Did you know that over 70 million of Dota2 players have their in-game data freely accessible? What if such data is used in malicious ways? This paper is the first to investigate such a problem. Motivated by the widespread popularity of video games, we propose the first threat model for Attribute Inference Attacks (AIA) in the Dota2 context. We explain how (and why) attackers can exploit the abundant public data in the Dota2 ecosystem to infer private information about its players. Due to lack of concrete evidence on the efficacy of our AIA, we empirically prove and assess their impact in reality. By conducting an extensive survey on $\sim$500 Dota2 players spanning over 26k matches, we verify whether a correlation exists between a player's Dota2 activity and their real-life. Then, after finding such a link ($p\!<\!0.01$ and $\rho>0.3$), we ethically perform diverse AIA. We leverage the capabilities of machine learning to infer real-life attributes of the respondents of our survey by using their publicly available in-game data. Our results show that, by applying domain expertise, some AIA can reach up to 98% precision and over 90% accuracy. This paper hence raises the alarm on a subtle, but concrete threat that can potentially affect the entire competitive gaming landscape. We alerted the developers of Dota2.
翻译:您知道, 超过7000万 Dota2 玩家的游戏数据可以自由获取吗? 如果此类数据被恶意使用, 如何? 本文是第一个调查这一问题的文件 。 由于视频游戏广受欢迎, 我们提议在 Dota2 背景下的属性推断攻击第一个威胁模式。 我们解释攻击者如何( 以及为什么) 利用Dota2 生态系统中的大量公共数据来推断其玩家的私人信息。 由于缺乏关于我们的 AIA 效力的具体证据, 我们用经验来证明和评估它们的实际影响。 通过对超过 26k 火柴的$\ sim 500 Dota2 玩家进行广泛调查, 我们核查玩家Dota2 活动及其真实生活之间是否存在关联性。 然后, 在找到这样一个链接( p\! 0.001 和 $\ rho>0. 0. 3 美元) 之后, 我们如何( ) 以道德方式执行多样化的 AIAA2 。 我们利用机器学习能力, 来评估我们调查对象的真实生活特征。 我们利用公开的游戏数据, 来评估他们的真实身份特征。 。 通过使用这些游戏里的数据, 我们的结果可以显示98 的精确性能影响到整个 。 因此的精确度 。 因此的精确度, 可能提高 。