Detect cheaters

[Zerotistic]

Add a feature to detect flag sharing.

• Option to detect if multiple IPs connect to an account
• Option to detect if users flags lots of challenges in a short amount of time
• Option to detect if flag are shared (it would go hand in hand with the feature to generate random flags talked about in issue Start docker on users' demand #72 )

All of these would create a warning (?) to the admin panel and/or through the bot in a specified channel

[Zerotistic]

After thinking about it:

Option to detect if multiple IPs connect to an account

Users could use a shared VPN to have the same IP address. Should we set up a "weak anti multiple IP" and a "hard anti multiple IP? One that just detects different IPs for the same account, while the latter warns for different IPs + if the IP comes from a server or something similar?

[Zerotistic]

Also, to avoid risking users creating a 2nd account to get a hint for "free"; should we also do detection via IP addresses?
Maybe something similar to behavioral analysis could be done? If a user was to create an account, flag 2-3 challs and then take a hint, we could guess that that account is a 2nd account made to cheat (and lock the account from getting hint, while saying to contact admins ?)

[Zerotistic]

On the same note, to detect user cheating through solution sharing (not flag sharing or 2nd account) we could warn admins in case the user flag a challenge without even downloading the necessary files (if it's a reverse engineering challenge, it's purely impossible). Also, we could (again) do some behavioral analysis: if the author estimates that a good player would take 1h to flag, and it's flagged in 5mins that is most likely a cheater.

[Zerotistic]

What about adding a "cheating score". This way while admins are warned everytime a player is acting suspiciously a "point" is added to their cheating score; it would be an easy way for admin to quickly see who really cheated against who might have just been unlucky once and triggered the anti-cheat. If user-1 has 7 points and user-2 has 1 point in the "cheating score" at the end of the CTF, the user-1 surely cheated, while user-2 is suspicious but not necessarily a cheater.

That would also make it easier for admins who only wants to check prizes winner. They can easily see on the web page and don't have to back-log the warning page.

[Zerotistic]

What about team helping each other ? We could use the KNN algorithm to group together the teams. For each team we create a vector with the norm as the time taken to solve a challenge. With the KNN algorithm we could create groups and see who solved around the same time.

This is far from a good way to detect them, but that could prove to be useful sometimes. If we decide to make it very strict that could also be useful. We could decide to be ok with a high detection level knowing that it'll have a somewhat high false-positive.

[Zerotistic]

On the same note, to detect user cheating through solution sharing (not flag sharing or 2nd account) we could warn admins in case the user flag a challenge without even downloading the necessary files (if it's a reverse engineering challenge, it's purely impossible). Also, we could (again) do some behavioral analysis: if the author estimates that a good player would take 1h to flag, and it's flagged in 5mins that is most likely a cheater.

Also, what about creating an average time the players took to flag and the ones that are far lower from the average (took 10 mins when average was 25mins) get added a cheating point?

[RaxoCoding]

we could even have a cheater scoreboard on the admin page xD