정보 수준을 이용한 강건한 시빌공격 방어 알고리즘 설계 및 분석

학위논문 (박사)-- 서울대학교 대학원 : 전기·컴퓨터공학부, 2014. 8. 김종권.추천 시스템(Recommender System, RS)은 궁극적인 소비자 (즉, 추천 시스템 사용자)에게 상업적인 아이템들을 추천해 주는 것이 주요 기능이다. 추천 시스템에서 정확한 정보를 제공하는 것은 추천 서비스 공급자와 시스템 사용자 모두에게 중요하다. 온라인 소셜 네트워크의 확산으로 추천 시스템의 영향력은 급격히 증가하고 있다. 반면에 추천 시스템의 의도와는 반대로 정보를 조작하는 거짓 아이덴터티들을 사용한 악의적인 사용자들의 추천 시스템에 대한 공격이 증가하고 있다. 이러한 거짓 아이덴터티들을 활용한 공격을 시빌(Sybil) 공격이라 부른다. 본 논문에서는 다른 연구에서 소개된 적이 없는 어드미션 통제 개념을 활용한 RobuRec이라 불리는 새로운 강건한 추천 시스템을 제안한다. 어드미션 통제라는 강력한 개념을 활용하여 정직한 사용자가 생성한 평가인지 혹은 시빌 아이덴터티들을 활용한 악의적인 평가인지에 관계없이 고신뢰 수준의 추천을 예측할 수 있다. RobuRec 시스템의 성능을 보이기 위해, 본 논문에서는 여러가지 가능한 시빌 공격 시나리오는 물론 다양한 데이터셋을 활용하여 광범위한 실험을 수행하였다. RobuRec은 실험 및 분석을 통해 RobuRec과 비교 가능한 PCA (Principal Component Analysis) 방식 및 LTSMF (Least Trimmed Squared Matrix Factorization) 방식보다 프리딕션 쉬프트 (Prediction Shift, PS) 및 적중 비율(Hit Ratio, HR)에서 월등한 성능을 보여 주었다.As the major function of Recommender Systems (RSs) is recommending commercial items to potential consumers (i.e., system users), providing correct information of RS is crucial to both RS providers and system users. The influence of RS over Online Social Networks (OSNs) is expanding rapidly, whereas malicious users continuously try to attack the RSs with fake identities (i.e., Sybils) by manipulating the information in the RS adversely. In this thesis, we propose a novel robust recommendation algorithm called RobuRec which exploits a distinctive feature, admission control. RobuRec provides highly Trusted recommendation results since RobuRec predicts appropriate recommendations regardless of whether the ratings are given by honest users or by Sybils thanks to the power of admission control. To demonstrate the performance of RobuRec, we have conducted extensive exper iments with various datasets as well as diverse attack scenarios. The evaluation results confirm that RobuRec outperforms the comparable schemes such as Principal Component Analysis (PCA) and Least Trimmed Squared Matrix Factorization (LTSMF) significantly in terms of Prediction Shift (PS) and Hit Ratio (HR).Chapter 1 Introduction 1 1.1 Background . . . . . . . . . . . . . . . . . . . 1 1.2 Goal and Contribution . . . . . . . . . . . . . . 3 1.3 Thesis Organization . . . . . . . . . . . . . . . 6 Chapter 2 Related Work 7 2.1 RS approaches . . . . . . . . . . . . . . . . . . 7 2.2 Sybil Attack Defense . . . . . . . . . . . . . . 9 2.3 Robust RS Approaches . . . . . . . . . . . . . . 10 Chapter 3 System Model 13 3.1 Target Applications . . . . . . . . . . . . . . 17 3.2 Strong Attacker . . . . . . . . . . . . . . . . 17 3.3 Attack Model . . . . . . . . . . . . . . . . . . 18 3.4 Model Assumptions . . . . . . . . . . . . . . . 21 Chapter 4 RobuRec Design 23 4.1 Algorithm Intuition . . . . . . . . . . . . . . 23 4.2 Initialization Phase . . . . . . . . . . . . . . 25 4.3 Admission Control Phase . . . . . . . . . . . . 26 4.4 Rating Prediction Phase . . . . . . . . . . . . 30 4.5 Dynamic Parameter Control . . . . . . . . . . . 35 4.5.1 Simplifying Control Parameters . . . . . . . . 36 4.5.2 Dynamic Cmax Control . . . . . . . . . . . . . 37 4.5.3 Dynamic Global and Local Control . . . . . . 42 Chapter 5 Evaluation and Analysis 45 5.1 Evaluation Metrics . . . . . . . . . . . . . . . 45 5.2 Parameter (alpha) Study . . . . . . . . . . . . 47 5.3 Datasets and Setup . . . . . . . . . . . . . . . 48 5.4 Results and Analysis . . . . . . . . . . . . . . 52 5.4.1 Performance on PS . . . . . . . . . . . . . . 52 5.4.2 Impact of Filler Size . . . . . . . . . . . . 55 5.4.3 Impact of Target Selection Strategy . . . . . 58 5.4.4 Dynamic Parameter Control . . . . . . . . . . 59 5.4.5 Performance on HR . . . . . . . . . . . . . . 62 5.4.6 Analysis on Escaping Probability . . . . . . . 63 Chapter 6 Conclusion 67Docto

