A Systematic Classification of Cheating in Online Games
Total Page:16
File Type:pdf, Size:1020Kb
A Systematic Classification of Cheating in Online Games Jeff Yan Brian Randell School of Computing Science School of Computing Science University of Newcastle University of Newcastle NE1 7RU, UK NE1 7RU, UK [email protected] [email protected] ABSTRACT Keywords Cheating is rampant in current game play on the Inter- Online computer games, security, cheating, taxonomy net. However, it is not as well understood as one might expect. In this paper, we summarize the various known 1. INTRODUCTION methods of cheating, and we define a taxonomy of online While online games are fast becoming one of the most pop- game cheating with respect to the underlying vulnerabil- ular applications on the Internet [15], cheating has emerged ity (what is exploited?), consequence (what type of failure as a notable phenomenon in current game play on the Inter- can be achieved?) and the cheating principal (who is cheat- net. Recent research has suggested that cheating is in fact a ing?). This taxonomy provides a systematic introduction new, major security concern for online computer games [19, to the characteristics of cheats in online games and how 22, 23]. Therefore, a careful investigation of online cheat- they can arise. It is intended to be comprehensible and ing can benefit the study of security in this representative useful not only to security specialists, but also to game de- Internet application. velopers, operators and players who are less knowledgeable However, cheating has not been studied as thoroughly as and experienced in security. One of our findings is that al- one might expect. For instance, although online cheating is though cheating in online games is largely due to various rampant in games, there is no generally accepted definition security failures, the four traditional aspects of security – for it. confidentiality, integrity, availability and authenticity – are Three reasons may explain this fact. First of all, on- insufficient to explain it. Instead, fairness becomes a vital line game cheating is a relatively new topic for security re- additional aspect, and its enforcement provides a convincing searchers, although many game players have been familiar perspective for understanding the role of security techniques with it for a considerable time. Second, the variety of online in developing and operating online games. games now in existence has made cheating a complicated phenomenon. For example, there are a number of entirely different game genres, and each may give rise to varied forms Categories and Subject Descriptors of cheating. Third, many novel cheats have been invented D.2.0 [Software Engineering]: General—protection mech- that are different from but often entangled with ordinary anisms; K.6.5 [Management of Computing and Infor- security attacks. mation Systems]: Security and Protection; K.8.0 [Perso- In this paper, we systematically examine cheating in on- nal Computing]: General—games; J.m [ Computer Ap- line games while adopting the following definition for it, plications]: Miscellaneous; K.4.4 [Computers And So- which is a refined version of a previous definition used in [22]. ciety]: Electronic Commerce—Security; D.4.6 [Operating Any behaviour that a player uses to gain an ad- Systems]: Security and Protection; C.2.0 [Computer– vantage over his peer players or achieve a target Communication Networks]: General—security and pro- in an online game is cheating if, according to the tection game rules or at the discretion of the game oper- ator (i.e. the game service provider, who is not necessarily the developer of the game), the advan- General Terms tage or the target is one that he is not supposed 1 Security, Design to have achieved. Specifically, we present a classification scheme for online game cheating, in the expectation that by categorizing var- ious cheats, our understanding of this phenomenon will be Permission to make digital or hard copies of all or part of this work for extended, and useful patterns and conclusions can be iden- personal or classroom use is granted witho ut fee provided that copies are tified, and that it will be possible to protect online game not made or distributed for profit or commercial advantage and that copies systems against cheating using these knowledge. bear this notice and the full citation on the first page. To copy otherwise, to 1 republish, to post on servers or to redistribute to lists, requires prior specific At present the preponderance of cheating in online games per mission and/or a fee. is carried out by male game players, so for linguistic conve- NetGames’05, October 10–11, 2005, Hawthorne, New York, USA. nience in the rest of this paper we will appear to imply that Copyright 2005 ACM 1-59593-157-0/05/0010 ...