AI-driven game violation image recognition and data transmission system

By using an AI-driven image recognition system for game violations, which generates visualized evidence through server-side data aggregation and semantic summarization, the system solves the problems of high resource consumption, insufficient detection capabilities, and poor interpretability of evidence in existing technologies. It achieves accurate screening with low resource consumption and an auditable chain of evidence.

CN122273124APending Publication Date: 2026-06-26GUANGZHOU YOUWANG INTERACTIVE NETWORK TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGZHOU YOUWANG INTERACTIVE NETWORK TECH CO LTD
Filing Date
2026-04-20
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing anti-cheat technologies for game graphics suffer from high resource consumption, insufficient detection capabilities for unknown cheats, poor interpretability of evidence, inability to accurately distinguish between legitimate rendered content and illegal overlay content, and high false alarm rates.

Method used

An AI-driven game violation image recognition and data transmission system is adopted. It generates a balance deviation score by aggregating game data on the server side, generates narrow time windows and local candidate region masks around the triggering event, and constructs a self-verifying consistency verification system by combining semantic summarization and pixel acquisition alignment. It generates visual evidence and transmits it in a risk-level classification manner.

Benefits of technology

It achieves accurate screening with low resource consumption, solves the problems of detecting unknown cheats and interpretability of evidence, reduces false alarm rate, forms an auditable chain of evidence, and ensures impartiality.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122273124A_ABST
    Figure CN122273124A_ABST
Patent Text Reader

Abstract

This invention relates to the field of game anti-cheating technology, specifically to an AI-driven system for identifying and transmitting images of game violations. The system first aggregates authoritative game data on the server side, calculates the balance deviation score of attack attempts, filters high-risk triggering events, and limits the evidence collection time window and pixel acquisition area. Next, it extracts legitimate semantic summaries from the game engine rendering chain, generates a predictive structure mask, and identifies semantically uninterpretable illegal overlays by comparing pixel-level differences. Finally, it integrates risk-graded transmitted evidence, and the server completes consistency verification through a homogeneous process. This invention does not rely on the appearance characteristics of cheats, significantly reduces computing power and bandwidth consumption, and provides a complete and auditable evidence chain.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of game anti-cheating technology, and more specifically, to an AI-driven system for identifying and transmitting images of game violations. Background Technology

[0002] With the continuous development of the online game industry, fair competition has become the core cornerstone of the game ecosystem. As a key support for ensuring fair competition, the detection accuracy, operating efficiency and interpretability of evidence of game anti-cheating technology directly affect the game experience and the credibility of the platform.

[0003] Existing anti-cheat technologies for game graphics mostly employ a solution combining full-screen capture with pre-trained cheat feature matching, which has several inherent drawbacks: First, full-pixel capture and real-time recognition consume significant client-side computing power and network bandwidth, making stable deployment across large player bases difficult; second, detection capabilities rely entirely on a database of known cheat appearance features, failing to detect unknown variants, customized cheats, and dynamically modified illegal overlays; third, they only output black-box violation judgments, lacking a traceable chain of evidence, and are unconvincing in resolving player disputes. Furthermore, existing technologies do not effectively utilize the game engine's native rendering semantic information, failing to accurately distinguish between legitimate rendered content and illegal overlays, resulting in a persistently high false positive rate.

[0004] To address the shortcomings of the existing technologies, this invention proposes an AI-driven system for identifying and transmitting images of violations in games. Summary of the Invention

[0005] In view of the shortcomings of existing technologies, the purpose of this invention is to provide an AI-driven system for identifying and transmitting images of violations in games.

[0006] To achieve the above objectives, the present invention provides the following technical solution: AI-driven system for identifying and transmitting images of game violations, including: The game data aggregation and scoring triggering module is used to aggregate game events and status fields from the server side, and generate abnormal scores and locate trigger events based on attack attempt events, hit or kill judgments, relative motion information and visibility status. The event window and region scheduling module is used to generate an evidence collection time window around the triggered event and construct a candidate region mask to limit the pixel acquisition range. The semantic summary output and constraint generation module is used to output semantic summaries of stable interface regions, legal overlays and event-related objects from the engine or rendering link, and generate event conditional semantic constraints and predictive structural masks based on visibility and occlusion status. The pixel acquisition alignment and evidence generation module is used to perform pixel acquisition and rolling caching in the candidate region, and to perform temporal and spatial alignment with the semantic summary to generate a semantically uninterpretable difference mask and difference summary. The risk fusion and evidence transmission verification module is used to fuse abnormal scores and discrepancies in evidence to form a risk classification, encapsulate and transmit evidence packages according to the classification, and reconstruct masks and scores on the server side according to the same rules to complete the consistency verification.

