Current status of FPS game cheats and reasons for their proliferation
Online multiplayer FPS games are one of the game genres with the highest real-time requirements. In this kind of game, the player's momentary judgment and reaction ability will directly determine the outcome. However, problems with network delays and real-time loading often cause game freezes, which can greatly affect the player's gaming experience. To solve this problem, FPS games usually use preloading technology . Preloading technology means that when the enemy is close to the player, the enemy's data has been downloaded from the server to the local and loaded into the game memory. In this way, when the player and the enemy actually meet, the game client does not need to do a lot of work, so as to avoid the real-time loading being affected by the network or device performance and causing the freeze.
Plug-in creators take advantage of the fact that resources in FPS games are preloaded locally on the client side, and gain illegal advantages by modifying game data or injecting external programs, such as self-aiming and perspective, allowing users to easily kill opponents and gain unfair benefits. Competitive Advantage. These plug-in functions provide fast and accurate aiming capabilities, allowing users to enjoy the thrill of killing in the game. The high income of cheating is one of the reasons that attract a large number of players to use cheating.
Plug-in creators use some covert plug-in intrusion methods to avoid being detected by the anti-cheating system. For example, virtual machines, memory injection, HOOK and other technologies are used to make it difficult for cheating to be detected. This is one of the fundamental reasons why FPS game cheating has been banned repeatedly.
The chain spread and ease of use of "cheat creators -> cheat sales agents -> network channels -> cheat users" is also an important reason for the proliferation of FPS game cheats. Plug-ins can be used while the emulator is running mobile games, and even cracked games with plug-in functions can be spread. These methods make the users and scope of the plug-ins wider.
Judging from the content released by NetEase Yidun, perspective cheats are the most used type of cheats in FPS shooting games, accounting for 58.33%; although self-aiming only accounts for 8.33%, it is the cheat that most affects the game experience.
perspective
In order to ensure low-latency effects, FPS games preload a large number of resources in the memory of the player client, so that cheat creators can obtain the information of various resources from the memory and render them visually. This is the basic principle of perspective cheats. principle. According to different perspective shapes, it can be divided into box & blood bar type, panel type, self-aiming circle, ray type, bone type, dyeing type and so on. Compared with other types of FPS cheats, see-through cheats are more difficult to detect. As long as the user deliberately disguises them, it is difficult to find even manual review.
Self-aiming
As shown in the figure below, in FPS games, the most common type of self-aiming plug-ins is simulated mouse behavior, accounting for 81.83%. After obtaining the coordinates of the enemy, the plug-in sends a model mouse signal to make the crosshair move to the target position directly after the game program is executed. It is difficult to detect such a plug-in at the driver level. But there is no doubt that there will be a big difference between the behavior of normal players and self-aiming players, that is, the behavior data level is the key to solving the cheating problem.
This article will focus on perspective and self-aiming plug-in detection. This kind of plug-in has become a major problem in the industry due to its high concealment, difficulty in detection, and lack of real evidence. We directly start from the perspective of player behavior data, and go deep into the essence of perspective and self-aiming cheating behaviors to detect.
Traditional Solutions and Limitations
The current mainstream methods for detecting cheating include signature detection, feature detection, memory scanning, etc. Reporting, auditing and checking are mainly done manually.
-
Signature detection can quickly identify known exploits, but cannot effectively deal with new or modified exploits.
-
Feature detection monitors game behavior and operations. Although it can identify abnormal patterns, due to the diversity of games and the complexity of player behavior, it is easy to generate false positives and omissions by relying on a single value such as a threshold to make decisions.
-
Although memory scanning can detect cheats by detecting cheat codes or data structures in memory, cheat creators can take some countermeasures to avoid this method, such as using encryption algorithms and randomizing memory addresses. Therefore, memory scanning is not a completely reliable method for detecting cheating, and it needs to be combined with other detection methods to improve the accuracy and reliability of detection.
Manual report review can detect cheating behaviors in a timely manner, but due to the subjectivity of the reporter and the complexity of the gameplay, there may be false positives and malicious reports.
