Malicious Game Client Detection Using Feature Extraction and Machine Learning

Austad, Spencer J.

20 November 2023

Minecraft, the world's best-selling video game, boasts a vast and vibrant community of users who actively develop third-party software for the game. However, it has also garnered notoriety as one of the most malware-infested gaming environments. This poses a unique challenge because Minecraft software has many community-specific nuances that make traditional malware analysis less effective. These differences include unique file types, differing code formats, and lack of standardization in user-generated content analysis. This research looks at Minecraft clients in the two most common formats: Portable Executable and Java Archive file formats. Feature correlation matrices showed that malware features are too complicated to analyze without advanced algorithms. The latest machine learning methods for malware analysis were employed to classify samples based on both behavioral features generated from running samples in a sandbox environment and static features through file-based analysis. A total sample set of 92 files was used and found that Portable Executable and Java Archive files have significantly different feature sets that are important for malware identification. This study was able to successfully classify 77.8% of all Portable Executable samples 84.2% of all Java Archive samples while maintaining high recall scores. This research, by shedding light on the intricacies of malware detection in Minecraft clients, provides a framework for a more nuanced and adaptable approach to game-related malware research.

malware detection

cybersecurity

Minecraft

game mods

machine learning

Engineering