[0007] Furthermore, the match data aggregation and scoring triggering module aggregates and maintains authoritative match data streams on the server side, including at least player identifiers, target identifiers, event time information, logical frame information, attack attempt event markers, hit determination, kill determination, relative distance, relative speed, relative orientation, visibility markers, occlusion ratio estimation, weapon or skill status, and network status summary; the occlusion ratio estimation is obtained by acquiring the projection area of ​​the target within the camera's view frustum, generating a set of sampling points within the projection area, comparing the scene depth at the sampling points with the target surface depth, and statistically analyzing the proportion of occluded sampling points.

[0008] Furthermore, the game data aggregation and scoring triggering module constructs a context vector composed of game state variables for each attack attempt within the sliding event window, performs normalization mapping on continuous state variables, performs deterministic encoding on discrete state variables, and forms a deterministic feature mapping; inputs the feature mapping into the probability model to output the expected hit probability under the corresponding context, trains the probability model based on samples that have been verified by the server as normal games, and performs retraining or calibration when the version rules change.

[0009] Furthermore, the game data aggregation and scoring triggering module also constructs a balanced deviation score based on the deviation between the actual hit label and the expected hit probability within a sliding window with a fixed number of events, and calculates the contribution item for each attack attempt within the window; it categorizes attack attempts related to kill judgment or high-value hits into a candidate set, sorts them by the absolute value of the contribution item to determine the set of trigger events, uses a budget-constrained quantile strategy to determine the trigger threshold to limit the number of trigger events, and outputs the time information, frame information, event type, and participant identifier of the trigger events.

[0010] Furthermore, for each triggered event, the event window and the regional scheduling module generate an evidence collection time window that includes a pre-event information acquisition stage and a post-event feedback stage. The start and end of the evidence collection time window are jointly determined by the coverage constraint and the client's rolling cache backtracking constraint. When the evidence collection time window exceeds the backtracking constraint, the two ends of the time window are trimmed according to the priority of the association strength with the triggered event, and the time window parameters are deterministically selected according to the event type to ensure that the generation of windows for similar events is consistent.

[0011] Furthermore, the event window and region scheduling module also generate candidate region masks within the evidence collection time window. The generation method is as follows: the bounding volume of the event-related object is projected onto the screen coordinates to form the object region according to the camera projection matrix; a local crosshair region is generated according to the crosshair center, the scale of which is obtained by deterministic mapping of the screen resolution and camera field of view parameters; when the occlusion state meets the preset conditions, an occlusion boundary band is formed according to the screen distribution of the occlusion sampling points; after taking the union of the above three regions, the stable interface element region is removed to obtain the candidate region mask, and the candidate region mask and its coordinate system, resolution and scaling information are carried with the evidence package.

[0012] Furthermore, the semantic summary output and constraint generation module outputs semantic summaries at each moment within the evidence collection time window, including at least stable interface element masks, legal interface or overlay masks, masks or object box sets of event-related objects, visibility state variables, occlusion state variables, and semantic protocol version identifiers, and outputs rendering viewport parameters, resolution, and scaling information for mapping the semantic summary coordinate system to the pixel acquisition coordinate system.

[0013] Furthermore, the semantic summary output and constraint generation module also performs morphological expansion to construct a basic interpretable region based on the boundary between the stable interface element mask and the legal interface or overlay mask; it performs gating on the expansion of the boundary of the event-related object according to the visibility and occlusion state quantities, forming a tolerance band for the boundary of the object when the object meets the visibility condition, otherwise expansion is prohibited; the basic interpretable region and the gated object boundary region are merged to form a predictive structure mask, and the scale of the expansion structure element is determined by the upper bound of the coordinate mapping error and the upper bound of the sampling error.

[0014] Furthermore, the pixel acquisition alignment and evidence generation module acquires pixel blocks within the pixel area defined by the candidate region mask and writes them to the rolling buffer; when receiving an evidence collection task, it prioritizes extracting pixel blocks from the rolling buffer, supplements missing intervals with acquisition and labels the missing blocks; it completes temporal alignment according to frame information or minimum time difference and generates alignment confidence markers; it maps the predicted structure mask to pixel coordinates based on coordinate mapping and performs morphological dilation to form a tolerance band; it calculates the gradient magnitude set within the effective calculation area after removing the tolerance band, determines an adaptive threshold based on the quantile function, and extracts structural pixel components above the threshold and located outside the predicted structure mask to generate a difference mask; it performs connected component processing on the difference mask and aggregates and generates window-level difference scores and difference summaries within the evidence collection time window.

