[Discussion] Bot detection with Neural Networks.

[Xanderॐ]

I dont know how many of you are familiar with the term "Neural Network". For those that are, please continue :) I was reading for university some hours tonight about ( intelligent robot systems ), so i though, hey why not use a neural network to detect bots ? Bad for me, someone else had that idea first. The following is a bachelor student paper where he introduces Bot detection using Neural Network to classify players based on their "packets".

 

http://www.cs.ru.nl/bachelorscripties/2008/Adam_Cornelissen___0514268___A_Modern_Turing_Test.pdf

 

It looks promissing, as neural networks if trained correctly will generate super results. The only downward is that to train your network you need to have data that you know where they come from ( 100 packet lists from players, 100 packet lists from bots ). You train the network and then you basically scan players and pass them through the network to see if they bot or not.

 

The problem is that since game trends change during the life-time of a server, you need to train your network like ... every couple of days. But to train it you need data their source you know, which isnt that easy to get in a private server. One way would be to allow + mark some players to bot so as to collect botting data for the training. But still thats not that good.

 

But at least its something as an idea i guess.

 

Up for discussion. ( lets hope it will get past 1 page ... )

 

Edit: there's another one i just found from some asian guys.

http://www.cs.wm.edu/~srgian/paper/ccs09.pdf

[DominiQue]

The idea seems promising,but how many server owners can handle it :) ?

Thats my question.

[Setekh]

I doubt someone will post after me, or if that happens it will be smth completely different from the subject >.>

It seems u got obsessed by AIs and for sure u wont have any success here on mxc with a topic of such content simply becouse this community is retarded(kids and really stupid ppl) what u feed them, they will eat.

 

And for detecting bots.. wouldn't it be simpler  to make an launcher killing processes and communicating with xor encrypted packets? or simply look for specific bot behaviors in packets?

This concept of urs is a really far far cry to stop boting dont u think?

 

The idea seems promising,but how many server owners can handle it :) ?

Thats my question.

do u actually think they will know even know whats that? they'll not even touch it.

[Tryskell]

I think you can create this type of code where the general (not the detailed) floodprotectors occurs. Aka, all the "session" stuff is already made.

 

But basically, you have to examine the average number of packets types, if only x y z type are send. The 2.5 part about what to be checked is interesting.

 

I have to add different bots got different behaviors. I don't think it can work on all types... And this method is focked if you program your bot to act different (like say something each minute = "Bot: hello world !"). Basically it will send another type of packets, so your bot won't be considered as a bot.

 

Intelligent botters won't care about your system, or at least they will get scores which won't incriminate them as botters (when one player in your example can score a 70% bot score).

 

Another question is, is the system worths the deal ? If you make your server laggy with 300 ppl when you could handle 400 without this type of check, is a decent GM won't be enough ? Well, I have no clue about the process/ram charge this system could add, but it adds for sure.

 

 

 

To be honest, I didn't understood a shit about vector nor neural thing. I won't talk about technic part then lol. If it's about multiple checks made on one session, well I understood the 3/4 no ? I got a image, teacher ? Haha.

 

 

Edit : the second pdf about movement check is perhaps more... accurate. But still, it's not enough, and you need time to get datas. If the guy put some 5min rest time every 15min, it fock your stats.

 

Well, I agree botters haven't to know your actual antibot system, but still :P. I don't think there is 100% system.

[Setekh]

Like always you talk too much >.> but not useless tho.

To put in simpler words to do such a system wont win anything and its like trying to kill a mosquito with a ak-47 >.>

 

So much for such a simple thing, i personally dealt with bot issues and successfully ended it in my cases :/

Is it so hard to understand if u can make a simple app with an encryption to launch ur game u can disable all hacking attempts? And you could simply fix the bot problem or even phx problem just by studding packet more throughly..

[Tryskell]

Hhhheee Sethek, this is my true nature :P.

 

PHX got a "Bypass change XOR key" option since IL, dunno if it's related to your encryption thing.

 

Anyway, I was talking about the main idea, neural network :P. Stay in topic Sethek, muhaha !

