Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2

Pier Paolo Tricomi; Lisa Facciolo; Giovanni Apruzzese; Mauro Conti

doi:10.1145/3577923.3583653

Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2

Pier Paolo Tricomi, Lisa Facciolo, Giovanni Apruzzese, Mauro Conti

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

19 Downloads (Pure)

Abstract

Did you know that over 70 million of Dota2 players have their in-game data freely accessible? What if such data is used in malicious ways? This paper is the first to investigate such a problem. Motivated by the widespread popularity of video games, we propose the first threat model for Attribute Inference Attacks (AIA) in the Dota2 context. We explain how (and why) attackers can exploit the abundant public data in the Dota2 ecosystem to infer private information about its players. Due to lack of concrete evidence on the efficacy of our AIA, we empirically prove and assess their impact in reality. By conducting an extensive survey on 500 Dota2 players spanning over 26k matches, we verify whether a correlation exists between a player's Dota2 activity and their real-life. Then, after finding such a link (p < 0.01 and ρ > 0.3), we ethically perform diverse AIA. We leverage the capabilities of machine learning to infer real-life attributes of the respondents of our survey by using their publicly available in-game data. Our results show that, by applyingdomain expertise, some AIA can reach up to 98% precision and over 90% accuracy. This paper hence raises the alarm on a subtle, but concrete threat that can potentially affect the entire competitive gaming landscape. We alerted the developers of Dota2.

Original language	English
Title of host publication	CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy
Publisher	Association for Computing Machinery (ACM)
Pages	27-38
Number of pages	12
ISBN (Electronic)	9798400700675
DOIs	https://doi.org/10.1145/3577923.3583653
Publication status	Published - 2023
Event	13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023 - Charlotte, United States Duration: 24 Apr 2023 → 26 Apr 2023

Publication series

Name	CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy

Conference

Conference	13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023
Country/Territory	United States
City	Charlotte
Period	24/04/23 → 26/04/23

Bibliographical note

Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care
Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Keywords

attribute inference attack
dota2
machine learning
video games

Access to Document

10.1145/3577923.3583653

3577923.3583653Final published version, 2.48 MB

Cite this

Tricomi, P. P., Facciolo, L., Apruzzese, G., & Conti, M. (2023). Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2. In CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy (pp. 27-38). (CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy). Association for Computing Machinery (ACM). https://doi.org/10.1145/3577923.3583653

Tricomi, Pier Paolo ; Facciolo, Lisa ; Apruzzese, Giovanni et al. / Attribute Inference Attacks in Online Multiplayer Video Games : A Case Study on DOTA2. CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery (ACM), 2023. pp. 27-38 (CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy).

@inproceedings{d934d08ad67b44c6a6f5c4a140e06a37,

title = "Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2",

abstract = "Did you know that over 70 million of Dota2 players have their in-game data freely accessible? What if such data is used in malicious ways? This paper is the first to investigate such a problem. Motivated by the widespread popularity of video games, we propose the first threat model for Attribute Inference Attacks (AIA) in the Dota2 context. We explain how (and why) attackers can exploit the abundant public data in the Dota2 ecosystem to infer private information about its players. Due to lack of concrete evidence on the efficacy of our AIA, we empirically prove and assess their impact in reality. By conducting an extensive survey on 500 Dota2 players spanning over 26k matches, we verify whether a correlation exists between a player's Dota2 activity and their real-life. Then, after finding such a link (p < 0.01 and ρ > 0.3), we ethically perform diverse AIA. We leverage the capabilities of machine learning to infer real-life attributes of the respondents of our survey by using their publicly available in-game data. Our results show that, by applyingdomain expertise, some AIA can reach up to 98% precision and over 90% accuracy. This paper hence raises the alarm on a subtle, but concrete threat that can potentially affect the entire competitive gaming landscape. We alerted the developers of Dota2. ",

keywords = "attribute inference attack, dota2, machine learning, video games",

author = "Tricomi, {Pier Paolo} and Lisa Facciolo and Giovanni Apruzzese and Mauro Conti",

note = "Green Open Access added to TU Delft Institutional Repository {\textquoteleft}You share, we take care!{\textquoteright} – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. ; 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023 ; Conference date: 24-04-2023 Through 26-04-2023",

year = "2023",

doi = "10.1145/3577923.3583653",

language = "English",

series = "CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy",

publisher = "Association for Computing Machinery (ACM)",

pages = "27--38",

booktitle = "CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy",

address = "United States",

}

Tricomi, PP, Facciolo, L, Apruzzese, G & Conti, M 2023, Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2. in CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy. CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy, Association for Computing Machinery (ACM), pp. 27-38, 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023, Charlotte, United States, 24/04/23. https://doi.org/10.1145/3577923.3583653

Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2. / Tricomi, Pier Paolo; Facciolo, Lisa; Apruzzese, Giovanni et al.
CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery (ACM), 2023. p. 27-38 (CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy).

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Attribute Inference Attacks in Online Multiplayer Video Games

T2 - 13th ACM Conference on Data and Application Security and Privacy, CODASPY 2023

AU - Tricomi, Pier Paolo

AU - Facciolo, Lisa

AU - Apruzzese, Giovanni

AU - Conti, Mauro

N1 - Green Open Access added to TU Delft Institutional Repository ‘You share, we take care!’ – Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

PY - 2023

Y1 - 2023

N2 - Did you know that over 70 million of Dota2 players have their in-game data freely accessible? What if such data is used in malicious ways? This paper is the first to investigate such a problem. Motivated by the widespread popularity of video games, we propose the first threat model for Attribute Inference Attacks (AIA) in the Dota2 context. We explain how (and why) attackers can exploit the abundant public data in the Dota2 ecosystem to infer private information about its players. Due to lack of concrete evidence on the efficacy of our AIA, we empirically prove and assess their impact in reality. By conducting an extensive survey on 500 Dota2 players spanning over 26k matches, we verify whether a correlation exists between a player's Dota2 activity and their real-life. Then, after finding such a link (p < 0.01 and ρ > 0.3), we ethically perform diverse AIA. We leverage the capabilities of machine learning to infer real-life attributes of the respondents of our survey by using their publicly available in-game data. Our results show that, by applyingdomain expertise, some AIA can reach up to 98% precision and over 90% accuracy. This paper hence raises the alarm on a subtle, but concrete threat that can potentially affect the entire competitive gaming landscape. We alerted the developers of Dota2.

AB - Did you know that over 70 million of Dota2 players have their in-game data freely accessible? What if such data is used in malicious ways? This paper is the first to investigate such a problem. Motivated by the widespread popularity of video games, we propose the first threat model for Attribute Inference Attacks (AIA) in the Dota2 context. We explain how (and why) attackers can exploit the abundant public data in the Dota2 ecosystem to infer private information about its players. Due to lack of concrete evidence on the efficacy of our AIA, we empirically prove and assess their impact in reality. By conducting an extensive survey on 500 Dota2 players spanning over 26k matches, we verify whether a correlation exists between a player's Dota2 activity and their real-life. Then, after finding such a link (p < 0.01 and ρ > 0.3), we ethically perform diverse AIA. We leverage the capabilities of machine learning to infer real-life attributes of the respondents of our survey by using their publicly available in-game data. Our results show that, by applyingdomain expertise, some AIA can reach up to 98% precision and over 90% accuracy. This paper hence raises the alarm on a subtle, but concrete threat that can potentially affect the entire competitive gaming landscape. We alerted the developers of Dota2.

KW - attribute inference attack

KW - dota2

KW - machine learning

KW - video games

UR - http://www.scopus.com/inward/record.url?scp=85158141282&partnerID=8YFLogxK

U2 - 10.1145/3577923.3583653

DO - 10.1145/3577923.3583653

M3 - Conference contribution

AN - SCOPUS:85158141282

T3 - CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy

SP - 27

EP - 38

BT - CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy

PB - Association for Computing Machinery (ACM)

Y2 - 24 April 2023 through 26 April 2023

ER -

Tricomi PP, Facciolo L, Apruzzese G, Conti M. Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2. In CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy. Association for Computing Machinery (ACM). 2023. p. 27-38. (CODASPY 2023 - Proceedings of the 13th ACM Conference on Data and Application Security and Privacy). doi: 10.1145/3577923.3583653

Attribute Inference Attacks in Online Multiplayer Video Games: A Case Study on DOTA2

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this