[0015] Furthermore, the risk fusion and evidence transmission verification module generates risk values ​​and performs risk classification by configurable fusion parameters from the balance deviation score and window-level difference score. When the alignment confidence is insufficient, it triggers an evidence upgrade path. It constructs a hierarchical evidence payload according to the minimum sufficiency principle. The low-level payload includes at least event identifiers, time window ranges, candidate region descriptions, semantic version identifiers, predicted structure mask related information, difference summaries, and alignment confidence markers. The medium-level payload includes a compressed expression of the difference mask based on the low-level payload. The high-level or disputed payload adds keyframe data of candidate region pixel blocks and corresponding semantic summary indexes as needed. It writes integrity verification fields and rule version fields into the evidence package. After verifying the version, the server reconstructs the predicted structure mask according to the isomorphic process, recalculates the balance deviation score and window-level difference score for consistency comparison, and requests an expanded time window or more keyframe data when there is inconsistency.

[0016] Compared with the prior art, the present invention has the following beneficial effects: 1. This invention employs a trigger-based forensics mechanism based on balanced deviation scores to achieve accurate screening with low resource consumption. It aggregates authoritative game data streams on the server side, calculates the expected hit probability of attack attempts under different contexts, and generates a balanced deviation score. Only kills with significant deviations or high-value hits are used as forensic trigger points. A narrow time window and local candidate region mask are generated around the trigger event, limiting pixel processing and transmission to areas strongly correlated with the event. This mechanism replaces traditional full-image recognition schemes, significantly reducing system computing power and bandwidth consumption. Furthermore, it is based on game behavior logic rather than external cheat appearance, unaffected by cheat style iterations, and naturally forms a behavioral evidence basis for "why focus is on this time period." 2. Constructing a self-verifying consistency verification system at the semantic and pixel levels to solve the challenges of detecting unknown cheats and ensuring the interpretability of evidence. This invention extracts semantic summaries of stable interfaces, legitimate overlays, and event-related objects from the game engine rendering chain. It then combines visibility and occlusion states to generate a predicted structural mask as the boundary of legitimate pixels. By comparing the differences between actual pixels within candidate regions and semantic constraints, it identifies structurally illegal content that is semantically uninterpretable. This method does not require pre-training a cheat feature library and has the ability to detect various forms of illegal overlays. Simultaneously, the generated difference mask and difference summary form visual evidence, which, combined with a server-side isomorphic verification mechanism, ensures the auditability of the evidence chain and the fairness of dispute resolution. Attached Figure Description

[0017] Figure 1 A block diagram of an AI-driven system for recognizing and transmitting images of violations in games. Figure 2 This is a flowchart illustrating the implementation of the event window and area scheduling module of the present invention. Figure 3This is a flowchart illustrating the implementation of the pixel acquisition alignment and evidence generation module of the present invention. Detailed Implementation

[0018] Example, refer to Figure 1 The AI-driven game violation image recognition and data transmission system of this embodiment includes a game data aggregation and scoring triggering module, an event window and area scheduling module, a semantic summary output and constraint generation module, a pixel acquisition alignment and evidence generation module, and a risk fusion and evidence transmission verification module. Mod1, Match Data Aggregation and Scoring Trigger Module: This module is used to filter a small number of high-value evidence targets and key moments based on players' in-game performance, avoiding continuous image recognition of all players. The trigger events and scoring results output by this module will serve as inputs for subsequent window scheduling and semantic constraint generation.

