Abstract
Video game cheats destroy the online play experience of users and result in financial losses for game developers. Similar to hacking communities, cheat developers often organize themselves around forums where they share game cheats and know-how. In this paper, we perform a large-scale measurement of two online forums, MPGH and UnknownCheats, devoted to video game cheating that are nowadays very active and altogether have more than 7 million posts. Video game cheats often require an auxiliary tool to access the victim process, i.e., an injector. This is a type of program that manipulates the game program memory, and it is a key piece for evading cheat detection on the client side. We leverage the output of our measurement study to build a machine learning classifier that identifies injectors based on their behavioural traits. Our system will help game developers and the anti-cheat industry to identify attack vectors more quickly and will reduce the barriers to study this topic within the academic community.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Data extracted from https://steamcharts.com/app/730 on 16th April 2021.
- 2.
- 3.
- 4.
- 5.
In the remainder of the paper, we use the terms ‘user’ and ‘actor’ indistinguishably to refer a forum account uniquely identified by a user ID.
- 6.
As a result of our work, these attachments have been included in the CrimeBB catalog, and are thus available for other researchers under a legal agreement with the Cambridge Cybercrime Centre.
- 7.
https://store.steampowered.com Accessed on 10th May 2021.
- 8.
Some attachments are duplicated or re-released in different posts.
- 9.
https://github.com/erocarrera/pefile Accessed on 10th May 2021.
- 10.
https://www.virustotal.com Accessed on 10th May 2021.
- 11.
https://community.mcafee.com/t5/Malware/quot-False-Artemis-4DD89AF63CF7-quot/m-p/521383 Accessed on 10th May 2021.
- 12.
https://github.com/tarekwiz/LeagueDumper Accessed on 10th May 2021.
- 13.
References
Allodi, L.: Economic factors of vulnerability trade and exploitation. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1483–1499. ACM (2017)
Blackburn, J., Kourtellis, N., Skvoretz, J., Ripeanu, M., Iamnitchi, A.: Cheating in online games: a social network perspective. ACM Trans. Internet Technol. (TOIT) 13(3), 1–25 (2014)
Breiman, L., et al.: Arcing classifier (with discussion and a rejoinder by the author). Ann. Stat. 26(3), 801–849 (1998)
Cano, N.: Game hacking: developing autonomous bots for online games. No Starch Press (2016)
Chen, Y., Wang, S., She, D., Jana, S.: On training robust pdf malware classifiers. In: 29th USENIX Security Symposium USENIX Security 20), pp. 2343–2360 (2020)
Chinchor, N., Sundheim, B.M.: Muc-5 evaluation metrics. In: Fifth Message Understanding Conference (MUC-5): Proceedings of a Conference Held in Baltimore, Maryland, 25–27 August, 1993 (1993)
Chumachenko, K.: Machine learning methods for malware detection and classification. The annals of statistics (2017)
Clayton, R.: The impact of lockdown on dos-for-hire. Tech. rep., Cambridge Cybercrime Centre COVID Briefing Papers, July 2020. https://www.cambridgecybercrime.uk/COVID/COVIDbriefing-3.pdf
Duh, H.B.-L., Chen, V.H.H.: Cheating behaviors in online gaming. In: Ozok, A.A., Zaphiris, P. (eds.) OCSC 2009. LNCS, vol. 5621, pp. 567–573. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02774-1_61
Feng, W.C., Kaiser, E., Schluessler, T.: Stealth measurements for cheat detection in on-line games. In: Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games, pp. 15–20. NetGames 2008. Association for Computing Machinery, New York (2008). https://doi.org/10.1145/1517494.1517497. https://doi.org/10.1145/1517494.1517497
Fields, D.A., Kafai, Y.B.: “stealing from grandma” or generating cultural knowledge? contestations and effects of cheating in a tween virtual world. Games Culture 5(1), 64–87 (2010)
FireEye: Capa. https://github.com/fireeye/capa, https://github.com/fireeye/capa. Accessed July 2020
Glaser, B.G., Strauss, A.L., Strutzel, E.: The discovery of grounded theory; strategies for qualitative research. Nurs. Res. 17(4), 364 (1968)
Hughes, J., Collier, B., Hutchings, A.: From playing games to committing crimes: a multi-technique approach to predicting key actors on an online gaming forum. In: 2019 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2019)
