An Eigentrust dynamic evolutionary model in P2P file-sharing systems

Many reputation systems have been proposed to distinguish malicious peers and to ensure the quality of the service in P2P file sharing systems. Most of those reputation systems implicitly assumed that normal peers are always altruistic and provide their resources unconditionally when requested. However, as independent decision makers in real networks, peers can be completely altruistic (always cooperative, ALLC), purely selfish (always defective, ALLD), or reciprocal (R). In addition, those systems do not provide an effective method to reduce free-riders in P2P networks. To address these two problems, in this paper, we propose an EigenTrust evolutionary game model based on the renowned EigenTrust reputation model. In our model, we use evolutionary game theory to model strategic peers and their transaction behaviors, which is close to the realistic scenario. Many experiments have been designed and performed to study the evolution of strategies and the emergence of cooperation under our proposed EigenTrust evolutionary model. The simulation results showed that rational users are inclined to cooperate (enthusiastically provide resources to other peers) even under some conditions in which malicious peers try to destroy the system.     

参与式感知系统中用户累积行为信誉计算

参与式感知系统中,由于感知数据质量可能受参与者影响,提出了基于用户累积行为的信誉计算模型以帮助选择可信赖用户.针对感知环境中用户群体的广泛性及核心用户的不确定性,该模型采用OPTICS聚类算法定义用户场景并划分行为数据集,建立用户累积行为信誉计算模型,同时引入时间戳标记信息抛弃部分旧行为以更新用户信誉.实验表明,该信誉...     

A reputation system for e-marketplaces based on pairwise comparison

Implementing a reputation system is an effective strategy to facilitate trust and security in an online environment. In addition to that, reputation systems can help online customers through decision-making process. However, in real-world situations, these systems have to deal with plenty of problems and challenges. This paper aims to solve four problems that are common to reputation systems in e-marketplaces, namely the subjectivity of ratings, inequality of transactions, multi-context reputation and dynamic behavior of users. The proposed model starts with the pairwise comparison, which is a powerful tool for removing bias from ratings. Then, we extend the concept of pairwise comparison to contests between users. A pairwise comparison has only a winner and a loser, but we can associate a score differential with a pairwise comparison when we consider it as a match. This score differential is adjusted in a way that three other problems can be solved. We implemented our model in a multi-agent simulation in which real-world data were also incorporated. We compared our model with some of previous reputation systems. Experiments show that our model outperforms previous ones when faced with real-world challenges.     

Self-nominating trust model based on hierarchical fuzzy systems for peer-to-peer networks

Security is a critical constraint for the expansion of Peer-to-Peer (P2P) networks. The autonomy, dynamic and distribution natures benefit both valid and malicious users and also lead that P2P networks are extremely susceptible to malicious users. Exploiting a reputation-based trust model is a feasible solution in such an open environment to build trust relationship among peers. While most of existing trust models focus on restraining the abuse and malicious attacks, intentions and sharing capabilities of peers are mostly ignored. In this paper, we present a self-nominating trust model based on hierarchical fuzzy systems to quantify the behaviors of peers. The reputation is defined based on eight factors, where three promising factors are provided by resource holders to demonstrate their desires, and four capability factors are recorded by requesters to identify the provider’s service capability. The approach degree based updating recommendation is deployed to aggregate the global trust metrics. Experimental results illustrate that our trust model effectively improves the efficiency and security of P2P systems.     

TRIMS,a privacy-aware trust and reputation model for identity management systems

Electronic transactions are becoming more important everyday. Several tasks like buying goods, booking flights or hotel rooms, or paying for streaming a movie, for instance, can be carried out through the Internet. Nevertheless, they are still some drawbacks due to security threats while performing such operations. Trust and reputation management rises as a novel way of solving some of those problems. In this paper we present our work TRIMS (a privacy-aware trust and reputation model for identity management systems), which applies a trust and reputation model to guarantee an acceptable level of security when deciding if a different domain might be considered reliable when receiving certain sensitive user’s attributes. Specifically, we will address the problems which surfaces when a domain needs to decide whether to exchange some information with another possibly unknown domain to effectively provide a service to one of its users. This decision will be determined by the trust deposited in the targeting domain. As far as we know, our proposal is one of the first approaches dealing with trust and reputation management in a multi-domain scenario. Finally, the performed experiments have demonstrated the robustness and accuracy of our model in a wide variety of scenarios.     

Evolution of cooperation in reputation system by group-based scheme

Reputation systems are very useful in large online communities in which users may frequently have the opportunity to interact with users with whom they have no prior experience. Recently, how to enhance the cooperative behaviors in the reputation system has become to one of the key open issues. Emerging schemes focused on developing efficient reward and punishment mechanisms or capturing the social or economic properties of participants. However, whether this kind of method can work widely or not has been hard to prove until now. Research in evolutionary game theory shows that group selection (or multilevel selection) can favor the cooperative behavior in the finite population. Furthermore, some recent works give fundamental conditions for the evolution of cooperation by group selection. In the paper, we extend the original group selection theory and propose a group-based scheme to enhance cooperation for online reputation systems. Related concepts are defined to capture the social structure and ties among participants in reputation system, e.g., group, assortativity, etc. Also, we use a Fermi distribution function to reflect the bounded rationality of participants and the existence of stochastic factors in evolutionary process. Extended simulations show that our scheme can enhance cooperation and improve the average performance of participants (e.g. payoff) in reputation system.     

Behavior-based reputation management in P2P file-sharing networks

Trust research has become a key issue in the last few years as a novel and valid solution to ensure the security and application in peer-to-peer (P2P) file-sharing networks. The accurate measure of trust and reputation is a hard problem, most of the existing trust mechanisms adopt the historical behavior feedback to compute trust and reputation. Thus exploring the appropriate transaction behavior becomes a fundamental challenge. In P2P system, each peer plays two roles: server and client with responsibility for providing resource service and trust recommending respectively. Considering the resource service behavior and trust recommending behavior of each peer, in this paper, we propose a new trust model adopting the technology to calculate eigenvectors of trust rating and recommending matrices. In our model, we define recommended reputation value to evaluate the resource service behavior, and recommending reputation value to evaluate the trust recommendation behavior. Our algorithm would make these two reputation values established an interrelated relation of reinforcing mutually. The normal peers provide authentic file uploading services, as well as give correct trust recommendation, so they can form a trusted and cooperative transaction community via the mutual reinforcement of recommended and recommending reputation values. In this way, the transaction behaviors of those malicious peers are isolated and confined effectively. Extensive experimental results also confirm the efficiency of our trust model against the threats of exaggeration, collusion, disguise, sybil and single-behavior.     

Modeling access control for cyber-physical systems using reputation

The emergence of Cyber-Physical Systems (CPSs) heralds the ubiquitous and autonomous globally interconnected networks of embedded devices with their own means of interaction with the physical environment. The complex interactions with the physical environment significantly increase security risks. Especially, for mission-critical CPSs, sensitive data are closely related to security issues and are accessed only by authorized users. Role based access control is an essential component for protecting CPSs from unauthorized access. However, existing mechanisms are inadequate. We argue that role assignment should not depend on the remaining energy of a node but its reputation. This paper proposes a role-based access control model, R2BAC, for CPSs using reputation. The definitions and evaluation metrics of trust and reputation are given in order to evaluate the behavior of the nodes. Then reputation evaluation scheme and role assignment scheme are presented, respectively. In addition, we give the proofs of correctness and complexity analysis for R2BAC. Eventually, a wide set of simulations are provided to evaluate its performance.     

基于IPFIX的用户网络行为分析系统模型研究

网络行为分析是网络安全领域的研究热点。论文以用户使用网络资源产生的流量为依据,对用户的网络行为进行了分类,然后基于正在标准化中与设备不相关的IP数据流信息输出（IPFIX）协议,提出了一种用户网络行为分析系统模型,研究了模型中采集点、收集器、分析器的关键技术,并对模型的性能进行了分析。该系统模型具有良好的灵活性和扩展性,并且易于实现,对于网络检测、异常行为发现,以及网络整体规划、网络资源利用等方面都有着重要的意义。     

基于系统先决条件的授权模型研究

用户角色授权模型URA97（user role assignment 97）中，角色指派和撤销机制定义的先决条件（prerequisite conditions,PC)只约束被授权用户已经拥有的角色，而不约束系统中其他用户拥有的角色，因而会引起授权冲突，存在严重的缺陷。基于系统先决条件的授权模型（SPC－based authorization model,SBAM）提出了系统先决条件（system PC,SPC)的概念，并基于SPC定义了新的角色指派和撤销机制，从而克服了URA97的缺陷，能够正确地实施安全政策，更好地满足实际的安全要求。     

