If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems Article Swipe

View

Christoph Dorner , Lukas Daniel Klausner ·

YOU? · · 2024 · Open Access · · DOI: https://doi.org/10.1145/3664476.3670433

Addressing a critical aspect of cybersecurity in online gaming, this paper\nsystematically evaluates the extent to which kernel-level anti-cheat systems\nmirror the properties of rootkits, highlighting the importance of\ndistinguishing between protective and potentially invasive software. After\nestablishing a definition for rootkits (making distinctions between rootkits\nand simple kernel-level applications) and defining metrics to evaluate such\nsoftware, we introduce four widespread kernel-level anti-cheat solutions. We\nlay out the inner workings of these types of software, assess them according to\nour previously established definitions, and discuss ethical considerations and\nthe possible privacy infringements introduced by such programs. Our analysis\nshows two of the four anti-cheat solutions exhibiting rootkit-like behaviour,\nthreatening the privacy and the integrity of the system. This paper thus\nprovides crucial insights for researchers and developers in the field of gaming\nsecurity and software engineering, highlighting the need for informed\ndevelopment practices that carefully consider the intersection of effective\nanti-cheat mechanisms and user privacy.\n

Related Topics

Concepts

Rootkit Computer science Kernel (algebra) Operating system Computer security Malware Mathematics Combinatorics

Metadata

Type: article
Language: en
Landing Page: https://doi.org/10.1145/3664476.3670433
OA Status: gold
Cited By: 2
References: 8
Related Works: 10
OpenAlex ID: https://openalex.org/W4400978463

All OpenAlex metadata

Raw OpenAlex JSON

OpenAlex ID: https://openalex.org/W4400978463

Canonical identifier for this work in OpenAlex
DOI: https://doi.org/10.1145/3664476.3670433

Digital Object Identifier
Title: If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems

Work title
Type: article

OpenAlex work type
Language: en

Primary language
Publication year: 2024

Year of publication
Publication date: 2024-07-25

Full publication date if available
Authors: Christoph Dorner, Lukas Daniel Klausner

List of authors in order
Landing page: https://doi.org/10.1145/3664476.3670433

Publisher landing page
Open access: Yes

Whether a free full text is available
OA status: gold

Open access status per OpenAlex
OA URL: https://doi.org/10.1145/3664476.3670433

Direct OA link when available
Concepts: Rootkit, Computer science, Kernel (algebra), Operating system, Computer security, Malware, Mathematics, Combinatorics

