IntroductionRelated workPreliminariesPageRankEigenTrustTruncated PageRankEstimation of supportersBadRankThe simulation platformThreat ModelsAlgorithmsEvaluationConclusionsReferencesNew Metrics for Reputation Management in P2P NetworksDebora [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]! ResearchBarcelona, Spain2Consorzio Universita IndustriaRadiolabs - University of RomeTor Vergata - Rome, Italy3DIS - University of Rome“La Sapienza”Rome, ItalyABSTRACTIn this work we study the effectiveness of mechanisms fordecentralized reputation management in P2P networks. Wedepart from EigenTrust, an algorithm designed for reputa-tion management in file sharing applications over p2p net-works. EigenTrust has been proved very effective againstthree different natural attacks from malicious coalitions whileit performs po orly on particular attack organized by two d if-ferent kinds of malicious peers. We propose various metricsof reputation based on ideas recently introduced for detect-ing and demoting Web spam. We combine these metricswith the original EigenTrust approach. Our mechanisms aremore effective than EigenTrust alone for detecting maliciouspeers and reducing the number of inauthentic downloads notonly for all the cases p reviously addressed but also for moresophisticated attacks.Categories and Subject Descriptors: H.4 [InformationSystems Applications]: Miscellaneous; H.3.3 [InformationStorage and Retrieval]: Information Search and Retrieval;H.3.4 [Information Storage and Retrieval]: Systems and Soft-ware – Distributed SystemsGeneral Terms: Algorithms, Security.Keywords: Peer-to-Peer, Trust, Reputation, DistributedSystems1. INTRODUCTIONDecentralized environments, such as Peer to Peer (P2P)networks, are increasingly spreading through the Internet.Their open structure indeed offers the possibility of sharinga huge quantity of information and resources. The mainstrength and at the same time main problem of t hese kindof networks is the lack of a central authority that can pro-vide information about the performance of individual peers,or guarantee and certify the quality of the shared resources.The concept of ‘shared resource’ or ‘performance’ is veryPermission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies arenot made or distributed for profit or commercial advantage and that copiesbear this notice and the full citation on the first page. To copy otherwise, torepublish, to post on servers or to redistribute to lists, requires prior specificpermission and/or a fee.AIRWeb ’07, May 8, 2007 Banff, Alberta, Canada.Copyright 2007 ACM 978-1-59593-732-2 ...$5.00.general here. In fact, it can encompass both application-level behavior of a peer n ode (or even of its user), such asquality of information the peer is sharing, or ‘infrastructure-level’ behavior, such as the bandwidth the p eer has avail-able, the response time in performing a certain transaction,availability of the peer, and the like. We seek mechanismsthat allow peers of a network to collect information and es-timate metrics, describing the performance and quality ofother peers, without resorting to a centralized service. Tofit with the characteristics of peer-to-peer networks, whereindividuals or coalitions of peers may alter the measure-ments to obtain some advantage, such mechanisms shouldbe robust against malicious peers. Our aim is to enable adistributed algorithm that is run by autonomous untrustedagents to be sufficiently reliable, efficient and secure [10].In the kind of applications we are interested in, we are of-ten concerned with assisting a peer, which need s to engagewith another peer to perform some kind of transaction, inthe selection of a peer which has the desired characteris-tics with respect to some metric. Also, we need to assisthim with the rating of the information coming from otherpeers. In general, any distributed application where theremight be several providers of a service, would benefit fromthis work. Data overlays and collaborative content d istribu-tion systems h ave a need for a distributed metrics evaluationmechanism. The first scenario where we apply this approachis fi le sharing in a peer-to-peer network where a number ofmalicious peers provide corrupt ed data. The goal is to pro-vide a quick access to a trustworthy source and above all toupdate and retrieve quickly trust ratings of peers. This re-quires the implementation of tools for distributing efficientlytrust computation between a number of honest peers. Thefinal goal is t o implement a system that is able to alter thenatural scheme of selection of the transacting peers in or-der t o maximize the number of authentic downloads withoutunbalancing the load in the network.Our contribution: We depart from EigenTrust, an al-gorithm proposed in [8] for file sharing in p2p systems. Inthis work we presented various metrics that can be easilyintegrated with EigenTrust to build a reputation system,that is, a system able to ”assist agents in choosing a reliablepeer to transact with when one or more have offered theagent a service or resource” [10]. Our main contributionsare summarized as follows.– We adapt Truncated PageRank, Bit Propagation [4]and BadRank [1] to the P2P file sharing framework.– We introduce a number of new attack models that, tothe best of our knowledge, have not been addressed before.– We introduce a new metric, called dishonesty, whichprevents malicious peers from lying.– We show that our combined approaches are moreefficacious than EigenTrust in reducing the amount of in-authentic downloads for all th e cases in which EigenTrustalone is not sufficient.The rest of the document is organized as follows. Sec-tion2 describes previous work on P2P reputation manage-ment systems. In Section3, we present the algorithms wemodify and integrate in our reputation system. Section4presents the experimental framework and the metrics weevaluate. I n Section5, we present the five threat models in-troduced in [8] and two more sophisticated k ind of attacks.In Section6, we show how to apply the algorithms originallydeveloped to detect Web spam in the context of file shar-ing. Experimental results are given in Section 7. Finally,Section8 presents conclusions and