• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.14 no.10
• /
• pp.4176-4197
• /
• 2020

Botnet is a type of dangerous malware. Botnet attack with a collection of bots attacking a similar target and activity pattern is called bot group activities. The detection of bot group activities using intrusion detection models can only detect single bot activities but cannot detect bots' behavioral relation on bot group attack. Detection of bot group activities could help network administrators isolate an activity or access a bot group attacks and determine the relations between bots that can measure the correlation. This paper proposed a new model to measure the similarity between bot activities using the intersections-probability concept to define bot group activities called as B-Corr Model. The B-Corr model consisted of several stages, such as extraction feature from bot activity flows, measurement of intersections between bots, and similarity value production. B-Corr model categorizes similar bots with a similar target to specify bot group activities. To achieve a more comprehensive view, the B-Corr model visualizes the similarity values between bots in the form of a similar bot graph. Furthermore, extensive experiments have been conducted using real botnet datasets with high detection accuracy in various scenarios.

• Journal of Korea Game Society
• /
• v.11 no.1
• /
• pp.121-129
• /
• 2011

In an online-game, the various game service victimized cases are generated by the bots program or auto program. Particularly, the abnormal collection of the game money and item loses the inherent fun of a game. It reaches ultimately the definite bad effect to the game life cycle. This paper collects and analyzes the pattern of game behavior change for the bots detection method. By using the game activity changing information of the human and game activity changing information of the bots, the degree of resemblance was measured. It utilized in the bots detection method. In an experiment, by using the served online-game, the model of a user and bots were generated and similarity was distinguished. And the reasonable result was confirmed.

• ETRI Journal
• /
• v.45 no.4
• /
• pp.713-723
• /
• 2023

Game bots are illegal programs that facilitate account growth and goods acquisition through continuous and automatic play. Early detection is required to minimize the damage caused by evolving game bots. In this study, we propose a game bot detection method based on action time intervals (ATIs). We observe the actions of the bots in a game and identify the most frequently occurring actions. We extract the frequency, ATI average, and ATI standard deviation for each identified action, which is to used as machine learning features. Furthermore, we measure the performance using actual logs of the Aion game to verify the validity of the proposed method. The accuracy and precision of the proposed method are 97% and 100%, respectively. Results show that the game bots can be detected early because the proposed method performs well using only data from a single day, which shows similar performance with those proposed in a previous study using the same dataset. The detection performance of the model is maintained even after 2 months of training without any revision process.

• Journal of Korea Game Society
• /
• v.9 no.5
• /
• pp.53-61
• /
• 2009

Game industry, especially MMORPG (Massively Multiplayer Online Role Playing Game) has rapidly been expanding in these days. In this background, lots of online game security incidents have been increasing and getting more diversity. One of the most critical security incidents is 'Bots', mimics human player's playing behaviors. Bots performs the task without any manual works, it is considered unfair with other players. So most game companies try to block Bots by analyzing the packets between clients and servers. However this method can be easily attacked, because the packets are changeable when it is send to server. In this paper, we propose a Bots detection method by observing the playing patterns of game characters with data on server. In this method, Bots developers cannot handle the data, because it is working on server. Therefore Bots cannot avoid it and we can find Bots users more completely.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.13 no.9
• /
• pp.4200-4206
• /
• 2012

Recently, online-game industry has been rapidly expanding in these days. But, the various game service victimized cases are generated by the bots program. Particularly, the abnormal collection of the game money and item loses the inherent fun of a game. It reaches ultimately the definite bad effect to the game life cycle. In this paper, we propose a Bots detection method by observing the playing patterns of game characters with game log data. It analyzed behaviors of human players as well as bots and identified features to build the model to differentiate bots from human players. In an experiment, by using the served online-game, the model of a user and bots were generated was distinguished. And the reasonable result was confirmed.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.12
• /
• pp.2885-2891
• /
• 2015

Twitter, one of online social network services, is one of the most popular micro-blogs, which generates a large number of automated programs, known as tweet bots because of the open structure of Twitter. While these tweet bots are categorized to legitimate bots and malicious bots, it is important to detect tweet bots since malicious bots spread spam and malicious contents to human users. In the conventional work, temporal information was utilized for the classficiation of human and bot. In this paper, by utilizing geo-tagged tweets that provide high-precision location information of users, we first identify both Twitter users' exact location and the corresponding timestamp, and then propose an improved two-stage tweet bot detection algorithm by computing an entropy based on spatio-temporal information. As a main result, the proposed algorithm shows superior bot detection and false alarm probabilities over the conventional result which only uses temporal information.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1077-1084
• /
• 2015

Security issues such as an illegal acquisition of personal information and identity theft happen due to using game bots in online games. Game bots collect items and money unfairly, so in-game contents are rapidly depleted, and honest users feel deprived. It causes a downturn in the game market. In this paper, we defined the growth types by analyzing the growth processes of users with actual game data. We proposed the framework that classify hard-core users and game bots in the growth patterns. We applied the framework in the actual data. As a result, we classified five growth types and detected game bots from hard-core users with 93% precision. Earlier studies show that hard-core users are also detected as a bot. We clearly separated game bots and hard-core users before full growth.

• ETRI Journal
• /
• v.35 no.6
• /
• pp.1058-1067
• /
• 2013

An approach for game bot detection in massively multiplayer online role-playing games (MMORPGs) based on the analysis of game playing behavior is proposed. Since MMORPGs are large-scale games, users can play in various ways. This variety in playing behavior makes it hard to detect game bots based on play behaviors. To cope with this problem, the proposed approach observes game playing behaviors of users and groups them by their behavioral similarities. Then, it develops a local bot detection model for each player group. Since the locally optimized models can more accurately detect game bots within each player group, the combination of those models brings about overall improvement. Behavioral features are selected and developed to accurately detect game bots with the low resolution data, considering common aspects of MMORPG playing. Through the experiment with the real data from a game currently in service, it is shown that the proposed local model approach yields more accurate results.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1115-1122
• /
• 2015

In recent years, the use of game bots by illegal programs has been expanded from individual to group scale; this brings about serious problems in online game industry. The gold farmers group creates an in-game social community so-called "guild" to obtain a large amount of game money and manage game bots efficiently. Although game developers detect game bots by detection algorithms, the algorithms can detect only part of the gold farmers group. In this paper, we propose a detection method for the gold farmers group on a basis of normal and bot guilds characteristic analysis. In order to differentiate normal and bots guild, we analyze transaction patterns for individuals, auction house and chatting. With the analyzed results, we can detect game bot guilds. We demonstrate the feasibility of the proposed methods with real datasets from one of the popular online games named AION in Korea.

• Journal of the Korea Institute of Information and Communication Engineering
• /
• v.19 no.12
• /
• pp.2878-2884
• /
• 2015

Twitter, one of online social network services, is one of the most popular micro-blogs, which generates a large number of automated programs, known as tweet bots because of the open structure of Twitter. While these tweet bots are categorized to legitimate bots and malicious bots, it is important to detect tweet bots since malicious bots spread spam and malicious contents to human users. In the conventional work, temporal information was utilized for the classficiation of human and bot. In this paper, by utilizing geo-tagged tweets that provide high-precision location information of users, we first identify both Twitter users' exact location. Then, we propose a new tweet bot detection algorithm by using both an entropy based on geographic variable of each user and device information of each user. As a main result, the proposed algorithm shows superior bot detection and false alarm probabilities over the conventional result which only uses temporal information.