• Journal of Korea Game Society
• /
• v.15 no.4
• /
• pp.69-78
• /
• 2015

As the online game industry has been growing rapidly, more and more malicious activities to gain economic benefits have been reported as well. Game bot is one of the biggest problems in the online game industry. So we proposed a bot detection method based on the ERG theory of motivation for the first time. Most of the previous studies focused on behavior-based detection by monitoring patterns of the specific actions. In this paper, we applied the motivation theory to analyze user behaviors on a real game dataset. The result shows that normal users in the game followed the ERG theory of motivation in the same way as it works in real world. But in the case of game bots, the theory could not be applied because the game bot has specific reasons, unlike normal game users. We applied the ERG theory to users to distinguish game bot users from normal users. We detected the game bot with high accuracy of 99.78% by applying the theory.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.6
• /
• pp.1431-1439
• /
• 2017

In the security field, log analysis is important to detect malware or abnormal behavior. Recently, image visualization techniques for malware dectection becomes to a major part of security. These techniques can also be used in online games. Users can leave a game when they felt bad experience from game bot, automatic hunting programs, malicious code, etc. This churning can damage online game's profit and longevity of service if game operators cannot detect this kind of events in time. In this paper, we propose a new technique of PNG image conversion based churn prediction to improve the efficiency of data analysis for the first. By using this log compression technique, we can reduce the size of log files by 52,849 times smaller and increase the analysis speed without features analysis. Second, we apply data mining technique to predict user's churn with a real dataset from Blade & Soul developed by NCSoft. As a result, we can identify potential churners with a high accuracy of 97%.

• Journal of Korea Game Society
• /
• v.16 no.1
• /
• pp.83-92
• /
• 2016

An online game is a huge distributed system comprised of servers and untrusted clients. In such circumstances, cheaters may employ abnormal behaviors through client modification or network packet tampering. Client-side detection methods have the merit of distributing the burden to clients but can easily be breached. In the other hand, server-side detection methods are trustworthy but consume tremendous amount of resources. Therefore, this paper proposes a security reinforcement method which involves both the client and the server. This method is expected to provide meaningful security fortification while minimizing server-side stress.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1069-1076
• /
• 2017

Recently $Pok\acute{e}mon$ GO implements an online game with location-based real time augmented reality on mobile. The correct play of this game should be based on collecting the $Pok\acute{e}mon$ that appears as the user moves around by foot, but as the popularity increases, it appears an abuse to play easily. Many people have used an application that provides a mock location service such as Fake GPS, and these applications can be judged to be cheating in online games because they can play games in the house without moving. Detection of such cheating from a client point of view (mobile device) can consume a large amount of resources, which can reduce the speed of the game. It is difficult for developers to apply detection methods that negatively affect game usage and user's satisfaction. Therefore, in this paper, we propose a method to detect users abusing mock location service in online game by route analysis using GPS location record from the server point of view.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.1
• /
• pp.93-107
• /
• 2016

Game bot playing is one of the main risks in Massively Multi-Online Role Playing Games(MMORPG) because it damages overall game playing environment, especially the balance of the in-game economy. There have been many studies to detect game bot. However, the previous detection models require continuous maintenance efforts to train and learn the game bots' patterns whenever the game contents change. In this work, we have proposed a machine learning technique using the self-similarity property that is an intrinsic attribute in game bots and automated maintenance system. We have tested our method and implemented a system to major three commercial games in South Korea. As a result, our proposed system can detect and classify game bots with high accuracy.

• Journal of the Korea Society of Computer and Information
• /
• v.27 no.5
• /
• pp.157-163
• /
• 2022

As the online game market grows, the use of game bots is causing the most serious problem for game services. We propose a harvest coordinate analysis model to detect harvesting bots among game bots of the Massively Multiplayer Online Role-Playing Games(MMORPGs) genre. The proposed model analyzes the player's harvesting behavior using the coordinate data. Game bots can obtain in-game goods and items more easily than normal players and are not affected by realistic restrictions such as sleep time and character manipulation fatigue. As a result, there is a difference in harvesting coordinates between normal players and game bots. We divided the coordinate zones and used these coordinate zone differences to distinguish between game bot players and normal players. We created a dataset with NCSoft's AION log and applied it to a random forest model to detect game bots, and as a result, we derived performance with a recall of 0.72 and a precision of 0.92.

