A Study on Improved Detection Signature System in Hacking Response of One-Line Games

온라인 게임 해킹대응에서 Signature 기반 탐지방법 개선에 관한 연구

Lee, Chang Seon;Yoo, Jinho

  • Received : 2016.02.01
  • Accepted : 2016.02.23
  • Published : 2016.02.28


Game companies are frequently attacked by attackers while the companies are servicing their own games. This paper analyzes the limit of the Signature detection method, which is a way of detecting hacking modules in online games, and then this paper proposes the Scoring Signature detection scheme to make up for these problems derived from the limits. The Scoring Signature detection scheme enabled us to detect unknown hacking attacks, and this new scheme turned out to have more than twenty times of success than the existing signature detection methods. If we apply this Scoring Signature detection scheme and the existing detection methods at the same time, it seems to minimize the inconvenient situations to collect hacking modules. And also it is expected to greatly reduce the amount of using hacking modules in games which had not been detected yet.


Scoring Signature;On-line Game;Hacking Module Detection


  1. Cheat Engine,
  2. Chess, D. M. and White, S. R., "An undetectable computer virus," In Proceedings of the 2000 Virus Bulletin Conference, 2000.
  3. Faloutsos, C. and Christodoulakis, S., "Description and Performance Analysis of Signature File Methods for Office Filing," ACM TOIS, Vol. 5, No. 3, pp. 237-257, 1987.
  4. Ha, K. M., "Threatened to free server operator of DDoS attacks tear money 'cyber gang'," newsis, 2014.
  5. Jo, M. J. and Shin, J. S., "A Performance Enhancement Scheme for Signature-based Anti-Viruses," Journal of the Korea Industrial Information Systems Research, Vol. 20, No. 2, pp. 65-72, 2015.
  6. Jung, J. H. and Lee, C. M, "Analysis of C2C Internet Fraud and Its Counter Measures," The Journal of Society for e-Business Studies, Vol. 20, No. 2, pp. 141-153, May 2015.
  7. Kang, H.-K. et al, "Development of an automatic document malware analysis system," IT Convergence and Security 2012, Vol. 215, pp. 3-11, 2013.
  8. Kang, H. M., Bang, J. H., Lee, E. H., "Choice Satisfaction of the Broadband Internet Network Services," The Journal of Society for e-Business Studies, Vol. 16, No. 3, pp. 47-66, 2011.
  9. Kim, H. J., "Cruise in the off-season second quarter of the neowiz game," moneytoday, 2008.
  10. Kim, J. S., "Freestyle, Southeast Asia in exports for three countries to globalization," NEWSWiRE, 2008.
  11. Kim, S. M. and Kim, H. K, "A research on improving client based detection feature by using server log analysis in FPS games" Journal of The Korea Institute of Information Security and Cryptology, Vol. 25, No. 6, 2015.
  12. Lee, B. H., "High-income part paid game the key to success," TheGames, 2007.
  13. Lee, C. S., "Hackers even unknown hacking story-let the others ride in memory" Microsoft Magazine, 2006.
  14. Lee, D. W., "FIFA 3, respite---KT CDN DDoS Attack," ZDNet Korea, 2014.
  15. Lee, J. N., "Casual game is not a big hit? Not that there is a national game Kart-Rider," the hankyoreh, 2005.
  16. Lim, G. G. and Lee, H. S., "An Exploratory Study on the status and classification of Cyber Money," Proceedings of the CALSEC Conference, pp. 17-28, 2005.
  17. "High-flying popular throughout the fifth anniversary of the service 'maple story'" NEXON, 2008.
  19. Moran, D. B., "Trapping and Tracking Hackers: Collective security for survival in the Internet Age," Third Information Survivability Workshop. IEEE Computer Society Press, 2000.
  20. Nazario, J., "BlackEnergy DDoS Bot Analysis," 2007.
  21. Notorious, "hacking case 20 election that broke the IT companies,", 2014.
  22. Pascal Bouchareine, "Format String Vulnerability.", July 18 2000.
  23. Park, J.-W., Moon, S.-T., Son, G.-W., Kim, I.-K., Han, K.-S., Im, E.-G., and Kim, I.-G., "An Automatic Malware Classification System using String List and APIs," Journal of Security Engineering, Vol. 8, No. 5, pp. 611-626, 2011.
  24. Process Explorer,
  25. Richter, J., "Load Your 32-bit DLL into Another Process's Address Space Using INJLIB," Microsoft Systems Journal, Vol. 9, No. 5, May. 1994.
  26. Schultz, M. G., Eskin, E., Zadok, E., and Stolfo, S. J., "Data Mining Methods for Detection of New Malicious Executables," IEEE Symposium on security and privacy, pp. 38-49, 2001.
  27. Shin, H. S., Song, Y. U., and Sung, N. H., "The Impact of Perception on the Difference Between Mobile and Stationary Internet Toward the Intention to Use Mobile Internet," The Journal of Society for e-Business Studies, Vol. 15, No. 3, pp. 99-129, 2010.
  28. Skape, Jarkko Turkulainen, "Remote Library Injection", p. 14.
  29. Son, K. H., "CD Networks, DDoS cause "amplification attacks" increased" ZDNET Korea, 2015.
  30. Son, K. H., "Google Maps exploiting vulnerabilities DDoS occurs," ZDNET Korea, 2015.
  31. Tian, R., Batten, L., Islam, R., and Versteeg, S., "An automated classification system based on strings and of trojan and virus families," In Proceedings of MALWARE, 2009.
  32. Tully Joshua, "An Anti-Reverse Engineering Guide," 9 Nov 2008.
  33. Virus Total,
  34. Virus Total API,
  35. Wikipedia,
  36. Wikipedia,
  37. Wikipedia,
  38. Xu, J.-Y., Sung, A. H., Chavez, P., and Mukkamala, S., "Polymorphic malicious executable scanner by api sequence analysis," In Proc. of the 4th International Conference on Hybrid Intelligent Systems (HIS'04), Kitakyushu, Japan, IEEE, pp. 378-383, 2004.
  39. Yoo, H., Yun, J.-H., and Shon, T., "Whitelist- based anomaly detection for industrial control system security," The Journal of Korean Institute of Communications and Information Sciences, Vol. 38B, No. 8, pp. 641-653, 2013.
  40. Yoo, J. H., "Comparison of Information Security Controls by Leadership of Top Management," The Journal of Society for e-Business Studies Vol. 19, No. 1, pp. 63-78, 2014.