEE INFOCOM.

[3]

Bethea, D., Cochran, R. A., and Reiter, M. K. 2010. Server-side verification of client behavior in online games. In Proceedings of the 17th ISOC Network and Distributed System Security Symposium. 21--36.

[4]

Brumley, D., Newsome, J., Song, D., Wang, H., and Jha, S. 2006. Towards automatic generation of vulnerability-based signatures. In Proceedings of the IEEE Symposium on Security and Privacy.

Digital Library

[5]

Brumley, D., Wang, H., Jha, S., and Song, D. 2007. Creating vulnerability signatures using weakest pre-conditions. In Proceedings of the Computer Security Foundations Symposium.

Digital Library

[6]

Cadar, C., Dunbar, D., and Engler, D. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation.

Digital Library

[7]

Cadar, C., Ganesh, V., Pawlowski, P. M., Dill, D. L., and Engler, D. R. 2006. EXE: Automatically generating inputs of death. In Proceedings of the 13th ACM Conference on Computer and Communications Security.

Digital Library

[8]

Chen, K.-T., Jiang, J.-W., Huang, P., Chu, H.-H., Lei, C.-L., and Chen, W.-C. 2006. Identifying MMORPG bots: A traffic analysis approach. In Proceedings of the ACM SIGCHI International Conference on Advances in Computer Entertainment Technology.

Digital Library

[9]

Chen, K.-T., Pao, H.-K. K., and Chang, H.-C. 2008. Game bot identification based on manifold learning. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 21--26.

Digital Library

[10]

Chong, S., Liu, J., Myers, A. C., Qi, X., Vikram, N., Zheng, L., and Zheng, X. 2007. Secure web applications via automatic partitioning. In Proceedings of the 21st ACM Symposium on Operating Systems Principles. 31--44.

Digital Library

[11]

Cronin, E., Filstrup, B., and Jamin, S. 2003. Cheat-proofing dead reckoned multiplayer games. In Proceedings of the 2nd International Conference on Application and Development of Computer Games.

[12]

DeLap, M., Knutsson, B., Lu, H., Sokolsky, O., Sammapun, U., Lee, I., and Tsarouchis, C. 2004. Is runtime verification applicable to cheat detection&quest; In Proceedings of the 3rd ACM SIGCOMM Workshop on Network and System Support for Games.

Digital Library

[13]

Feng, W., Kaiser, E., and Schluessler, T. 2008. Stealth measurements for cheat detection in on-line games. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 15--20.

Digital Library

[14]

Gamasutra Staff. 2009. Analyst: Online games now $11b of $44b worldwide game market. http://www. gamasutra.com/php-bin/news_index.php?story=23954.

[15]

Ganesh, V. and Dill, D. L. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV'07). 519--531.

Digital Library

[16]

Giffin, J. T., Jha, S., and Miller, B. P. 2002. Detecting manipulated remote call streams. In Proceedings of the 11th USENIX Security Symposium.

Digital Library

[17]

Goodman, J. and Verbrugge, C. 2008. A peer auditing scheme for cheat elimination in MMOGs. In Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games. 9--14.

Digital Library

[18]

Guha, A., Krishnamurthi, S., and Jim, T. 2009. Using static analysis for Ajax intrusion detection. In Proceedings of the 18th International World Wide Web Conference. 561--570.

Digital Library

[19]

Hoglund, G. and McGraw, G. 2007. Exploiting Online Games: Cheating Massively Distributed Systems. Addison-Wesley Professional.

Digital Library

[20]

Huffman, D. A. 1952. A method for the construction of minimum-redundancy codes. Proc. Institute Radio Engin. 40, 9, 1098--1101.

[21]

Izaiku, T., Yamamoto, S., Murata, Y., Shibata, N., Yasumoto, K., and Ito, M. 2006. Cheat detection for MMORPG on P2P environments. In Proceedings of the 5th ACM SIGCOMM Workshop on Network and System Support for Games.

Digital Library

[22]

Jager, I. and Brumley, D. 2010. Efficient directionless weakest preconditions. Tech. rep. CMU-CyLab-10-002, Cylab, Carnegie Mellon University.

[23]

Jha, S., Katzenbeisser, S., Schallhart, C., Veith, H., and Chenney, S. 2007. Enforcing semantic integrity on untrusted clients in networked virtual environments (extended abstract). In Proceedings of the IEEE Symposium on Security and Privacy. 179--186.

