This action might not be possible to undo. Are you sure you want to continue?
Kuen Park Korea University, South Korea Heejo Lee Korea University, South Korea
IntroductIon oF onLInE BAcKGround: onLInE GAME SEcurItY GAME cLASSIFIcAtIon
People enjoy playing games for simple pleasure. Online games have various types of how to attack the Recently, since the emergence and advance of the game. Thus, game designers should consider the game computer technologies, especially in terms of graphic type about what factors are vulnerable in its game type. Figure 1 represents our classification of online games. and networking, which enables people to experience virtual world with a computer network they couldn’t Online games can be divided in five categories: abstracever have imagined (Smed & Hakonen, 2003). In this tion, action, simulation, story-driven, and strategy. The respect, the popularity of games has roared, which builds characteristics and security consideration of each game up the cultural phenomenon because numerous people are as follows. are involved in the game forming community.
The online game market scale amounted to $19 billion by 2011 (Gamasutra, 2006), which shows that games are not a negligible industry but a Midas’s hand, Abstraction games represent the game, which is which relates to the other industries such as cinema and abstracted by the computer programming and its music. For instance, the famous game character “Lara respective design for online gaming. Classical board Croft” of the game “Tomb Raider” was converted to games and gambling games are often made with some Hollywood cinema, which was greatly successful. modifications for new rules or fun. Go and chess are However, online games face many threats (Chen, good examples of this category. The characteristic of Hwang, Song, Yee, & Korba, 2005). An attacker who this game type is that it is easy to learn to play than any comprehends the mechanism of online games attempts other game type. Typically, game portal sites such as to lead a game to his favor with malicious actions. This http://www.hangame.com and http://www.netmarble. generates unfair advantage for fun or profit (Pritchard, com are providing this type of game collectively. In 2001). Online game cheating has not been a simple addition, Internet Chess Club (http://www.chessclub. problem because it is the primary reason an honest com) is a case for providing this type of game category. player quits the game if he or she had experienced A good security analysis of this site is released in 2006 unfair playing from a cheater. Therefore, an online (Black, Cochran, & Gardner, 2006). game designer should consider online game security seriously (Yan & Choi, 2002).
This article is constituted as follows. A classification of online games and the associated brief explanations Action games have genres such as classical arcade, are described with the viewpoint of security. Afterward, fighting, sports, and FPS games. These kinds of a taxonomy of online game attacks and the respective games need fast reactions in the virtual environcountermeasures are provided. The next section demment. An attacker attempts to modify the related onstrates how to prepare for predictable game attacks. values such as the number of bullets or energy status. This article concludes in the final section.
Copyright © 2008, IGI Global, distributing in print or electronic forms without written permission of IGI Global is prohibited.
and user attacks. confidential information exchange between client and server is necessary. which is the main target for lowing four c ategories: server attacks. Simulation Games • Availability: Availability means that assets are accessible to authorized parties at appropriate Simulation games can be divided into two categories: times. Game information leakage can be serious attacks. To protect these Davies. Mining strategy game Story-driven Games online games. resource is the indispensable factor of user attacks disrupt normal item usage of an so an attacker tries to alter the amount of resources. and event atmission. values controlled by an attacker. _0_ . and time. game data atof a great number of botnet agents that generate high tacks harm confidentiality. and game record. file. time. & Chappell. we can enumerate online Online games must interact between server and host game attacks with respect to three security factors: via network infrastructure. In role-playing games. Simulation games focus on careful planning and ing service requests to the game server can interskillful resource management to achieve victory. should make an effort to build his or her character to If someone can manage packet. DDoS and user attacks damage real-time strategy games and turn-based strategy availability. In this respect. In this context. computer-related assets are accessed only by he or she can interrupt normal game play with the use authorized parties. the user tacks—are purposed to damage game integrity. client attacks. honest user. 2003). The respecdamage to the game vendor. In addition. Server Attacks onLInE GAME SEcurItY Game servers contain sensitive data such as ID. packet attack and client’s focus on resolving specific missions such as quest. Final Fantasy. passOnline game attacks can be classified into the folword. A classification of online games T Online Game Abstraction Action Story-driven Simulation Board game Arcade game Adventure game Turn-based Gambling Fighting game Role-playing game strategy game game Sports game Real-time Tetris. tive attacks are briefly introduced in the follow section. be stronger with activities. Adventure games ways. kinds simulation games. memory. Figure 2 shows the classification as a tree network Attacks format. netw ork an attacker. and event. Someone who transmits overwhelmgame. • Integrity: Integrity means that assets can be modiStory-driven games have two main categories: advenfied only by authorized parties or in authorized ture games and role-playing games. of the game on his or her purpose. Furthermore. or mystery. In the viewpoint of generally accepted security principals and models. For maintaining fair volumes of traffic. Diablo. file. Therefore. he or she is able to take control World of Warcraft are the representative cases (Griffiths. integrity checks should be realized during game play. four attacks--memory.A Taxonomy of Online Game Security Figure 1. An attacker can sniff the game • Confidentiality: Confidentiality ensures that packet and fabricate it in his or her favor. In rupt normal gaming services. An attacker can use this property on attack.