[0019] S11. Data Input and Minimum Event Field Set: The server-side aggregates and maintains authoritative data streams, which include at least the following set of fields, all of which can be determined by the game logic or the server-side: Player ID Target Identifier Event timestamp Logical frame number ; A marker indicating the occurrence of an attack attempt (firing, skill activation, throwing, melee, etc.); Hit detection And kill determination; The relative distance, relative speed, and relative azimuth between the player and the target; Authoritative estimates of visibility markers and occlusion ratios; Discrete states such as weapon or skill type and firing mode; Network status summary (e.g., latency level, jitter level, etc., avoid using hard numbers directly); The determination of the occlusion ratio can be achieved using the following general method: the server or engine obtains the projection area of ​​the target within the camera's view frustum at the moment of the event, and generates uniformly distributed sampling points within this projection area. The number of sampling points can be determined by multiplying the projection area by the preset sampling density, which can be adjusted according to the server's computing power budget. The scene depth and the target surface depth at each sampling point are compared. If the scene depth is greater than the target surface depth, the sampling point is determined to be occluded. The ratio of the number of occluded sampling points to the total number of sampling points is used as the estimated occlusion ratio. This method does not depend on external appearance and can be implemented by engine depth buffering or ray detection. S12. Calculation of conditional expected hit probability: For players The first in the sliding window The attack attempts to construct a context vector. Its elements consist of the game state quantities available in this module. Continuous quantities are normalized, and discrete quantities are deterministically encoded to obtain the feature map. And calculate the expected hit probability in this context. : ; in: This is a sigmoid function, which outputs dimensionless probabilities. It is a dimensionless set of features, obtained by normalizing and encoding the game state variables; The deterministic feature mapping function is implemented as follows: continuous quantities such as relative distance and relative speed are piecewise linearly normalized and mapped to the interval of 0 to 1. The segment points are determined based on the distribution quantiles of the corresponding features in normal game data; discrete quantities such as weapon type and firing mode are encoded with integers, with each discrete state corresponding to a unique integer, ensuring that the same input under the same version will always produce the same output. The model parameter vector can be trained using conventional methods such as log-likelihood maximization or cross-entropy minimization. Training samples can be selected from game data that has been verified as normal by the server, and retraining or calibration can be performed when the rules change due to version updates. The inner product is dimensionless, such that... The dimensions are reasonable; The purpose of this model is to provide a reasonable hit expectation under the current game conditions for subsequent bias normalization, rather than to directly make a violation judgment. S13, Balance Deviation Score and Trigger Event Location: The sliding window uses a fixed number of events. The window size is determined based on the average interval of consecutive attack attempts in a normal game. The window sliding step is one attack attempt, and there are a total of N attack attempts within the window. The actual hit labels are... Constructing the equilibrium deviation fraction : ; in: N represents the number of attack attempts within the window, and its value is determined by the number of events covered by the sliding window; The hit label, with a value of 0 or 1; This represents the expected hit probability. For numerical stability terms, a positive number much less than 1 is chosen. The method for determining this number is to select one that is not less than the floating-point resolution of the implementation platform, and that satisfies the following condition: When the denominator is very close to 0 or 1, it remains positive; both the numerator and denominator are dimensionless, making... It is a dimensionless statistic, which satisfies the requirement of dimension consistency; The event location process is as follows: 1. Calculate the contribution for each attempt within the window. ; 2. Select attempts related to kill detection or high-value hits as a candidate set; 3. Assign events to the candidate set according to... Sort the events from largest to smallest, select the top-ranked events as trigger events e, and determine the number of events selected based on the system's computing power budget. Output the event timestamps. Frame number Event type, participant identifier; Trigger threshold The determination of the quantiles does not use fixed hard numbers, but rather a budget-constrained quantile strategy: statistical analysis is performed on normal game data. The distribution of triggers is used to select the upper quantile that satisfies the system's computing power and bandwidth budget. And keep it consistent throughout the version cycle to facilitate auditing; This module outputs: a set of triggered events, and their corresponding... And event metadata used for window scheduling.

[0020] Mod2, Event Window and Region Scheduling Module: like Figure 2 As shown, the core of transforming abnormal behavior into evidence collection tasks is to generate a short time window around the triggering event and limit the collection to the screen area that is strongly related to the event, thereby reducing the overhead of subsequent pixel processing and transmission.

[0021] S21. Generation of evidence collection time window: For each triggered event Generate evidence collection time window : Window starting point is The destination is ; and The determination follows two types of constraints: coverage constraints and caching constraints. Coverage constraints: The window should cover the aiming and information acquisition phase before the event, as well as the short-term feedback phase after the event. Different event types correspond to different constraints. and For example, the shooting incident It can cover the average duration of the aiming action and the skill release event. It can cover the average duration of skill activation; Cache constraint: The window length cannot exceed the duration that the client-side scroll cache can rewind. If the number of segments exceeds the limit, they will be cropped according to priority, prioritizing the segments more closely related to the event. The cropping order is to crop from both ends of the window towards the event time step by step. The above parameters can be configured by the server and selected deterministically according to the event type, so that similar events generate consistent windows under the same configuration, which is convenient for verification. S22, Candidate Region Mask Generation: Candidate region masks are used to define the pixel acquisition range, and the generation process is as follows: 1. Object Projection: The engine provides a camera projection matrix that aligns the bounding box with the target object's axes. The eight vertices of the bounding box are projected from world coordinates to screen coordinates, and the smallest bounding rectangle of all projected points is taken as the object box. ; 2. Crosshair area: The coordinates of the crosshair center are output by the client or engine. Generates a square local region centered on the crosshair. Its side length We obtain this through deterministic mapping: ,in For screen vertical resolution, The vertical field of view of the camera. This is a scaling factor, which can be determined based on the coverage area of ​​effective information near the crosshair in a normal game. 3. Occlusion Boundary Band: When the event-related state contains significant occlusion, based on the screen distribution of the occluded sampling points, a minimum bounding rectangle enclosing all occluded sampling points is generated, and then extended outward by a fixed width to form the occlusion boundary band. The width can be determined based on the average size ratio of the target object; 4. Merging and Removal: The union of the above regions is used as the initial candidate regions, and the masks of stable HUD regions are removed. The corresponding range is used to obtain the candidate region mask. The stable HUD area refers to the interface element area whose position and shape do not change during the game, and can be predefined by the engine; The mask representation can be a bitmap, a sparse polygon set, or a rectangle set. The system needs to carry coordinate system, resolution, and scaling information in the evidence package to ensure that the server can reconstruct the candidate region. This module outputs: Event Window Frame-by-frame candidate region mask And the necessary coordinate system metadata.

[0022] Mod3, Semantic Summary Output and Constraint Generation Module: The key to providing a legitimate semantic boundary for the generation of subsequent differential evidence lies in generating event conditional semantic constraints that are bound to the triggering event, so that the system can identify structural pixel components that appear outside the semantics without relying on external appearance.

[0023] S31. Minimal output structure for semantic summarization: At every moment within the evidence collection window The engine or rendering pipeline outputs a semantic summary. It must contain at least: : Stable HUD area mask, generated from a fixed interface element area predefined by the engine; : Valid UI layers or valid overlay masks, including dynamically generated UI elements, special effects layers, etc., which are marked and generated by the rendering chain during the rendering process; : A collection of masks or object boxes for the event-related objects, generated by the engine based on the screen projection of the objects; : Visibility state quantity, used to indicate whether an object meets the visibility conditions at this moment. When the occlusion ratio is lower than the preset threshold, it is determined to be visible. The threshold can be determined according to the object visibility determination criteria in normal gameplay. : Occlusion state quantity, used to represent the degree of occlusion, and its value is the occlusion ratio calculated above; Semantic protocol version identifier, used to ensure consistency between constraint generation and review; The coordinate system of the aforementioned mask must be mappable to the pixel acquisition coordinate system. The mapping information can be determined by the resolution, scaling factor, and rendering viewport parameters. The mapping relationship is as follows: ; S32. Event Conditional Semantic Constraints and Predictive Structure Mask Generation: The process for generating event condition semantic constraints is as follows: 1. Construction of fundamental interpretable domains: For and Morphological expansion of the boundary yields the basic part of the region that can be explained by the legal structure; 2. Object boundary interpretability gating: based on and right Gating the boundary interpretability; When an object satisfies the visibility condition, for Morphological expansion of the boundary creates a tolerance zone of a certain width, within which the structure can be interpreted as the boundary of a legitimate object; When an object does not meet the visibility condition or has a high degree of occlusion, it is not... The boundary expands, and stable structures appearing in this region are more likely to be judged as semantically extra-components. 3. Output Predictive Structure Mask: Merge the above basic part with the gated object boundary part to form the predictive structure mask. This represents the region where structural edges are allowed to appear under event conditions; Morphological dilation uses a rectangular structuring element. The scale of the structuring element is determined by the upper bound of the coordinate mapping error and the upper bound of the sampling error. The method is as follows: take the maximum value of the upper bound of the coordinate mapping error and the upper bound of the sampling error, and round it up to obtain the side length of the structuring element. The upper bound of the coordinate mapping error is determined by the resolution and the accuracy of the viewport parameters, and the upper bound of the sampling error is determined by the step size of pixel sampling. It is robust to alignment errors and will not be excessively amplified, leading to missed detections; This module outputs: Frame-by-frame predicted structure mask. and semantic version identifier The data is then transmitted to the differential evidence generation module.

[0024] Mod4, Pixel Acquisition Alignment and Evidence Generation Module: like Figure 3 As shown, pixels are collected within the candidate region and aligned with the semantic summary. Then, a semantically uninterpretable difference mask and difference summary are generated. This module identifies the target from external appearance to semantically uninterpretable structural pixels, thus being equally effective for unknown variants.