Digital Library

[24]

Kabus, P., Terpstra, W. W., Cilia, M., and Buchmann, A. P. 2005. Addressing cheating in distributed MMOGs. In Proceedings of 4th ACM SIGCOMM Workshop on Network and System Support for Games.

Digital Library

[25]

Kaiser, E., Feng, W., and Schluessler, T. 2009. Fides: Remote anomaly-based cheat detection using client emulation. In Proceedings of the 16th ACM Conference on Computer and Communications Security.

Digital Library

[26]

Kruegel, C., Kirda, E., Mutz, D., Robertson, W., and Vigna, G. 2005. Automating mimicry attacks using static binary analysis. In Proceedings of the 14th USENIX Security Symposium. 161--176.

Digital Library

[27]

Lyhyaoui, Y., Lyhyaoui, A., and Natkin, S. 2005. Online games: Categorization of attacks. In Proceedings of the International Conference on Computer as a Tool (EUROCON).

[28]

Magiera, M. 2009. Videogames sales bigger than DVD-Blu-ray for first time. http://www.videobusiness. com/article/CA6631456.html.

[29]

Mitterhofer, S., Platzer, C., Kruegel, C., and Kirda, E. 2009. Server-side bot detection in massive multiplayer online games. IEEE Secu. Priv. 7, 3, 18--25.

Digital Library

[30]

Mönch, C., Grimen, G., and Midtstraum, R. 2006. Protecting online games against cheating. In Proceedings of the 5th ACM SIGCOMM Workshop on Network and System Support for Games.

Digital Library

[31]

Mulligan, J. and Patrovsky, B. 2003. Developing Online Games: An Insider's Guide. New Riders Publishing.

Digital Library

[32]

Rosenblum, M. and Ousterhout, J. K. 1992. The design and implementation of a log-structured file system. ACM Trans. Comput. Syst. 10, 1, 26--52.

Digital Library

[33]

Schluessler, T., Goglin, S., and Johnson, E. 2007. Is a bot at the controls&quest; Detecting input data attacks. In Proceedings of the 6th ACM SIGCOMM Workshop on Network and System Support for Games. 1--6.

Digital Library

[34]

Spohn, D. Cheating in online games. http://internetgames.about.com/od/gamingnews/a/cheating.htm.

[35]

Vikram, K., Prateek, A., and Livshits, B. 2009. Ripley: Automatically securing Web 2.0 applications through replicated execution. In Proceedings of the 16th ACM Conference on Computer and Communications Security.

Digital Library

[36]

Wang, R., Wang, X., Li, Z., Tang, H., Reiter, M. K., and Dong, Z. 2009. Privacy-preserving genomic computation through program specialization. In Proceedings of the 16th ACM Conference on Computer and Communications Security.

Digital Library

[37]

Ward, M. 2005. Warcraft game maker in spying row. http://news.bbc.co.uk/2/hi/technology/4385050.stm.

[38]

Webb, S. and Soh, S. 2008. A survey on network game cheats and P2P solutions. Aust. J. Intell. Inform. Process. Syst. 9, 4, 34--43.

[39]

Yampolskly, R. V. and Govindaraju, V. 2007. Embedded noninteractive continuous bot detection. Comput. Entertain. 5, 4, 1--11.

Digital Library

[40]

Yan, J. and Randell, B. 2005. A systematic classification of cheating in online games. In Proceedings of the 4th ACM SIGCOMM Workshop on Network and System Support for Games.

Digital Library

[41]

Yang, J., Sar, C., Twohey, P., Cadar, C., and Engler, D. 2006. Automatically generating malicious disks using symbolic execution. In Proceedings of the IEEE Symposium on Security and Privacy.

