Battle Bots and Macros in Your Online Games


Published on

Bots and macros are a big problem in some online games. There are a couple of standard ways to catch bot users. This presentation discusses a number of standard bot fighting strategies and introduces a new approach.

There is a lot more that can be done to protect your game. If you are interested, send me an email to steve @ with the subject “Bots”.

If you are interested in keeping up with the latest books, articles, and tools from me at Free2Secure send me an email steve @ with the subject “Subscribe”.

Finally, if you have any security questions, issues, or shoot me a note to steve @ with the subject “Help”.

Published in: Software, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Battle Bots and Macros in Your Online Games

    1. 1. Security eBooks Battling Bots and Macros, and Steven Davis outsourced players, and … steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    2. 2. Security eBooks Core Problem… everything is a bot Drivers OS Application • Keyboards, mice, controllers… everything is a device behind a driver program • On top of an operating system • Interacting with an application steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    3. 3. Security eBooks There is always “outsourced” options for the bad guys • The worst case strategy you need to face is someone hiring people to “work” your game.. If it is profitable, they will do it steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    4. 4. Security eBooksClassic anti-bot strategy Server Application Client Bot Detector Application Checksum Bot Detector Filename • Client-side signature detection – Checksums and names of programs and libraries in memory and on machine • Just like anti-virus…. • … except the bad guy wants the virus to work • … and the bad guy has all the same tools: encryption, stealth, polymorphism • .. And a bigger budget than you! steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    5. 5. Security eBooks The Best Strategy: Good Game Play • Makes AI for Bots harder at worst… • .. at best, players actually want to play instead of use bots or hire help steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    6. 6. Security eBooks Detecting bots – A Strategy from World War 2 • Telegraph Operators were found to have a “handle” that made them identifiable just by listening to their Morse code taps steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    7. 7. Security eBooks Server • Pass individual key strokes (with clock Application information) and mouse Bot Detector clicks (with coordinate and clock information) Client to server to build model Keystroke/ of player behavior Application Click Info – Encrypted, of course Keystroke/Mouse Info • No detection logic on client Server-based • Stable under different Player “Handle” bots Detection steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    8. 8. Security eBooks Server-side Analysis • Becomes a server-side datamining and analysis challenge • Can look for: – Patterns and time for response – Time interval between keystokes and clicks – Locations of mouse clicks – Variations from known player responses – Correlation with other bots – Combine with game state info • Enhance by: – Moving “Hot spots” on client – Screen-based Quick Time events with different keys • Use client side design to make server side analysis easier steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    9. 9. Security eBooks What next? • Don’t give up! • More security presentations at: • Check out my book “Protecting Games” – Additional information at • You can “win” the security game steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416
    10. 10. Security eBooks About Me • Steven Davis – 25+ Years of Security Expertise – I have worked on everything from online games and satellite TV to Nuclear Command and Control and military communications • – Author, “Protecting Games” • Why Free2Secure? – Security is too expensive and isn’t working. There has to be a better way. I’m exploring these issues for IT security, ebooks, games, and whatever else strikes my fancy at – Join me there, ask questions, challenge assumptions, let’s make things better steve@free2secure.comGames, iGaming, and Gambling +1.650.278.7416