skip to main content
research-article

A survey of attack and defense techniques for reputation systems

Published: 14 December 2009 Publication History

Abstract

Reputation systems provide mechanisms to produce a metric encapsulating reputation for a given domain for each identity within the system. These systems seek to generate an accurate assessment in the face of various factors including but not limited to unprecedented community size and potentially adversarial environments.
We focus on attacks and defense mechanisms in reputation systems. We present an analysis framework that allows for the general decomposition of existing reputation systems. We classify attacks against reputation systems by identifying which system components and design choices are the targets of attacks. We survey defense mechanisms employed by existing reputation systems. Finally, we analyze several landmark systems in the peer-to-peer domain, characterizing their individual strengths and weaknesses. Our work contributes to understanding (1) which design components of reputation systems are most vulnerable, (2) what are the most appropriate defense mechanisms and (3) how these defense mechanisms can be integrated into existing or future reputation systems to make them resilient to attacks.

References

[1]
Aberer, K. and Despotovic, Z. 2001. Managing trust in a peer-2-peer information system. In CIKM '01: Proceedings of the Tenth International Conference on Information and Knowledge Management. ACM Press, New York, NY, 310--317.
[2]
Adar, E. and Huberman, B. 2000. Free riding on Gnutella. First Monday 5, 10, 2.
[3]
Adler, B. and de Alfaro, L. 2007. A content-driven reputation system for the Wikipedia. In Proceedings of the 16th International Conference on the World Wide Web (WWW). ACM Press, New York, NY, 261--270.
[4]
Akerlof, G. 1970. The market for “lemons”: Quality uncertainty and the market mechanism. Quart. J. Econom. 84, 3, 488--500.
[5]
Altman, A. and Tennenholtz, M. 2005a. On the axiomatic foundations of ranking systems. In Proceedings of the 19th International Joint Conference on Artificial Intelligence. 917--922.
[6]
Altman, A. and Tennenholtz, M. 2005b. Ranking systems: The PageRank axioms. In Proceedings of the 6th ACM Conference on Electronic Commerce. ACM Press New York, NY, 1--8.
[7]
Altman, A. and Tennenholtz, M. 2006. An axiomatic approach to personalized ranking systems. In Proceedings of the 20th International Joint Conference on Artificial Intelligence.
[8]
Aringhieri, R., Damiani, E., Vimercati, S. D. C. D., Paraboschi, S., and Samarati, P. 2006. Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems. J. Am. Soc. Inf. Sci. Technol. 57, 4 (Feb.), 528--537.
[9]
Ba, S. and Pavlou, P. 2002. Evidence of the effect of trust building technology in electronic markets: Price premiums and buyer behavior. MIS Quart. 26, 3, 243--268.
[10]
Bazzi, R. A. and Konjevod, G. 2005. On the establishment of distinct identities in overlay networks. In Proceedings of the 24th Annual ACM Symposium on Principles of Distributed Computing (PODC'05). ACM Press, New York, NY, 312--320.
[11]
Beth, T., Borcherding, M., and Klein, B. 1994. Valuation of trust in open networks. In Computer Security-Esorics 94: Third European Symposium on Research in Computer Security. Springer, Brighton, U.K.
[12]
Buchegger, S. and Le Boudec, J. Y. 2004. A robust reputation system for P2P and mobile ad-hoc networks. In Proceedings of the 2nd Workshop on the Economics of Peer-to-Peer Systems.
[13]
Castro, M., Druschel, P., Ganesh, A., Rowstron, A., and Wallach, D. S. 2002. Secure routing for structured peer-to-peer overlay networks. SIGOPS Oper. Syst. Rev. 36, SI, 299--314.
[14]
Cheng, A. and Friedman, E. 2005. Sybilproof reputation mechanisms. In Applications, Technologies, Architectures, and Protocols for Computer Communication. ACM Press New York, NY, 128--132.
[15]
Cheng, A. and Friedman, E. 2006. Manipulability of PageRank under Sybil strategies. In First Workshop on the Economics of Networked Systems (NetEcon06).
[16]
Cormen, T., Leiserson, C., Rivest, R., and Stein, C. 2001. Introduction to Algorithms. MIT Press, Cambridge, MA.
[17]
Dahan, S. and Sato, M. 2007. Survey of six myths and oversights about distributed hash tables' security. In Proceedings of the 27th International Conference on Distributed Computing Systems Workshops (ICDCSW '07). IEEE Computer Society Press, Los Alamitos, CA.
[18]
Damiani, E., De Capitani Di Vimercati, S. Paraboschi, S., and Samarati, P. 2003. Managing and sharing servants' reputations in P2P systems. IEEE Trans. Knowl. and Data Eng. 15, 4 (July-Aug.), 840--854.
[19]
