Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Shanshan Song, Kai Hwang,and Runfang ZhouUniversity of Southern California
Yu-Kwong KwokUniversity of Hong Kong
Trusted P2P Transactions with FuzzyReputation Aggregation
Internet commerce and online commodity exchanges suffer from distrust
among sellers and buyers, who are often strangers to each other. The authors
present a new P2P reputation system based on fuzzy logic inferences, which
can better handle uncertainty, fuzziness, and incomplete information in peer
trust reports.This system aggregates peer reputations with affordable message
overhead. By testing the system using eBay transaction data in the public
domain, the authors seek to demonstrate the efficacy and robustness of two
P2P reputation systems — FuzzyTrust and EigenTrust — at establishing trust
among the peers in P2P applications.
The Internet has enabled e-commerceand e-auctions for online commodi-ty exchanges among strangers
worldwide. Many companies, includingeBay, Amazon, uBid, and Yahoo, nowoffer e-auction platforms to facilitatesuch transactions. A growing number ofonline commercial transactions occur inpeer-to-peer (P2P) environments, whichdon’t require a central authority to medi-ate such exchanges. Rather, participatingpeers can sign in and out asynchronous-ly at will and perform their transactionspoint-to-point or point-to-multipointanonymously. Thus, a business or enter-prise must have an effective reputationsystem to help users locate trustworthypartners and exchange commoditiessecurely with confidence.
A reputation system’s effectivenessdepends on the trust model adapted.Most existing trust models are developedfor general-purpose P2P applicationsthat emphasize distributed file-sharing1
(see the “Related Work in P2P Reputa-tion Systems” sidebar). Little work hasbeen done in establishing trust in e-commerce applications. Most notably,Daniel Manchala has assessed some met-rics to quantify the trust among e-trans-action intermediaries.2 Li Xiong andLing Liu proposed the PeerTrust systemfor trust management.3
At the University of Southern Califor-nia (USC), we aimed to develop an effec-tive and efficient reputation system basedon a fuzzy-logic approach, leveragingfuzzy-logic’s ability to handle uncertain-
24 NOVEMBER • DECEMBER 2005 Published by the IEEE Computer Society 1089-7801/05/$20.00 © 2005 IEEE IEEE INTERNET COMPUTING
Ad
Hoc
and
P2P
Sec
urit
y
ty, fuzziness, and incomplete information adap-tively. To this end, we first analyzed the eBay auc-tion-based transaction trace data to sort out clientbehavioral characteristics. Then we builtFuzzyTrust, a prototype P2P reputation systemthat helps establish mutual trust among strangersin P2P transaction applications.
Our system uses fuzzy logic inference rules tocalculate local trust scores and to aggregate glob-al reputation. This system benefits from the dis-tinct advantages of fuzzy inferences, which canhandle imprecise linguistic terms effectively. In the
“Fuzzy Logic Inference and Applications” sidebar,we give details on how to perform fuzzy inferencein the FuzzyTrust system. The system uses distrib-uted-hash-table (DHT) overlay networks to per-form fast and secure reputation disseminationamong peers.4
We evaluated the FuzzyTrust system via simu-lation experiments over the eBay trace data, whichwe collected from the public domain during March2005. We then compared FuzzyTrust with theEigenTrust algorithm proposed at Stanford Uni-versity,5 which calculates global peer reputation by
IEEE INTERNET COMPUTING www.computer.org/internet/ NOVEMBER • DECEMBER 2005 25
Fuzzy Reputation Aggregation
Related Work in P2P Trust Management
Several representative P2P reputationsystems currently exist, although the
list we present is by no means exhaustive.The eBay and PeerTrust systems intro-duced here focus on trust management insecuring commodity exchanges in e-com-merce applications, as does the FuzzyTrustsystem we present in the main text.Theother systems focus on generic P2P appli-cations such as P2P file sharing and Webservice sharing.
The eBay user feedback system1 (www.ebay.com) is by far the simplest and mostpopular trust-management system, and isspecifically tailored for e-auction applica-tions. It applies a centralized database tostore and manage the trust scores. Data isopen to the general public, so newcomerscan easily obtain peer scores. It’s really ahybrid P2P system using both distributedclient resources and centralized servers.
R. Guha and colleagues at IBM AlmadenResearch Center developed an interestingidea about the propagation of distrust.2 Inaddition to maintaining positive trust val-ues for peers, the system also allows theproactive dissemination of some maliciouspeers’ bad reputations. Sonja Bucheggerand Jean-Yves Le Boudec designed a dis-tributed reputation system using a Bayesianapproach, in which the second-hand repu-tation rating is accepted only when it isn’tcompatible with the primary rating.3
Several universities are working onresearch projects involving trust manage-ment in P2P applications. At Georgia Tech,Li Xiong and Ling Liu have developed the
PeerTrust model.4 Their model is based ona weighted sum of five peer feedback fac-tors:peer records, scope, credibility, transactioncontext, and community context. PeerTrust isfully distributed, uses overlay for trustpropagation, public-key infrastructure forsecuring remote scores, and prevents peersfrom some malicious abuses.
At Stanford University, Hector Garcia-Molina and colleagues proposed the Eigen-Trust algorithm,5 which captures peerreputation in the number of satisfactorytransactions and then normalizes it over allparticipating peers.The algorithm aggre-gates the scores by a weighted sum of allraw reputation scores. EigenTrust is fullydistributed using a DHT-based overlay net-work.The system also assumes pre-trustpeers and uses majority voting to checkfaulty reputation scores reported.
Weisong Shi and colleagues at WayneState University proposed the TrustWaresystem (http://mist.cs.wayne.edu/trustware.html),6 a trusted middleware for P2P appli-cations. Their approach consists of twomodels: the Multiple Currency Based Eco-nomic model (M-CUBE) and the Personal-ized Trust model (PET). The M-CUBEmodel provides a general and flexible sub-strate to support high-level P2P resource-management services. PET derives peertrustworthiness from long-term reputationevaluation and short-term risk evaluation.
At University of Maryland, SeungjoonLee and colleagues proposed in the Niceproject a scheme for trust inference in P2Pnetworks.(www.cs.umd.edu/projects/nice/).7
The trust inference consists of two partsfor local trust inference and distributedsearch. After each transaction, the systemgenerates cookies to record direct trustbetween peers. It also uses trust graphs toinfer transitive trust along a peer chain.
References1. P. Resnick and R. Zeckhauser, “Trust among
Strangers in Internet Transactions: Empirical Analy-
sis of eBay’s Reputation System,” The Economics of
the Internet and E-commerce, M.R.Baye, ed., Elsevi-
er, 2002, pp. 127–157.
2. R. Guha et al,“Propagation of Trust and Distrust,”
Proc. World Wide Web Conf. (WWW 2004), ACM
Press, 2004, pp. 403–412.
3. S. Buchegger and J.-Y. Le Boudec,“A Robust Rep-
utation System for P2P and Mobile Ad-Hoc Net-
works,” Proc. 2nd Workshop Economics of
Peer-to-Peer Systems, 2004; http://citeseer.ist.psu.
edu/buchegger04robust.html.
4. L. Xiong and L. Liu,“PeerTrust: Supporting Repu-
tation-Based Trust for Peer-to-Peer Electronic
Communities,” IEEE Trans.Knowledge and Data Eng.,
vol. 16, no. 7, 2004, pp. 843–857.
5. S. Kamvar, M. Schlosser, and H. Garcia-Molina,“The
EigenTrust Algorithm for Reputation Management in
P2P Networks,” Proc. World Wide Web Conf. (WWW
2003), ACM Press,2003,pp.640–651.
6. Z. Liang, and W. Shi, “PET: A PErsonalized Trust
Model with Reputation and Risk Evaluation for P2P
Resource Sharing,” Proc. 38th Ann.Hawaii Int’l Conf.
System Sciences, IEEE CS Press, 2005, pp. 201.2.
7. S. Lee, R. Sherwood, and B. Bhattacharjee,“Coop-
erative Peer Groups in NICE,” Proc. IEEE Conf.Com-
puter Comm. (INFOCOM 03), IEEE CS Press, 2003,
pp.1272–1282.
considering the entire system’s history. We demon-strate via experimentation that FuzzyTrust is moreeffective in identifying malicious peers and is effi-cient with reduced message overhead in the glob-al reputation aggregation process.
P2P ReputationSystems for e-TransactionsP2P systems are client-oriented, and the peersinvolved are autonomous. Such systems can growor shrink dynamically with self-organizing capa-bilities. Unfortunately, dynamic features of P2Psystems make them prone to cyberspace abusesand attacks. P2P reputation systems aim to stopsuch abuses and avoid unnecessary losses for well-behaved peers.1 Figure 1 shows the key compo-nents of a typical P2P reputation system.
At the top of the diagram, we identify fourmajor P2P applications: consumer product ex-change, distributed file-sharing, security infor-
mation sharing, and processing-cycle sharingamong distributed clients. To support consumerproduct exchange and share security information,we designed our reputation system specifically fore-commerce applications. In such applications,both sellers and buyers are participating peers: thesellers post their merchandise on the Internet forsale, and the buyers place their orders from theclient hosts at the Internet edge. We built a P2Poverlay network on top of the peer hosts that actsas a virtual network for peer reputation evalua-tion and dissemination. We preferred using astructured P2P overlay such as DHT rather thanunstructured P2P systems because it shortens thedata-search process and reduces routing com-plexity.4 In Figure 1, solid lines link the intendedexchange partners and symbolize the establish-ment of mutual trust. The dashed lines refer tointermediate peers involved in the reputation-aggregation process.