• International Journal of Computer Science & Network Security
• /
• v.22 no.6
• /
• pp.390-399
• /
• 2022

Cyber security and resilience are phrases that describe safeguards of ICTs (information and communication technologies) from cyber-attacks or mitigations of cyber event impacts. The sole purpose of Risk models are detections, analyses, and handling by considering all relevant perceptions of risks. The current research effort has resulted in the development of a new paradigm for safeguarding services offered online which can be utilized by both service providers and users. customers. However, rather of relying on detailed studies, this approach emphasizes task selection and execution that leads to successful risk treatment outcomes. Modelling intelligent CSGs (Cyber Security Games) using MLTs (machine learning techniques) was the focus of this research. By limiting mission risk, CSGs maximize ability of systems to operate unhindered in cyber environments. The suggested framework's main components are the Threat and Risk models. These models are tailored to meet the special characteristics of online services as well as the cyberspace environment. A risk management procedure is included in the framework. Risk scores are computed by combining probabilities of successful attacks with findings of impact models that predict cyber catastrophe consequences. To assess successful attacks, models emulating defense against threats can be used in topologies. CSGs consider widespread interconnectivity of cyber systems which forces defending all multi-step attack paths. In contrast, attackers just need one of the paths to succeed. CSGs are game-theoretic methods for identifying defense measures and reducing risks for systems and probe for maximum cyber risks using game formulations (MiniMax). To detect the impacts, the attacker player creates an attack tree for each state of the game using a modified Extreme Gradient Boosting Decision Tree (that sees numerous compromises ahead). Based on the findings, the proposed model has a high level of security for the web sources used in the experiment.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.5
• /
• pp.1077-1084
• /
• 2015

Security issues such as an illegal acquisition of personal information and identity theft happen due to using game bots in online games. Game bots collect items and money unfairly, so in-game contents are rapidly depleted, and honest users feel deprived. It causes a downturn in the game market. In this paper, we defined the growth types by analyzing the growth processes of users with actual game data. We proposed the framework that classify hard-core users and game bots in the growth patterns. We applied the framework in the actual data. As a result, we classified five growth types and detected game bots from hard-core users with 93% precision. Earlier studies show that hard-core users are also detected as a bot. We clearly separated game bots and hard-core users before full growth.

• Journal of Digital Convergence
• /
• v.10 no.3
• /
• pp.23-37
• /
• 2012

Illegal game players' hacking and propagation of malignant code in online game exposes privacy of online game customers. So, online game companies have to support the standardized systems and operations of customers' privacies. Since online game companies implement authentication of information protection, which focuses on assets or physical, systemic security, they need a more professional system that is related to protection of individual privacy. We analyzed the individual information protection system, which includes ISO27001, ISMS of KISA, GMITS, ePrivacy, online game privacy protection guide, and BS10012. Using the suggested systems, we proposed the systemic tools that measure the level of individual information protection, which includes process and check items of each phase.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.31 no.6
• /
• pp.1097-1104
• /
• 2021

Online game-bots are already known for a lot of persons by various ways. It leads to problems such as declining game player's interest, in-game financial crisis, etc. Detecting and restricting of game-bot is now essential. Because both publishers and players get disadvantages from their long term abnormal working. But it is not easy to restrict, because of false restriction risks. Game publishers need to distinguish game-bot from server-side game logs. At last, it should can make reasons for game-bot restriction. In this paper, we classified game-bot users by using daily separated game logs for testing data. For daily-driven detection, we separated total dataset into one day logs. Preliminary detects game-bots with one day logs, and determines total results by using these data. Daily driven detection advantages on detection which contains combined game playing style. Which shows like normal user and game-bot. These methodology shows better F1-score, which one of indicator which demonstrate classification accuracy. It increases from 0.898 to 0.945 by using Random Forest classifier.