Damiani, E., di Vimercati, D. C., Paraboschi, S., Samarati, P., and Violante, F. 2002. A reputation-based approach for choosing reliable resources in peer-to-peer networks. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS'02). ACM Press, New York, NY, 207--216.
[20]
Dellarocas, C. 2003. The digitization of word-of-mouth: Promise and challenges of online feedback mechanisms. Manage. Sci. 49, 10 (Oct.), 1407--1424.
[21]
Dimitriou, T., Karame, G., and Christou, I. 2007. SuperTrust: A secure and efficient framework for handling trust in super peer networks. In Proceedings of ACM PODC.
[22]
Douceur, J. R. 2002. The Sybil attack. In Proceedings of the 1st International Workshop on Peer-to-Peer Systems (IPTPS). Springer, Berlin/Heidelberg, Germany, 251--260.
[23]
Eugster, P., Handurukande, S., Guerraoui, R., Kermarrec, A.-M., and Kouznetsov, P. 2001. Lightweight probabilistic broadcast. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'01).
[24]
Feldman, M., Lai, K., Stoica, I., and Chuang, J. 2004. Robust incentive techniques for peer-to-peer networks. In Proceedings of the 5th ACM Conference on Electronic Commerce 1, 1, 102--111.
[25]
Flocchini, P., Nayak, A., and Xie, M. 2007. Enhancing peer-to-peer systems through redundancy. IEEE J. Select. Areas Commun. 25, 1 (Jan.), 15--24.
[26]
Friedman, E., Resnick, P., and Sami, R. 2007. Algorithmic Game Theory. Cambridge University Press, Cambridge, U.K.
[27]
Friedman, E. J. and Resnick, P. 2001. The social cost of cheap pseudonyms. Econom. Manage. Strat. 10, 2, 173--199.
[28]
Guha, R., Kumar, R., Raghavan, P., and Tomkins, A. 2004. Propagation of trust and distrust. In Proceedings of the 13th International Conference on the World Wide Web (WWW'04). ACM Press, New York, NY, 403--412.
[29]
Ham, M. and Agha, G. 2005. ARA: A robust audit to prevent free-riding in P2P networks. In Fifth IEEE International Conference on Peer-to-Peer Computing (P2P). 125--132.
[30]
Houser, D. and Wooders, J. 2006. Reputation in auctions: Theory, and evidence from eBay. J. Econom. Manage. Strat. 15, 2 (June), 353--369.
[31]
Jøsang, A., Ismail, R., and Boyd, C. 2007. A survey of trust and reputation systems for online service provision. Decis. Supp. Syst. 43, 2 (Mar.), 618--644.
[32]
Kamvar, S. D., Schlosser, M. T., and Garcia-Molina, H. 2003. The EigenTrust algorithm for reputation management in P2P networks. In Proceedings of the 12th International Conference on the World Wide Web (WWW'03). ACM Press, New York, NY, 640--651.
[33]
Khopkar, T., Li, X., and Resnick, P. 2005. Self-selection, slipping, salvaging, slacking, and stoning: The impacts of negative feedback at eBay. In Proceedings of the 6th ACM Conference on Electronic Commerce (EC'05). ACM Press, New York, NY, 223--231.
[34]
Lai, K., Feldman, M., Stoica, I., and Chuang, J. 2003. Incentives for cooperation in peer-to-peer networks. In Proceedings of the Workshop on Economics of Peer-to-Peer Systems.
[35]
Lee, S., Sherwood, R., and Bhattacharjee, B. 2003. Cooperative peer groups in Nice. In Proceedings of the IEEE INFOCOM.
[36]
Levien, R. 2003. Attack Resistant Trust Metrics. Ph.D. dissertation. University of California at Berkeley, Berkeley, CA. http://www.levien.com/thesis/compact.pdf.
[37]
Li, F. and Wu, J. 2007. Mobility reduces uncertainty in MANETs. In Proceedings of IEEE INFOCOM.
[38]
Lian, Q., Zhang, Z., Yang, M., Zhao, B., Dai, Y., and Li, X. 2007. An empirical study of collusion behavior in the Maze P2P file-sharing system. In Proceedings of the 27th International Conference on Distributed Computing Systems (ICDCS). IEEE Computer Society Press, Los Alamitos, CA.
[39]
Lin, K., Lu, H., Yu, T., and Tai, C. 2005. A reputation and trust management broker framework for Web applications. In Proceedings of the 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service (EEE). IEEE Computer Society Press, Los Alamitos, CA. 262--269.
[40]
Marti, S. and Garcia-Molina, H. 2004. Limited reputation sharing in P2P systems. In Proceedings of the 5th ACM Conference on Electronic Commerce (EC'04). ACM Press, New York, NY, 91--101.
[41]
Marti, S. and Garcia-Molina, H. 2006. Taxonomy of trust: Categorizing P2P reputation systems. Comput. Netw. Internat. J. Comput. Telecommun. Netw. 50, 472--484.
[42]
Matei, R., Iamnitchi, A., and Foster, P. 2002. Mapping the Gnutella network. IEEE Internet Comput. 6, 1 (Jan.-Feb.), 50--57.
[43]
Michiardi, P. and Molva, R. 2002. CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks. In Proceedings of the IFIP TC6/TC11 6th Joint Working Conference on Communications and Multimedia Security. Kluwer, B.V., Deventer, The Netherlands, 107--121.
[44]
Morselli, R., Katz, J., and Bhattacharjee, B. 2004. A game-theoretic framework for analyzing trust-inference protocols. In Proceedings of the 2nd Workshop on the Economics of Peer-to-Peer Systems.
