Results 1 - 10
of
111
A Survey of Attack and Defense Techniques for Reputation Systems
"... Reputation systems provide mechanisms to produce a metric encapsulating reputation for a given domain for each identity within the system. These systems seek to generate an accurate assessment in the face of various factors including but not limited to unprecedented community size and potentially ad ..."
Abstract
-
Cited by 104 (3 self)
- Add to MetaCart
(Show Context)
Reputation systems provide mechanisms to produce a metric encapsulating reputation for a given domain for each identity within the system. These systems seek to generate an accurate assessment in the face of various factors including but not limited to unprecedented community size and potentially adversarial environments. We focus on attacks and defense mechanisms in reputation systems. We present an analysis framework that allows for general decomposition of existing reputation systems. We classify attacks against reputation systems by identifying which system components and design choices are the target of attacks. We survey defense mechanisms employed by existing reputation systems. Finally, we analyze several landmark systems in the peer-to-peer domain, characterizing their individual strengths and weaknesses. Our work contributes to understanding 1) which design components of reputation systems are most vulnerable, 2) what are the most appropriate defense mechanisms and 3) how these defense mechanisms can be integrated into existing or future reputation systems to make them resilient to attacks.
Low-resource routing attacks against anonymous systems
, 2007
"... Overlay mix-networks are widely used to provide lowlatency anonymous communication services. It is generally accepted that, if an adversary can compromise the endpoints of a path through an anonymous mix-network, then it is possible to ascertain the identities of a requesting client and the respondi ..."
Abstract
-
Cited by 36 (3 self)
- Add to MetaCart
(Show Context)
Overlay mix-networks are widely used to provide lowlatency anonymous communication services. It is generally accepted that, if an adversary can compromise the endpoints of a path through an anonymous mix-network, then it is possible to ascertain the identities of a requesting client and the responding server. However, theoretical analyses of anonymous mix-networks show that the likelihood of such an end-to-end attack becomes negligible as the network size increases. We show that if the mixnetwork attempts to optimize performance by utilizing a preferential routing scheme, then the system is highly vulnerable to attacks from non-global adversaries with only a few malicious servers. We extend this attack by exploring methods for lowresource nodes to be perceived as high-resource nodes by reporting false resource claims to centralized routing authorities. To evaluate this attack on a mature and representative system, we deployed an isolated Tor network on the PlanetLab testbed. We introduced low-resource malicious nodes that falsely gave the illusion of high-performance nodes, which allowed them to be included on a disproportionately high number of paths. Our results show that our malicious low-resource nodes are highly effective at compromising the end-to-end anonymity of the system. We present several extensions to this general attack that further improve the performance and minimize the resources required. In order to mitigate low-resource nodes from exploiting preferential routing, we present several methods to verify resource claims, including a distributed reputation system. Our attacks suggest what seems be a fundamental problem in multi-hop systems that attempt to simultaneously provide anonymity and high-performance.
Making P2P accountable without losing privacy
- In Proc. Workshop on Privacy in the Electronic Society (wpes), Oct. 2007. (Referenced on pages 127 and 130
"... Peer-to-peer systems have been proposed for a wide variety of applications, including file-sharing, web caching, distributed computation, cooperative backup, and onion routing. An important motivation for such systems is self-scaling. That is, increased participation increases the capacity of the sy ..."
Abstract
-
Cited by 25 (8 self)
- Add to MetaCart
(Show Context)
Peer-to-peer systems have been proposed for a wide variety of applications, including file-sharing, web caching, distributed computation, cooperative backup, and onion routing. An important motivation for such systems is self-scaling. That is, increased participation increases the capacity of the system. Unfortunately, this property is at risk from selfish participants. The decentralized nature of peer-to-peer systems makes accounting difficult. We show that e-cash can be a practical solution to the desire for accountability in peerto-peer systems while maintaining their ability to self-scale. No less important, e-cash is a natural fit for peer-to-peer systems that attempt to provide (or preserve) privacy for their participants. We show that e-cash can be used to provide accountability without compromising the existing privacy goals of a peer-to-peer system. We show how e-cash can be practically applied to a file sharing application. Our approach includes a set of novel cryptographic protocols that mitigate the computational and communication costs of anonymous e-cash transactions, and system design choices that further reduce overhead and distribute load. We conclude that provably secure, anonymous, and scalable peer-to-peer systems are within reach.