$5.00. all cheaters are male. Our classification scheme provides a three dimensional cheats do not readily fit into any of his categories. taxonomy for online cheating, in which the classification is Yan and Choi [22] reported a more thorough effort iden- made with respect to the underlying vulnerability (what is tifying eleven common cheating forms in online games. In exploited?), cheating consequence (what type of failure can addition, Yan [23] examined, using a simple classification be achieved?) and cheating principal (who is cheating?), scheme, cheats that have occurred or might occur in on- respectively. line contract bridge communities, and discussed how these Our taxonomy provides a systematic view of the charac- cheats would impact the system design of online bridge. teristics of cheats in these games and how they can arise, There is also a large amount of literature investigating the and it is aimed at being comprehensible and useful not only definition of taxonomies for security vulnerabilities, attacks to security specialists, but also to game developers, opera- or intrusions in a general setting. For example, Landwehr et tors and players. For example, game developers can learn al [11] constructed a classification of security flaws in soft- how previous online game systems have failed to prevent ware with respect to genesis (how did the flaw enter the cheating. Game operators and players can learn to recog- system?), time of introduction (when did it enter the sys- nize various cheats and manage the risks of encountering tem?) and location (where in the system is it manifested?). cheaters. For security specialists, especially those who are But this classification largely focused on flaws in operating new to the topic of online game security, our taxonomy is a systems. Neumann et al [18] gave a taxonomy of attacks good starting point to understand the cheating phenomenon with respect to techniques used to launch the attacks. The in online games. MAFTIA project [20] proposed a taxonomy for intrusion de- We have found that many cheats in online games are in tection systems and attacks. Lindqvist et al [14] discussed fact due to poor or non-existent security designs in these the desired properties for a taxonomy, and defined a taxon- systems – in other words, they are insecure by design. This omy of intrusions with respect to intrusion techniques and indicates that many game developers may lack the relevant results. However, as will be discussed below, while a game security expertise that is essential for defending against some player can cheat by launching an “attack” or “intrusion”, cheats. While our taxonomy organises common cheating cheating in online games can also have some unique mani- forms in a way that is not only structured, but also under- festations. standable to both security and game specialists, it may con- stitute a shared framework in which both sides can better communicate about and understand game cheating as well 3. CHEATING IN ONLINE GAMES as their defence. Thus, it may encourage a better collabo- Before defining our taxonomy, we identify all cheating ration between both sides, which not only can from the be- forms known to us, as they have occurred or might occur ginning promote good system designs that eliminate or min- in online games. We also briefly discuss some general prop- imize the possibility of being exploited by online cheaters, erties of these cheats. Readers are encouraged to communi- but also helps identify residual cheats during system evalu- cate additional cheating forms and their manifestation cases ation. to the authors so that we can better understand online game There is a legitimate concern that this taxonomy could cheating, and further refine our taxonomy. assist those who would cheat in online games. Partly for this reason, where possible, we will try to discuss cheating cases 3.1 Common Cheating Forms at a level of detail that illustrates the underlying principles We identified eleven common cheating forms in [22]. While without giving a “cheater’s cookbook”. continuing our study on game cheating, however, we have This paper extends our previous work in [22, 23], and is seen the need of expanding and refining this list, since new organized as follows. Section 2 reviews the related work in cheating forms have been identified and our understanding this field. Section 3 lists common cheating forms as they about game cheating has also increased. In the following, have occurred or might occur in online games. Section 4 de- we present a revised list, which classifies cheats into 15 cat- scribes our three dimensional taxonomy. All common cheat- egories. Those that are new, or are significantly revised ing forms identified in the previous section are classified us- versions of the categories listed in [22], are marked with as- ing this taxonomy. Section 5 presents some results deduced terisks. from our taxonomy. Finally, Section 6 concludes. A:* Cheating by Exploiting Misplaced Trust. Many 2. RELATED WORK cheats involve tampering with game code, configura- tion data, or both, on the client side [19].