a trial vulner- user Attacks ability examination is a good way to check and cover the potential threat. make a profit. access control policies values such as memory. Therefore. the fairness of the game. SSL VPN and the sepahe or she can take control of server information. Real time backdoor monitoring systems and vulnerability scanning activity can be a good way to protect server attacks. good attacking strategy for an attacker. an attacker found a transmit them to game server. Network attacks to game systems can be divided into two categories: packet manipulation attacks and DDoS. Therefore. Because of invisible network gaming environments between users. Smed. game designers To prepare for the network attacks. 2001). In addition. An attacker can use it for his or her adhe or she can design packets for his or her favor and vantage effectively. data encryption Transforming software file and local environment using HTTPS and registry key encryption are recommended prevention. In addition. an attacker can deceive an honest player. If DDoS attacks (Dietrich. 2004). the following set of countermeasures can be adopted. In this respect. Kaukoranta.A Taxonomy of Online Game Security Online Game Attacks Server attack Network attack Client attack User attack • Fraud • Game bug attack • Packet attack • Game data attack • DDoS • Social engineering • Collusion Figure 2. _0_ . SErVEr AttAcKS Packet manipulation attacks (Baughman & Levine. Furthermore. an dedicated to prevention. An attacker can attack game syshonest player only keeping his or her position in the tems in order to interrupt normal service using a large place and shooting the gun when an honest player number of botnet (Hussain. First. OS time. and ACL on router and switch should be examined for an attacker tries to gather items the malicious way. In particular. These kinds of hack programs have been devised and distributed by hackers for fun or profit. A classification of online game attacks client Attacks To protect game data attacks. An attacker could kill an computer security. which can further check the attack games. For instance. patch status. an attacker can obtain an honest user’s nEtWorK AttAcKS game information or items by fraud. & Hakonen. 2001) have an objective to reveal the content of game Game bug attacks represent a game server that has packets. IPS (intrusion preshould make effort to cover this kind of vulnerability. For instance. Once an attacker knows its specific meaning. Heidemann. OS and DB vulnerability should be checked with OS numerous auxiliary game hack programs help attackers and DB security tools. network firewall attacker attempts to fulfill game data attacks. vention system) and its management equipments are Since game data can be transformed into real money. he or ration of an internal network with respect to roles can she is able to transmit items to his or her account and diminish network threats (Merabti & Rhalibi. 2004). game server bugs harm poulos. and event are the should be regularly examined and enforced. Second. design bugs. DDoS attacks are closely place where he or she may be invisible to an honest coupled with availability that is a main component of user in a certain FPS game. & Papadoappeared. 2003.
various countermeasures can Skipping Attack be used. In addition. Fraud often occurs when exchanging or trading virtual the client. 2005): Modifying the time of rewards. channels and traffics for data theft and application delicately devised hacking files are overwritten to disruption. Hence. In addition. 2003) fundamentally Anti-Hack Solution File Attack decrease security threats of online gaming. The hacking tools can be assets. related auxiliary hacking tools emerge. Thus. can be an effective countermeasure. a set of procedures that trace swindled • Maphack (wallhack): Enabling to see game items such as a unique ID number for each virtual asstatus set and transaction record system should be prepared. 2005) • Gamebot: Launching programs for automatic item harvesting (Kim. anti-hack solution whether an auxiliary client hacking program excan monitor the anomaly situations of game files and ists on client with signature-based detection. attackers can analyze game files with reverse engineering.A Taxonomy of Online Game Security cLIEnt AttAcKS uSEr AttAcKS T Once an online game is released and it gains popularity. • Memoryhack: Altering the memory value of an Social engineering represents an attackers’ psychologigame cal trick on game users in an effort to obtain profitable information or assets (White. For example. Typically. • File patcher: Replacing game files with hacked Collusion occurs when an attacker collaborates with files other attackers for the purpose of deceiving honest Unpacking game files for hacking users to acquire unfair advantages (Murdoch & Zie• File packer: files linski. 2005) PrEPArInG FuturE AttAcKS • Bug hack: Exploits bugs in the game And dEFEnSES Secure game designs (Yan. In order to avoid collusion. _0_ . In other ways. an at• Packeteditor: Editing game packets • Trainermaker: Enabling to build customizing tacker sends an e-mail disguised as a game administrator hacking functions requesting a new password and an old password of a user. For game client security. user reputaDisassembling files to analyze files • Debugger: tion and reporting systems can be used effectively. the installation ever. monitoring client game ate correctly. time. the integrity anti-hack solution ve ndors verify files’ integrity. quired to protect the game variable modification attack. An attacker tries to modify or delete anti-hack files To protect reverse engineering attacks. game designers need to consider the declassified as follows: velopment of a fair trading system that does not allow illegal trading such as taking items but no giving proper • Speedhack (Yan. & Kim. In addition. Hong. An attacker deceives an honest user to obtain virtual an attacker may start to analyze the game software on assets using fraud. (Debray. even if an illegal trading or transacan game tion may occur. the code sequence so that anti-hack cannot operate properly. and event should be rehack solution files are impaired during game play. Anti-hack solution is a good way to prevent malicious process communications. In particular. 2003). which aim to capSome anti-hack solutions adopt the policy to check ture targeted memory event. The solution is to check whether antivalues such as memory. and collusion. Some can be obfuscated in a file. Howgame time modification. file. After analyzing the software. an attacker can skip this check procedure using of a Web application firewall. social engineering. the checking module may not always opereffective defense. 2004). checking of game files are highly recommended as an however. which monitors covert hot-key based or time-based usage.
May 17. & Levine B. Smed. & Gardner. Hong.. Breaking the stereotype: The case of online Currently. events in orde r to dete ct a ga me bot for autoGriffiths. Analyst: Online Game Market $13 monitoring the execution of auxiliary programs Billion by 2011. (2000)... P. . 1281-1284. M.. N. confirms that there are several important issues. C. The ultimate goal Murdoch. matic item harvesting. C. Security & Privacy Magazine . In this article. 2007. online game security in various aspects. J. John. O.com/features/20000724/ pritchard_pfv. J. IEEE Security & Privacy Magazine . In analysis of the internet chess club. S. (2005). D. Hwang J.php?story=9610 Hardware-Based Gamebot Chen. Pritchard. J. & Kim. Turku Centre for Computer engineering. Science of Computer Programming ... N.gamasutra. P. M. S.com/phpbin/news_index. International Federation for Information developers IEEE INFOCOM . S. Cheat-proof community building techniques used by video game playout for centralized and distributed online games. B. (2004). Dittrich. mechanism for four main types of attack. we need to continue the enhancement of scoop on Internet cheating and how you can combat it. M. D. & Ryan. 131-147.. we have presented a classifionline game.gamasutra. Covert channels of online game security is to protect games against for collusion in online computer games. G.. M. Current a nti-ha ck solutions are a ble to distinIn International Conference on Information Technolguish software-based keyboard events and mouse ogy: Coding and Computing . . M. C. Retrieved May 17. concLuSIon Kim. Processing. How to hurt the hackers: The Therefore. G. H. IEEE Globecom Workshops . R. Towards a definiing network: Professional resources for reverse code tion of a computer game. J. This article (2004). AsBlack. (2005). T. IEEE . M. Heidemann. from http://www. 355-367. Advances in Artificial Online game security is the indispensable factor to Intelligence.. This Hiding... To protect this SIGCOMM . Science. & Gibbs. (2000). Yee. S... A. & Mehlich. anti-hack solution should encompass the ability to recognize hardware-based gamebots. Davies. 2007 from http://www.. Online gaming cheating and security issue. Baxter.. popularity recently in South Korea. R. Cyber Psychology & Behavior . Online Baughman.htm rEFErEncES Ruggles. and such commercialized gamebots have gained A framework for classifying denial of service attacks. Internet denial of service . C.. (2001). (2001). Retrieved during game playing with a nomaly de te ction. (2006). The pervasive nature of the online game coupled with recent Merabti. Cochran. D. Wadley. Therefore. A security pects of networking in multiplayer computer games. (2003). some gamebot-related vendors distribute gaming. the anti-hack solution requires Carless. M. hardwa re-based gamebots can avoid such a detection mechanism. H. cation of online game attacks and discussed the defense Mirkovic.. (2005). ambitious goal cannot be achieved in a single stroke. Martin. E. Prentice Hall. Information both known and unknown online game attacks. Gamasutra Industry News. L. & Zielinski. J..A Taxonomy of Online Game Security real files. N. E.. Reverse engineerSmed. & Hakonen. G. D. determine the market penetration of a game.. & Hakonen.. Peer-to-peer threats makes online game security an area of significant architecture and protocol for a massively multiplayer importance. J... (2003). R.. J. H. & Rhalibi. Song. How ever. J. Hussain. 2-3 . & Chappell. & Reiher. which requires long-term research attention. 3809.. many types of hardware-based gamebots for profit. A security analysis of the Internet chess club. (2004). Detection of auto programs for MMORPGs. Dietrich. & Korba. 6 (1). Y. Information Security Bulletin. A. kind of gamebot. & Papadopoulos. (2006). 3200. (2003). (2006). I.. Kaukoranta.
4 . __0 . 46-52.
Online Game: Multiple clients connect a host KEY tErMS server through the Internet so that they may play network game.. In Working Gamebot: A program for item harvesting autoConference on Reverse Engineering . (2005). A nomaly-Based Det ection: Anoma ly-based detection detects abnormal states. Social engineering. A systemic classification of cheating in online games. S.. The Electronic Library . J. online role-playing game or MMORPG is a multiplayer computer role-playing game that enables thousands of Yan. H. which an attacker Signature-Based Detection: Signature-based de- . Debray. (2003). Workshop on Network & System MMORPG: A massively (or massive) multiplayer Support for Games . 1109. (2005). Most malicious keylogAnnual Computer Security Applications Conference . keystrokes of a computer user and stores them. Modern keyloggers can store additional information. In images of the user’s screen. J. Engineering Keylogger: A computer program that captures the of Computer-Based Systems. Security issues in online players to play in an evolving virtual world at the same games. matically. M. J. M. (2002). White. J. 261-267. J. S. time over the Internet. 20 (2). (2003). thorized to read it. & Choi. Security design in online games. & Matias. J. Deobfuscation: Reverse engineering obfuscated code. such as Yan. Udupa. J..A Taxonomy of Online Game Security International Conference on Application and DevelopEncryption: A procedure that renders the contents T of a message or file unintelligible to anyone not aument of Computer Games . gers send this data to a third party remotely (such as via e-mail). S. Yan.
Anti-Hack Solution: The solution for prevention. detection. and response to the game cheating. ___ . tection represents a detection method distinguishing the distinctive bit stream from an auxiliary program. Collusion: An malicious activity between two or more persons to defraud another game user.provokes.
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.