[45]
Nandi, A., Ngan, T.-W., Singh, A., Druschel, P., and Wallach, D. S. 2005. Scrivener: Providing incentives in cooperative content distribution systems. Middleware 1, 1 (Nov.), 270--291.
[46]
Page, L., Brin, S., Motwani, R., and Winograd, T. 1998. The PageRank citation ranking: Bringing order to the Web. Tech. rep. Stanford Digital Library Technologies Project, Stanford University, Stanford, CA.
[47]
Piatek, M., Isdal, T., Anderson, T., Krishnamurthy, A., and Venkataramani, A. 2007. Do incentives build robustness in BitTorrent? In Proceedings of the 4th USENIX Symposium on Networked Systems Design and Implementation (NSDI).
[48]
Ratnasamy, S., Francis, P., Handley, M., Karp, R., and Shenker, S. 2000. A scalable content addressable network. Tech. rep. TR-00-010, UC Berkeley, Berkeley, CA.
[49]
Reed, I. S. and Solomon, G. 1960. Polynomial codes over certain finite fields. J. Soc. Indust. Appl. Math. 8, 2 (June), 300--304.
[50]
Resnick, P., Kuwabara, K., Zeckhauser, R., and Friedman, E. 2000. Reputation systems. Commun. ACM 43, 12, 45--48.
[51]
Resnick, P., Zeckhauser, R., Swanson, J., and Lockwood, K. 2006. The value of reputation on eBay: A controlled experiment. Experiment. Econom. 9, 2 (June), 79--101.
[52]
Rowstron, A. and Druschel, P. 2001. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. Middleware 11, 329--350.
[53]
Singh, A. and Liu, L. 2003. TrustMe: Anonymous management of trust relationships in decentralized P2P systems. In Proceedings of the 3rd International Conference on Peer-to-Peer Computing (P2P'03). 142--149.
[54]
Song, S., Hwang, K., Zhou, R., and Kwok, Y.-K. 2005. Trusted P2P transactions with fuzzy reputation aggregation. IEEE Internet Comput. 9, 6 (Nov.-Dec.), 24--34.
[55]
Srivatsa, M., Xiong, L., and Liu, L. 2005. TrustGuard: Countering vulnerabilities in reputation management for decentralized overlay networks. In Proceedings of the 14th International Conference on the World Wide Web (WWW'05). ACM Press, New York, NY, 422--431.
[56]
Stoica, I., Morris, R., Karger, D., Kaashoek, F., and Balakrishnan, H. 2001. Chord: A scalable peer-to-peer lookup service for Internet applications. In Proceedings of the ACM SIGCOMM Conference. 149--160.
[57]
Survey. 2005. E-crime watch survey. http://www.cert.org/archive/pdf/ecrimesurvey05.pdf.
[58]
Suryanarayana, G. and Taylor, R. N. 2004. A survey of trust management and resource discovery technologies in peer-to-peer applications. Tech. rep. UCI-ISR-04-6, UC Irvine, Irvine, CA.
[59]
Walsh, K. and Sirer, E. G. 2006. Experience with an object reputation system for peer-to-peer filesharing. In Proceedings of the Symposium on Networked System Design and Implementation (NSDI).
[60]
Xiong, L. and Liu, L. 2002. Building Trust in Decentralized Peer-to-Peer Electronic Communities. In Proceedings of the International Conference on Electronic Commerce Research (ICECR-5).
[61]
Xiong, L. and Liu, L. 2003. A reputation-based trust model for peer-to-peer e-commerce communities. In Proceedings of the IEEE Conference on Electronic Commerce.
[62]
Xiong, L., Liu, L., and Ahamad, M. 2005. Countering sparsity and vulnerabilities in reputation systems. Tech. rep. TR-2005-017-A. Emory University, Atlanta, GA.
[63]
Yu, B. and Singh, M. P. 2000. A Social Mechanism of Reputation Management in Electronic Communities, Coop. Inform. Agents 1, 1, 154--165.
[64]
Yu, H., Gibbons, P., Kaminsky, M., and Xiao, F. 2008. A near-optimal social network defense against Sybil attacks. In Proceedings of the IEEE Symposium on Security and Privacy.
[65]
Yu, H., Kaminsky, M., Gibbons, P. B., and Flaxman, A. 2006. SybilGuard: Defending against Sybil attacks via social networks. In Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM'06). ACM Press, New York, NY, 267--278.
[66]
Zage, D. J. and Nita-Rotaru, C. 2007. On the accuracy of decentralized network coordinates in adversarial networks. In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS'07). ACM Press, New York, NY.
[67]
Zhao, B. Y., Kubiatowicz, J. D., and Joseph, A. D. 2001. Tapestry: An infrastructure for fault-tolerant wide-area location and routing. Tech. rep. UCB/CSD-01-1141, UC Berkeley, Berkeley, CA.
[68]
Zhou, R. and Hwang, K. 2006. Trust overlay networks for global reputation aggregation in P2P grid computing. In Proceedings of the 20th International Parallel and Distributed Processing Symposium (IPDPS).
[69]
Zhou, R. and Hwang, K. 2007. PowerTrust: A robust and scalable reputation system for trusted peer-to-peer computing. IEEE Trans. Parall. Distrib. Syst. 18, 4, 460--473.
[70]
Zimmermann, P. 1995. The Official PGP User's Guide. MIT Press Cambridge, MA.

