| that's a billion dollar question. mostly just varied statistical analysis methods. concurrent play time, mouse clicks, jitter between clicks, viewport size, reaction to 'out-of-cycle' prompts or UI strings (like, say, a GM opening an inventory window on the player screen), click accuracy, click accuracy jitter, time between mouse points -- generally trying to determine whether or not the player actions look something like the player actions of a regular old user. if your game is one that has an economy you can trace currency pathways and usually find bot-herders that are pooling resources. some asian MMOs implemented in-game captcha-likes that bother players when they've spent a long time in a specific area (a likely bot condition). "Are you there? Finish this puzzle for a temporary XP boost!" -- the premise actually being "Hey, are you a human?" training ML methods for this is pretty easy -- get a bunch of known legitimate players and record all the metrics around the ui/ux/input channels , look for similar behavior elsewhere -- when a very-fast or strange outlier appears then (preferably) prompt for a human GM to observer the player in question and perform judgement. |
i've worked with a few asian MMO publishers, and before you dive into full on ML or start sending users' clipboard contents and bank website window captures to notoriously shitty and useless korean anticheat companies, there are some very big things you can do:
- count gains, portal entries, dungeon entries, etc, then sort descending. players that are gaining experience 24 hours a day, or gold 24 hours a day are rarely, if ever, legitimate.
- even if this does not entirely get rid of gold farmers, it causes interesting points where they are suspicious of whatever software they are using, rather than suspicious of the inhuman fact that they have not stopped attacking for 84 hours straight
- one lazy thing i've seen take down massive (warehouse-scale) gold farming bot operations is having the game send out broadcast discovery packets. these large scale operations are usually piles of optiplexes or similar on a flat network, and a discovery packet will be noticed by every other device running your game on the network. instant breaking through a different VPN per device, linking all accounts together.
- trace currency, and on top of that, trace timings. often, bots will do something like "farm until inventory full" and then transit back to trade it off, then return to the same map with incredibly tight timing.
the biggest problem you will have is that asian mmo companies don't give a fuck about anything other than their cash shop, and just slap on the cheapest, worst, most insecure malicious and privacy violating rootkit anticheat they can find as a bandaid while the underlying game code is incredibly vulnerable. writing a sql query is too much effort to care, same with having human review.