ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

A method for preventing online games hacking using memory monitoring

  • Lee, Chang Seon (Trust & Safety of Cyber Security Center, LINE Corporation) ;
  • Kim, Huy Kang (School of Cybersecurity, Korea University) ;
  • Won, Hey Rin (Department of Information Security, Seoul Women's University) ;
  • Kim, Kyounggon (School of Cybersecurity, Korea University)
  • Received : 2019.09.16
  • Accepted : 2020.06.16
  • Published : 2021.02.01
Download PDF
⟨ Previous Next ⟩

Abstract

Several methods exist for detecting hacking programs operating within online games. However, a significant amount of computational power is required to detect the illegal access of a hacking program in game clients. In this study, we propose a novel detection method that analyzes the protected memory area and the hacking program's process in real time. Our proposed method is composed of a three-step process: the collection of information from each PC, separation of the collected information according to OS and version, and analysis of the separated memory information. As a result, we successfully detect malicious injected dynamic link libraries in the normal memory space.

Keywords

References

  1. H. Kwon et al., Crime scene reconstruction: Online gold farming network analysis, IEEE Trans. Inf. Forensics Secur. 12 (2016), 544-556. https://doi.org/10.1109/TIFS.2016.2623586
  2. E. Lee et al., You are a game bot!: Uncovering game bots in MMORPGs via self-similarity in the wild, in Proc. NDSS (San Diego, CA, USA), Feb. 2016, doi: 10.14722/ndss.2016.23436
  3. H. Kim, S. Yang, and H. K. Kim, Crime scene re-investigation: A postmortem analysis of game account stealers' behaviors, in Proc. Annu. Workshop Netw. Syst. Support Game (Taipei, Taiwan), June 2017, pp. 1-6.
  4. J. Woo, H. J. Choi, and H. K. Kim, An automatic and proactive identity theft detection model in mmorpgs, Appl. Math 6 (2012), 291-302.
  5. H. B. Jang, K. G. Kim, and S. J. Lee, A study on technical counter-measures according to game service breach types, Inf. Systems Rev. 9 (2007), 83-98.
  6. Microsoft, Dynamic-link libraries, 2011, Available from: https://docs.microsoft.com/ko-kr/windows/win32/dlls/dynamic-link-libraries?redirectedfrom=MSDN [last accessed March 2020]
  7. Microsoft, Createremotethread function, 2018, Available from: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nfprocessthreadsapi-createremotethread [last accessed March 2020]
  8. M. Jang, H. Kim, and Y. Yun, Detection of DLL inserted by windows malicious code, in Proc. Int. Conf. Convergence Inf. Technol. (Gyeongju, Rep. of Korea), Nov. 2007, pp. 1059-1064.
  9. W.-C. Feng, E. Kaiser, and T. Schluessler, Stealth measurements for cheat detection in on-line games, in Proc. ACM SIGCOMM Workshop Netw. Syst. Support Games (Worcester, MA, USA), Oct. 2008, pp. 15-20.
  10. F. Desheng, S. Zhou, and C. Cao, A windows rootkit detection method based on cross-view, in Proc. Int. Conf. E-Product E-Service E-Entertainment (Henan, Chian), 2010, pp. 1-3.
  11. J. Milosevic, A. Ferrante, and M. Malek, What does the memory say? Towards the most indicative features for efficient malware detection, in Proc. IEEE Annu. Consumer Commun. Netw. Conf. (Las Vegas, NV, USA), 2016, pp. 759-764.
  12. X. Zhixing et al., Malware detection using machine learning based analysis of virtual memory access patterns, Design, Autom. Test Eur. Conf. Exhibition (Lausanne, Switzerland), 2017, pp. 169-174.
  13. R. Sihwail, K. Omar, and K. A. Z. Ariffin, A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis, Int. J. Adv. Sci., Eng. Inf. Technol. 8 (2018), no. 4-2, 1662-1671. https://doi.org/10.18517/ijaseit.8.4-2.6827
  14. R. Mosli et al., Automated malware detection using artifacts in forensic memory images, in Proc. IEEE Symp. Technol. Homeland Security (Waltham, MA, USA), May 2016, pp. 1-6.
  15. R. Mosli, A behavior-based approach for malware detection, in Proc. IFIP Int. Conf. Digital Forensics (Orlando, FL, USA), 2017, pp. 187-201.
  16. M. Wagner et al., A survey of visualization systems for malware analysis, in Proc. Eurographics Conf. Visualization (Cagliari, Italy), 2015, pp. 105-125.
  17. Microsoft, Memory protection constants, 2018, Available from: https://docs.microsoft.com/en-us/windows/desktop/memory/memory-protection-constants [last accessed January 2020].
  18. Microsoft, Memory_basic_information structure, 2018, Available from: https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-memory_basic_information [last accessed January 2020].
  19. L. Al-Haddad, C. W. Morris, and L. Boddy, Training radial basis function neural networks: Effects of training set size and imbalanced training sets, J. Microbiol. Methods 43 (2000), 33-44. https://doi.org/10.1016/S0167-7012(00)00202-5
  20. M. Hong and H.-M. Lee, A study on characteristics of serious game user through implementation of mobile sequence game, The KIPS Transactions: Part A 19 (2012), no. 3, 155-160.