Ruichuan Chen,Eng Keong Lua,Zhuhua Cai,Jon Crowcroft,Zhong Chen

DOI: https://doi.org/10.48550/arXiv.1108.1343

2011-08-05

Networking and Internet Architecture

Abstract:Peer-to-Peer (P2P) content sharing systems are susceptible to the content pollution attack, in which attackers aggressively inject polluted contents into the systems to reduce the availability of authentic contents, thus decreasing the confidence of participating users. In this paper, we design a pollution-free P2P content sharing system, Green, by exploiting the inherent content-based information and the social-based reputation. In Green, a content provider (i.e., creator or sharer) publishes the information of his shared contents to a group of content maintainers self-organized in a security overlay for providing the mechanisms of redundancy and reliability, so that a content requestor can obtain and filter the information of his requested content from the associated maintainers. We employ a reputation model to help the requestor better identify the polluted contents, and then utilize the social (friend-related) information to enhance the effectiveness and efficiency of our reputation model. Now, the requestor could easily select an authentic content version for downloading. While downloading, each requestor performs a realtime integrity verification and takes prompt protection to handle the content pollution. To further improve the system performance, we devise a scalable probabilistic verification scheme. Green is broadly applicable for both structured and unstructured overlay applications, and moreover, it is able to defeat various kinds of content pollution attacks without incurring significant overhead on the participating users. The evaluation in massive-scale networks validates the success of Green against the content pollution.

JunPeng Mao,Yanli Cui,JianHua Huang,JianBiao Zhang

DOI: https://doi.org/10.1109/iita.2008.405

2008-01-01

Abstract:With peer-to-peer (P2P) technology widely applied, P2P network have become an attacked target of viruses and other malicious code. Among them, pollution attacking of resource is one of most serious threat to P2P file share system. In order to improve the security and transmitting efficiency of P2P network, construct pollution disseminating model of P2P network and analyze the disseminating behavior of polluted resource and legal resource. Main conclusion including, 1) the fluctuation of resource's popularity effects greatly on disseminating behavior of polluted resource, however, a high popularity of polluted resource do not always means to a fast disseminating ratio; 2) The longer resource's disseminating time, the less effect of resource's popularity to the disseminating behavior of polluted and legal resource. 3) The relation between disseminating ratio of polluted resource and share-degree or cognition-degree is inverse ratio, however, disseminating ratio of legal resource approximately exponentially increase with above two factors.

Xin Kang,Yongdong Wu

DOI: https://doi.org/10.48550/arXiv.1408.0726

2014-07-24

Abstract:Nowadays, peer-to-peer (P2P) streaming systems have become a popular way to deliver multimedia content over the internet due to their low bandwidth requirement, high video streaming quality, and flexibility. However, P2P streaming systems are vulnerable to various attacks, especially pollution attacks, due to their distributed and dynamically changing infrastructure. In this paper, by exploring the features of various pollution attacks, we propose a trust management system tailored for P2P streaming systems. Both direct trust and indirect trust are taken into consideration when designing the trust management system. A new direct trust model is proposed. A dynamic confidence factor that can dynamically adjust the weight of direct and indirect trust in computing the trust is also proposed and studied. A novel double-threshold trust utilization scheme is given. It is shown that the proposed trust management system is effective in identifying polluters and preventing them from further sharing of polluted data chunks.

Networking and Internet Architecture,Computer Science and Game Theory

Zhuhua Cai,Ruichuan Chen,Jianqiao Feng,Cong Tang,Zhong Chen,Jian-bin Hu

DOI: https://doi.org/10.1145/1529282.1529288

2009-01-01

Abstract:Content pollution is pervasive in the current peer-to-peer file sharing systems. Many previous reputation models have been proposed to address this problem, however, such models strongly rely on the participants' feedback. In this paper, we bring forward a new holistic mechanism which integrates the reputation model, inherent file-source-based information and the statistical data reflecting the diffusion state to defend against pollution attack. First, we deploy a redundancy mechanism to assure that the file requester receives the correct indices that accord with the information published by the file provider. Second, we complement the reputation information with the diffusion data to help the file requester select the authentic file for downloading. Finally, we introduce a block-oriented probabilistic verification protocol to help the file requester discern the polluted files during the downloading with a low cost. We perform a simulation which shows that our holistic mechanism can perform very well and converge to a high accuracy rapidly, even in a highly malicious environment.

