Where to find reliable sources regarding securing games against various hacker attacks and optimizing performance in Unreal Engine?

Hello, I’m currently working on my engineering thesis, and I’m having trouble finding good sources regarding the security of computer games, specifically discussing threats, security strategies, and anti-cheat systems. Additionally, I need information on optimizing games in Unreal Engine, as the documentation is quite challenging to understand. Please note that unauthorized and unreviewed sources (publicly available websites) should not be used.

You won’t necessarily find guides or documentation on cheat prevention. It’s common sense coding standards for the most part.

Never trust the client is rule 1.

1 Like

I’m currently studying cybersecurity, and I need to include something related to it. It’s going to be a real challenge now (and it has to be related to games because I have a game project and the entire thesis is based on it)

99.9% of anti-cheat built into games is simply having the server instance as authority on all things game play related.

If I want to sprint (change movement speed) I do so locally for responsiveness, notify the server. Server applies sprinting and compares end location for the move. If the servers differs (outside margin of error) it forces the client to its location.

That’s just one example. But in general that’s the majority of anti-cheat “in games”. Don’t trust the client, server is the man. Anything gameplay centric is governed by the “servers” code. Health, applied dmg, kills, scoring, inventory, doors, movement etc.

Server-side AC, which is heavily scrutinizing specific client actions is costly. Depending on the game it can drastically increase server costs in order to maintain stable performance.

Outside of that there’s 3rd party AC. Software strictly ran on the client checking for injections, code modifications, kernel/memory manipulation etc.

1 Like

So it turns out that I really don’t have much to write about in this security-related work. Perhaps you have something more interesting that I could write about, and is there any available source on that? I can see that you have some knowledge in this area.

Client-side Prediction & Deterministic Physics are a lot more interesting and there’s a lot of data you can dig through.

1 Like

Thanks, I’ll read about it. So, does this have implications for both cybersecurity and performance optimization, or am I misunderstanding something?

Those are more robust and interesting systems than in-game anti-cheat. Meat and potatoes type of thing.

Now client-side prediction (CSP) is in a way a performance optimization. It increases client side responsiveness. Depends on the implementation though. Each studio/game will have its own interpretation and implementation.

The best reference to it in UE5 is the character movement component. The docs do a good job of laying it all out.


Cyber security wise there’s network encryption to mitigate man-in-the-middle attacks (MiTM)… UE5 → DTLS and AES-GCM.

AGameNetworkManager handles game-specific networking management such as cheat detection (speed hacking), bandwidth management, etc.

Splitting server code from client code. Mainly this is creating modules of classes that will only ship with server builds. Great forum thread covering this.

Outside of this it’s down to your code base logic flow. For example firing a weapon should have flow logic on the client that determines if the event/action can occur at the moment of input. If so the action is executed and an RPC is sent to the server. The server should also run the exact same logic to determine on its own given the current state of the game if the action can occur. If so, do it and deduct ammo. Otherwise do nothing.

e.g. Left mouse input to fire → Is there a weapon equipped, does it have ammo, am I in a state that allows firing of weapons etc etc etc. The server should run the exact same logic.

1 Like

Sounds very interesting, thanks a lot! I will delve deeper into this topic!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.