26 NOVEMBER • DECEMBER 2005 www.computer.org/internet/ IEEE INTERNET COMPUTING
Ad Hoc and P2P Security
Ever since Lotfi Zadeh proposed fuzzylogic 40 years ago,1 fuzzy theory has
demonstrated its power in managing
uncertainties and mimicking the humandecision-making process. (You can findarchival articles and tutorials on fuzzy
logic at www.austinlinks.com/Fuzzy/, andbooks, journals, and research groups onthe topic at www.abo.fi/~rfuller/fuzs.html).
Figure A. Fuzzy membership functions and the fuzzy reputation aggregation procedure. We show (1) the highmembership function of a local score (� ), (2) the five levels of membership functions of � , and (3) the application oftwo rules to induce the seller’s local score.
� (0.75) = 1
�high = (� ) � (� )
� (0.6) = 0.26
1.0
0.5
0.0 0.2 0.4 0.6 0.8 1.0
1.0
0.5
0.0 0.2 0.4 0.6 0.8 1.0
High
(1)
(3)
(2)
Verylow Low Medium High
Veryhigh
Rule 1: Q is very good
Rule 2: Q is ordinary
AND
AND
T is moderate IMPLY
T is fast
Q= 0.84 T = 0.26
� is high
IMPLY � is medium
� = 0.6
Aggregate
Fuzzy Logic Inference and Applications
P2P Transaction ApplicationsIn this article, we concentrate on P2P transactionsthat don’t use external authorities to mediatetransaction flows. Every peer node is both a clientand a server and acts as an information source. Inconsumer product exchanges, buyers like to knowa seller’s reputation before they commit to payingfor desired goods. In a file-sharing application,downloading peers prefer to receive files fromtrusted peers to ensure that such files aren’t infect-ed with viruses or embedded with Trojan horses.Consumer product exchanges and P2P file sharingusually occur at client desktops.
Conversely, benefiting from recent advance-ments in Web services architectures, some P2Pactivities occur at the server level, such as securi-ty information sharing. Clearly, a server wouldalways want to receive and process securityupdates from other trusted servers. In a P2P gridenvironment, users share their processing cycles to
perform large-scale, collective, and cooperativecomputational applications. For security reasons,users would want to avoid executing their jobs onremote machines, especially if they couldn’t fullytrust those machines.6
Reputation Evaluation and DisseminationReputation is hard to quantify because manydynamic factors are involved. In a fully distributedP2P system involving numerous peers, a peer oftencan’t assess another peer’s reputation effectively,but rather must rely on collective opinions fromother peers. However, this introduces new chal-lenges, such as how to determine the accuracy ofthe collected opinions and how to aggregate theconflicting opinions to yield a global reputation.Furthermore, the global reputation aggregationprocess can be very time consuming and incur aheavy messaging overhead when high accuracy orupdated reputation are desired.
IEEE INTERNET COMPUTING www.computer.org/internet/ NOVEMBER • DECEMBER 2005 27
Fuzzy Reputation Aggregation
Researchers report successful applicationof fuzzy theory for adaptive control inrobotics, tracking, and consumer electron-ics; information retrieval in database man-agement; pattern recognition in advancedautomation; and fuzzy decision support tohandle uncertainties in large-scale infor-mation systems.2
We introduce yet another importantapplication to the network security area:fuzzy reputation management. This is anew approach to supporting approxi-mated reasoning. The FuzzyTrust model isuseful in manipulating imprecise or uncer-tain information. Indeed, there are fivecommon features between a reputationsystem and a fuzzy controller designed forcontrol optimization:
• Imprecise inputs: Transaction recordscan contain untruthful information —a situation similar to the handling ofnoisy signals in a control application.
• Linguistics expertise knowledge: Inevaluating reputation, human know-ledge must be the fundamental input.This is similar to the use of linguisticsinformation in a control application.
• Prior information: We need to use
imprecise transaction records accu-mulated in the past. This resembles thelearning process in evolving the fuzzycontroller rule set.
• Dynamic environment: Peer behaviorchanges dynamically, and such changesmust be tracked efficiently.This parallelsthe handling of dynamically changingenvironmental signals in a controlapplication.
• Capture of feedback: We must usefeedback from previous reputationevaluation results in a way similar tocalibrating a fuzzy controller by systemfeedback.
To explain basic fuzzy concepts,we usethe seller’s local score inference example.In fuzzy theory, the membership function�(x) for a fuzzy variable x specifies thedegree of an element belonging to a fuzzyset. It maps x into the range [0, 1], where 1is full membership and 0 is no membership.Figure A1 shows a high membership func-tion for modeling the local score (� ), andFigure A2 shows the five levels of member-ship function. Figure A3 illustrates the infer-ence process.Consider two fuzzy variables:one is the product quality (Q) and another is
the delivery time (T), with initial values Q =0.84 and T = 0.26.