Top concepts (fields/topics) attached by OpenAlex
Cited by: 2

Total citation count in OpenAlex
Citations by year (recent): 2025: 1, 2024: 1

Per-year citation counts (last 5 years)
References (count): 8

Number of works referenced by this work
Related works (count): 10

Other works algorithmically related by OpenAlex

Full payload

id	https://openalex.org/W4400978463
doi	https://doi.org/10.1145/3664476.3670433
ids.doi	https://doi.org/10.1145/3664476.3670433
ids.openalex	https://openalex.org/W4400978463
fwci	1.27241737
type	article
title	If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems
biblio.issue
biblio.volume
biblio.last_page	11
biblio.first_page	1
topics[0].id	https://openalex.org/T10917
topics[0].field.id	https://openalex.org/fields/22
topics[0].field.display_name	Engineering
topics[0].score	0.9997000098228455
topics[0].domain.id	https://openalex.org/domains/3
topics[0].domain.display_name	Physical Sciences
topics[0].subfield.id	https://openalex.org/subfields/2207
topics[0].subfield.display_name	Control and Systems Engineering
topics[0].display_name	Smart Grid Security and Resilience
topics[1].id	https://openalex.org/T11424
topics[1].field.id	https://openalex.org/fields/17
topics[1].field.display_name	Computer Science
topics[1].score	0.9997000098228455
topics[1].domain.id	https://openalex.org/domains/3
topics[1].domain.display_name	Physical Sciences
topics[1].subfield.id	https://openalex.org/subfields/1702
topics[1].subfield.display_name	Artificial Intelligence
topics[1].display_name	Security and Verification in Computing
topics[2].id	https://openalex.org/T11241
topics[2].field.id	https://openalex.org/fields/17
topics[2].field.display_name	Computer Science
topics[2].score	0.9975000023841858
topics[2].domain.id	https://openalex.org/domains/3
topics[2].domain.display_name	Physical Sciences
topics[2].subfield.id	https://openalex.org/subfields/1711
topics[2].subfield.display_name	Signal Processing
topics[2].display_name	Advanced Malware Detection Techniques
is_xpac	False
apc_list
apc_paid
concepts[0].id	https://openalex.org/C10144332
concepts[0].level	3
concepts[0].score	0.9905423521995544
concepts[0].wikidata	https://www.wikidata.org/wiki/Q14645
concepts[0].display_name	Rootkit
concepts[1].id	https://openalex.org/C41008148
concepts[1].level	0
concepts[1].score	0.6249397397041321
concepts[1].wikidata	https://www.wikidata.org/wiki/Q21198
concepts[1].display_name	Computer science
concepts[2].id	https://openalex.org/C74193536
concepts[2].level	2
concepts[2].score	0.5769158601760864
concepts[2].wikidata	https://www.wikidata.org/wiki/Q574844
concepts[2].display_name	Kernel (algebra)
concepts[3].id	https://openalex.org/C111919701
concepts[3].level	1
concepts[3].score	0.4855958819389343
concepts[3].wikidata	https://www.wikidata.org/wiki/Q9135
concepts[3].display_name	Operating system
concepts[4].id	https://openalex.org/C38652104
concepts[4].level	1
concepts[4].score	0.39650237560272217
concepts[4].wikidata	https://www.wikidata.org/wiki/Q3510521
concepts[4].display_name	Computer security
concepts[5].id	https://openalex.org/C541664917
concepts[5].level	2
concepts[5].score	0.3961105942726135
concepts[5].wikidata	https://www.wikidata.org/wiki/Q14001
concepts[5].display_name	Malware
concepts[6].id	https://openalex.org/C33923547
concepts[6].level	0
concepts[6].score	0.06357431411743164
concepts[6].wikidata	https://www.wikidata.org/wiki/Q395
concepts[6].display_name	Mathematics
concepts[7].id	https://openalex.org/C114614502
concepts[7].level	1
concepts[7].score	0.0
concepts[7].wikidata	https://www.wikidata.org/wiki/Q76592
concepts[7].display_name	Combinatorics
keywords[0].id	https://openalex.org/keywords/rootkit
keywords[0].score	0.9905423521995544
keywords[0].display_name	Rootkit
keywords[1].id	https://openalex.org/keywords/computer-science
keywords[1].score	0.6249397397041321
keywords[1].display_name	Computer science