Digital Library

Cited By

Zuo CWang CLin ZCalandrino JTroncoso C(2023)A peek into the metaverseProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620457(3925-3942)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620457
Volokh SHalfond WEger MCardona-Rivera R(2023)Automatically defining game action spaces for exploration using program analysisProceedings of the Nineteenth AAAI Conference on Artificial Intelligence and Interactive Digital Entertainment10.1609/aiide.v19i1.27510(145-154)Online publication date: 8-Oct-2023
https://dl.acm.org/doi/10.1609/aiide.v19i1.27510
Kontio RLaattala MWelsch RHämäläinen P(2023)“I Feel My Abs”: Exploring Non-standing VR LocomotionProceedings of the ACM on Human-Computer Interaction10.1145/36110697:CHI PLAY(1282-1307)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611069
Show More Cited By

Index Terms

Server-side verification of client behavior in online games
1. Applied computing
  1. Physical sciences and engineering
    1. Mathematics and statistics
2. Computing methodologies
  1. Symbolic and algebraic manipulation
    1. Computer algebra systems

Recommendations

Scaling multiplayer online games using proxy-server replication: a case study of Quake 2
HPDC '07: Proceedings of the 16th international symposium on High performance distributed computing

Massively Multiplayer Online Games (MMOGs) are an increasingly popular class of real-time interactive distributed applications that require scalable architectures and parallelization approaches. While games of the role-playing genre already allow ...
Behaviour-Based cheat detection in multiplayer games with event-b
IFM'12: Proceedings of the 9th international conference on Integrated Formal Methods

Cheating is a key issue in multiplayer games as it causes unfairness which reduces legitimate users' satisfaction and is thus detrimental to game revenue. Many commercial solutions prevent cheats by reacting to specific implementations of cheats. As a ...
Prosocial activities in video games player type based study concerning the genres assively Multiplayer Online, Shooter and Role-Playing Games
ECCE '22: Proceedings of the 33rd European Conference on Cognitive Ergonomics

Many people enjoy playing video games in their free time. Just like other media, the consumption of video games can influence people’s social behavior. This has already been proven in many studies, which mainly look at games that contain violence, to ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 14, Issue 4

December 2011

138 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/2043628

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Accepted: 01 July 2011

Revised: 01 March 2011

Received: 01 July 2010

Published: 26 December 2008

Published in TISSEC Volume 14, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

21
Total Citations
View Citations
1,029
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)4

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zuo CWang CLin ZCalandrino JTroncoso C(2023)A peek into the metaverseProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620457(3925-3942)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620457
Volokh SHalfond WEger MCardona-Rivera R(2023)Automatically defining game action spaces for exploration using program analysisProceedings of the Nineteenth AAAI Conference on Artificial Intelligence and Interactive Digital Entertainment10.1609/aiide.v19i1.27510(145-154)Online publication date: 8-Oct-2023
https://dl.acm.org/doi/10.1609/aiide.v19i1.27510
Kontio RLaattala MWelsch RHämäläinen P(2023)“I Feel My Abs”: Exploring Non-standing VR LocomotionProceedings of the ACM on Human-Computer Interaction10.1145/36110697:CHI PLAY(1282-1307)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611069
Santos AOliveira WHamari JJoaquim SIsotani S(2023)The Consistency of Gamification User Types: A Study on the Change of Preferences over TimeProceedings of the ACM on Human-Computer Interaction10.1145/36110687:CHI PLAY(1253-1281)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611068
Balcomb NBirk MBateman S(2023)The Effects of Hand Representation on Experience and Performance for 3D Interactions in Virtual Reality GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110667:CHI PLAY(1206-1233)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611066
Bourdoucen ANurgalieva LLindqvist J(2023)Privacy Is the Price: Player Views and Technical Evaluation of Data Practices in Online GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110647:CHI PLAY(1136-1178)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611064
Cmentowski SKaraosmanoglu SKievelitz FSteinicke FKrüger J(2023)A Matter of Perspective: Designing Immersive Character Transitions for Virtual Reality GamesProceedings of the ACM on Human-Computer Interaction10.1145/36110237:CHI PLAY(73-103)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611023
Sparrow LRogerson M(2023)Lessons from Homebrewed Hybridity: Designing Hybrid Digital Boardgames for Distanced PlayProceedings of the ACM on Human-Computer Interaction10.1145/36110227:CHI PLAY(45-72)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611022
Poeller SDechant MKlarkowski MMandryk R(2023)Suspecting Sarcasm: How League of Legends Players Dismiss Positive Communication in Toxic EnvironmentsProceedings of the ACM on Human-Computer Interaction10.1145/36110207:CHI PLAY(1-26)Online publication date: 4-Oct-2023
https://dl.acm.org/doi/10.1145/3611020
Anwar MZuo CYagemann CLin Z(2023)Extracting Threat Intelligence From Cheat Binaries For Anti-CheatingProceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3607199.3607211(17-31)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3607199.3607211
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents