Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Securing Reputation Systems in the Cyber Space
Research sponsored by the National Science Foundation
Yuhong Liu, Yan (Lindsay) Sun
Department of Electrical, Computer, and Biomedical Engineering, University of Rhode Island
Like it or dislike it?
Is the book interesting or not?
Will the seller ship the product on time and as described?
Is the review helpful?
Is the hotel nice to stay?
System Model
Attack Model
Malicious user IDs
Target Entity
Attacker
Control Dishonest Rating
Entity
Rating
Control
User user IDEntity
people (e.g. in eBay), a product (e.g. inAmazon product rating) a piece of digitalinformation (e.g. videoclip at YouTube).
Entity
Why Change Detector?o Most entities have Intrinsic andstable qualityo Rapid changes = Indicators ofanomaly.
Problem Statement
Scenario Modeling
Proposed Schemes
Run from 05/12/2008 to 05/29/2008 Attracted 630+ registered users 70+ universities 750,000+ submissions of attack data
Performance
Consumers are willing to pay at least 20%more for services receiving an “Excellent,”or 5-star, rating than for the same servicereceiving a “Good,” or 4-star, rating.
eBay sellers with established reputationcould expect about 8% more revenue thannew sellers marketing the same goods.
2. Value of online reputation system
4. Defense Objective Identify target entities and malicious users; Eliminate dishonest feedbacks/ratings; Protect reputation scores, so that it can
reflect the real quality of an entity.
3. Manipulations Some eBay users are artificially
boosting their reputation by buying andselling feedbacks;Many small companies provide“reputation boosting” services forsellers at Taobao, which is the largestInternet retail platform in China andhas taken up about 3/4 of the marketshare;
1. What is online reputation system? Collecting evidence about theproperties of individual entities, Analyzing and aggregating theevidence, Disseminating the aggregated results.
Step 1: Change Detector
Step 2: User Correlation Analysis
Step 3: Malicious Users Group Identification
User Group2
Suspicious Userswho rate in thesuspicious interval
User Group1
User Group2
is identified as malicious users group since the average rating of this group changes the object reputation towards the same direction as the attack direction (i.e. boosting, downgrading).
…Testing Data Collection - Cyber Competition
Impact Discussion
To protect the online reputation system against manipulations, TAUCA has: Recognize the target entities under attack accurately; Identify the suspicious time interval, when unfair ratings appear; Distinguish malicious users from normal users, unfair ratings from normal ratings; Recover reputation score for target entities.
As a summary, by detecting attacks and recovering reputation scores, TAUCA helps to ensure online reputation systems, and therefore, provides a more secure and reliable online interaction environment for online participants.
Internet has created vast opportunities for interacting with strangers online