Reputation bootstrapping for trust establishment among web services, Internet Comput
, 2009
"... Reputation systems rely on past information to establish trust among unknown participants. Reputation bootstrapping, i.e., assessing the reputations of newly deployed Web services (newcomers), is a major issue in service-oriented environments as no historical information may be present about newcome ..."
Abstract
-
Cited by 22 (1 self)
- Add to MetaCart
(Show Context)
Reputation systems rely on past information to establish trust among unknown participants. Reputation bootstrapping, i.e., assessing the reputations of newly deployed Web services (newcomers), is a major issue in service-oriented environments as no historical information may be present about newcomers. We present different techniques to bootstrap the reputation of newcomers in a service-oriented environment in a fair and accurate manner. We also present experiment results that evaluate the proposed techniques. 1
A Social Network-Based Recommender System (SNRS)
"... Abstract. Social influence plays an important role in product marketing. However, it has rarely been considered in traditional recommender systems. In this paper we present a new paradigm of recommender systems which can utilize information in social networks, including user preferences, item's ..."
Abstract
-
Cited by 19 (0 self)
- Add to MetaCart
(Show Context)
Abstract. Social influence plays an important role in product marketing. However, it has rarely been considered in traditional recommender systems. In this paper we present a new paradigm of recommender systems which can utilize information in social networks, including user preferences, item's general acceptance, and influence from social friends. A probabilistic model is developed to make personalized recommendations from such information. We extract data from a real online social network, and our analysis of this large dataset reveals that friends have a tendency to select the same items and give similar ratings. Experimental results on this dataset show that our proposed system not only improves the prediction accuracy of recommender systems but also remedies the data sparsity and coldstart issues inherent in collaborative filtering. Furthermore, we propose to improve the performance of our system by applying semantic filtering of social networks, and validate its improvement via a class project experiment. In this experiment we demonstrate how relevant friends can be selected for inference based on the semantics of friend relationships and finer-grained user ratings. Such technologies can be deployed by most content providers. 1
SocialFilter: Introducing Social Trust to Collaborative Spam Mitigation
"... Centralized email reputation services that rely on a small number of trusted nodes to detect and report spammers, e.g., [1, 5, 6], are being challenged by the increasing scale and sophistication of botnets. Moreover, several of these ..."
Abstract
-
Cited by 18 (0 self)
- Add to MetaCart
(Show Context)
Centralized email reputation services that rely on a small number of trusted nodes to detect and report spammers, e.g., [1, 5, 6], are being challenged by the increasing scale and sophistication of botnets. Moreover, several of these
Postmodern Internetwork Architecture
, 2006
"... Network-layer innovation has proven surprisingly difficult, in part because internetworking protocols ignore competing economic interests and because a few protocols dominate, enabling layer violations that entrench technologies. Many shortcomings of today’s internetwork layer result from its inflex ..."
Abstract
-
Cited by 14 (4 self)
- Add to MetaCart
(Show Context)
Network-layer innovation has proven surprisingly difficult, in part because internetworking protocols ignore competing economic interests and because a few protocols dominate, enabling layer violations that entrench technologies. Many shortcomings of today’s internetwork layer result from its inflexibility with respect to the policies of the stakeholders: users and service providers. The consequences of these failings are well-known: various hacks, layering violations, and overloadings are introduced to enforce policies and attempt to get the upper hand in various “tussles”. The result is a network that is increasingly brittle, hostile to innovation, vulnerable to attack, and insensitive to concerns about accountability and privacy. Our project aims to design, implement, and evaluate through daily use a minimalist internetwork layer and auxiliary functionality that anticipates tussles and allows them to be played out in policy space, as opposed to in the packet-forwarding path. We call our approach postmodern internetwork architecture, because it is a reaction against many established network layer design concepts. The overall goal of the project is to make a larger portion of the network design space accessible without sacrificing the economy of scale offered by the unified Internet. We will use the postmodern architecture to explore basic architectural questions. These include: • What mechanisms should be supported by the network such that any foreseeable policy requirement can be
Social network analysis and mining for business applications
- ACM Trans. Intell. Syst. Technol
"... Social network analysis has gained significant attention in recent years, largely due to the success of online social networking and media-sharing sites, and the consequent availability of a wealth of social network data. In spite of the growing interest, however, there is little understanding of th ..."