 

Did you see some drop in net traffic with your solution ? Those ideas are fine, but if it's hurt too much on a populated server basis, it's pointless.

 

I did short for you, romanian vampire.

[Setekh]

Hhhheee Sethek, this is my true nature :P.

 

PHX got a "Bypass change XOR key" option since IL, dunno if it's related to your encryption thing.

 

Anyway, I was talking about the main idea, neural network :P. Stay in topic Sethek, muhaha !

 

Did you see some drop in net traffic with your solution ? Those ideas are fine, but if it's hurt too much on a populated server basis, it's pointless.

 

I did short for you, romanian vampire.

i am on topic >.> and xor is a cipher i was saying that the packets that go to ur server and back to the client http://en.wikipedia.org/wiki/XOR_cipher are encrypted and uc an do like 30(ofc more) keys for that >.> good luck cracking it xD

 

Even the name is inappropriate for this app, a neural network means something totally different xD

And tho in l2 its kinda simple to adapt such a engine and there will be no network strain >.> only ur processor thinking will kinda be alot, considering ur listening to every opened socket channel.

 

How should it work:

Selecor waits for connection -> Accepts -> socket channel opens and sets the MMOConnection attached to the selection key -> then that channel is set to read any packet and when it reads, it will have to take that bytebuffer and decrypt it, there u have a open window on where this "neural network" will listen to cus ncsoft did a terrible job in protecting their packets >.> they did some lame byte shift and thats all so it shouldn't be much of an ordeal there but the neural network thing will make it heavier cus ull have lame ass loops and objects being created to check every freaking byte >.>

 

So the whole concept of this neural network is stupid. Yes its ambitious but unnecessary.

 

And thats neural network -> http://en.wikipedia.org/wiki/Artificial_neural_network

[Xanderॐ]

Bot prevention and bot detection are two different cases. Prevention is the way to stop someone from connecting sucessfully with a bot. Detection is the act of finding someone, who connected with the bot based on his character behaviour.

 

Regarding neural network:

 

The implementation is cpu intensive, but not as much as you might think, since the network can be "trained" only 1 time per hour. A trained network performs relativelly fast so there wont be that big CPU overhead. And come on, its 2011, we are all running in 4-8 cores at 2.4 ghz ++. I think we underestimate the modern CPU capabilities.

 

Regarding your cryptography.

 

Your cryptography method relies on a public key. Someone generates the key, and both participants use that key to apply the XOR binary operation on the packets to encrypt/decrypt them. What prevents the bot program from getting that key ? Cause if it can read the key when it is transmitted or when its stored in somewhere they can simply add a mod on the bot to work with encryption/decription.

[lHorus]

And for detecting bots.. wouldn't it be simpler  to make an launcher killing processes and communicating with xor encrypted packets? or simply look for specific bot behaviors in packets?

This concept of urs is a really far far cry to stop boting dont u think?

do u actually think they will know even know whats that? they'll not even touch it.

The packet modification is the smart way to go, its not that hard just requires a lot of patience and time. And I really mean a LOT. Worse, since these are Open Source projects, as soon as we released the changes someone else would read it and try to bypass 'em.

 

About the launcher, its a good idea as a backup to the packet modification, but alone its useless as its easily by-passable.

[Setekh]

Bot prevention and bot detection are two different cases. Prevention is the way to stop someone from connecting sucessfully with a bot. Detection is the act of finding someone, who connected with the bot based on his character behaviour.

Amm ur detecting so u can prevent it ? same thing to me :P

 

Regarding your cryptography.

Your cryptography method relies on a public key. Someone generates the key, and both participants use that key to apply the XOR binary operation on the packets to encrypt/decrypt them. What prevents the bot program from getting that key ? Cause if it can read the key when it is transmitted or when its stored in somewhere they can simply add a mod on the bot to work with encryption/decription.

