Skip to main content

Detecting Video-Game Injectors Exchanged in Game Cheating Communities

  • 1956 Accesses

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12972)

Abstract

Video game cheats destroy the online play experience of users and result in financial losses for game developers. Similar to hacking communities, cheat developers often organize themselves around forums where they share game cheats and know-how. In this paper, we perform a large-scale measurement of two online forums, MPGH and UnknownCheats, devoted to video game cheating that are nowadays very active and altogether have more than 7 million posts. Video game cheats often require an auxiliary tool to access the victim process, i.e., an injector. This is a type of program that manipulates the game program memory, and it is a key piece for evading cheat detection on the client side. We leverage the output of our measurement study to build a machine learning classifier that identifies injectors based on their behavioural traits. Our system will help game developers and the anti-cheat industry to identify attack vectors more quickly and will reduce the barriers to study this topic within the academic community.

Keywords

  • Game cheating & hacks
  • Underground forums
  • Injectors

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-88418-5_15
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-88418-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.

Notes

  1. 1.

    Data extracted from https://steamcharts.com/app/730 on 16th April 2021.

  2. 2.

    https://www.mpgh.net/.

  3. 3.

    https://www.unknowncheats.me/.

  4. 4.

    https://www.cambridgecybercime.uk.

  5. 5.

    In the remainder of the paper, we use the terms ‘user’ and ‘actor’ indistinguishably to refer a forum account uniquely identified by a user ID.

  6. 6.

    As a result of our work, these attachments have been included in the CrimeBB catalog, and are thus available for other researchers under a legal agreement with the Cambridge Cybercrime Centre.

  7. 7.

    https://store.steampowered.com Accessed on 10th May 2021.

  8. 8.

    Some attachments are duplicated or re-released in different posts.

  9. 9.

    https://github.com/erocarrera/pefile Accessed on 10th May 2021.

  10. 10.

    https://www.virustotal.com Accessed on 10th May 2021.

  11. 11.

    https://community.mcafee.com/t5/Malware/quot-False-Artemis-4DD89AF63CF7-quot/m-p/521383 Accessed on 10th May 2021.

  12. 12.

    https://github.com/tarekwiz/LeagueDumper Accessed on 10th May 2021.

  13. 13.

    https://support-valorant.riotgames.com/hc/en-us/articles/360046160933.

References

  1. Allodi, L.: Economic factors of vulnerability trade and exploitation. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1483–1499. ACM (2017)

    Google Scholar 

  2. Blackburn, J., Kourtellis, N., Skvoretz, J., Ripeanu, M., Iamnitchi, A.: Cheating in online games: a social network perspective. ACM Trans. Internet Technol. (TOIT) 13(3), 1–25 (2014)

    CrossRef  Google Scholar 

  3. Breiman, L., et al.: Arcing classifier (with discussion and a rejoinder by the author). Ann. Stat. 26(3), 801–849 (1998)

    CrossRef  Google Scholar 

  4. Cano, N.: Game hacking: developing autonomous bots for online games. No Starch Press (2016)

    Google Scholar 

  5. Chen, Y., Wang, S., She, D., Jana, S.: On training robust pdf malware classifiers. In: 29th USENIX Security Symposium USENIX Security 20), pp. 2343–2360 (2020)

    Google Scholar 

  6. Chinchor, N., Sundheim, B.M.: Muc-5 evaluation metrics. In: Fifth Message Understanding Conference (MUC-5): Proceedings of a Conference Held in Baltimore, Maryland, 25–27 August, 1993 (1993)

    Google Scholar 

  7. Chumachenko, K.: Machine learning methods for malware detection and classification. The annals of statistics (2017)

    Google Scholar 

  8. Clayton, R.: The impact of lockdown on dos-for-hire. Tech. rep., Cambridge Cybercrime Centre COVID Briefing Papers, July 2020. https://www.cambridgecybercrime.uk/COVID/COVIDbriefing-3.pdf

  9. Duh, H.B.-L., Chen, V.H.H.: Cheating behaviors in online gaming. In: Ozok, A.A., Zaphiris, P. (eds.) OCSC 2009. LNCS, vol. 5621, pp. 567–573. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02774-1_61

    CrossRef  Google Scholar 

  10. Feng, W.C., Kaiser, E., Schluessler, T.: Stealth measurements for cheat detection in on-line games. In: Proceedings of the 7th ACM SIGCOMM Workshop on Network and System Support for Games, pp. 15–20. NetGames 2008. Association for Computing Machinery, New York (2008). https://doi.org/10.1145/1517494.1517497. https://doi.org/10.1145/1517494.1517497

  11. Fields, D.A., Kafai, Y.B.: “stealing from grandma” or generating cultural knowledge? contestations and effects of cheating in a tween virtual world. Games Culture 5(1), 64–87 (2010)

    Google Scholar 

  12. FireEye: Capa. https://github.com/fireeye/capa, https://github.com/fireeye/capa. Accessed July 2020

  13. Glaser, B.G., Strauss, A.L., Strutzel, E.: The discovery of grounded theory; strategies for qualitative research. Nurs. Res. 17(4), 364 (1968)

    CrossRef  Google Scholar 

  14. Hughes, J., Collier, B., Hutchings, A.: From playing games to committing crimes: a multi-technique approach to predicting key actors on an online gaming forum. In: 2019 APWG Symposium on Electronic Crime Research (eCrime). IEEE (2019)