keywords[2].id	https://openalex.org/keywords/kernel
keywords[2].score	0.5769158601760864
keywords[2].display_name	Kernel (algebra)
keywords[3].id	https://openalex.org/keywords/operating-system
keywords[3].score	0.4855958819389343
keywords[3].display_name	Operating system
keywords[4].id	https://openalex.org/keywords/computer-security
keywords[4].score	0.39650237560272217
keywords[4].display_name	Computer security
keywords[5].id	https://openalex.org/keywords/malware
keywords[5].score	0.3961105942726135
keywords[5].display_name	Malware
keywords[6].id	https://openalex.org/keywords/mathematics
keywords[6].score	0.06357431411743164
keywords[6].display_name	Mathematics
language	en
locations[0].id	doi:10.1145/3664476.3670433
locations[0].is_oa	True
locations[0].source
locations[0].license	cc-by
locations[0].pdf_url
locations[0].version	publishedVersion
locations[0].raw_type	proceedings-article
locations[0].license_id	https://openalex.org/licenses/cc-by
locations[0].is_accepted	True
locations[0].is_published	True
locations[0].raw_source_name	Proceedings of the 19th International Conference on Availability, Reliability and Security
locations[0].landing_page_url	https://doi.org/10.1145/3664476.3670433
locations[1].id	pmh:oai:arXiv.org:2408.00500
locations[1].is_oa	True
locations[1].source.id	https://openalex.org/S4306400194
locations[1].source.issn
locations[1].source.type	repository
locations[1].source.is_oa	True
locations[1].source.issn_l
locations[1].source.is_core	False
locations[1].source.is_in_doaj	False
locations[1].source.display_name	arXiv (Cornell University)
locations[1].source.host_organization	https://openalex.org/I205783295
locations[1].source.host_organization_name	Cornell University
locations[1].source.host_organization_lineage	https://openalex.org/I205783295
locations[1].license
locations[1].pdf_url	https://arxiv.org/pdf/2408.00500
locations[1].version	submittedVersion
locations[1].raw_type	text
locations[1].license_id
locations[1].is_accepted	False
locations[1].is_published	False
locations[1].raw_source_name
locations[1].landing_page_url	http://arxiv.org/abs/2408.00500
indexed_in	arxiv, crossref
authorships[0].author.id	https://openalex.org/A5105049395
authorships[0].author.orcid	https://orcid.org/0009-0005-6085-3210
authorships[0].author.display_name	Christoph Dorner
authorships[0].countries	AT
authorships[0].affiliations[0].institution_ids	https://openalex.org/I25485817
authorships[0].affiliations[0].raw_affiliation_string	St. Pölten University of Applied Sciences, Austria
authorships[0].institutions[0].id	https://openalex.org/I25485817
authorships[0].institutions[0].ror	https://ror.org/039a2re55
authorships[0].institutions[0].type	education
authorships[0].institutions[0].lineage	https://openalex.org/I25485817
authorships[0].institutions[0].country_code	AT
authorships[0].institutions[0].display_name	St. Pölten University of Applied Sciences
authorships[0].author_position	first
authorships[0].raw_author_name	Christoph Dorner
authorships[0].is_corresponding	True
authorships[0].raw_affiliation_strings	St. Pölten University of Applied Sciences, Austria
authorships[1].author.id	https://openalex.org/A5053757141
authorships[1].author.orcid	https://orcid.org/0000-0003-3650-9733
authorships[1].author.display_name	Lukas Daniel Klausner
authorships[1].countries	AT
authorships[1].affiliations[0].institution_ids	https://openalex.org/I25485817
authorships[1].affiliations[0].raw_affiliation_string	St. Pölten University of Applied Sciences, Austria
authorships[1].institutions[0].id	https://openalex.org/I25485817
authorships[1].institutions[0].ror	https://ror.org/039a2re55
authorships[1].institutions[0].type	education
authorships[1].institutions[0].lineage	https://openalex.org/I25485817
authorships[1].institutions[0].country_code	AT
authorships[1].institutions[0].display_name	St. Pölten University of Applied Sciences