The advantage of the traditional solution is that the effect is obvious, but the disadvantage is that the degree of resistance is high and there is a serious lag. Falling into endless confrontation, it consumes a lot of manpower and material resources, and eventually fails. Therefore, for game developers, it is necessary to choose an appropriate method for detection according to the specific situation, continuously improve the ability of the anti-cheat system, and develop more efficient and accurate detection methods, so as to ensure the fairness and balance of the game.
Netease Smart Enterprise Game AI Anti-Cheating Solution
We propose to reconstruct player authority performance using replay log data that exists widely in games. In the playback log data, we constructed the player’s time-series behavior data, and based on the time-series behavior data, respectively built perspective and self-aiming plug-in detection systems. This method and system can be widely applied to various online game platforms and improve the game platform fairness and customer satisfaction.
Player timing behavior data includes position coordinates at each moment, camera/gun muzzle orientation, weapon type, whether to kill, whether to hit, etc. On this basis, we carry out secondary design and processing to construct the crosshair movement at each moment Speed, acceleration, target relative movement trajectory, relative deflection angle, whether the target is within the field of vision, etc., and then go up one level, and the structure is gradually constructed based on "fire, hit, kill, round, game, player history game" Features of multilevel dimensions.
See-through and self-aiming are different types of cheating problems in FPS games. We extracted multiple features from the same time-series behavior data. Among them, we found that some features are very obvious and expressive, showing a huge difference between normal players and cheating players . We feed the sequence of multiple features into the model for pre-training, and then perform classification supervised learning after obtaining the representation, and finally predict whether the player is cheating. The solution uses a self-supervised time-series model to model player behavior data, and the process is divided into three stages:
-
In the first stage , a sample is constructed by comparing historical player game data, and the above information is input into the model for learning. The model can autonomously learn the behavior patterns and data characteristics of game players.
-
In the second stage , a small amount of labeled historical player data is used for supervised learning, so as to better learn the latent representation of the data.
-
In the third stage , the model processes the game player's behavior data for each game to detect whether there is any see-through or self-aiming plug-in behavior.
Perspective plug-in detection scheme based on time series behavior data
Cheating players use perspective plug-ins to obtain the advantages of vision and overall macro information that normal players do not have. Because of this, their behavior is different from normal players, such as being able to move and move when the vision information is unknown. Aiming, so as to gain the advantage when facing the gun. When the target is exposed behind the cover, there will be an aiming and killing performance beyond the normal level. There are many characteristic dimensions in the data that can be distinguished. In this article, we select the two most obvious dimensions to display : The change of the relative deflection angle of the target at the critical moment, and the performance of aiming and killing in combination with multiple kills/multi-rounds.
1. The change of the relative deflection angle of the target at the critical moment
After cheating players use perspective, there will generally be a lot of conscious or unconscious "pre-aiming" phenomena, making the change curve of the target's relative deflection angle different from that of normal players.
It can be seen that at critical moments, such as when the target is moving behind the wall before killing, the relative deflection angle of the perspective cheating player is generally lower than that of the normal player, and the change is relatively stable.
2. Combine multiple kills and multiple rounds of targeted kill performance
Cheating players can complete aiming and killing in a very short time when the target is blocked to "visual exposure", which shows a big gap with the normal reaction time of ordinary players. Especially in the case of round performance.
As shown in the picture above, although cheating players will occasionally "play", normal players will also occasionally "supernatural" performance, but when zoomed in on multiple kills in a single round, and multi-round, multi-session targeted kill performance, The average reaction time (hit time difference) of perspective cheating players is lower and stable than normal players, while the average kill rate (gun KD) is higher than normal.