SocialLink: a Social Network Based Trust System for P2P File Sharing Systems

In peer-to-peer (P2P) file sharing systems, many autonomous peers without preexisting trust relationships share files with each other. Due to their open environment and distributed structure, these systems are vulnerable to the significant impact from selfish and misbehaving nodes. Free-riding, whitewash, collusion and Sybil attacks are common and serious threats, which severely harm non-malicious users and degrade the system performance. Many trust systems were proposed for P2P file sharing systems to encourage cooperative behaviors and punish non-cooperative behaviors. However, querying reputation values usually generates latency and overhead for every user. To address this problem, a social network based trust system (i.e., SocialTrust) was proposed that enables nodes to first request files from friends without reputation value querying since social friends are trustable, and then use trust systems upon friend querying failure when a node\u27s friends do not have its queried file. However, trust systems and SocialTrust cannot effectively deal with free-riding, whitewash, collusion and Sybil attacks. To handle these problems, in this thesis, we introduce a novel trust system, called SocialLink, for P2P file sharing systems. By enabling nodes to maintain personal social network with trustworthy friends, SocialLink encourages nodes to directly share files between friends without querying reputations and hence reduces reputation querying cost. To guarantee the quality of service (QoS) of file provisions from non-friends, SocialLink establishes directionally weighted links from the server to the client with successful file transaction history to constitute a weighted transaction network , in which the link weight is the size of the transferred file. In this way, SocialLink prevents potential fraudulent transactions (i.e., low-QoS file provision) and encourages nodes to contribute files to non-friends. By constraining the connections between malicious nodes and non-malicious nodes in the weighted transaction network, SocialLink mitigates the adverse effect from whitewash, collusion and Sybil attacks. By simulating experiments, we demonstrate that SocialLink efficiently saves querying cost, reduces free-riding, and prevents damage from whitewash, collusion and Sybil attacks

A Trust Management Framework for Decision Support Systems

In the era of information explosion, it is critical to develop a framework which can extract useful information and help people to make “educated” decisions. In our lives, whether we are aware of it, trust has turned out to be very helpful for us to make decisions. At the same time, cognitive trust, especially in large systems, such as Facebook, Twitter, and so on, needs support from computer systems. Therefore, we need a framework that can effectively, but also intuitively, let people express their trust, and enable the system to automatically and securely summarize the massive amounts of trust information, so that a user of the system can make “educated” decisions, or at least not blind decisions. Inspired by the similarities between human trust and physical measurements, this dissertation proposes a measurement theory based trust management framework. It consists of three phases: trust modeling, trust inference, and decision making. Instead of proposing specific trust inference formulas, this dissertation proposes a fundamental framework which is flexible and can be adapted by many different inference formulas. Validation experiments are done on two data sets: the Epinions.com data set and the Twitter data set. This dissertation also adapts the measurement theory based trust management framework for two decision support applications. In the first application, the real stock market data is used as ground truth for the measurement theory based trust management framework. Basically, the correlation between the sentiment expressed on Twitter and stock market data is measured. Compared with existing works which do not differentiate tweets’ authors, this dissertation analyzes trust among stock investors on Twitter and uses the trust network to differentiate tweets’ authors. The results show that by using the measurement theory based trust framework, Twitter sentiment valence is able to reflect abnormal stock returns better than treating all the authors as equally important or weighting them by their number of followers. In the second application, the measurement theory based trust management framework is used to help to detect and prevent from being attacked in cloud computing scenarios. In this application, each single flow is treated as a measurement. The simulation results show that the measurement theory based trust management framework is able to provide guidance for cloud administrators and customers to make decisions, e.g. migrating tasks from suspect nodes to trustworthy nodes, dynamically allocating resources according to trust information, and managing the trade-off between the degree of redundancy and the cost of resources

Web3Recommend: Decentralised recommendations with trust and relevance

Web3Recommend is a decentralized Social Recommender System implementation that enables Web3 Platforms on Android to generate recommendations that balance trust and relevance. Generating recommendations in decentralized networks is a non-trivial problem because these networks lack a global perspective due to the absence of a central authority. Further, decentralized networks are prone to Sybil Attacks in which a single malicious user can generate multiple fake or Sybil identities. Web3Recommend relies on a novel graph-based content recommendation design inspired by GraphJet, a recommendation system used in Twitter enhanced with MeritRank, a decentralized reputation scheme that provides Sybil-resistance to the system. By adding MeritRank's decay parameters to the vanilla Social Recommender Systems' personalized SALSA graph algorithm, we can provide theoretical guarantees against Sybil Attacks in the generated recommendations. Similar to GraphJet, we focus on generating real-time recommendations by only acting on recent interactions in the social network, allowing us to cater temporally contextual recommendations while keeping a tight bound on the memory usage in resource-constrained devices, allowing for a seamless user experience. As a proof-of-concept, we integrate our system with MusicDAO, an open-source Web3 music-sharing platform, to generate personalized, real-time recommendations. Thus, we provide the first Sybil-resistant Social Recommender System, allowing real-time recommendations beyond classic user-based collaborative filtering. The system is also rigorously tested with extensive unit and integration tests. Further, our experiments demonstrate the trust-relevance balance of recommendations against multiple adversarial strategies in a test network generated using data from real music platforms