Anticheat Assistance - Ideas & Tests

[Instadev]

As some of you may know, I've been working tirelessly on a ticket system (the premiums can read all about it here) with the ability to dynamically classify, add certainty to the classification and take actions according to a pre-defined actions list. With that being living hell and the need for a huge dataset for neural network training, a significant amount of time, and generally better implementation over time, I have decided to keep it as it is at the moment and find a way to generate thousands of rows for training data and move on to another project I think will interest the majority of you, security-related feature: an anticheat.

While there are several anticheats out there, and all of them are great, I plan on making mine a bit more unique by implementing the concept of learning new hacking patterns and having the ability to prevent both old and new hacking methods altogether with a single system.
I obviously am not going to cover everything on 1 go, which is where I need your help with the future expansion of the system, assuming it will all go well & as expected.

In the coming days, I will begin working on a self-learning anticheat system that can detect abnormal behaviors on multiple levels, starting with speed & teleportation hacks, flying, superjumps, air walking, and all the usual stuff.
I make this post because I need 2 things from those with the willingness & time to put in:
- Ideas for anticheat features: what else is needed from an anticheat?
- Once an early version is available for tests, I would need people with various hacks for tests. I'll post more about it once it's actually testable with how we're going to do this, which should be rather fun

What I have in mind right now (as a vision, which I believe is practical): is a self-learning anticheat system that has the ability to detect abnormal behaviors on the common fields of hacking, not for item duplication, PQR, or stuff of this sort. This can be an expansion of the anticheat system, but not what I intend to work on at the moment. Of course, suggestions are more than welcome. As you know, preventing hacks is never 100% and more ideas for realistic implementations can be challenging but fun, and very productive!

Of course, if you guys have any questions you're free to ask me.
And no, I do not intend to release this at this early stage for opensource or anything like that - nor is it for sale. A demo video will be attached when there's something worthy!

 

[Instadev]

A quick update
While some things have advanced, it is far from perfect, but there's progress!

The neural network is set, I have some rather simple datasets for legit movement, hack movement and mixed, for testing purposes. The approach I took is abnormal behavior detection, which (in simple terms) means this:
- I train the anticheat with legit data only
- When the anticheat finds anything which is not legit (model certainty score of 50 and above) - alert in-game staff members
- So far I avoided training hack data and labeling data accurately because it can restrict the neural network from learning what's a hack only based on the samples I give it rather than detecting true abnormal behavior

The neural network is smart enough to learn a pattern but is not as smart as knowing what is up with the player in terms of mounting or ping (latency) or other server-permitted movements (such as charging, leaping, death-gripping, thunderstorming, etc) so that still has to be coded in.

The neural network has not been trained in PvP or PvE scenarios and is not collecting THAT many variables at the moment, even though with time I think I should feed it with as much data as I can just for testing purposes. The downside of this is the fact it will need a vast dataset to train on, which is not fun computing-wise. But leaving that aside, it can be great! The best part is the fact the model can be saved as a standalone file and load the ready model at all times with every server boot with ease, so it can become a "one-time thing" (done repeatedly until I perfect this).

How great can it be?
Alright, I'll get in-depth with how this system as a whole could benefit me, as a server owner.
The potential of this system's expansion is beyond what you can even imagine, and it's all very reachable! I'll explain.
Unfamiliar hack detection: I can detect new types of hacks, which is beyond amazing. I am not limited to hardcoded data (no matter how accurate it is and how good it is) - there will most likely be something new at all times. I can only pray I am wrong, but risking it is not my thing so I will rather be safe than sorry.

PvP combination: with an expanded system I can very easily detect unusual PvP behavior, such as unproportionally large damage output based on current attributes and ratings (hit rating, crit, enemy's dodge, and resilience, etc), which can help me determine which behavior is iffy and which is legit. Of course, if there's any abnormal behavior I would like to know about I will get familiar with it rather quickly. No need to wait for players' reports! Of course, a quick disclaimer: I'm talking about a final product, not a work in progress. And this WILL take time to accomplish.

PvE combination: with an expanded system I can very easily train the model with legit PvE behavior & expected damage output based on my gear and all of its attributes and let the system do its thing. It can help me immensely if I suspect people are manipulating the game to gain an advantage in any way, shape, or form. Of course, a quick disclaimer: I'm talking about a final product, not a work in progress. And this WILL take time to accomplish.

It's an additional layer: the system is designed to work alongside whatever you're using nowadays! It's an extra layer of protection that can help me as a server owner on multiple levels without sacrificing anything other than computing power and some RAM. In modern times and with my obsession with optimization, it's a small price to pay, if at all.

BUT! It's not all without issues!
At the moment, when I enable the system, I can get a pretty solid model score on multiple levels. The only problem is the fact the model is trained to predict the players' next movement, rather than the current movement's hack confirmation or not, which is not even remotely close to what I wanted to implement. So, a total rewrite is needed, and possibly even new training data with all the data I would need in order to expand the anticheat system in the near future.

Will continue to update once I have made some more progress. Hopefully next time I will have a video to showcase.
As always, if you got any questions or feedback, would love to hear it all.

 

[Instadev]

Another update, but this time it's a biggie!

Real progress is being made! This is based on accurate data, actual values & real detection rates, just in a console rather than in-game! If we assume this is a "final" version, I need to implement this in-game and add handlers for each score I want (for example, score > 85: log action & alert staff).
I'm now adding more data to the system to see how well it behaves when it comes to vast amounts of data as training and then real-time (unseen by the system) tests. Wish me luck!

P.S - technical
I'm estimating ~15,000 lines of training data would suffice at this point for the basic hacking stuff, will expand it over time to detect collision expectations, spells handlers, PvP movement training, etc.
15,000 lines of training data are ~300kb with the format I've placed.

This is an extremely early version - will keep updating. The end result will be a single file being loaded into the server as the server is being executed and having the ability to detect hacks right from the beginning