To illustrate,we apply the following twosimple fuzzy inference rules in Figure A3:
1. If Q is very good AND T is moderate,then � is high.
2. If Q is ordinary AND T is fast, then � ismedium.
We infer all rules in parallel and deter-mine the resulting membership by assessingall terms in the premise. We apply the fuzzyoperator AND to determine the supportdegree of the rules, and the AGGREGATEoperator superimposes two resulting mem-bership curves. We generate the final localscore � = 0.6 by defuzzifying from theaggregation result, taking the centroid of thesuperimposed membership curve in FigureA3. In a real-life P2P reputation system, thisfuzzy logic inference process could demandanywhere from tens to hundreds of rules.
References1. L. Zadeh,“Fuzzy Sets,” Information and Control, vol.
8, 1965, pp. 338–353.
2. G.J. Klir, U. St. Clair, and B.Yuan, Fuzzy Set Theory:
Foundations and Applications, Prentice Hall, 1997.
Fuzzy Logic Inference and Applications (cont.)
An effective P2P reputation system assessesreputation locally and aggregates the meta-reputation globally. It must accurately capture andtrack various local parameters — buyers should beable to capture potential sellers’ credit records, forexample — or preferences with respect to thegoods being sold. The reputation system mustalso accurately filter out untrustworthy secondopinions from any malicious peers trying toblacken the reputations of some well-behavedpeers in the system.
Analysis of the eBay Transaction DataeBay (www.ebay.com) is by far the most successfulcyberexchange platform currently on the Internet,and most transactions via the site are conductedamong strangers. Although eBay has a centralizedreputation system, all transactions among the peersare distributed at the client end. The eBay transac-tion records provide a real-life data set for testing aP2P reputation system’s efficacy.
To obtain eBay transaction records, we ex-tracted public-domain data released on its Website, crawling over more than 10,000 Web pagesfrom users to produce the trace file. We observedthree important characteristics of eBay transac-
tions: super versus small users; unstable transac-tion intervals for small users; and skewedtransaction amounts. We briefly describe thesecharacteristics, and Figure 2 illustrates the peerfeedback distribution, user interaction pattern,transaction interval, and variation of transactionamounts illustrated.
Super Users versus Small UsersFigure 2a demonstrates how we sort users in adecreasing order based on how many transactionsthey’ve conducted. The eBay transactions follow apower-law distribution across the peer ranks. Inour analysis, we found a hot-spot situation inwhich a few super users (big circles in Figure 2b)contributed most of the transactions, whereasmany small users (small circles in Figure 2b)engaged in only a few transactions. The superusers have a high node degree — or many linkswith other users, as Figure 2b shows — and thesmall users have a lower node degree, indicatingthat they have just a few transaction partners.
Unstable Transactions by Small UsersThe time interval between two adjacent transac-tions is short and stable for super users. For smallusers, however, the transaction intervals are longand unstable, as Figure 2c illustrates. Our eBaytrace shows that some super users conducted morethan 10,000 transactions in three months, whereasthe small users conducted only a few tens of trans-actions in several years. Additionally, super usersconducted 65 percent of subsequent transactionswithin 10 minutes of the previous transaction,whereas small users conducted 50 percent of sub-sequent transactions 40 hours later.
Skewed Transaction AmountThe transaction amount is highly skewed in thesense that a small number of large transactionscoexist with a large number of small transactions.The large transactions dominate the total amounttransacted. Figure 2d shows typical transactionamounts in the eBay system. Here, the normalizedtransaction rank indicates the percentage of top-valued commodities transacted. We plot thepercentage of cumulative amount verses the trans-action rank. For example, Figure 2d shows that 30percent of the large transactions make up 70 per-cent of the total commodity value. This impliesthat 70 percent of the remaining smaller transac-tions contribute only 30 percent of the total trans-action amount.
28 NOVEMBER • DECEMBER 2005 www.computer.org/internet/ IEEE INTERNET COMPUTING
Ad Hoc and P2P Security
Figure 1. A typical peer reputation aggregation system. Thesystem is built with a P2P overlay network to facilitate trustedcommodity exchanges over the Internet. The lower solid line linksthe intended exchange partners. The upper solid line shows theestablishment of mutual trust between the peers. The dashed linesrefer to intermediate peers involved in the aggregation process.
Reputation evaluation and dissemination system
Internet
Logicalremote
reputationacquisition
Intended exchange partners
Local aggregationof reputation data
Consumerproductexchange
Filesharing
Securityinformation
sharing
Processingcycle sharing
Data Data Data
P2P overlay network infrastructure
Multihop reputationrelaying via the
overlay network
FuzzyTrust System ArchitectureAfter analyzing the characteristics of eBay’s trans-action data, we developed the FuzzyTrust prototypesystem for evaluating peer reputation in P2P trans-actions. We built FuzzyTrust with the fuzzy-logicinference technique introduced in the sidebar. In par-ticular, the system is capable of handling impreciseor uncertain information collected from the peers.
System Design RequirementsUsing what we learned from eBay’s transactioncharacteristics, we suggest three important designcriteria:
• First, the network bandwidth consumptionrequired to exchange local trust scores for hotspots can be extremely high. Thus, a reputationsystem for e-transactions should consider theunbalanced transactions among users.
• Second, to address the lesser impact from smallusers, a reputation system shouldn’t apply thesame evaluation cycle for all peers. The superusers should be updated more often than thesmall users.
• Third, with a skewed transaction amount, itmakes sense to evaluate the large transactionsmore often than the small ones.
IEEE INTERNET COMPUTING www.computer.org/internet/ NOVEMBER • DECEMBER 2005 29
Fuzzy Reputation Aggregation
Figure 2. P2P interaction characteristics. We revealed four characteristics using real-life eBay transaction traces. Welooked at (a) peer ranks (power-law distribution), (b) hot spots (super versus small users), (c) the transaction interval,and (d) the transaction amount distribution.
0.4 0.6 0.8 1.0
0.2
0.4
0.6
0.8
1.0
70%
30%
Acc
umul
ativ
e am
ount
(%
)
Normalized transaction ranks10 100 1,000 10,000 100,0000
10
20
30
40
50
60
Num
ber
of t
rans
actio
ns (
%)
Transaction interval (minutes)
Super userSmall user
(a) (b)
(c) (d)
1 10 100 1,000 10,000 100,000 1e+06 1e+07
Num
ber
of t
rans
actio
ns
Peer rank
70
10
100
1,000
10,000
0.20.0
Our system works by performing two major infer-ence steps: local-score calculation and global rep-utation aggregation (see Figure 3).
Local-Score Computation. In FuzzyTrust, peersperform fuzzy inference on local parameters togenerate the local scores. Figure 3a illustrates thelocal-score calculation for eBay transactions. Thefuzzy inference mechanism can capture someuncertainties and is self-adjusting. It can adap-tively track the variation of local parameters, suchas payment method and time, goods quality, deliv-ery time, and so on. Additional examples of thisprocess are available elsewhere.7
Global Reputation Aggregation. The FuzzyTrustsystem aggregates local trust scores collectedfrom all peers to produce a global reputation foreach peer. The system uses fuzzy inference toobtain the global reputation aggregation weights,as illustrated in Figure 3b. We determine theaggregation weights using three variables: thepeer’s reputation, the transaction date, and thetransaction amount. In a full-scale P2P reputa-tion system, the number of fuzzy inference rulescould be extended to several hundreds. Howev-er, we list five frequently used fuzzy inferencerules we applied to the prototype FuzzyTrust sys-tem construction.
1. If the transaction amount is very high and thetransaction time is new, then the aggregationweight is very large.
2. If the transaction amount is very low or thetransaction time is very old, then the aggre-gation weight is small.
3. If a peer’s reputation is good and the trans-action amount is high, then the aggregationweight is very large.
4. If a peer’s reputation is good and the trans-action amount is low, then the aggregationweight is medium.
5. If a peer’s reputation is bad, then the aggre-gation weight is very small.
We calculate the global reputation using thefollowing formula:
(1)
where Ri is the global reputation of peer i, S is theset of peers with whom peer i has conducted trans-actions, tji is the local trust score of peer i rated bypeer j, and wj is the aggregation weight of tji. Theglobal aggregation process runs multiple iterationsuntil each Ri converges to a stable global reputa-tion rating for peer i.
DHT-Based Overlay ImplementationWe implemented the prototype FuzzyTrust systemon a DHT-based P2P overlay network, with anarchitecture similar to that of Chord,4 a DHT ringthat provides fast trust aggregation and securemessage transmission. The Chord system is high-ly scalable, robust to failure, and self-organizingin that it handles peer join and leave from the sys-tem. Figure 4 shows the DHT-based FuzzyTrustsystem architecture.
Each peer maintains two tables: a transac-tion record table to maintain transaction recordswith remote peers, and a local score table tomaintain remote peers’ evaluated trust scores.Based on the transaction records, we infer theglobal aggregation weights through the fuzzyinference system. When performing global rep-
Rw
wt
w t
wij
j Sj
jij S
j jij S
jj S
=
=
∈∈
∈
∈∑∑
∑
∑∑,
30 NOVEMBER • DECEMBER 2005 www.computer.org/internet/ IEEE INTERNET COMPUTING
Ad Hoc and P2P Security
Figure 3. Local trust inference versus global reputation aggregation. The FuzzyTrust system (a) performs fuzzy logicinferences to determine the local trust scores and (b) uses accumulated local scores for weight inference in globalreputation aggregation.
Buyer’s localtrust score
Paymentmethod
Paymenttime
Fuzzy inference
Seller’s localtrust score
Goodsquality
Deliverytime
Fuzzy inference
Remote peer'strust score
Transactiondate
Global reputationaggregation weight
Transactionamount
Fuzzy inference
(a) (b)
utation aggregation, each peer queries the trustscores from remote peers. To tackle the hot-spotissue, the system partially queries qualifiedpeers that meet an aggregation threshold. Fig-ure 5 shows an example of global reputationaggregation based on the DHT configuration inFigure 4.
In this particular example, the system sets anaggregation threshold of 0.7 for Peer 2. Thus,Peers 28 and 20 are qualified to be queried, where-as Peers 9 and 4 aren’t qualified and thus aren’tqueried. Peers 28 and 20 transmit their localscores t28,2 and t20,2 to Peer 2. We use Equation 1to calculate Peer 2’s global reputation. We set ahigh threshold for the hot spots, so the systemqueries only a few peers, thus reducing the band-width consumption.
IEEE INTERNET COMPUTING www.computer.org/internet/ NOVEMBER • DECEMBER 2005 31
Fuzzy Reputation Aggregation
Figure 4. The FuzzyTrust system architecture. We built FuzzyTrust with a DHT-based overlay network supporting the localtrust score dissemination and global reputation aggregation.
Remotepeer ID
Remotepeer’s trust
score
Transactionamount
Transactiondate
Globalaggregation
weight
4 0.5 $15 02/11/2005 0.59 0.7 $10 02/15/2005 0.620 0.9 $99 02/13/2005 0.828 0.8 $399 02/14/2005 0.9
Peer 2 transaction record table
Remotepeer ID
Remotepeer’s trust
score
Transactionamount
Transactiondate
Globalaggregation
weight
20 0.9 $5 02/01/2005 0.5
9 0.8 $100 02/15/2005 0.9
Peer 16 transaction record table
Remotepeer ID
Localscore
2 0.94 0.7...
Peer 28 score table
Remotepeer ID
Localscore
2 0.716 0.9...
Peer 20 score tableRemotepeer ID
Localscore
2 0.616 0.8...
Peer 9 score table
Remotepeer ID
Localscore
2 0.7...
Peer 4 score table
Peer 28Peer 4
Peer 9
Peer 16
Peer 20
t28,2 = 0.9
t20,2 = 0.7
t9,16 = 0.6
Peer 2
Figure 5.Global reputation aggregation using the DHT ring from Figure4. The system sets Peer 2 with an aggregation threshold of 0.7. ThusPeer 9 and Peer 4 are disqualified from participating in the evaluationprocess. Peer 2’s reputation is aggregated from two local trust scores,t28,2 and t20,2, generated by Peer 28 and Peer 20, respectively.
Qualified peers Disqualified peers
Aggregationthreshold = 0.7
w28 = 0.9
t20,2 = 0.7t28,2 = 0.9
w20 = 0.8
w9 = 0.6
w4 = 0.5
R2 =w28
w28 + w20t28,2 +
w20
w28 + w20t20,2
= 0.90.9 + 0.8
× 0.9 + 0.80.9 + 0.8
× 0.7 = 0.81
Peer 2
Peer 28 Peer 20 Peer 9 Peer 4
Simulated Performance ResultsWe evaluated the FuzzyTrust and EigenTrust sys-tems for P2P transactions using the eBay tracedata set we collected at USC. We compare the twoP2P reputation systems in the following three per-formance matrices:
• the convergence time needed to establish eachpeer’s global reputation,
• the detection rate of malicious peers, and • the message overhead involved in global repu-
tation aggregation.
We simulated the global reputation aggrega-tion of the two P2P reputation systems over P2Psystems with N = 100 to 10,000 peers. For eachcase, the super users or most active peers per-formed 10N transactions. The number of transac-tions per peer follows the power-law distributionwith a slope of –1.215, which we obtained fromthe eBay trace experiments. The transaction datefollows a Poisson distribution with an arrival rate� = 0.2 transactions per minute. The simulationcalculates all local trust scores and aggregatesglobal peer reputation. Figure 6 plots the simulat-ed performance results in four aspects: global con-vergence time, malicious-peer-detection rate,messaging overhead for individual peers, and totalmessaging overhead.
Global Convergence TimeWe plot the convergence times of the EigenTrustand FuzzyTrust systems in Figure 6a. Their con-vergence times are quite close to each other,although the FuzzyTrust system convergesslightly faster than the EigenTrust system. Over-all, their convergence times are comparable, bothincreasing linearly with respect to the P2P net-work size.
Malicious Peer Detection RateMalicious peers are those that, as buyers, make lateor no payments, and, as sellers, deliver bad-qual-ity goods or fail to deliver goods at all. Let � bethe percentage of malicious peers in the P2P sys-tem and m be the number of malicious peers in thesystem. We have m = �N, where N is the systemsize. In our simulation experiments, we preset � =0.3, meaning 30 percent of the peers are poten-tially abusing the system. We denote the numberof malicious peers detected as d(t), which dependson the time of measurement. We define the detec-tion rate � of malicious peers as
�(t) = d(t) /m = d(t)/� N. (2)
Figure 6b plots the measured malicious-peer-detection rate as a function of time represented bythe number of iterations in the evaluation process.The bars correspond to various system sizes Nwith a fixed � = 0.3. We observed two importantphenomena: for all system sizes, FuzzyTrustdetects more than 99 percent of malicious peersafter four iterations, and malicious peers are mucheasier to detect in small systems. Given a systemwith 100 peers, for example, the FuzzyTrust sys-tem detects more than 90 percent of maliciouspeers after the first iteration. The EigenTrust sys-tem has slightly lower detection rates, and isn’tplotted in Figure 6b.
Messaging OverheadFigure 6c plots the average message overhead perindividual peer for a system of 1,000 peers. Werank peers by number of messages transmitted.Compared with the EigenTrust system, messagestransmitted in FuzzyTrust are more evenly dis-tributed among the peers. On average, each peerin FuzzyTrust transmits 17 messages with a stan-dard deviation of 15, compared with 73 messagestransmitted in EigenTrust with a standard devia-tion of 227.
Using the FuzzyTrust system, the peers do expe-rience a noticeably lower messaging overhead. Inother words, our system can better alleviate thehot-spot problem, whereas the EigenTrust systemcannot. Figure 6d shows the total number of mes-sages required to reach a global convergence. Thegap between total message overheads widens as thenetwork size increases. The FuzzyTrust system isscalable in handling an even larger number of P2Pservices. For 10,000 peers, our system needs180,000 messages to aggregate all global reputa-tion scores, whereas the EigenTrust system need580,000 messages to perform the same task.
Fuzzy logic inference is clearly effective for dis-tributed trust management in P2P networks.
Based on the eBay trace data, our experimentalresults show that both the FuzzyTrust and Eigen-Trust systems have comparable global reputationconvergence time. Our system detects all mali-cious peers after a few aggregation iterations. Onaverage, the peers transmit fewer messages usingthe FuzzyTrust system than using EigenTrustwhen performing global reputation aggregation.
32 NOVEMBER • DECEMBER 2005 www.computer.org/internet/ IEEE INTERNET COMPUTING
Ad Hoc and P2P Security
Through our experiments, we reveal the power-law connectivity of the DHT-based overlay net-work for fast establishment of global trust amonga scalable number of peers.
For the future, we suggest extending the workon P2P reputation systems by considering peeranonymity and secure storage of global reputa-tions.9. Evaluating various P2P systems over dis-tributed file sharing and P2P grid computing isanother direction for future research.6 For theFuzzyTrust system, we could consider additional e-commerce data traces other than eBay’s, such asthat from Amazon or Yahoo transaction records.We might also further evaluate system performancevia more real-life experiments. It would be usefulto see the FuzzyTrust prototype converted as a pro-duction system in real-life P2P applications.10
AcknowledgmentsUS National Science Foundation Information Technology
Research grant NSF 0325409 supported this work. We thank
the USC GridSec research team for their technical assistance
and useful discussions.
References
1. S. Marti and H. Garcia-Molina, “Taxonomy of Trust: Cat-
egorizing P2P Reputation Systems,” Computer Networks,
special issue on trust and reputation in P2P systems,
2005.
2. D.W. Manchala, “E-Commerce Trust Metrics and Models,”
IEEE Internet Computing, vol. 4, no. 2, 2000, pp. 36–44.
3. L. Xiong and L. Liu, “PeerTrust: Supporting Reputation-
Based Trust for Peer-to-Peer Electronic Communities,”
IEEE Trans. Knowledge and Data Eng., vol. 16, no. 7,
2004, pp. 843–857.
IEEE INTERNET COMPUTING www.computer.org/internet/ NOVEMBER • DECEMBER 2005 33
Fuzzy Reputation Aggregation
Figure 6. Simulated performance of two P2P reputation systems. We compared the FuzzyTrust system with the EigenTrustsystem over the same eBay transaction data set. We plot (a) the global convergence time, (b) the detection rate ofmalicious peers, (c) the message overhead per individual peer, and (d) the total message overhead needed for globalreputation aggregation.