[0025] S41, Pixel Acquisition and Scrolling Buffer: The client maintains a rolling cache, which uses a first-in, first-out update strategy. The cache size can cover the longest evidence collection time window, and cache elements must include at least a timestamp. Frame number Candidate region pixel blocks The compressed representation, the corresponding geometric description of the candidate region, and the semantic summary index information; When the server issues an evidence collection task, the client first retrieves it from the cache. The covered pixel blocks; if there are missing ones, the missing intervals are collected in real time, the collection frame rate is consistent with the game running frame rate, and the missing fragments are marked in the evidence package to ensure that the same fault tolerance rules are used when the server reviews them; Pixel Blocks It can be unified to a preset color space and bit depth expression. The compression encoding can be implemented using conventional video intra-frame encoding or image encoding. This invention does not limit the encoder type. S42. Timing Alignment and Spatial Alignment: The alignment process is used to ensure that differences arise from semantic inconsistencies rather than misalignment errors: Timing alignment: Frame sequence is used for one-to-one matching. If only timestamps are available, the minimum time difference is used. Two frames are considered aligned when the time difference is less than a preset threshold, which can be determined based on the game's average frame interval. Alignment confidence is then set. The calculation method is: the ratio of the number of aligned frames to the total number of frames in the evidence collection window, with a value range of 0 to 1; Spatial alignment: Based on resolution and viewport parameters, Mapped to The coordinate system is mapped, and tolerance band expansion is performed after mapping, with the expansion scale consistent with the structural element scale of the aforementioned morphological expansion. S43. Adaptive threshold determination and difference mask generation: To avoid the fixed threshold failing under different image quality and compression intensities, this embodiment adaptively determines the threshold for each frame within the effective calculation area. First in the effective area Internal calculation of gradient magnitude set Then determine the threshold based on the upper quantile: ; in: For pixel blocks at position The gradient operator output is implemented using a 3×3 Sobel operator; The dimensions are consistent with the pixel intensity difference. The output of the quantile function has consistent dimensions; The empirical quantile function is implemented using linear interpolation. This is the tail proportion parameter, representing the percentage of strong edges that are allowed to be retained; The value is determined based on ensuring that the structural edge density meets the system's bandwidth and false alarm budget in normal game segments, and can be deterministically adjusted according to the compression strength level or noise level. In obtaining Post-generation difference mask : ; in: This is an indicator function that outputs a dimensionless binary value. To predict the structure mask, a semantically interpretable structural region is represented; Since both are binary indicators, It is a dimensionless binary mask with consistent dimensions; Then on To improve stability, routine post-processing is performed: 8-connected component analysis is used to extract connected components, and isolated noise points with areas smaller than a preset threshold are removed. The threshold can be determined based on the proportion of the candidate region area. The post-processing parameters are deduced deterministically from the resolution and the candidate region area to ensure reproducibility on different devices. S44. Window-level difference scoring and difference summary generation: To aggregate multi-frame differences into evidence that can be used for risk fusion, a window-level difference score is calculated. : ; in: For the event The set of frames within the evidence collection window. For the number of frames; For efficient calculation, the preferred method is to select... and Difference and elimination This ensures that the statistics only cover the density of differences within semantically uninterpretable regions; It is the dimensionless average density; The difference summary should include at least: the number of connected components, the median and quartiles of the connected component area distribution, a histogram of the main directions of the connected components, cross-frame persistence markers, and the relative first occurrence times. Offset, alignment confidence Cross-frame persistence can be achieved by matching the overlap of connected components in adjacent frames. When the ratio of the overlap area of ​​two connected components in adjacent frames to the area of ​​the smaller connected component is greater than a preset threshold, it is determined that the same connected component persists. The threshold can be determined based on the stability of the structure in normal games, and the rule version identifier is carried in the evidence package for easy server verification. This module outputs: Compressed representation or its keyframe index, difference summary and .

[0026] Mod5, Risk Fusion and Evidence Transmission Review Module: By merging abnormal performance and discrepancy evidence into a final risk and determining the transmission granularity, this module achieves compatibility between normal low load and strong evidence when necessary. It also specifies consistency constraints between the server review path and the client generation path to ensure that the evidence is auditable.

[0027] S51. Risk Integration Assessment: The fusion risk value R is expressed in an interpretable probabilistic form: ; in, To balance the deviation score, Both are dimensionless and represent window-level difference scores. and To integrate the weights, the values ​​are based on the offline verification results of risk ranking and handling strategies meeting the false positive budget on normal game samples and reviewed violation game samples. The verification method is to draw ROC curves, select the weight combination that makes the false positive rate meet the budget requirements, and keep it consistent in the same version cycle. The bias term is used to calibrate the risk distribution to the trigger strength under the system budget constraint. It is determined by calculating the distribution of R on normal game data so that the average R value of normal games is within a preset range; R is a dimensionless probability value. To avoid misjudgment due to alignment uncertainty, in some embodiments, the alignment can be... As a gating condition, it participates in hierarchical decision-making. For example, when the alignment confidence is insufficient, it prioritizes upgrading the evidence collection rather than directly raising the disposal level. This logic belongs to the normal engineering fault tolerance. S52, Graded Evidence Encapsulation and Transmission: Evidence encapsulation follows the principle of minimum sufficiency, outputting different payloads according to risk level. The risk level classification is determined based on the quantile of the R-value, and the selection of quantiles satisfies the system's handling strategy and bandwidth budget. Low-level payload: Upload event identifier, window range, candidate region description, semantic version , , , Difference summary, alignment confidence markers; Medium-level payload: Upload the differential mask compressed representation based on the low-level payload. The compression method can be connected component contour polygon encoding or run-length encoding, and it carries coordinate system information. High-level or controversial payload: Triggers on-demand upgrade backhaul, uploading candidate region pixel blocks from specified keyframes or adjacent frames, along with the corresponding time frame. Index information facilitates server recalculation; The evidence package must include an integrity verification field and a version field. The integrity verification uses a cyclic redundancy check algorithm, and the version field is used to identify the version of the system rules and algorithms, ensuring that the server can recalculate using the same rules. and And perform consistency checks; S53. On-demand upgrades and server consistency verification: The server-side review process and the client-side generation process are identical: 1. Verify semantic version Rebuild with the rules version ; 2. In the same Internal recalculation , and ; 3. Compare the recalculation results with the client summary and mask representation. If the difference is less than the preset threshold, it is judged to be consistent, which improves the credibility of the evidence and enters the handling strategy. If it is inconsistent, it enters a more rigorous review branch, expands the evidence collection window, and the expansion ratio can be determined according to the degree of inconsistency. More key frame pixel data are requested for secondary review. This review mechanism ensures that the evidence chain is interpretable and avoids relying solely on black box classification conclusions.

