bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/AI_and_ML/SARD 안티치트 솔루션(SARD Anti-Cheat).md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

7.2 KiB
Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
id title category status canonical_id aliases duplicate_of source_trust_level confidence_score verification_status tags raw_sources last_reinforced github_commit tech_stack
wiki-2026-0508-sard-안티치트-솔루션-sard-anti-cheat SARD 안티치트 솔루션 (SARD Anti-Cheat) 10_Wiki/Topics verified self
SARD
SARD Anti-Cheat
사드 안티치트
none B 0.85 applied
anti-cheat
security
game-security
kernel-driver
behavioral-detection
2026-05-10 pending
language framework
C++/Rust/Python kernel driver + ML behavioral

SARD 안티치트 솔루션 (SARD Anti-Cheat)

매 한 줄

"매 multi-layer game protection — kernel driver + behavioral ML + server-side validation.". SARD 매 Korean game security solution category 의, 매 modern anti-cheat (Vanguard, BattlEye, Easy Anti-Cheat, nProtect XIGNCODE) 와 매 same architecture 의 follow — kernel ring-0 driver 의 process integrity, hypervisor-level memory protection, ML 의 behavior anomaly detection, server-side replay validation 의 layered defense.

매 핵심

매 layered defense

  1. Client integrity — code signing, anti-debug, packed binary, integrity check.
  2. Kernel driver (ring-0) — process scan, handle stripping, hypervisor protection.
  3. Memory protection — page guard, hash check on critical structs.
  4. Behavioral ML — input pattern, mouse trajectory, reaction time anomaly.
  5. Server-side validation — physics replay, stat sanity, statistical clustering.
  6. Telematic uploading — process list, loaded modules, hardware fingerprint.

매 cheat categories

  • Aimbot — auto-aim via memory or screen capture.
  • Wallhack / ESP — render-pipeline injection, depth buffer read.
  • Memory editor — Cheat Engine, custom DLL injection.
  • Macro / scripting — input automation (Logitech G Hub, AutoHotKey).
  • Modded client — replaced game DLL.
  • AI-assisted (2024+) — external CV model on screen capture (the new frontier).

매 응용

  1. Korean F2P MMO/MOBA (Lost Ark, BG, MapleStory).
  2. FPS competitive (Valorant 의 Vanguard 가 reference).
  3. Mobile game protection (post-Android 14 root detection).

💻 패턴

Kernel Driver Process Scan (conceptual C++)

// 매 illustrative, real kernel work needs WDF/EDR experience.
NTSTATUS ScanLoadedModules(PEPROCESS process) {
    PPEB peb = PsGetProcessPeb(process);
    if (!peb) return STATUS_UNSUCCESSFUL;

    PPEB_LDR_DATA ldr = peb->Ldr;
    PLIST_ENTRY head = &ldr->InMemoryOrderModuleList;
    for (PLIST_ENTRY e = head->Flink; e != head; e = e->Flink) {
        PLDR_DATA_TABLE_ENTRY mod = CONTAINING_RECORD(e, LDR_DATA_TABLE_ENTRY,
                                                       InMemoryOrderLinks);
        if (IsBlacklisted(&mod->BaseDllName)) {
            ReportToServer(process, &mod->BaseDllName);
            return STATUS_ACCESS_DENIED;
        }
    }
    return STATUS_SUCCESS;
}

Integrity Hash Check

DWORD CrcCodeSection(HMODULE mod) {
    auto dos = (PIMAGE_DOS_HEADER)mod;
    auto nt  = (PIMAGE_NT_HEADERS)((BYTE*)mod + dos->e_lfanew);
    auto sect = IMAGE_FIRST_SECTION(nt);
    for (UINT i = 0; i < nt->FileHeader.NumberOfSections; i++, sect++) {
        if (memcmp(sect->Name, ".text", 5) == 0) {
            return Crc32((BYTE*)mod + sect->VirtualAddress, sect->Misc.VirtualSize);
        }
    }
    return 0;
}