基于反馈相关性的P2P网络信任模型

用户对P2P网络安全性的需求刺激了信任模型的发展。在分析现有信任模型的基础上,提出了基于反馈相关性的动态信任模型—CoDyTrust。其在时间帧的基础上,采用虚假信任过滤机制和信任聚合机制,并在信任值计算中引入信任相关系数、信任遗忘因子、滥用信任值和推荐信任度等,通过反馈控制机制动态调节这些模型因子,在准确评价节点对不同资源信任的同时,实现网络中恶意行为检测。比较分析结果表明,CoDyTrust能够更好地反映网络中节点行为,准确检测恶意节点,有效抵御振荡、撒谎和合谋等攻击。     

Security threats scenarios in trust and reputation models for distributed systems

Trust and reputation management over distributed systems has been proposed in the last few years as a novel and accurate way of dealing with some security deficiencies which are inherent to those environments. Thus, many models and theories have been developed in order to effective and accurately manage trust and reputation in those communities. Nevertheless, very few of them take into consideration all the possible security threats that can compromise the system. In this paper, we present some of the most important and critical security threats that could be applied in a trust and reputation scheme. We will describe and analyze each of those threats and propose some recommendations to face them when developing a new trust and reputation mechanism. We will also study how some trust and reputation models solve them. This work expects to be a reference guide when designing secure trust and reputation models.     

Sorcery: Overcoming deceptive votes in P2P content sharing systems

Deceptive voting behaviors of malicious users are known as the main reason of causing content pollution in Peer-to-Peer (P2P) content sharing systems. Due to the nature of P2P overlay network such as self-organization and anonymity, the existing methods on identifying deceptive votes are not effective, especially for collusive attackers. This paper presents Sorcery, a novel active challenge-response mechanism based on the notion that one side of interaction with the dominant information can detect whether the other side is telling a lie. To make each client obtain the dominant information, our approach introduces the social network to the P2P content sharing system; therefore, clients can establish the friend-relationships with the users who are either acquaintances in reality or those reliable online friends. Using the confidential voting histories of friends as own dominant information, the client challenges target content providers with the overlapping votes of both his friends and the target content provider, thus detecting whether the content provider is a deceptive user. Moreover, Sorcery provides the punishment mechanism which can reduce the impact brought by deceptive voting behaviors, and our work also discusses some key practical issues. The experimental results illustrate that Sorcery can effectively overcome the problem of deceptive voting behaviors in P2P content sharing systems, and work better than the existing reputation models.     

A trusted consensus fusion scheme for decentralized collaborated learning in massive IoT domain

In a massive IoT systems, large amount of data are collected and stored in clouds, edge devices, and terminals, but the data are mostly isolated. For many new demands of various intelligent applications, self-organized collaborated learning on those data to achieve group decisions has been a new trend. However, in order to reach the goal of group decisions, trust problems on data fusion and model fusion should be solved since the participants may not be trusted. We propose a consistent and trust fusion method with the consortium chain to reach a consensus, and complete the self-organized trusted decentralized collaborated learning. In each consensus process, consensus candidates check others’ trust levels to ensure that they tends to fuse consensus with users with high trust, where the trust levels are evaluated by scores according to their historical behaviors in the past consensus process and stored in the public ledger of blockchain. A trust rewards and punishments method is designed to realize trust incentive consensus, the candidates with higher trust levels have more rights and reputation in the consensus. Simulation results and security analysis show that the method can effectively defend malicious users and data, improve the trust perception performance of the whole federated learning network, and make the federated learning more trusted and stable.     

认知无线网络中基于信誉度管理的动态频谱接入研究

随着无线服务和相关设备的飞速发展,认知无线网络中特有频谱稀缺问题越来越引起研究者的重视。在集中式认知无线网络中,次级用户基站SUBS作为融合中心,通过收到周围的次级用户的感知信息来分配频谱资源。然而,环境的易变性使次级用户容易受到攻击从而影响次级用户感知信息,导致网络频谱资源分配错误。引入信誉度模型来表现次级用户在认知循环中的行为规范,在分配频谱阶段将信誉度作为评定标准,鼓励次级用户积极感知及规范运行。在感知阶段,次级用户感知信道数越多,感知信息越正确,其信誉度越高。在运行阶段,次级用户行为越符合网络规范,则信誉度越高。仿真结果表明,论文模型可以很好地减少次级用户基站的错误决策次数,提高其抗攻击性,同时使得网络在很好地分配资源的同时鼓励整个网络行为积极化。     