[0028] Through the detailed description of the above embodiments, the AI-driven game violation image recognition and data transmission system of the present invention constructs a highly efficient, generalized, and auditable game anti-cheating solution through a two-layer collaborative architecture of server-side behavior anomaly scoring and client-side semantic-pixel consistency verification. The system first accurately filters high-value evidence nodes based on game logic data, avoiding resource waste from full-image processing at the source; then, it utilizes the game engine's native semantic information to construct rigid boundaries for legitimate content, overcoming the limitations of traditional solutions that rely on cheat features through difference detection; finally, through hierarchical evidence transmission and server isomorphic verification mechanisms, it forms a complete evidence chain of behavior anomalies, pixel differences, and consistency verification while maintaining operational efficiency. The present invention effectively overcomes the core pain points of existing anti-cheating technologies in terms of resource consumption, detection of unknown variants, and persuasiveness of evidence, providing solid technical support for a fair competitive environment in online games.

[0029] The above formulas are all dimensionless calculations, and the preset parameters in the formulas should be set by those skilled in the art according to the actual situation.

[0030] The above embodiments can be implemented, in whole or in part, by software, hardware, firmware, or any other combination thereof. When implemented using software, the above embodiments can be implemented, in whole or in part, as a computer program product. The computer program product includes one or more computer instructions or computer programs. When the computer instructions or computer programs are loaded or executed on a computer, all or part of the processes or functions described in the embodiments of this application are generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more sets of available media. The available medium can be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium. A semiconductor medium can be a solid-state drive.

[0031] It should be understood that in the various embodiments of this application, the order of the above-mentioned processes does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application.

[0032] Those skilled in the art will recognize that the units and algorithm steps of the various examples described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.

[0033] Those skilled in the art will understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and units described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0034] In the several embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces; the indirect coupling or communication connection between apparatuses or units may be electrical, mechanical, or other forms.

[0035] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0036] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. An AI-driven system for identifying and transmitting images of violations in games, characterized in that, include: The game data aggregation and scoring triggering module is used to aggregate game events and status fields from the server side, and generate abnormal scores and locate trigger events based on attack attempt events, hit or kill judgments, relative motion information and visibility status. The event window and region scheduling module is used to generate an evidence collection time window around the triggered event and construct a candidate region mask to limit the pixel acquisition range. The semantic summary output and constraint generation module is used to output semantic summaries of stable interface regions, legal overlays and event-related objects from the engine or rendering link, and generate event conditional semantic constraints and predictive structural masks based on visibility and occlusion status. The pixel acquisition alignment and evidence generation module is used to perform pixel acquisition and rolling caching in the candidate region, and to perform temporal and spatial alignment with the semantic summary to generate a semantically uninterpretable difference mask and difference summary. The risk fusion and evidence transmission verification module is used to fuse abnormal scores and discrepancies in evidence to form a risk classification, encapsulate and transmit evidence packages according to the classification, and reconstruct masks and scores on the server side according to the same rules to complete the consistency verification.

2. The AI-driven game violation image recognition and data transmission system according to claim 1, characterized in that, The game data aggregation and scoring triggering module aggregates and maintains authoritative game data streams on the server side, including at least player identifiers, target identifiers, event time information, logical frame information, attack attempt event markers, hit determination, kill determination, relative distance, relative speed, relative orientation, visibility markers, occlusion ratio estimation, weapon or skill status, and network status summary. The occlusion ratio is estimated by obtaining the projection area of ​​the target within the camera's view frustum, generating a set of sampling points within the projection area, comparing the scene depth at the sampling points with the target surface depth, and statistically calculating the proportion of occluded sampling points.

3. The AI-driven game violation image recognition and data transmission system according to claim 2, characterized in that, The game data aggregation and scoring triggering module constructs a context vector composed of game state variables for each attack attempt within the sliding event window, performs normalization mapping on continuous state variables, and performs deterministic encoding on discrete state variables to form a deterministic feature mapping. The feature map is input into the probability model, which outputs the expected hit probability in the corresponding context. The probability model is trained based on samples that have been verified by the server as normal games, and retraining or calibration is performed when the version rules change.

