The Community for Technology Leaders
RSS Icon
Issue No.12 - December (2010 vol.22)
pp: 1766-1780
Qinyuan Feng , Peking University, Beijing
Yan Lindsay Sun , University of Rhode Island, Kingston
Ling Liu , Georgia Institute of Technology, Atlanta
Yafei Yang , University of Rhode Island, Kingston
Yafei Dai , Peking University, Beijing
With the popularity of voting systems in cyberspace, there is growing evidence that current voting systems can be manipulated by fake votes. This problem has attracted many researchers working on guarding voting systems in two areas: relieving the effect of dishonest votes by evaluating the trust of voters, and limiting the resources that can be used by attackers, such as the number of voters and the number of votes. In this paper, we argue that powering voting systems with trust and limiting attack resources are not enough. We present a novel attack named as Reputation Trap (RepTrap). Our case study and experiments show that this new attack needs much less resources to manipulate the voting systems and has a much higher success rate compared with existing attacks. We further identify the reasons behind this attack and propose two defense schemes accordingly. In the first scheme, we hide correlation knowledge from attackers to reduce their chance to affect the honest voters. In the second scheme, we introduce robustness-of-evidence, a new metric, in trust calculation to reduce their effect on honest voters. We conduct extensive experiments to validate our approach. The results show that our defense schemes not only can reduce the success rate of attacks but also significantly increase the amount of resources an adversary needs to launch a successful attack.
Voting system, trust mechanism, reputation system, security.
Qinyuan Feng, Yan Lindsay Sun, Ling Liu, Yafei Yang, Yafei Dai, "Voting Systems with Trust Mechanisms in Cyberspace: Vulnerabilities and Defenses", IEEE Transactions on Knowledge & Data Engineering, vol.22, no. 12, pp. 1766-1780, December 2010, doi:10.1109/TKDE.2009.214
[1] R. Farquharson, Theory of Voting. Oxford, 1961.
[2] M. Faloutsos, P. Faloutsos, and C. Faloutsos, "On Power-Law Relationships of the Internet Topology," Proc. SIGCOMM, 1999.
[3] A. Josang and R. Ismail, "The Beta Reputation System," Proc. 15th Bled Electronic Commerce Conf., June 2002.
[4] J.R. Douceur, "The Sybil Attack," Proc. Int'l Workshop Peer-to-Peer Systems (IPTPS), Mar. 2002.
[5] B.C. Ooi, C.Y. Liau, and K.L. Tan, "Managing Trust in Peer-to-Peer Systems Using Reputation-Based Techniques," Proc. Fourth Int'l Conf. in Advances in Web-Age Information Management (WAIM), Aug. 2003.
[6] S.D. Kamvar, M.T. Schlosser, and H. Garcia-Molina, "The Eigentrust Algorithm for Reputation Management in P2P Networks," Proc. WWW Conf., May 2003.
[7] K.P. Gummadi, R.J. Dunn, S. Saroiu, S.D. Gribble, H.M. Levy, and J. Zahorjan, "Measurement, Modeling, and Analysis of a Peer-to-Peer File-Sharing Workload," Proc. ACM Symp. Operating Systems Principles (ACM SOSP), 2003.
[8] C. Dellarocas, "The Digitization of Word-of-Mouth: Promise and Challenges of Online Reputation Systems," Management Science, Oct. 2003.
[9] E. Damiani, S.D.C. di Vimercati, S. Paraboschi, and P. Samarati, "Managing and Sharing Servents' Reputations in P2P Systems," IEEE Trans. Knowledge and Data Eng., vol. 15, no. 4, pp. 840-854, July/Aug. 2003.
[10] S. Buchegger and J.-Y.L. Boudec, "A Robust Reputation System for P2P and Mobile Ad-Hoc Networks," Proc. Workshop the Economics of Peer-to-Peer Systems, June 2004.
[11] M. Khambatti, P. Dasgupta, and K.D. Ryu, "A Role-Based Trust Model for Peer-to-Peer Communities and Dynamic Coalitions," Proc. Second IEEE Int'l Information Assurance Workshop, Apr. 2004.
[12] L. Xiong and L. Liu, "PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities," IEEE Trans. Knowledge and Data Eng., vol. 16, no. 7, pp. 843-857, July 2004.
[13] B. Bertino, E. Ferrari, and A.C. Squicciarini, "Trust-X: A Peer-to-Peer Framework for Trust Establishment," IEEE Trans. Knowledge and Data Eng., vol. 16, no. 7, pp. 827-842, July 2004.
[14] M. Fan, Y. Tan, and A.B. Whinston, "Evaluation and Design of Online Cooperative Feedback Mechanisms for Reputation Management," IEEE Trans. Knowledge and Data Eng., vol. 17, no. 2, pp. 244-254, Feb. 2005.
[15] Z. Liang and W. Shi, "PET: A PErsonalized Trust Model with Reputation and Risk Evaluation for P2P Resource Sharing," Proc. 38th Hawaii Int'l Conf. System Sciences (HICSS '05), Jan. 2005.
[16] K. Walsh and E.G. Sirer, "Experience with an Object Reputation System for Peer-to-Peer Filesharing," Proc. USENIX Symp. Networked Systems Design and Implementation (USENIX NSDI), 2006.
[17] H. Yu, M. Kaminsky, P. Gibbons, and A. Flaxman, "Sybilguard: Defending Against Sybil Attacks Via Social Networks," Proc. ACM SIGCOMM, Sept. 2006.
[18] J. Brown and J. Morgan, "Reputation in Online Markets: Some Negative Feedback," Proc. IBER Working Paper, 2006.
[19] J.A. Chevalier and D. Mayzlin, "The Effect of Word of Mouth on Sales: Online Book Reviews," J. Marketing Research 43, vol. 3, pp. 345-354, Aug. 2006.
[20] Y. Sun, Z. Han, W. Yu, and K.J.R. Liu, "A Trust Evaluation Framework in Distributed Networks: Vulnerability Analysis and Defense Against Attacks," Proc. IEEE INFOCOM, Apr. 2006.
[21] A.C. Squicciarini, E. Bertino, and E. Ferrari, "Achieving Privacy in Trust Negotiations with an Ontology-Based Approach," IEEE Trans. Dependable and Secure Computing, vol. 3, no. 1, pp. 13-30, Jan.-Mar. 2006.
[22] M. Sensoy and P. Yolum, "Ontology-Based Service Representation and Selection," IEEE Trans. Knowledge and Data Eng., vol. 19, no. 8, pp. 1102-1115, Aug. 2007.
[23] B. Mobasher, R. Burke, R. Bhaumik, and C. Williams, "Toward Trustworthy Recommender Systems: An Analysis of Attack Models and Algorithm Robustness," ACM Trans. Internet Technology, vol. 7, pp. 23-23, Oct. 2007.
[24] A.C. Squicciarini, E. Bertino, E. Ferrari, F. Paci, and B. Thuraisingham, "PP-Trust-X: A System for Privacy Preserving Trust Negotiations," ACM Trans. Information and System Security, vol. 10, no. 3, pp. 1-50, July 2007.
[25] A.C. Squicciarini, A. Trombetta, and E. Bertino, "Supporting Robust and Secure Interactions in Open Domains through Recovery of Trust Negotiations," Proc. Int'l Conf. Distributed Computing Systems (ICDCS), 2007.
[26] A. Josang, R. Ismail, and C. Boyd, "A Survey of Trust and Reputation Systems for Online Service Provision," Decision Support System, vol. 43, no. 2, pp. 618-644, 2007.
[27] K. Hoffman, D. Zage, and C. Nita-Rotaru, "A Survey of Attack and Defense Techniques for Reputation Systems," Technical Report CSD TR #07-013, Purdue Univ., 2007.
[28] P. Chen, S. Dhanasobhon, and M. Smith, "All Reviews are not Created Equal: The Disaggregate Impact of Reviews and Reviewers at Amazon.Com," Proc. Int'l Conf' Information Systems (ICIS), 2007.
[29] R. Zhou and K. Hwang, "PowerTrust: A Robust and Scalable Reputation System for Trusted Peer-to-Peer Computing," IEEE Trans. Parallel and Distributed Systems, vol. 18, no. 5, pp. 460-473, May 2007.
[30] L. Vu and K. Aberer, "A Probabilistic Framework for Decentralized Management of Trust and Quality," Proc. 11th Int'l Workshop Cooperative Information Agents XI, 2007.
[31] Z. Liang and W. Shi, "Analysis of Ratings on Trust Inference in Open Environments," Elsevier Performance Evaluation, vol. 65, no. 2, pp. 99-128, Feb. 2008.
[32] H. Yu, P. Gibbons, M. Kaminsky, and F. Xiao, "Sybillimit: A Near-Optimal Social Network Defense Against Sybil Attacks," Proc. IEEE Symp. Security and Privacy, May 2008.
[33] R. Zhou and K. Hwang, "Gossip Trust for Fast Reputation Aggregation in Peer-to-Peer Networks," IEEE Trans. Knowledge and Data Eng., vol. 20, no. 9, pp. 1282-1295, Feb. 2008.
[34] L. Vu and K. Aberer, "Effective Usage of Computational Trust Models in Rational Environments," Web Intelligence, technical report, 2008.
[35] Y. Yang, Y. Sun, S. Kay, and Q. Yang, "Defending Online Reputation Systems against Collaborative Unfair Raters through Signal Modeling and Trust," to be published in Proc. ACM Symp. Applied Computing (SAC '09), Mar. 2009.
[36] N. Tran, B. Min, J. Li, and L. Submaranian, "Sybil-Resilient Online Content Voting," Proc. Sixth Symp. Networked System Design and Implementation (NSDI '09), Apr. 2009.
[37] A. Parsa, "Belkin's Development Rep is Hiring People to Write Fake Positive Amazon Reviews," 16exclusive-belkins-development-rep-is-hiring-people-to-write-fake-positive-amazon-reviews /, 2009.
[38] D. Zarrella, "Not Everything that can be Counted Counts," http://pistachioconsulting.comshortyawards-gaming /, 2009.
[39] P. Dewan and P. Dasgupta, "P2P Reputation Management Using Distributed Identities and Decentralized Recommendation Chains," IEEE Trans. Knowledge and Data Eng., vol. 22, no. 7, pp. 1000-1013, July 2010.
26 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool