Flow-based reputation: more than just ranking

The last years have seen a growing interest in collaborative systems like electronic marketplaces and P2P file sharing systems where people are intended to interact with other people. Those systems, however, are subject to security and operational risks because of their open and distributed nature. Reputation systems provide a mechanism to reduce such risks by building trust relationships among entities and identifying malicious entities. A popular reputation model is the so called flow-based model. Most existing reputation systems based on such a model provide only a ranking, without absolute reputation values; this makes it difficult to determine whether entities are actually trustworthy or untrustworthy. In addition, those systems ignore a significant part of the available information; as a consequence, reputation values may not be accurate. In this paper, we present a flow-based reputation metric that gives absolute values instead of merely a ranking. Our metric makes use of all the available information. We study, both analytically and numerically, the properties of the proposed metric and the effect of attacks on reputation values

A NOVEL USER PROFILE-BASED FUZZY APPROACH FOR EVALUATING TRUST IN SEMANTIC WEB

ABSTRACT: As a developed World Wide Web architecture, the Semantic Web collects traditional web contents with a formal and understandable semantic using a machine. The main purpose of the Semantic Web is to increase automation, web information processing, and improve interactions and collaboration among information systems. The subject of trust is one of the main challenges in the semantic web. Since different tools and individuals exist in the semantic web, a certain measure of trust in an entity cannot be used and a central system is responsible for data collection and estimating the reliability. In this study, a fuzzy system is used to evaluate the trust measure in the semantic web. For this purpose, the user profile data including a list of pages, user sessions, and visited pages in each session, and the time of page viewings are used as semantic parameters. After determining the general framework of trust in the semantic web, the effectiveness of the above mentioned semantic parameters on the trust measure is investigated and effective parameters are used for evaluation in the fuzzy system. The experiment results show that the proposed fuzzy method with a mean absolute error of 2.5% and an average precision of 97.5% could achieve the right value of trust in the semantic web. ABSTRAK:  Sebagai senibina World Wide Web, Semantik Web mengumpul kandungan web tradisional bersama semantik formal dan mudah difahami menggunakan mesin. Tujuan utama Semantik Web adalah bagi meningkatkan automasi, pemprosesan maklumat web, dan meningkatkan interaksi dan kerjasama antara sistem maklumat. Kepercayaan adalah salah satu cabaran utama dalam web semantik. Disebabkan perbezaan alatan dan pelbagai individu wujud dalam web semantik, langkah tertentu sebagai entiti dipercayai tidak dapat digunakan dan sistem pusat adalah bertanggungjawab bagi pengumpulan data dan kebolehpercayaan anggaran. Dalam kajian ini, sistem rawak telah digunakan bagi menilai tahap kepercayaan dalam web semantik. Bagi tujuan ini, data profil pengguna termasuk senarai halaman, sesi pengguna, dan halaman yang dikunjungi dalam setiap sesi, dan masa paparan halaman telah digunakan sebagai parameter semantik. Selepas menentukan rangka umum kepercayaan dalam web semantik, keberkesanan parameter semantik yang dinyatakan di atas pada ukuran kepercayaan telah disiasat dan parameter yang berkesan telah digunakan bagi penilaian sistem rawak. Keputusan eksperimen menunjukkan bahawa kaedah rawak yang dicadangkan dengan ralat mutlak purata sebanyak 2.5% dan ketepatan purata sebanyak 97.5% dapat mencapai nilai kepercayaan yang benar dalam web semantik

On the reputation of communities of web services

Web services communities are virtual clusters that agglomerate Web services with the same functionality. However, selecting the best community to deal with is challenging to both users and providers. Reputation has been widely used for evaluating and ranking candidates. In this paper, we introduce a reputation-based Web services community architecture and define some of the performance metrics that are needed to assess the reputation of a Web service community as perceived by the users and providers. Copyright 2008 ACM

An adaptive approach for QoS-aware Web service composition

Web service composition is the process of integrating existing web services. It is a prospective method to build an application system. Current approaches, however, only take service function aspect into consideration. With the rapid growth of web service applications and the abundance of service providers, the consumer is facing the inevitability of selecting the maximum satisfied service providers due to the dynamic nature of web services. This requirement brings us some research challenges including a web service quality model, to design a web service framework able to monitor the service\u27s real time quality. A further challenge is to find an algorithm that can handle extensible service quality parameters and has good performance to solve NP-hard web services global selection problem. In this thesis, we propose a web service framework, using an extensible service quality model. A Cultural Algorithm is adopted to accelerate service global selection. We also provide experimental results comparing between Cultural Algorithm with Genetic Algorithm and Random service selection

SATYA: A Reputation-based Approach for Service Discovery and Selection in Service Oriented Architectures