authorships[1].author_position	last
authorships[1].raw_author_name	Lukas Daniel Klausner
authorships[1].is_corresponding	False
authorships[1].raw_affiliation_strings	St. Pölten University of Applied Sciences, Austria
has_content.pdf	False
has_content.grobid_xml	False
is_paratext	False
open_access.is_oa	True
open_access.oa_url	https://doi.org/10.1145/3664476.3670433
open_access.oa_status	gold
open_access.any_repository_has_fulltext	False
created_date	2025-10-10T00:00:00
display_name	If It Looks Like a Rootkit and Deceives Like a Rootkit: A Critical Examination of Kernel-Level Anti-Cheat Systems
has_fulltext	False
is_retracted	False
updated_date	2025-11-06T03:46:38.306776
primary_topic.id	https://openalex.org/T10917
primary_topic.field.id	https://openalex.org/fields/22
primary_topic.field.display_name	Engineering
primary_topic.score	0.9997000098228455
primary_topic.domain.id	https://openalex.org/domains/3
primary_topic.domain.display_name	Physical Sciences
primary_topic.subfield.id	https://openalex.org/subfields/2207
primary_topic.subfield.display_name	Control and Systems Engineering
primary_topic.display_name	Smart Grid Security and Resilience
related_works	https://openalex.org/W1994712384, https://openalex.org/W4240186231, https://openalex.org/W2166844173, https://openalex.org/W3170525725, https://openalex.org/W1565457235, https://openalex.org/W3089468277, https://openalex.org/W4310805820, https://openalex.org/W2119580333, https://openalex.org/W2354333148, https://openalex.org/W3200236636
cited_by_count	2
counts_by_year[0].year	2025
counts_by_year[0].cited_by_count	1
counts_by_year[1].year	2024
counts_by_year[1].cited_by_count	1
locations_count	2
best_oa_location.id	doi:10.1145/3664476.3670433
best_oa_location.is_oa	True
best_oa_location.source
best_oa_location.license	cc-by
best_oa_location.pdf_url
best_oa_location.version	publishedVersion
best_oa_location.raw_type	proceedings-article
best_oa_location.license_id	https://openalex.org/licenses/cc-by
best_oa_location.is_accepted	True
best_oa_location.is_published	True
best_oa_location.raw_source_name	Proceedings of the 19th International Conference on Availability, Reliability and Security
best_oa_location.landing_page_url	https://doi.org/10.1145/3664476.3670433
primary_location.id	doi:10.1145/3664476.3670433
primary_location.is_oa	True
primary_location.source
primary_location.license	cc-by
primary_location.pdf_url
primary_location.version	publishedVersion
primary_location.raw_type	proceedings-article
primary_location.license_id	https://openalex.org/licenses/cc-by
primary_location.is_accepted	True
primary_location.is_published	True
primary_location.raw_source_name	Proceedings of the 19th International Conference on Availability, Reliability and Security
primary_location.landing_page_url	https://doi.org/10.1145/3664476.3670433
publication_date	2024-07-25
publication_year	2024
referenced_works	https://openalex.org/W1999989039, https://openalex.org/W2754131115, https://openalex.org/W2275408761, https://openalex.org/W1977103239, https://openalex.org/W1972680844, https://openalex.org/W3208426494, https://openalex.org/W1999489595, https://openalex.org/W2953828827
referenced_works_count	8
abstract_inverted_index.a	1, 34
abstract_inverted_index.by	84
abstract_inverted_index.in	6, 115
abstract_inverted_index.of	4, 21, 63, 66, 90, 103, 118, 134
abstract_inverted_index.to	14, 48
abstract_inverted_index.we	51
abstract_inverted_index.Our	87
abstract_inverted_index.and	29, 45, 75, 100, 113, 120, 137
abstract_inverted_index.for	36, 111, 126
abstract_inverted_index.out	59
abstract_inverted_index.the	12, 19, 24, 60, 91, 98, 101, 104, 116, 124, 132
abstract_inverted_index.two	89
abstract_inverted_index.This	106
abstract_inverted_index.four	53, 92
abstract_inverted_index.need	125
abstract_inverted_index.such	85
abstract_inverted_index.that	129
abstract_inverted_index.them	69
