اهمیت توجه به معاملات نامعتبر در سیستم های مدیریت اعتماد

In peer-to-peer (P2P) networks, trust management is a key tool to minimize the impact of malicious nodes. EigenTrust is claimed to be one of the most powerful distributed reputation management systems focused on P2P file-sharing applications. It is the theoretical base of other systems, and it has also been directly modified in an attempt to improve its performance. However, none of them give appropriate importance to all the information about transactions. This paper proposes an enhancement of EigenTrust, which considers unsatisfactory transactions in greater depth. Pos&Neg EigenTrust is able to obtain a blacklist of the identities of the malicious nodes. Therefore, it is able to significantly reduce the number of unsatisfactory transactions in the network.

Two types of adversary can be identified in peer-to-peer (P2P) networks: selfish peers and malicious peers. Whereas the former (known as free riders in file-sharing networks [10]) use system services contributing minimal resources or nothing by themselves, the latter cause harm to either specific targeted members of the network or the system as a whole (for example, distributing corrupted or unauthentic files in file-sharing networks). In today’s P2P networks, incentive schemes [5], [8] and [15] can be used to encourage cooperation of selfish peers, but they can be ineffective against malicious peers. Trust management systems are a key tool to minimize the impact of malicious node actions [13]. Here, trust is understood as the confidence that one peer has about another peer’s reputation. The interactions among peers give the opportunity to acquire the necessary experience (measured in terms of good and bad transactions) to build up a reputation management algorithm. Basically, these algorithms are able to calculate and share among the network community a global trust value for each peer. Several representative P2P reputation systems have been proposed in recent years. Some of them are focused on trust management in P2P e-commerce applications, while others are focused on generic P2P applications such as P2P file sharing. Belonging to the latter, EigenTrust [9] is claimed to be one of the most powerful reputation management algorithms. This is, in greater or lesser extent, the theoretical base of many other P2P reputation models. EigenTrust is a distributed protocol that is able to compute the global trust value of a peer by applying each peer’s local trust values transitively. To guarantee the convergence of the global trust values, EigenTrust uses linear algebraic theory. This system is focused on minimizing the number of unauthentic downloads during the transactions. To reach this aim, EigenTrust focus its work on the identification of the peers that offer more authentic files. A perfect balance between simplicity and efficiency has made EigenTrust the most widely used reputation management algorithm up to now. In fact, the vast acceptance of this system in the research community is patently obvious in the set of proposals trying to improve its performances. Although identifying a peer with good behavior is a key task to reduce the number of unauthentic downloads, in a real scenario in which different threats can be caused by other peers, it can be as interesting, or indeed more interesting, also to identify these malicious peers. They introduce unauthentic files in the system and also introduce wrong information about the transactions with others, adding additional noise to the system. To our knowledge, none of the EigenTrust-based systems deal with this aim. All of them present a limitation as regards the definition of local trust values in the original EigenTrust: it does not take into account the cases where the difference between satisfactory and unsatisfactory transactions is negative. These negative values can arise in two ways: peers can upload (whether consciously or not consciously) unauthentic files, and also peers can lie about the evaluation of the transactions. If the negative values were considered, one of the most important properties of the algebraic model would not be met. Therefore, it would be impossible to guarantee the convergence of the global trust values. In other words, EigenTrust-based systems are able to measure the goodness of the peers but they cannot measure their wickedness. This behavior can be exploited by the malicious peers to improve their efficiency in shutting down the system. Our work proposes an enhancement of EigenTrust called Pos&Neg EigenTrust. This system considers all the information about transactions in more depth. However, it is defined so that all the algebraic properties of the original are still valid. After some transactions, Pos&Neg EigenTrust can obtain two ordered lists. The first list classifies the peers on the basis of their goodness and the other list classifies them on the basis of their wickedness. Using these rankings adequately, it is possible to build a blacklist containing the identities of the malicious nodes. This is a significant improvement over the original EigenTrust, which is focused only on the identification of good peers. This paper evaluates our proposal by simulation of two types of threat model. The first one (a simple threat model called individual malicious peers) consists of completely isolated nodes which always provide unauthentic files. The second one (a more complex model called malicious peers in a collective with camouflage) is more realistic. The malicious peers work collectively and sometimes (maybe often, maybe rarely) provide unauthentic files (that is, they are camouflaged). When evaluating that last type of malicious node, two attacks are considered. In the first case, malicious peers always lie about the local trust values associated with the rest of the peers. In the second one, a more sophisticated attack, the malicious peers only lie with a certain probability. Simulation results show that, thanks to the identification of good nodes and also the identification of malicious ones, Pos&Neg EigenTrust is able to significantly reduce the number of unsatisfactory transactions in the network with any type of malicious nodes. The rest of the paper is organized as follows. Section 2 describes previous works on P2P reputation management systems, besides identifying the contribution of this paper. Section 3 summarizes the original EigenTrust system and describes its main shortcomings. Section 4 presents our proposal. In Section 5, both the EigenTrust and the Pos&Neg EigenTrust systems are evaluated and compared by simulation. Section 6 concludes the paper.

EigenTrust is one of the most powerful reputation management algorithms for P2P file-sharing networks. The vast acceptance of this system in the research community is patently obvious in the set of proposals trying to improve its performances. However, neither the original algorithm nor the others developed in recent years have taken into account cases in which the difference between satisfactory and unsatisfactory transactions is negative. This feature can be exploited by malicious peers to improve their efficiency in shutting down the system. In this paper, an enhancement of the EigenTrust system called Pos&Neg EigenTrust is proposed. This system considers the information about transactions in more depth. However, it is defined so that all the algebraic properties of the original EigenTrust are still valid. Using Pos&Neg, it is possible to obtain a blacklist containing the identities of the malicious nodes. The proposed algorithm has been tested by simulation in a wide range of scenarios. The simulation results show the improvements reached by this proposal even when advanced malicious node behaviors are considered. Therefore, Pos&Neg EigenTrust is able to identify the good and the malicious peers, and consequently to significantly reduce the number of unauthentic downloads in the network. This work is a starting point for future work. Once the validity of our proposal has been demonstrated, advanced versions of Pos&Neg EigenTrust may be defined. In further work, we want to analyze the interest in and the convenience (or not) of including the modifications proposed by the EigenTrust-based systems described above. Furthermore, it will be interesting to do research into the use of additional parameters to calculate (or just think about) the local and global trust values. It could be interesting to consider, among other facts, the penalty for misbehavior over positive behavior (or vice versa), to consider if the node is novel or not, and to consider the characteristics of the file being uploaded