Yingjie Xia,Guanghua Song,Yao Zheng,Jun Ni,Mingzhe Zhu

DOI: https://doi.org/10.1109/ICICSE.2008.7

2008-01-01

Abstract:This paper introduces a small world overlay Peer- to-peer (P2P) transfer system with role based and reputation based access control policies, through which we are able to solve several serious problems existed in traditional P2P systems, like resource piracy, user privacy and network jam. The role based access control policy is implemented by the certificate based cryptography, e.g. X509. The reputation based access control policy consists of artificial scoring and automatic scoring components, corresponding to the quality and quantity evaluation of the transfer resources respectively. This system, upon the two policies and the adaptive small world overlay P2P topology, can restrict the peer's role and select a more credible peer to upload and download without any loss of performance, for the reason of the dramatic topology. Indeed it provides a secure, controllable and efficient resource transfer community.

Dazhong Rong,Qinming He,Jianhai Chen

DOI: https://doi.org/10.24963/ijcai.2022/306

2022-01-01

Abstract:Various attack methods against recommender systems have been proposed in the past years, and the security issues of recommender systems have drawn considerable attention. Traditional attacks attempt to make target items recommended to as many users as possible by poisoning the training data. Benifiting from the feature of protecting users' private data, federated recommendation can effectively defend such attacks. Therefore, quite a few works have devoted themselves to developing federated recommender systems. For proving current federated recommendation is still vulnerable, in this work we probe to design attack approaches targeting deep learning based recommender models in federated learning scenarios. Specifically, our attacks generate poisoned gradients for manipulated malicious users to upload based on two strategies (i.e., random approximation and hard user mining). Extensive experiments show that our well-designed attacks can effectively poison the target models, and the attack effectiveness sets the state-of-the-art.

Ennan Zhai,Ruichuan Chen,Zhuhua Cai,Long Zhang,Eng Keong Lua,Huiping Sun,Sihan Qing,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1109/p2p.2009.5284532

2009-01-01

Abstract:Deceptive behaviors of peers in Peer-to-Peer (P2P) content sharing systems have become a serious problem due to the features of P2P overlay networks such as anonymity, self-organization, etc. This paper presents Sorcery, a novel active challenge-response mechanism based on the notion that one side of interaction with dominant information can detect whether the other side is telling a lie. To make each client obtain the dominant information, our approach introduces social network to the P2P content sharing system; thus, the client can establish friend-relationships with peers who are either acquaintances in reality or those reliable online friends. Using the confidential voting histories of friends as own dominant information, the client can challenge the content providers with the overlapping votes of both his friends and the content provider, thus detecting whether the content provider is a deceiver. Moreover, Sorcery provides the punishment mechanism which can reduce the impact brought by deceptive behaviors, and our work also discusses some key practical issues. The experimental results illustrate that Sorcery can effectively address the problem of deceptive behaviors, and work better than the existing reputation models.

Kunpeng Ding,Jiayu Yang,Kaiping Xue,Jiangping Han,Jian Li,Qibin Sun,Jun Lu

DOI: https://doi.org/10.1109/tnet.2024.3451231

2024-01-01

Abstract:Named Data Networking (NDN) stands out as a promising Information Centric Networking architecture capable of facilitating large-scale content distribution through in-network caching and location-independent data access. However, attackers can easily inject poisoned content into the network, called content poisoning attacks, which leads to a substantial deterioration in user experience and transmission efficiency. In existing schemes, routers fail to determine the contamination source of received poisoned content, leading to the inability to accurately identify attacker nodes. Besides, attackers’ dynamic behaviors and network instability could disrupt identification results. In this paper, we propose a Secure and Lightweight scheme against content poisoning attacks based on Probing (SLP), where a proactive and reliable probing protocol is designed to identify adversaries quickly and precisely. In SLP, a router sends specifically chosen interest packets to probe a suspicious node, so that the returned corresponding content can straightly reflect its trustworthiness without other nodes’ interference. In addition, a hypothesis testing algorithm is developed to analyze the returned content, which can exclude the impact of transmission errors and adapt to dynamic attackers. Moreover, we utilize users’ feedback to avoid unnecessary probing costs on unaffected routers, with its reliability guaranteed by an efficient cuckoo-filter-based feedback validation mechanism. Security analysis shows that SLP achieves resistance against content poisoning attacks and malicious feedback. The experimental results demonstrate that SLP makes users hardly be affected by attacks and brings in only slight overhead.