ABSTRACT We present SATYA, a system that computes a reputation value for Web service providers in order to enhance the service discovery and selection process increasing reliability in SOA transactions. In this work, objective values of service evaluations supplied by monitoring entities are used along with subjective evaluations supplied by service consumers. The objective and subjective values are compared in order to: (i) validate subjective evaluations; (ii) minimize the degree of subjectivity of computed reputation values; and (iii) discover consumers' preferences in terms of QoS metrics. By assigning Web services a trustable reputation value, SATYA enhances the service descriptions provided by registries with additional information to be used during the service discovery phase

Finding event-specific influencers in dynamic social networks

Reputation models are widely in use today in commercial transaction (ebay), product review (amazon, epinions), and news commentary websites (slashdot). The purpose of these reputation models is to provide behavioral or informational data for future users to determine whether or not he or she will trust the data. These models are dependent on explicit feedback mechanisms where users rate product, other users, or information. However, for many popular social network information sources on the web, no such explicit feedback systems exist where users rate information in order for consumers of this information to be able to judge the trustworthiness of the data source or the data itself. Here I describe the layers of the problem of determining reputation among users or data during events discussed on social networks, and evaluate data and network analysis methods from varying disciplines that may implicitly infer user or data reputation based on metadata, user relationships and user actions in social networks. I demonstrate that the HITS algorithm is not effective at finding influential users, and propose a new algorithm and demonstrate its effectiveness for finding influential users during an event

A fuzzy model for reasoning about reputation in web services

Reputation systems are typically based on ratings given by the users. When there are no mechanisms in place to de-tect collusion and deception, combining user testimonies as such to form a provider’s reputation may not give an ac-curate assessment, especially if the context of the ratings is not known. Moreover, such systems are vulnerable to manipulations by malicious users. Hence it becomes essen-tial to establish the validity of the ratings prior to using them in formulating reputation based on such ratings. It is important to identify the rationale behind the ratings so that similar ratings (or ratings pertaining to a context) can be aggregated to obtain a reputation value meaningful in that context. We propose a fuzzy approach to analyze user rating behavior to infer the rationale for ratings in a web services environment. This inference of rationale facilitates the system to validate ratings, detect deception and collu-sion, identify user preferences and provide recommendations to users

Game-Theoretic Foundations for Forming Trusted Coalitions of Multi-Cloud Services in the Presence of Active and Passive Attacks

The prominence of cloud computing as a common paradigm for offering Web-based services has led to an unprecedented proliferation in the number of services that are deployed in cloud data centers. In parallel, services' communities and cloud federations have gained an increasing interest in the recent past years due to their ability to facilitate the discovery, composition, and resource scaling issues in large-scale services' markets. The problem is that the existing community and federation formation solutions deal with services as traditional software systems and overlook the fact that these services are often being offered as part of the cloud computing technology, which poses additional challenges at the architectural, business, and security levels. The motivation of this thesis stems from four main observations/research gaps that we have drawn through our literature reviews and/or experiments, which are: (1) leading cloud services such as Google and Amazon do not have incentives to group themselves into communities/federations using the existing community/federation formation solutions; (2) it is quite difficult to find a central entity that can manage the community/federation formation process in a multi-cloud environment; (3) if we allow services to rationally select their communities/federations without considering their trust relationships, these services might have incentives to structure themselves into communities/federations consisting of a large number of malicious services; and (4) the existing intrusion detection solutions in the domain of cloud computing are still ineffective in capturing advanced multi-type distributed attacks initiated by communities/federations of attackers since they overlook the attacker's strategies in their design and ignore the cloud system's resource constraints. This thesis aims to address these gaps by (1) proposing a business-oriented community formation model that accounts for the business potential of the services in the formation process to motivate the participation of services of all business capabilities, (2) introducing an inter-cloud trust framework that allows services deployed in one or disparate cloud centers to build credible trust relationships toward each other, while overcoming the collusion attacks that occur to mislead trust results even in extreme cases wherein attackers form the majority, (3) designing a trust-based game theoretical model that enables services to distributively form trustworthy multi-cloud communities wherein the number of malicious services is minimal, (4) proposing an intra-cloud trust framework that allows the cloud system to build credible trust relationships toward the guest Virtual Machines (VMs) running cloud-based services using objective and subjective trust sources, (5) designing and solving a trust-based maxmin game theoretical model that allows the cloud system to optimally distribute the detection load among VMs within a limited budget of resources, while considering Distributed Denial of Service (DDoS) attacks as a practical scenario, and (6) putting forward a resource-aware comprehensive detection and prevention system that is able to capture and prevent advanced simultaneous multi-type attacks within a limited amount of resources. We conclude the thesis by uncovering some persisting research gaps that need further study and investigation in the future