    Google Scholar 

  15. Hutchings, A., Pastrana, S.: Understanding ewhoring. In: 2019 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 201–214. IEEE (2019)

    Google Scholar 

  16. Jordaney, R., Sharad, K., Dash, S.K., Wang, Z., Papini, D., Nouretdinov, I., Cavallaro, L.: Transcend: detecting concept drift in malware classification models. In: 26th USENIX Security Symposium (USENIX Security 2017), pp. 625–642. USENIX Association, Vancouver, BC, August 2017. https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/jordaney

  17. Koskinas, P., Paloetti, M.: Anti-cheat in lol ( & more), May 2020 https://na.leagueoflegends.com/en-us/news/dev/dev-anti-cheat-in-lol-more/. https://na.leagueoflegends.com/en-us/news/dev/dev-anti-cheat-in-lol-more/. Accessed on May 2020

  18. Lee, E., Woo, J., Kim, H., Kim, H.K.: No silk road for online gamers! using social network analysis to unveil black markets in online games. In: Proceedings of the 2018 World Wide Web Conference, pp. 1825–1834 (2018)

    Google Scholar 

  19. Liu, D., Gao, X., Zhang, M., Wang, H., Stavrou, A.: Detecting passive cheats in online games via performance-skillfulness inconsistency. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 615–626. IEEE (2017)

    Google Scholar 

  20. Motoyama, M., McCoy, D., Levchenko, K., Savage, S., Voelker, G.M.: An analysis of underground forums. In: Proceedings of the 2011 ACM SIGCOMM conference on Internet Measurement Conference, pp. 71–80. ACM (2011)

    Google Scholar 

  21. Narula, H.: A billion new players are set to transform the gaming industry, December 2019. https://www.wired.co.uk/article/worldwide-gamers-billion-players. https://www.wired.co.uk/article/worldwide-gamers-billion-players. Accessed on May 2020

  22. National Cyber Crime Unit/Prevent Team: Pathways into cyber crime, January 2017. https://www.nationalcrimeagency.gov.uk/who-we-are/publications/6-pathways-into-cyber-crime-1/file. Accessed July 2020

  23. Onwuzurike, L., Mariconti, E., Andriotis, P., Cristofaro, E.D., Ross, G., Stringhini, G.: Mamadroid: detecting android malware by building Markov chains of behavioral models (extended version). ACM Trans. Privacy Secur. (TOPS) 22(2), 1–34 (2019)

    CrossRef  Google Scholar 

  24. Pastrana, S., Hutchings, A., Caines, A., Buttery, P.: Characterizing eve: analysing cybercrime actors in a large underground forum. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 207–227. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00470-5_10

    CrossRef  Google Scholar 

  25. Pastrana, S., Thomas, D.R., Hutchings, A., Clayton, R.: Crimebb: enabling cybercrime research on underground forums at scale. In: Proceedings of the 2018 World Wide Web Conference, pp. 1845–1854 (2018). https://doi.org/10.1145/3178876.3186178

  26. Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., Duchesnay, E.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  27. Portnoff, R.S., Afroz, S., Durrett, G., Kummerfeld, J.K., Berg-Kirkpatrick, T., McCoy, D., Levchenko, K., Paxson, V.: Tools for automated analysis of cybercriminal markets. In: Proceedings of 26th International World Wide Web Conference (WWW) (2017)

    Google Scholar 

  28. Richter, J., Nasarre, C.: Windows via C/C++. Microsoft Press, 5th edn., November 2007

    Google Scholar 

  29. Shannon, C.E.: A mathematical theory of communication. Bell Syst. Tech. J. 27(3), 379–423 (1948)

    MathSciNet  CrossRef  Google Scholar 

  30. Sherena.johnson@nist.gov: Nist special database 28, September 2020. https://www.nist.gov/srd/nist-special-database-28

  31. Witschel, T., Wressnegger, C.: Aim low, shoot high: evading aimbot detectors by mimicking user behavior. In: Proceedings of the 13th European workshop on Systems Security, pp. 19–24 (2020)

    Google Scholar 

  32. Woo, J., Kang, S.W., Kim, H.K., Park, J.: Contagion of cheating behaviors in online social networks. IEEE Access 6, 29098–29108 (2018)

    CrossRef  Google Scholar 

Download references

Acknowledgement

This work is partially supported by the Spanish grants ODIO (PID2019-111429RB-C21, PID2019-111429RB), the Region of Madrid grant CYNAMON-CM (P2018/TCS-4566), co-financed by European Structural Funds ESF and FEDER, and Excellence Program EPUC3M17, and the “Ramon y Cajal” Fellowship RYC-2020-029401.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Panicos Karkallis .

Editor information

Editors and Affiliations

A Analysis Features

A Analysis Features

Table 5. Detailed categorization of features used for the injector classifier.

This appendix lists the feature categories used to train the injector classifier along with the number of features within each category. The first column describes the feature category each analysis is part of as seen on Table 1.

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Karkallis, P., Blasco, J., Suarez-Tangil, G., Pastrana, S. (2021). Detecting Video-Game Injectors Exchanged in Game Cheating Communities. In: Bertino, E., Shulman, H., Waidner, M. (eds) Computer Security – ESORICS 2021. ESORICS 2021. Lecture Notes in Computer Science(), vol 12972. Springer, Cham. https://doi.org/10.1007/978-3-030-88418-5_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-88418-5_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-88417-8

  • Online ISBN: 978-3-030-88418-5

  • eBook Packages: Computer ScienceComputer Science (R0)