There are ways to hide ur code and a cypher can be made very easily and like u said its 2011, there are ways to hide ur code very efficiently, not depending only on obfuscation cus thats easily bypassable and im talking about the cipher with keys for the launcher to communicate with the server, and those keys are bytes those keys can be selected by u. And to even complex it more u can add byte shift operations and that kinda kills the fun for everyone trying to crack it, and no bot program can get THOSE keys it can be in number of 50 or more.

 

Later edit: Why would ncsoft or anyone would want to lose bots ? ppl hve auction on ebay selling adena or kinah or gold and silver. Killing bots can have dramatic consequences and + its free advertisement in alot of ways, think of it.

[Xanderॐ]

Anyway, key transmission can be secured if you encrypt it two times with public-private combinations. Both ends ( server , client ) generate a pair of keys and they broadcast to each other only the public part. Then they encode the xor key with their private and then with the partners public key. So the key is secure outside the "scope" of the application. Someone that tries to monitor the packets wont be able to get a key since its encrypted.

 

But what happens in the application level ? How good can you hide the key in the ram ? Since a bot can be programmed to read your ram, you should find some very complex and nasty brain--beep- so as the hacker cannot guess where the key is. Thats the strong part, but if he finds it, gameover. :)

 

Strong part : easy to implement without the need for many resources.

Weak part: pray he does not find where your key is ;)

 

A neural network will base its detection efficiency on the simple principle : " As long as a bot, is not 100% identical to a player, there is mathematical proof that it can be detected ". The neural network is presented with two data sets: Data from players, data from botters. It trains based on those data, by classifying them into two categories. Then its ready to read any incoming set of packets , pass them through the neurons and decide if its a bot or a player.

 

Good part: Will work till the day bots will be playing 100% llike humans.

Bad part: 1)It needs lots of resources, probably a seperate bot detection server, 2) it needs a way to get sample from bots and from players ( how do you know who is a player and who is a bot to get data ? ) 3)It needs constant training since the players actions change based on hours (events raids bla bla ).

 

In general both solutions are far away from being the ultimate bot-killer.

 

The worst part is that the guys who wrote those papers, are university assistant professors with high salaries, who seem to have no idea on how mmorpgs work , based on what they write in there. The best part, is that our simple eyes can easily figure out a bot , just by looking for 2-3 seconds. No need for CPU power, no need for a power suply and high frequencies. Only the human brain. I want you to know that the day  the machine will get grasp of its individuallity and go on war against the humans, is coming. And its only ... couple of billion years away :)

 

Im Issle, and im still smarter than the machine !  ;D

[Setekh]

The worst part is that the guys who wrote those papers, are university assistant professors with high salaries, who seem to have no idea on how mmorpgs work , based on what they write in there. The best part, is that our simple eyes can easily figure out a bot , just by looking for 2-3 seconds. Which clearly indicates that the day machine will rule over human, is far far away.

Well those guys tried to look ambitious and they wrote that just so they will get respect or w/e they wanted no one made that >.> its impractical.

 

The keys are bites, no key is transmitted anywhere, they encode each byte of the packet. Theres no way u can get them from ram or anything just the source code itself :/

 

And theres an even easier way to spot bots, just by spending some time and searching for packet flaws >.> Cus as you may imagine the guys who developed those bots are just like us in fact >.> human error is withing the application.

 

Also i welcome and embrace our AI Overlords to-come xD

[Xanderॐ]

@seketh:

The keys are bites, no key is transmitted anywhere

 

 

I thought each user gets a different key. If the key is static ( aka doesnt change ), then its somewhere in the source. So there comes the topic on how good can you hide it in there.

 

 

[Setekh]

I thought each user gets a different key. If the key is static ( aka doesnt change ), then its somewhere in the source. So there comes the topic on how good can you hide it in there.

Well what did u thought ? ha i could of just simply started wpe pro and look for the packets containing the keys xD but u gave me an idea.. each 5 bytes segments to get a key..

 

Anyway u can protect ur code fairly easy u can chose to spend some cash on a good obfuscator or get to compile with ur own specific algorithm or binary compilation and so on.

 

Also alot of ppl lack knowledge to bypass such a thing specially lineage 2.. if it was world of warcraft however the story would of been different :P

[mogils]

Nice