4. The AI-driven game violation image recognition and data transmission system according to claim 3, characterized in that, The game data aggregation and scoring triggering module also constructs a balanced deviation score based on the deviation between the actual hit label and the expected hit probability within a sliding window with a fixed number of events, and calculates the contribution item for each attack attempt within the window; it categorizes attack attempts related to kill judgment or high-value hits into a candidate set, sorts them by the absolute value of the contribution item to determine the set of trigger events, uses a budget-constrained quantile strategy to determine the trigger threshold to limit the number of trigger events, and outputs the time information, frame information, event type, and participant identifier of the trigger events.

5. The AI-driven game violation image recognition and data transmission system according to claim 4, characterized in that, For each triggered event, the event window and the regional scheduling module generate an evidence collection time window that includes a pre-event information acquisition stage and a post-event feedback stage. The start and end of the evidence collection time window are jointly determined by the coverage constraint and the client's rolling cache backtracking constraint. When the evidence collection time window exceeds the backtracking constraint, the two ends of the time window are trimmed according to the priority of the association strength with the triggered event, and the time window parameters are deterministically selected according to the event type to ensure that the generation of windows for the same type of event is consistent.

6. The AI-driven game violation image recognition and data transmission system according to claim 5, characterized in that, The event window and region scheduling module also generate candidate region masks within the evidence collection time window. The generation method is as follows: the bounding volume of the event-related object is projected onto the screen coordinates to form the object region according to the camera projection matrix; a local crosshair region is generated according to the crosshair center, and its scale is obtained by deterministic mapping of the screen resolution and camera field of view parameters; when the occlusion state meets the preset conditions, an occlusion boundary band is formed according to the screen distribution of the occlusion sampling points; after taking the union of the above three regions, the stable interface element region is removed to obtain the candidate region mask, and the candidate region mask and its coordinate system, resolution and scaling information are carried with the evidence package.

7. The AI-driven game violation image recognition and data transmission system according to claim 5, characterized in that, The semantic summary output and constraint generation module outputs semantic summaries at each moment within the evidence collection time window, including at least stable interface element masks, legal interface or overlay masks, masks or object box sets of event-related objects, visibility state variables, occlusion state variables, and semantic protocol version identifiers. It also outputs rendering viewport parameters, resolution, and scaling information used to map the semantic summary coordinate system to the pixel acquisition coordinate system.

8. The AI-driven game violation image recognition and data transmission system according to claim 7, characterized in that, The semantic summary output and constraint generation module also performs morphological expansion to construct a basic interpretable region based on the boundary between the stable interface element mask and the legal interface or overlay mask; it performs gating on the expansion of the boundary of the event-related object according to the visibility and occlusion state quantities, forming a tolerance band for the boundary when the object meets the visibility condition, otherwise prohibiting expansion; it merges the basic interpretable region and the gated object boundary region to form a predictive structure mask, and the scale of the expansion structure element is determined by the upper bound of the coordinate mapping error and the upper bound of the sampling error.

9. The AI-driven game violation image recognition and data transmission system according to any one of claims 6 or 8, characterized in that, The pixel acquisition alignment and evidence generation module acquires pixel blocks within the pixel area defined by the candidate region mask and writes them to the rolling buffer; when receiving an evidence collection task, it prioritizes extracting pixel blocks from the rolling buffer, and fills in missing intervals by acquisition and marking the missing parts. Timing alignment is performed based on frame information or minimum time difference, and alignment confidence markers are generated; the predicted structure mask is mapped to pixel coordinates based on coordinate mapping, and morphological dilation is performed to form tolerance bands. The gradient magnitude set is calculated within the effective computational region after removing the tolerance band. An adaptive threshold is determined based on the quantile function. Structural pixel components above the threshold and located outside the predicted structural mask are extracted to generate a difference mask. Connectivity processing is performed on the difference mask, and window-level difference scores and difference summaries are generated within the evidence collection time window.

10. The AI-driven game violation image recognition and data transmission system according to claim 9, characterized in that, The risk fusion and evidence transmission verification module generates risk values ​​and performs risk classification by configurable fusion parameters from the balance deviation score and window-level difference score. When the alignment confidence is insufficient, it triggers the evidence upgrade path. It constructs a hierarchical evidence payload according to the minimum sufficiency principle. The low-level payload includes at least event identifier, time window range, candidate region description, semantic version identifier, predicted structure mask related information, difference summary, and alignment confidence mark. The medium-level payload includes a compressed expression of the difference mask on the basis of the low-level payload. The high-level or disputed payload adds keyframe data of candidate region pixel blocks and corresponding semantic summary indexes as needed. The integrity verification field and rule version field are written into the evidence package. After verifying the version, the server reconstructs the predicted structure mask according to the isomorphic process, recalculates the balance deviation score and window-level difference score for consistency comparison. If there is inconsistency, it requests an expanded time window or more keyframe data.