Hutchings, A., Pastrana, S.: Understanding ewhoring. In: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 201–214. IEEE (2019)
Jordaney, R., Sharad, K., Dash, S.K., Wang, Z., Papini, D., Nouretdinov, I., Cavallaro, L.: Transcend: detecting concept drift in malware classification models. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 625–642. USENIX Association, Vancouver, BC, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jordaney
Koskinas, P., Paloetti, M.: Anti-cheat in lol ( & more), May 2020 https://na.leagueoflegends.com/en-us/news/dev/dev-anti-cheat-in-lol-more/. https://na.leagueoflegends.com/en-us/news/dev/dev-anti-cheat-in-lol-more/. Accessed on May 2020
Lee, E., Woo, J., Kim, H., Kim, H.K.: No silk road for online gamers! using social network analysis to unveil black markets in online games. In: Proceedings of the 2018 World Wide Web Conference, pp. 1825–1834 (2018)
Liu, D., Gao, X., Zhang, M., Wang, H., Stavrou, A.: Detecting passive cheats in online games via performance-skillfulness inconsistency. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 615–626. IEEE (2017)
Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet Measurement Conference, pp. 71–80. ACM (2011)
Narula, H.: A billion new players are set to transform the gaming industry, December 2019. https://www.wired.co.uk/article/worldwide-gamers-billion-players. https://www.wired.co.uk/article/worldwide-gamers-billion-players. Accessed on May 2020
National Cyber Crime Unit/Prevent Team: Pathways into cyber crime, January 2017. https://www.nationalcrimeagency.gov.uk/who-we-are/publications/6-pathways-into-cyber-crime-1/file. Accessed July 2020
Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Privacy Secur. (TOPS) 22(2), 1–34 (2019)
Pastrana, S., Hutchings, A., Caines, A., Buttery, P.: Characterizing eve: analysing cybercrime actors in a large underground forum. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 207–227. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_10
Pastrana, S., Thomas, D.R., Hutchings, A., Clayton, R.: Crimebb: enabling cybercrime research on underground forums at scale. In: Proceedings of the 2018 World Wide Web Conference, pp. 1845–1854 (2018). https://doi.org/10.1145/3178876.3186178
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)
Portnoff, R.S., Afroz, S., Durrett, G., Kummerfeld, J.K., Berg-Kirkpatrick, T., McCoy, D., Levchenko, K., Paxson, V.: Tools for automated analysis of cybercriminal markets. In: Proceedings of 26th International World Wide Web Conference (WWW) (2017)
Richter, J., Nasarre, C.: Windows via C/C++. Microsoft Press, 5th edn., November 2007
Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)
Sherena.johnson@nist.gov: Nist special database 28, September 2020. https://www.nist.gov/srd/nist-special-database-28
Witschel, T., Wressnegger, C.: Aim low, shoot high: evading aimbot detectors by mimicking user behavior. In: Proceedings of the 13th European workshop on Systems Security, pp. 19–24 (2020)
Woo, J., Kang, S.W., Kim, H.K., Park, J.: Contagion of cheating behaviors in online social networks. IEEE Access 6, 29098–29108 (2018)
Acknowledgement
This work is partially supported by the Spanish grants ODIO (PID2019-111429RB-C21, PID2019-111429RB), the Region of Madrid grant CYNAMON-CM (P2018/TCS-4566), co-financed by European Structural Funds ESF and FEDER, and Excellence Program EPUC3M17, and the “Ramon y Cajal” Fellowship RYC-2020-029401.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Analysis Features
A Analysis Features
This appendix lists the feature categories used to train the injector classifier along with the number of features within each category. The first column describes the feature category each analysis is part of as seen on Table 1.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Karkallis, P., Blasco, J., Suarez-Tangil, G., Pastrana, S. (2021). Detecting Video-Game Injectors Exchanged in Game Cheating Communities. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12972. Springer, Cham. https://doi.org/10.1007/978-3-030-88418-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-88418-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-88417-8
Online ISBN: 978-3-030-88418-5
eBook Packages: Computer ScienceComputer Science (R0)