Behavioral Anomaly Detection (Python)

import numpy as np
from sklearn.ensemble import IsolationForest

def extract_aim_features(snapshot_window: list[dict]) -> np.ndarray:
    """매 mouse trajectory + headshot ratio + reaction time."""
    angles = np.array([s["delta_angle"] for s in snapshot_window])
    return np.array([
        np.mean(angles), np.std(angles),
        np.mean([s["reaction_ms"] for s in snapshot_window]),
        sum(1 for s in snapshot_window if s["headshot"]) / len(snapshot_window),
        np.percentile([s["snap_speed"] for s in snapshot_window], 95),
    ])

class CheatBehaviorDetector:
    def __init__(self):
        self.iforest = IsolationForest(contamination=0.01, random_state=42)

    def fit(self, normal_features: np.ndarray):
        self.iforest.fit(normal_features)

    def score(self, features: np.ndarray) -> float:
        return -self.iforest.score_samples(features.reshape(1, -1))[0]

Server-Side Physics Replay

def validate_movement(prev_pos, curr_pos, dt_ms, max_speed):
    dx = ((curr_pos["x"] - prev_pos["x"]) ** 2
        + (curr_pos["y"] - prev_pos["y"]) ** 2) ** 0.5
    speed = dx / (dt_ms / 1000)
    if speed > max_speed * 1.1:    # 10% tolerance
        return False, "speedhack"
    return True, None

Hardware Fingerprint

import hashlib

def device_fingerprint(payload: dict) -> str:
    keys = ["motherboard_serial", "cpu_id", "disk_serial", "mac_addr"]
    blob = "|".join(payload.get(k, "") for k in keys)
    return hashlib.sha256(blob.encode()).hexdigest()[:32]

Anti-Debug (windows)

bool IsDebuggerPresentChecks() {
    if (IsDebuggerPresent()) return true;
    BOOL remote = FALSE;
    CheckRemoteDebuggerPresent(GetCurrentProcess(), &remote);
    if (remote) return true;
    PEB* peb = (PEB*)__readgsqword(0x60);
    if (peb->BeingDebugged) return true;
    return false;
}

AI-Assisted Cheat Detection (2024+ frontier)

def detect_external_cv(input_log) -> float:
    """매 외부 CV-aimbot — 매 mouse 의 과도하게 smooth + perfect prediction.
    매 unrealistic combination (very smooth path + perfect headshot)."""
    smoothness = compute_path_smoothness(input_log)
    accuracy   = compute_headshot_rate(input_log)
    return smoothness * accuracy   # >> human achievable

매 결정 기준

상황 Approach
New PC FPS Kernel driver + behavioral ML (Vanguard model)
MMO economy abuse Server-side stat anomaly + clustering
Mobile game Root detection + integrity + server replay
Privacy-concerned market (EU) User-mode + heavy server-side, no kernel
AI-aimbot threat Mouse-trajectory ML + screen-capture detection

기본값: User-mode integrity + server-side replay + behavioral ML; kernel driver 의 competitive ranked queue 의 only (privacy/stability tradeoff).

🔗 Graph

🤖 LLM 활용

언제: cheat forum scraping for new technique discovery, support ticket triage, false-positive review summary. 언제 X: 의 X automated ban decisions — false-positive 의 player trust 의 destroy. Human review 의 mandatory.

안티패턴

  • Client trust: 의 X — 매 client side 의 byte 의 attacker 의 control. 매 server-side validation 의 always.
  • Kernel driver only: bypass 의 known. Layered 의 defense 의 필요.
  • No false-positive process: legitimate player 의 ban 의 community trust 의 collapse.
  • Static signature only: cheat updates 의 daily — behavioral ML 의 layer.
  • Privacy-blind kernel reach: EU/GDPR 의 risk — telemetry 의 minimize, disclose.

🧪 검증 / 중복

  • Verified (Vanguard/BattlEye/EAC public docs; SARD 의 specific 의 vendor-confidential 의, B trust).
  • 신뢰도 B.

🕓 Changelog

날짜 변경
2026-05-08 Phase 1
2026-05-10 Manual cleanup — anti-cheat layered architecture + behavioral ML
Reference in New Issue View Git Blame Copy Permalink