一种个性化域名信誉评价机制

域名解析是互联网信息服务的前提,但目前关于域名信誉评价的相关研究却尚不成熟。针对域名服务的复杂性、恶意攻击的普遍性以及用户需求的多样性等问题,提出了一种个性化域名信誉评价机制。主要贡献在于：(1)提出了基于多元指标的域名信誉评价框架;(2)设计了抵御恶意攻击的信誉计算模型,提高了计算精度和适应能力;(3)参考用户个人偏好区分域名类型,为用户选择偏好域名提供依据,优化用户体验。实验结果表明,该机制能准确反映域名的信誉状况,排除恶意评价的影响,并根据域名信誉值和用户个人偏好选择个性化域名服务,提升用户满意度。     

Zero is hero: Round number effects on knowledge-sharing platforms

With the inherent public goods problem embedded in knowledge-sharing platforms, various incentive mechanisms have been implemented, most of which are in the form of gamified elements. Among those motivating elements, reputation points are the most direct feedback about individuals’ contribution effort, which use numerical units indicating progress. Although some research has found that points can incentivize users to contribute, empirical evidence regarding the influential patterns of such numerical units remains limited. Drawing on numerical cognition literature that an individual's evaluation and judgments may be influenced by certain numerical cues, we particularly focus on the round number bias on knowledge-sharing platforms. Several hypotheses regarding users’ behavioral changes when their accumulated points approach round numbers have been proposed, including their contribution level, contribution quality, and writing style. By analyzing data collected from StackOverflow.com, we find that users perceive round numbers as category boundaries or endpoints and crossing such boundaries can motivate aspirational behaviors. Concretely, users significantly increase their post frequency and length, and write answers with more function words and second-person pronouns. Meanwhile, their posts will be more likely to be accepted as the best answers and gain more votes. We also explore the moderating effects of advanced explicit incentives and numbers’ magnitude. Theoretically, our research contributes to a body of literature on knowledge-sharing platform incentive mechanisms to motivate users’ contributions and sheds light on the utilization of numerical cues to guide individuals’ behaviors in user-generated-content (UGC) provision context.     

A reputation assessment model for trustful service recommendation

Nowadays, software systems are mainly Web front-based, Cloud-deployed and accessible by a wide audience over the Internet. These online systems commonly rely on Service-oriented Architecture principles, where they are built as orchestrations of RESTful (and in some rare cases as SOAP-based) services. Integrating new services in an existing orchestration is a challenging and risky task because trustworthiness of these services is not guaranteed throughout their lifetime. Reputation of services is a good indicator about the overall quality of services, because it reflects consumer satisfaction regarding the service-offered functionality and quality. Thus, reputation of services could be considered in the selection and recommendation of trustworthy services. In this paper, we present a framework for the management of web service reputation to conduct a better service recommendation. We present a reputation assessment model that aggregates fair user feedback ratings. The model includes a mechanism that prevents the introduction of malicious feedback ratings, by penalizing detected specious users. In addition, this framework includes a bootstrapping technique for estimating reputation of newcomer services based on neighbor similarity and initial advertised QoS. A set of experiments has been conducted to evaluate the effectiveness of the proposed framework. The results of these experiments highlighted the potential of our framework. These are presented at the end of the paper.     

Autonomic-computing approach to secure knowledge management: a game-theoretic analysis

The explosion of knowledge management systems (KMS) and the need for their wide accessibility and availability has created an urgent need for reassessing the security practices and policies in organizations. Security of these assets is a day-to-day job placing a tremendous cognitive load on information-technology (IT) professionals, which can make it almost impossible to manage the security aspects of KMS. Autonomic-computing systems are well suited to manage KMS, as they use high-level system objectives provided by administrators as the basis for managing the security of KMS. The authors model the self-protection and self-healing configuration attributes in autonomic systems through game-theoretic models. The proposed modeling approach progressively moves from a manual intervention-oriented security setup to an autonomic security setup. This allows the authors to compare and contrast the different approaches and provide insights on their applicability to different security environments. The authors find that moving to a partial autonomic system with self-healing mechanisms can provide a stable environment for securing enterprise knowledge assets and can reduce hacking. It is beneficial to implement an autonomic system when manual investigation costs are higher and/or when the volume of malicious traffic is very low. An autonomic approach is especially attractive when it is difficult to impose penalties on malicious users. Autonomic systems can be effective in securing organizational knowledge assets and in reducing the potential damage from malicious users.