Con
verg
ence
tim
e (s
ec)
Det
ectio
n ra
te o
f mal
icio
us p
eers
(%
)
0 100 200 300 400 500 600 700 800 900 1,0001
10
100
1,000
Num
ber
of m
essa
ges
by in
divi
dual
pee
r
Peer rank
0
1x105
2x105
3x105
4x105
5x105
6x105
Tota
l mes
sage
ove
rhea
d
0.1
1
10
100
1,000FuzzyTrustEigenTrust
100 200 500 1,000 2,000 5,000P2P system size (N) Iteration number
0
20
40
60
80
100
1 2 3 410,000(a) (b)
(c) P2P system size (N)(d)
100 200 500 2,000 5,000 10,0001,000
FuzzyTrustEigenTrust
FuzzyTrust, � = 17.0, � = 15.978EigenTrust, � = 72.8, � = 227.43
N = 100N = 1,000N = 5,000N = 10,000
4. I. Stoica et al., “Chord: A Scalable Peer-to-Peer Lookup Pro-
tocol for Internet Applications,” IEEE/ACM Trans. Net-
working, vol. 11, no. 1, 2003, pp. 17–32.
5. S. Kamvar, M. Schlosser, and H. Garcia-Molina, “The
EigenTrust Algorithm for Reputation Management in P2P
Networks,” Proc. World Wide Web Conf. (WWW 2003),
ACM Press, 2003, pp. 640–651.
6. R. Zhou and K. Hwang, Trust Overlay Networks for Global
Reputation Aggregation in P2P Grid Computing, tech.
report TR-2005-16, Internet and Grid Computing Lab.,
Univ. of Southern California, October 2005.
7. S. Song, K. Hwang, and Y.-K. Kwok, “Trusted Grid Com-
puting with Security Binding and Trust Integration,” J.
Grid Computing, vol. 3, no. 1, 2005; www.springerlink.
com/link.asp?id=7028153w8653340.
8. S. Marti and H. Garcia-Molina, “Limited Reputation Shar-
ing in P2P Systems,” Proc. ACM Conf. Electronic Commerce
(EC 04), ACM Press, 2004, pp. 91–101.
9. A. Singh and L. Liu, “TrustMe: Anonymous Management
of Trust Relationships in Decentralized P2P Systems,” Proc.
3rd Int’l Conf. Peer-to-Peer Computing (P2P 2003), IEEE CS
Press, 2003, pp. 142–149.
10. S. Song, “Trusted Grid and P2P Computing with Security
Binding and Reputation Aggregation,” PhD dissertation,
Dept. Computer Science, Univ. of Southern California,
Nov. 2005.
Shanshan Song is a PhD student in computer science at the
University of Southern California. She has worked as a
research assistant at the USC Internet and Grid Computing
Laboratory. Her technical expertise lies in grid computing,
network security, and trust management in P2P and grid
systems. Song has a BS in computer science from the Uni-
versity of Science and Technology of China. She is a stu-
dent member of the IEEE and the ACM. Contact her at
Kai Hwang is a professor of electrical engineering and computer
science at the University of Southern California, director
of the USC Internet and Grid Computing Laboratory, and
leader of USC’s GridSec project. He specializes in comput-
er architecture, parallel processing, network security, dis-
tributed computing, and grid and P2P systems. Hwang has
a PhD in electrical engineering and computer science from
the University of California, Berkeley. He is a fellow of the
IEEE. Contact him at [email protected]; http://GridSec.
usc.edu/Hwang.html.
Runfang Zhou is a PhD student in computer science at the Uni-
versity of Southern California. Her research interests
include P2P reputation systems, overlay networks, and net-
work security. Zhou has a BS and an MS in computer sci-
ence from Southeast University, China. Contact her at
Yu-Kwong Kwok is an associate professor of electrical and elec-
tronic engineering at the University of Hong Kong. His
research interests include grid and mobile computing, wire-
less communications, and network protocols. Kwok has a
PhD in computer science from the Hong Kong University
of Science and Technology. He is a senior member of the
IEEE. Contact him at [email protected].
34 NOVEMBER • DECEMBER 2005 www.computer.org/internet/ IEEE INTERNET COMPUTING
Ad Hoc and P2P Security
ArchitecturesSupport Services
Algorithm/Protocol Design and AnalysisMobile Environment
Mobile Communication SystemsApplications
Emerging Technologies
IEEE Transactions onMobile Computing
revolutionary new quarterly journal that seeks out and delivers the very best peer-reviewed research results on mobility of users, systems, data, computing information organization and access, services, management, and applications. IEEE Transactions on Mobile Computing gives you remarkable breadth and depth of coverage …
ATo subscribe:
http://computer.org/tmc
or callUSA and CANADA:
+1 800 678 4333WORLDWIDE:
+1 732 981 0060
SubscribeNOW!
本文献由“学霸图书馆-文献云下载”收集自网络,仅供学习交流使用。
学霸图书馆(www.xuebalib.com)是一个“整合众多图书馆数据库资源,
提供一站式文献检索和下载服务”的24 小时在线不限IP
图书馆。
图书馆致力于便利、促进学习与科研,提供最强文献下载服务。
图书馆导航:
图书馆首页 文献云下载 图书馆入口 外文数据库大全 疑难文献辅助工具