Self-aiming plug-in detection scheme based on time-series behavior data
Our analysis found that cheating players who use self-aiming plug-ins are significantly different from normal players in multi-dimensional characteristics such as crosshair movement speed, acceleration, and crosshair placement. This is because the self-aiming plug-in can quickly lock the enemy, making the player's aim more accurate and faster, while normal players need to spend more time and energy to aim. Specifically, the speed and acceleration of the front sight of the user of the self-aiming plug-in are faster, and the landing point of the front sight on the enemy's sphere is more concentrated. Significant differences in these characteristics lead to the performance of self-aiming cheat users and normal players.
1. Crosshair moving speed and its acceleration
From the figure below, the blue curve is the moving speed of the crosshair, and the red curve is its acceleration. The red coordinate point is the moment when the player shoots the gun. The self-aiming program usually makes the moving speed and acceleration of the crosshair very smooth, because they will acquire the target position and automatically adjust the moving speed and acceleration of the crosshair. The picture on the left is a self-aiming player, and the picture on the right is a normal player. In contrast, the moving speed and acceleration of the crosshair of a normal player may be more chaotic and irregular. We can see that the self-aiming player can still maintain a small change in speed and acceleration after shooting (silky gun effect).
2. The drop point of the crosshair on the enemy sphere
Because the self-aiming obtains the coordinates of a certain part of the player in advance, and then simulates the mouse signal to send the signal. The following is the drop point map of the crosshair on the enemy's sphere. The left picture is the self-aiming player, and the right picture is the normal player. You can see the crosshair When falling on the sphere where the enemy is located, the crosshair trajectory of the self-aiming player will be smoother, and there will be no large-scale angle changes of the crosshair like normal players.
Timing Model Network Architecture
As above, after extracting the perspective and self-aiming timing features constructed by our business experience and expert experience, we combine the original features to form a sequence according to the time sequence of "hit and kill", and feed it to the self-supervised timing model for prediction. Training, and then supervised learning through the LSTM sequence classification network.
apply effects
We deployed the system on a well-known FPS game. The system deploys the model reasoning service on the server. The client uploads the analyzed playback data through buried logs and real-time streaming. Time-series behavior data of each round (depending on network conditions), and feature processing and result inference, and combined with the player's historical game information to make a comprehensive decision, after the decision result is saved and reviewed, the game will deal with cheating players.
We collected replay data of 100,000 games from domestic and foreign websites, and analyzed 67,000 players with a total of 1,000,000 kill samples. Among the data of 3,000 online games on the business side, the high-recall scheme can cover 82.94% of the total number of self-targeting players . The high precision scheme achieves 95.38% accuracy.
Summary and future work outlook
Through the analysis of mainstream FPS game cheats and traditional solutions, it is not difficult to see that this is the pinnacle battle of the spear and shield duel, and the use of advanced technologies such as artificial intelligence can detect cheating behaviors more accurately.
Facing the complex situation of cheating, Netease Smart Enterprise Game AI has accumulated years of technical accumulation, and with enough big game data as the basic support, it has polished a perfect anti-cheating data solution for FPS games.
The solution only uses the replay log data that exists widely in the game to reconstruct the performance of the player authority, construct the player's time-series behavior data, and based on the time-series behavior data, respectively build perspective and self-aiming plug-in detection systems. The method and system can be widely applied to various online game platforms, and improve the fairness and customer satisfaction of the game platforms.
In the future, game developers and platform operators need to constantly update and improve the anti-cheat system . In terms of anti-cheat technology, it is necessary to continue to research and develop more efficient and accurate algorithms and models to cope with the ever-changing forms and attack methods of cheating. At the same time, it is necessary to strengthen the supervision and management of the game platform, establish a sound supervision mechanism, strengthen the monitoring and identification of player behavior, detect and deal with violations in a timely manner, and maintain the fairness and brand image of the game. In addition, game developers and platform operators also need to establish closer ties with players, understand player needs and feedback, solve player problems and confusion in a timely manner, and improve player satisfaction and loyalty. Ultimately, by constantly updating and improving the anti-cheat system, strengthening the supervision and management of the game platform, and maintaining close contact with players, the fairness and brand image of the game can be effectively protected, and the user experience and market competitiveness of the game platform can be improved.