在所有線上遊戲類型中，MMORPG是最受歡迎且最具代表性的一種。在2007年，MMORPG全世界的總產值已突破54億美金，而玩家的總數也已突破1600萬人次。然而，BOT氾濫的問題卻在近年裡鑿穿MMORPG；BOT不僅深深地破壞了整個虛擬世界的公平性，嚴重影響到遊戲廠商的營運利益，更會縮短線上遊戲的生命週期。雖然學界已開始針對這樣的議題著手進行研究，但仍沒有一個有效且適用於大型線上遊戲的方法。因此，我們提出一個可與遊戲設計結合的線上遊戲機器代理人自動偵測方案，採用資料探勘與行為量化的方式來分析玩家在遊戲層的行為，並利用改良式的CAPTCHA技術來對玩家進行身份鑑定；不僅如此，我們更使用真實的遊戲資料來驗證系統的有效性。在特點方法，我們所提出的玩家行為特徵量化方法適用於大多數的MMORPG，而且對於偵測新型態的BOT亦具有擴充性。

MMORPG is the most popular kind of online game. The market value for MMORPGs in the World hit 5.4 billion dollars in 2007. The number of MMORPGs’ players exceeds 16 million over the world on 2007. In recent years, BOT is the one of the most important prob-lem in the filed of MMORPGs. BOTs are deeply breaking the fairness of the virtual world and affecting the benefit of the game operators. Although much active research on detecting cheaters in online games is currently in progress, there is not an effective and scalable solu-tion that supports thousands of players. We propose an anti-robot agent solution which is composed of multiple mechanisms and combined with game design to detect BOT players automatically. Our proposed mechanism adopts data mining techniques to analyze player behavior in game level, and extended CAPTCHA techniques to identify players’ presence of the game. Further, we experiment the solution on a real game to explore the effectiveness of our detection mechanisms. Our generated behavior feature quantification function is suitable for most MMORPGs, and our detection mechanisms are scalable for new types of BOT.

1Introduction ………………………………………………………………………. 1
2Related Work ……………………………………………………………………... 3
3Proposed System …………………………………………………………………. 6
3.1 BOT Filtering Service …………………………………………………….... 7
3.1.1Data Preparation ……………………………………………………… 8
3.1.2Data Training ………………………………………………………... 10
3.1.3BOT Detection ……………………………………………………… 11
3.2 BOT Identification Service ……………………………………………….. 11
3.2.1Automated BOT Discrimination ……………………………………. 12
3.2.2BOT Tracing ……………………………………………………… 14
4Experiment and Discussion ……………………………………………………... 15
4.1 BOT Filtering Service Experiment ……………………………………….. 15
4.2 BOT Identification Service example ……………………………………… 20
5Conclusion ………………………………………………………………………. 23

[1]B.S. Woodcock, An analysis of MMOG subscription growth—version 23.0, Available from: <http://www.mmogchart. com/>
[2]School of Computer Science, Carnegie Mellon, CAPTCHA Project, Available from:<http://www.captcha.net/>
[3]A. M. Turing, “Computing Machinery and Intelligence,” Mind 49: 433-460,1950.
[4]Pinkas, B. and Sander, T. “Securing passwords against dictionary attacks,” Proceedings of the ACM Computer and Security Conference 2002.
[5]Rachna Dhamija and J.D. Tygar, “Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks,” Second International Workshop (HIPs 2005).
[6]Philippe Golle, Nicolas Ducheneaut, “Keeping Bots out of Online Games,” ACM International Conference Proceeding Series, Vol. 265, Pages: 262 – 265, 2005.
[7]Kuan-Ta Chen, Jhih-Wei Jiang, Polly Huang, Hao-Hua Chu, Chin-Laung Lei, and Wen-Chin Chen, “Identifying MMORPG Bots: A Traffic Analysis Approach,” ACM International Conference Proceeding Series, Vol. 266, 2006.
[8]Greg Mori, Jitendra Malik, “Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA,” Computer Vision and Pattern Recognition, IEEE Computer Society Conference, vol. 1, pp. 134-141, June 2003.
[9]Jeff Yan, Ahmad Salah El Ahmad, “Breaking Visual CAPTCHAs with Naïve Pattern Recognition Algorithms,” Computer Security Applications Conference, pp. 279-291, Dec. 2007.
[10]Sajad Shirali-Shahreza, Ali Movaghar, “A New Anti-Spam Protocol Using CAPTCHA,” Networking, Sensing and Control, IEEE International Conference, Pages: 234-238, 2007.
[11]Igor Fischer and Thorsten Herfet, “Visual CAPTCHAs for Document Authentication,” Multimedia Signal Processing, IEEE 8th Workshop, pp. 471-474, Oct. 2006.
[12]Henry S. Bairda and Jon L. Bentley, “Implicit CAPTCHAs,” IS&T/SPIE, Document Recognition & Retrieval XII Conference, Jan. 2005.
[13]Shirali-Shahreza, Mohammad Shirali-Shahreza, Sajad, “Question-Based CAPTCHA,” Conference on Computational Intelligence and Multimedia Applications, vol. 4, pp. 54-58, Dec. 2007.
[14]Wenke Lee, Salvatore J. Stolfo, “Data Mining Approaches for Intrusion Detection,” In Proceedings of the 7th USENIX Security Symposium, San Antonio, Texas, January 26-29, 1998.
[15]Theuns Verwoerd and Ray Hunt, “Intrusion detection techniques and approaches,” Computer Communications, vol. 25, Issue 15, pp. 1356-1365, Sep. 2002.
[16]Monica Chew and J. D. Tygar, “Image Recognition CAPTCHAs,” International information security conference, pp. 268-279, 2004.
[17]Market Intelligence Center, Taiwan, Available from: <http://mic.iii.org.tw/intelligence/>
[18]Wikipedia foundation, Available from: <http://zh.wikipedia.org/w/index.php?title=%E4%BB%99%E5%A2%83%E4%BC%A0%E8%AF%B4&variant=zh-tw>
[19]Gamebase forum, Available from: <http://www.gamebase.com.tw/forum/content.html?sno=75599574>
[20]Shiou-hung Chen, “Bot Detection Models and Corresponding Game Security Processes in Computer Online Games,” Master's Thesis, Dept. of Information Management, National Taiwan University of Science and Technology, 2006.