Reputation Systems: A framework for attacks and frauds classification

Reputation and recommending systems have been widely used in e-commerce, as well as online collaborative networks, P2P networks and many other contexts, in order to provide trust to the participants involved in the online interaction. Based on a reputation score, the e-commerce user feels a sense of security, leading the person to trust or not when buying or selling. However, these systems may give the user a false sense of security due to their gaps. This article discusses the limitations of the current reputation systems in terms of models to determine the reputation score of the users. We intend to contribute to the knowledge in this field by providing a systematic overview of the main types of attack and fraud found in those systems, proposing a novel framework of classification based on a matrix of attributes. We believe such a framework could help analyse new types of attacks and fraud. Our work was based on a systematic literature review methodology.info:eu-repo/semantics/publishedVersio

Collusion in Peer-to-Peer Systems

Peer-to-peer systems have reached a widespread use, ranging from academic and industrial applications to home entertainment. The key advantage of this paradigm lies in its scalability and flexibility, consequences of the participants sharing their resources for the common welfare. Security in such systems is a desirable goal. For example, when mission-critical operations or bank transactions are involved, their effectiveness strongly depends on the perception that users have about the system dependability and trustworthiness. A major threat to the security of these systems is the phenomenon of collusion. Peers can be selfish colluders, when they try to fool the system to gain unfair advantages over other peers, or malicious, when their purpose is to subvert the system or disturb other users. The problem, however, has received so far only a marginal attention by the research community. While several solutions exist to counter attacks in peer-to-peer systems, very few of them are meant to directly counter colluders and their attacks. Reputation, micro-payments, and concepts of game theory are currently used as the main means to obtain fairness in the usage of the resources. Our goal is to provide an overview of the topic by examining the key issues involved. We measure the relevance of the problem in the current literature and the effectiveness of existing philosophies against it, to suggest fruitful directions in the further development of the field

SMART: A Subspace based Malicious Peers Detection algorithm for P2P Systems

In recent years, reputation management schemes have been proposed as promising solutions to alleviate the blindness during peer selection in distributed P2P environment where malicious peers coexist with honest ones. They indeed provide incentives for peers to contribute more resources to the system and thus promote the whole system performance. But few of them have been implemented practically since they still suffer from various security threats, such as collusion, Sybil attack and so on. Therefore, how to detect malicious peers plays a critical role in the successful work of these mechanisms, and it will also be our focus in this paper. Firstly, we define malicious peers and show their influence on the system performance. Secondly, based on Multiscale Principal Component Analysis (MSPCA) and control chart, a Subspace based MAlicious peeRs deTecting algorithm (SMART) is brought forward. SMART first reconstructs the original reputation matrix based on subspace method, and then finds malicious peers out based on Shewhart control chart. Finally, simulation results indicate that SMART can detect malicious peers efficiently and accurately

A Layered Architecture and Taxonomy for Blockchain-empowered Reputation-based Reward Systems

Blockchain based rating and review systems have changed the operational structure of the traditional market by introducing characteristics like immutability, security, anonymity etc. to liberate users from potential malicious acts of sellers such as altering and hiding ratings or reviews, collusion with users or service providers. The lack of standardization for developing decentralized applications does not depict flow of information and cataloguing of specific functions and roles for a particular set of tasks. The development of decentralized applications for e-commerce systems is in its immature age of progress and has lack of interoperable sharing of data and workflows for new innate systems. Thus, it is significant to catalogue blockchain-based rating and review systems by identifying key parameters to generate a taxonomy and develop a conceptual layered framework for identifying core components and their interaction. This manuscript presents a substantial analysis of existing blockchain-empowered reputation-based reward systems. It uses an iterative approach following observed to rational and rational to observed for taxonomy development. The analysis results identify 11 key parameters for categorizing systems and propose a 4 layered architecture to signify IPFS, P2P network, Blockchain and DApps. The proposed model identifies underlying subsystems, their services, and their interaction. The new taxonomy identifies natural roadmaps in system development process. This study is key because it allows developers to design new reputation-based reward framework in different dimensions by following an open workflow with a common understanding of underlying core entities

Blockchain Nodes are Heterogeneous and Your P2P Overlay Should be Too: PODS

At the core of each blockchain system, parties communicate through a peer-to-peer (P2P) overlay. Unfortunately, recent evidence suggests these P2P overlays represent a significant bottleneck for transaction throughput and scalability. Furthermore, they enable a number of attacks. We argue that these performance and security problems arise because current P2P overlays cannot fully capture the complexity of a blockchain system as they do not offer flexibility to accommodate node heterogeneity. We propose a novel approach to address these issues: P2P Overlay Domains with Sovereignty (PODS), which allows nodes in a single overlay to belong to multiple heterogeneous groups, called domains. Each domain features its own set of protocols, tailored to the characteristics and needs of its nodes. To demonstrate the effectiveness of PODS, we design and implement two novel node discovery protocols: FedKad and SovKad. Using a custom simulator, we show that node discovery using PODS (SovKad) architecture outperforms both single overlay (Kademlia) and multi-overlay (FedKad) architectures in terms of hop count and success rate, though FedKad requires slightly less bandwidth

Blockchain-based reputation models for e-commerce: a systematic literature review

The Digital Age is the present, and nobody can deny that. With it has come a digital transformation in various sectors of activity, and e-commerce is no exception. Over the last few decades, there has been a massive increase in its utilization rates, as it has several advantages over traditional commerce. At the same time, the rise in the number of crimes on the Internet and, consequently, the understanding of the risks involved in online shopping has led consumers to become more cautious, looking for information about the seller and taking it into account when making a purchase decision. The need to get to know the merchant better before making a purchase decision has encouraged the creation of reputation systems, whose services play an essential role in today's e-commerce context. Reputation systems act as mechanisms to reduce information asymmetry between consumers and sellers and establish rankings that attest to fulfilling standards and policies considered necessary for shops operating in the digital market. The critical problems in current reputation systems are the frauds and attacks that such systems currently have to deal with, which results in a lack of trust between users. These security and fraud issues are critical because users' trust is commonly based on reputation models, and many of these current systems are not immune to them, thus compromising e-commerce growth. The need for a better and safer model emerges with the development of e-commerce. Through reading the articles and pursuing the answers to the primary questions, blockchain is data register technology to be analysed in order to gain a better acknowledgment of the potential of such technology. More research work and investigation must be done to fully understand how to create a more assertive reputation model. Thus, this study systematizes the knowledge generated by reputation models in E-commerce studies in Scopus, WoS databases, and Google Scholar, using PRISMA methodology. A systematic approach was adopted in conducting a literature review. The need for a systematic literature review came from the knowledge that there are reputation systems that mitigate some of the problems. In addition to identifying some indicators used in reputation models, we also conclude that these models could help provide some insurance to buyers and sellers, with a commitment to being a problem solver, being able to mitigate known problems such as Collusion, Sybil attacks, laundering attacks, and preventing online fraud ranging from ballot stuffing and bad-mouthing. Nevertheless, the results of the present work demonstrate that even though these reputation models still cannot solve all of the problems, attacking one fraud opens the door to an attack. The architecture of the models was identified, with the realization that a few lacks that need to be fulfilled