User identification based on game-play activity patterns

Account hijacking is considered one of the most serious security problems in online games. A hijacker normally takes away valuable virtual items from the stolen accounts, and trades those items for real money. Even though account hijacking is not uncommon, there is currently no general solutions to determine whether an account has been hijacked. The game company is not aware of a hijack unless it is reported by the victim. However, it is usually too late---usually a hijacker already took away anything valuable when a user finds that his/her account has been stolen. In this paper, we propose a new biometric for human identification based on users' game-play activities. Our main summary are two-fold: 1) we show that the idle time distribution is a representative feature of game players; 2) we propose the RET scheme, which is based on the KullbackLeibler divergence between idle time distributions, for user identification. Our evaluations shows that the RET scheme achieves higher than 90% accuracy with a 20-minute detection time given a 200-minute history size.

[1]  Scott Lobdell,et al.  Identity Theft , 2006 .

[2]  Arslan Brömme A classification of biometric signatures , 2003, ICME.

[3]  Gopal K. Gupta,et al.  Identity authentication based on keystroke latencies , 1990, Commun. ACM.

[4]  Huaiyu Zhu On Information and Sufficiency , 1997 .

[5]  H. B. Mann,et al.  On a Test of Whether one of Two Random Variables is Stochastically Larger than the Other , 1947 .

[6]  A. Bromme A classification of biometric signatures , 2003, 2003 International Conference on Multimedia and Expo. ICME '03. Proceedings (Cat. No.03TH8698).

[7]  Ruck Thawonmas,et al.  Clustering of Online Game Users Based on Their Trails Using Self-organizing Map , 2006, ICEC.

[8]  Chun-Ying Huang,et al.  Game traffic analysis: an MMORPG perspective , 2005, NOSSDAV '05.

[9]  Matthew C. Elder,et al.  Recent worms: a survey and trends , 2003, WORM '03.

[10]  Chin-Laung Lei,et al.  Identifying MMORPG Bots: A Traffic Analysis Approach , 2009, EURASIP J. Adv. Signal Process..

[11]  Arun Ross,et al.  An introduction to biometric recognition , 2004, IEEE Transactions on Circuits and Systems for Video Technology.

[12]  Daniel Guinier Identification by biometrics , 1990, SGSC.

[13]  Mark D. Griffiths,et al.  Demographic Factors and Playing Variables in Online Computer Gaming , 2004, Cyberpsychology Behav. Soc. Netw..

[14]  Ruck Thawonmas,et al.  MMOG Player Identification: A Step toward CRM of MMOGs , 2003 .

[15]  Brian Randell,et al.  A systematic classification of cheating in online games , 2005, NetGames '05.

[16]  Claudia Picardi,et al.  Keystroke analysis of free text , 2005, TSEC.

[17]  Jiangchuan Liu,et al.  Detecting cheaters for multiplayer games: theory, design and implementation[1] , 2006, CCNC 2006. 2006 3rd IEEE Consumer Communications and Networking Conference, 2006..

[18]  Xian Ke,et al.  Typing patterns: a key to user identification , 2004, IEEE Security & Privacy Magazine.

[19]  Carla E. Brodley,et al.  User re-authentication via mouse movements , 2004, VizSEC/DMSEC '04.