SpringerOpen Newsletter

Receive periodic news and updates relating to SpringerOpen.

This article is part of the series Signal Processing Applications in Network Intrusion Detection Systems.

Open Access Research Article

Identifying MMORPG Bots: A Traffic Analysis Approach

Kuan-Ta Chen1*, Jhih-Wei Jiang2, Polly Huang3, Hao-Hua Chu2, Chin-Laung Lei3 and Wen-Chin Chen2

Author Affiliations

1 Institute of Information Science, Academia Sinica, Taipei 115, Taiwan

2 Department of Computer Science and Information Engineering, National Taiwan University, Taipei 106, Taiwan

3 Department of Electrical Engineering, National Taiwan University, Taipei 106, Taiwan

For all author emails, please log on.

EURASIP Journal on Advances in Signal Processing 2009, 2009:797159  doi:10.1155/2009/797159

The electronic version of this article is the complete one and can be found online at: http://asp.eurasipjournals.com/content/2009/1/797159

Received:10 April 2008
Accepted:8 September 2008
Published:8 October 2008

© 2009 The Author(s).

This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


Massively multiplayer online role playing games (MMORPGs) have become extremely popular among network gamers. Despite their success, one of MMORPG's greatest challenges is the increasing use of game bots, that is, autoplaying game clients. The use of game bots is considered unsportsmanlike and is therefore forbidden. To keep games in order, game police, played by actual human players, often patrol game zones and question suspicious players. This practice, however, is labor-intensive and ineffective. To address this problem, we analyze the traffic generated by human players versus game bots and propose general solutions to identify game bots. Taking Ragnarok Online as our subject, we study the traffic generated by human players and game bots. We find that their traffic is distinguishable by 1) the regularity in the release time of client commands, 2) the trend and magnitude of traffic burstiness in multiple time scales, and 3) the sensitivity to different network conditions. Based on these findings, we propose four strategies and two ensemble schemes to identify bots. Finally, we discuss the robustness of the proposed methods against countermeasures of bot developers, and consider a number of possible ways to manage the increasingly serious bot problem.

Publisher note

To access the full article, please see PDF.