Intrusion detection using spatial information and behavioral biometrics

Multiplayer online computer games are quickly growing in popularity with millions of players logging in every day. While most play in accordance with the rules set up by the game designers, some choose to cheat, to gain an unfair advantage over other players. With the growth in the economic and social importance of the virtual game worlds incidence of cheating are becoming increasingly problematic. Cheating by some players makes the game less appealing for the honest players. As a result, it costs thousands of dollars to game designers in lost revenue from disillusioned players who stop participating and in man-hours used for prevention of different forms of cheating. Consequently, a great deal of current research in computer science is aimed at detecting, preventing and neutralizing cheating in game worlds.;As game networks become a multibillion dollar industry it is necessary to protect them from actions that attempt to compromise the reliability, confidentiality or availability of such systems and to prevent intrusions of computer systems in general. In the context of information systems, intrusion refers to any unauthorized access, not permitted attempt to access or damage, or malicious use of information resources. Intrusion detection is defined as detection of break-ins and break-in attempts via automated software system.;In particular, behavior based intrusion detection methods are frequently used for insuring network security. Atypical user activities are automatically detected and alerts are forwarded to a network administrator. Recently, with the increase in online gaming, network intrusion detection techniques are being considered for identifying imposters playing from remote sites. The features commonly used in network intrusion detection (such as patterns of opening files, saving files, mouse clicks, memory requirements, etc.) are not sufficiently discriminative in applications where the number of registered users is large and we are not only interested in detecting whether an intrusion has occurred but in also identifying the impostor from among the set of registered users (players).;Research in biometric technologies offers one of the most promising approaches to providing user friendly and reliable control methodology for access to computer systems, networks and workplaces. Majority of such research is aimed at studying well established physical biometrics such as fingerprint or iris recognition. Behavioral biometrics are usually only briefly mentioned and only those which are in large part based on muscle control such as keystrokes, gait or signature are well investigated.;Behavioral biometrics provide a number of advantages over traditional biometric technologies. They can be collected non-obtrusively or even without the knowledge of the user. Collection of behavioral data often does not require any special hardware and is so very cost effective. While behavioral biometrics are not unique enough to provide reliable human identification they have been shown to provide sufficiently high accuracy identity verification.;This dissertation begins with a review of published research in game security and behavioral biometrics. We analyze previous studies and point out trends and propose taxonomies which make understanding and improvement on previous work easier. As the capstone of this dissertation, we have developed an intrusion detection system for online poker which uses player's game strategy as the behavioral profile. We have improved our system by experimenting with different similarity measure functions and different ways of representing behavioral signatures. We were able to greatly improve performance of our system by inclusion of spatial, temporal and contextual information about the environment alongside the user's behavior. We have investigated possibility of creation of artificial behavioral profiles and use of such profiles for spoofing of behavior-based security systems. As our research progressed new interesting and unforeseen research paths were discovered. We have expanded strategy-based behavioral biometrics to a new domain of recognition and verification of intelligent agents and had created a novel CAPTCHA-based algorithm aimed at preventing intelligent agents from participating in online poker games.