Crime Scene Re-investigation: A Postmortem Analysis of Game Account Stealers' Behaviors

TL;DR

This paper presents a server-side system that analyzes game action sequences to detect account theft in MMORPGs, effectively identifying hackers and tracing stolen assets with high accuracy.

Contribution

It introduces a novel action sequence analysis method for server-side detection of account theft in online games, addressing usability issues of existing security measures.

Findings

High accuracy in detecting hackers based on action sequences

Effective tracing of stolen in-game assets

Validated system performance in a real MMORPG environment

Abstract

As item trading becomes more popular, users can change their game items or money into real money more easily. At the same time, hackers turn their eyes on stealing other users game items or money because it is much easier to earn money than traditional gold-farming by running game bots. Game companies provide various security measures to block account- theft attempts, but many security measures on the user-side are disregarded by users because of lack of usability. In this study, we propose a server-side account theft detection system base on action sequence analysis to protect game users from malicious hackers. We tested this system in the real Massively Multiplayer Online Role Playing Game (MMORPG). By analyzing users full game play log, our system can find the particular action sequences of hackers with high accuracy. Also, we can trace where the victim accounts stolen money goes.