abstract_inverted_index.this	9
abstract_inverted_index.user	138
abstract_inverted_index.field	117
abstract_inverted_index.inner	61
abstract_inverted_index.paper	107
abstract_inverted_index.these	64
abstract_inverted_index.types	65
abstract_inverted_index.which	15
abstract_inverted_index.aspect	3
abstract_inverted_index.assess	68
abstract_inverted_index.extent	13
abstract_inverted_index.online	7
abstract_inverted_index.simple	42
abstract_inverted_index.(making	38
abstract_inverted_index.We\nlay	58
abstract_inverted_index.between	27, 40
abstract_inverted_index.crucial	109
abstract_inverted_index.discuss	76
abstract_inverted_index.ethical	77
abstract_inverted_index.gaming,	8
abstract_inverted_index.metrics	47
abstract_inverted_index.privacy	81, 99
abstract_inverted_index.system.	105
abstract_inverted_index.to\nour	71
abstract_inverted_index.and\nthe	79
abstract_inverted_index.consider	131
abstract_inverted_index.critical	2
abstract_inverted_index.defining	46
abstract_inverted_index.evaluate	49
abstract_inverted_index.insights	110
abstract_inverted_index.invasive	31
abstract_inverted_index.possible	80
abstract_inverted_index.rootkits	37
abstract_inverted_index.software	121
abstract_inverted_index.workings	62
abstract_inverted_index.according	70
abstract_inverted_index.carefully	130
abstract_inverted_index.evaluates	11
abstract_inverted_index.integrity	102
abstract_inverted_index.introduce	52
abstract_inverted_index.practices	128
abstract_inverted_index.programs.	86
abstract_inverted_index.rootkits,	22
abstract_inverted_index.software,	67
abstract_inverted_index.software.	32
abstract_inverted_index.solutions	94
abstract_inverted_index.Addressing	0
abstract_inverted_index.anti-cheat	17, 56, 93
abstract_inverted_index.definition	35
abstract_inverted_index.developers	114
abstract_inverted_index.exhibiting	95
abstract_inverted_index.importance	25
abstract_inverted_index.introduced	83
abstract_inverted_index.mechanisms	136
abstract_inverted_index.previously	72
abstract_inverted_index.privacy.\n	139
abstract_inverted_index.properties	20
abstract_inverted_index.protective	28
abstract_inverted_index.solutions.	57
abstract_inverted_index.widespread	54
abstract_inverted_index.established	73
abstract_inverted_index.potentially	30
abstract_inverted_index.researchers	112
abstract_inverted_index.definitions,	74
abstract_inverted_index.distinctions	39
abstract_inverted_index.engineering,	122
abstract_inverted_index.highlighting	23, 123
abstract_inverted_index.intersection	133
abstract_inverted_index.kernel-level	16, 43, 55
abstract_inverted_index.rootkit-like	96
abstract_inverted_index.applications)	44
abstract_inverted_index.cybersecurity	5
abstract_inverted_index.infringements	82
abstract_inverted_index.rootkits\nand	41
abstract_inverted_index.considerations	78
abstract_inverted_index.thus\nprovides	108
abstract_inverted_index.analysis\nshows	88
abstract_inverted_index.such\nsoftware,	50
abstract_inverted_index.systems\nmirror	18
abstract_inverted_index.gaming\nsecurity	119
abstract_inverted_index.of\ndistinguishing	26
abstract_inverted_index.After\nestablishing	33
abstract_inverted_index.effective\nanti-cheat	135
abstract_inverted_index.informed\ndevelopment	127
abstract_inverted_index.paper\nsystematically	10
abstract_inverted_index.behaviour,\nthreatening	97
cited_by_percentile_year.max	95
cited_by_percentile_year.min	90
corresponding_author_ids	https://openalex.org/A5105049395
countries_distinct_count	1
institutions_distinct_count	2
corresponding_institution_ids	https://openalex.org/I25485817
sustainable_development_goals[0].id	https://metadata.un.org/sdg/10
sustainable_development_goals[0].score	0.46000000834465027
sustainable_development_goals[0].display_name	Reduced inequalities
citation_normalized_percentile.value	0.74775614
citation_normalized_percentile.is_in_top_1_percent	False
citation_normalized_percentile.is_in_top_10_percent	False