Abstract
-
Cited by 14 (1 self)
- Add to MetaCart
Social network analysis has gained significant attention in recent years, largely due to the success of online social networking and media-sharing sites, and the consequent availability of a wealth of social network data. In spite of the growing interest, however, there is little understanding of the potential business applications of mining social networks. While there is a large body of research on different problems and methods for social network mining, there is a gap between the techniques developed by the research community and their deployment in real-world applications. Therefore the potential business impact of these techniques is still largely unexplored. In this article we use a business process classification framework to put the research topics in a business context and provide an overview of what we consider key problems and techniques in social network analysis and mining from the perspective of business applications. In particular, we discuss data acquisition and preparation, trust, expertise, community structure, network dynamics, and information propagation. In each case we present a brief overview of the problem, describe state-of-the art approaches, discuss business application examples, and map each of the topics to a business process classification framework. In addition, we provide insights on prospective business applications, challenges, and future research directions. The main contribution of this article is to provide a state-of-the-art overview of current techniques while providing a critical perspective on business applications of social network analysis and mining.
Reptrap: a novel attack on feedback-based reputation systems, in
- Proc. 4th international conference on Security and privacy in communication netowrks,
, 2008
"... ABSTRACT Reputation systems are playing critical roles in securing today's distributed computing and communication systems. Similar to all other security mechanisms, reputation systems can be under attack. In this paper, we report the discovery of a new attack, named RepTrap, against feedback- ..."
Abstract
-
Cited by 13 (0 self)
- Add to MetaCart
(Show Context)
ABSTRACT Reputation systems are playing critical roles in securing today's distributed computing and communication systems. Similar to all other security mechanisms, reputation systems can be under attack. In this paper, we report the discovery of a new attack, named RepTrap, against feedback-based reputation systems, such as those used in P2P file-sharing systems and E-commerce websites (e.g. Amazon.com). We conduct an in-depth investigation on this new attack, including analysis, case study, and performance evaluation based on real data and realistic user behavior models. We discover that the RepTrap is a strong and destructive attack that can manipulate the reputation scores of users, objects, and even undermine the entire reputation system. Compared with other known attacks that achieve the similar goals, the RepTrap requires less effort from the attackers and causes multi-dimensional damage to the reputation systems.
The Complex Facets of Reputation and Trust
- Invited Paper. Intl. Conf. on Computational Intelligence
"... Summary. Trust and reputation systems have proven to be essential to enforcing cooperative behavior in peer-to-peer networks. We briefly describe the current approaches to building reputation systems: social networks formation, probabilistic estimation and game theoretic models. We then observe that ..."
Abstract
-
Cited by 8 (2 self)
- Add to MetaCart
(Show Context)
Summary. Trust and reputation systems have proven to be essential to enforcing cooperative behavior in peer-to-peer networks. We briefly describe the current approaches to building reputation systems: social networks formation, probabilistic estimation and game theoretic models. We then observe that all of the current models make a number of simplifying assumptions that may not necessarily hold in real networks, such as either irrational (probabilistic) or completely rational behavior, instant propagation of reputation information and homogeneity of interactions. We argue that dropping those assumptions and allowing more degrees of freedom is necessary in order to construct more realistic and rich reputation models. We support our argument by citing reputation research done in economics, evolutionary psychology, biology and sociology and and consider models that take into account adaptive behavior changes, co-evolution of behaviors, bounded rationality and variable interaction patterns. We then outline how those complexities can be dealt with and point out main directions for the future study of more realistic and less constrained reputation models that can potentially lead to construction of more secure, responsive and cooperative peer-to-peer systems. 1