Cited By

View all
  • (2025)Using Trust and Reputation for Detecting Groups of Colluded Agents in Social NetworksIEEE Access10.1109/ACCESS.2024.352256013(1511-1521)Online publication date: 2025
  • (2025)SeCTIS: A framework to Secure CTI SharingFuture Generation Computer Systems10.1016/j.future.2024.107562164(107562)Online publication date: Mar-2025
  • (2024)Entropy-Based Trust Management System for Mitigating Malicious Behaviors in Trust Management Systems, Considering Information Ethics TheorySignal and Data Processing10.61186/jsdp.20.4.320:4(3-22)Online publication date: 1-Mar-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys
ACM Computing Surveys  Volume 42, Issue 1
December 2009
162 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/1592451
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 December 2009
Accepted: 01 June 2008
Revised: 01 March 2008
Received: 01 September 2007
Published in CSUR Volume 42, Issue 1

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Reputation
  2. attack mitigation
  3. attacks
  4. collusion
  5. defense techniques
  6. incentives
  7. peer-to-peer
  8. trust

Qualifiers

  • Research-article
  • Research
  • Refereed

Funding Sources

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)110
  • Downloads (Last 6 weeks)13
Reflects downloads up to 16 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2025)Using Trust and Reputation for Detecting Groups of Colluded Agents in Social NetworksIEEE Access10.1109/ACCESS.2024.352256013(1511-1521)Online publication date: 2025
  • (2025)SeCTIS: A framework to Secure CTI SharingFuture Generation Computer Systems10.1016/j.future.2024.107562164(107562)Online publication date: Mar-2025
  • (2024)Entropy-Based Trust Management System for Mitigating Malicious Behaviors in Trust Management Systems, Considering Information Ethics TheorySignal and Data Processing10.61186/jsdp.20.4.320:4(3-22)Online publication date: 1-Mar-2024
  • (2024)Consensus Clustering for Simulation-Based Reputation Measurement for Online ServicesInternational Journal of Gaming and Computer-Mediated Simulations10.4018/IJGCMS.36199716:1(1-18)Online publication date: 16-Aug-2024
  • (2024)A Survey on Reputation Systems for UAV NetworksDrones10.3390/drones80602538:6(253)Online publication date: 8-Jun-2024
  • (2024)Backdoor Attacks in Peer-to-Peer Federated LearningACM Transactions on Privacy and Security10.1145/369163328:1(1-28)Online publication date: 22-Oct-2024
  • (2024)A Systematic Review of Blockchain-Based Privacy-Preserving Reputation Systems for IoT ApplicationsDistributed Ledger Technologies: Research and Practice10.1145/36741563:4(1-40)Online publication date: 8-Dec-2024
  • (2024)A Trust and Reputation System for Examining Compliance with Access ControlProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670883(1-10)Online publication date: 30-Jul-2024
  • (2024)Identifying Risky Vendors in Cryptocurrency P2P MarketplacesProceedings of the ACM Web Conference 202410.1145/3589334.3645475(99-110)Online publication date: 13-May-2024
  • (2024)Secret Protections With Costs and Disruptiveness in Discrete-Event Systems Using CentralitiesIEEE Transactions on Automatic Control10.1109/TAC.2023.332353169:7(4380-4395)Online publication date: Jul-2024
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media