Yunhao Liu,Xiaomei Liu,Chen Wang,Li Xiao

DOI: https://doi.org/10.1109/icpp.2007.31

2007-01-01

Abstract:A flooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. Overlay flooding-based DDoS attacks can be more damaging in that a small number of messages are inherently propagated to consume a large amount of bandwidth and computation resources. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by comprehensive simulation studies. We believe that deploying DD-POLICE will make P2P systems more scalable and robust.

Ennan Zhai,Huiping Sun,Sihan Qing,Zhong Chen

DOI: https://doi.org/10.1007/s12083-010-0074-2

IF: 3.488

2010-01-01

Peer-to-Peer Networking and Applications

Abstract:Deceptive voting behaviors of malicious users are known as the main reason of causing content pollution in Peer-to-Peer (P2P) content sharing systems. Due to the nature of P2P overlay network such as self-organization and anonymity, the existing methods on identifying deceptive votes are not effective, especially for collusive attackers. This paper presents Sorcery, a novel active challenge-response mechanism based on the notion that one side of interaction with the dominant information can detect whether the other side is telling a lie. To make each client obtain the dominant information, our approach introduces the social network to the P2P content sharing system; therefore, clients can establish the friend-relationships with the users who are either acquaintances in reality or those reliable online friends. Using the confidential voting histories of friends as own dominant information, the client challenges target content providers with the overlapping votes of both his friends and the target content provider, thus detecting whether the content provider is a deceptive user. Moreover, Sorcery provides the punishment mechanism which can reduce the impact brought by deceptive voting behaviors, and our work also discusses some key practical issues. The experimental results illustrate that Sorcery can effectively overcome the problem of deceptive voting behaviors in P2P content sharing systems, and work better than the existing reputation models.

Ruiqi Zheng,Liang Qu,Tong Chen,Kai Zheng,Yuhui Shi,Hongzhi Yin

2024-04-01

Abstract:To make room for privacy and efficiency, the deployment of many recommender systems is experiencing a shift from central servers to personal devices, where the federated recommender systems (FedRecs) and decentralized collaborative recommender systems (DecRecs) are arguably the two most representative paradigms. While both leverage knowledge (e.g., gradients) sharing to facilitate learning local models, FedRecs rely on a central server to coordinate the optimization process, yet in DecRecs, the knowledge sharing directly happens between clients. Knowledge sharing also opens a backdoor for model poisoning attacks, where adversaries disguise themselves as benign clients and disseminate polluted knowledge to achieve malicious goals like promoting an item's exposure rate. Although research on such poisoning attacks provides valuable insights into finding security loopholes and corresponding countermeasures, existing attacks mostly focus on FedRecs, and are either inapplicable or ineffective for DecRecs. Compared with FedRecs where the tampered information can be universally distributed to all clients once uploaded to the cloud, each adversary in DecRecs can only communicate with neighbor clients of a small size, confining its impact to a limited range. To fill the gap, we present a novel attack method named Poisoning with Adaptive Malicious Neighbors (PAMN). With item promotion in top-K recommendation as the attack objective, PAMN effectively boosts target items' ranks with several adversaries that emulate benign clients and transfers adaptively crafted gradients conditioned on each adversary's neighbors. Moreover, with the vulnerabilities of DecRecs uncovered, a dedicated defensive mechanism based on user-level gradient clipping with sparsified updating is proposed. Extensive experiments demonstrate the effectiveness of the poisoning attack and the robustness of our defensive mechanism.

Cryptography and Security,Information Retrieval

Yunhao Liu,Jinsong Han

DOI: https://doi.org/10.14711/thesis-b987542

2007-01-01

Abstract:Peer-to-Peer (P2P) model has become the mainstream of the applications in current and future Internet. Being effective in utilizing and managing globally distributed information over Internet, however, most current P2P systems do not provide protection to their users against the increasing threat from selfish peers or malicious adversaries. Anonymous and trustworthy computing hereby has continuously gained importance because it meets the users’ demands of privacy, fairness, trust, and reliability. In order to construct anonymous and trustworthy P2P systems, we must address several crucial challenges including (1) reliably and efficiently anonymizing the P2P network; (2) authenticating users’ identities; (3) enabling trust management in anonymous environments. Most existing approaches achieve anonymity via fixed paths, which are unreliable and inefficient in dynamic P2P systems. We propose two non-path based protocols to anonymize P2P systems. The results of trace driven simulations show that our proposed protocols are reliable, scalable and effective, and significantly reduce cryptographic overhead. The second issue is that the current authentication approaches face a dilemma in anonymous environments: authenticating other users needs their real identities; while the anonymity requires those users to hide their real identities. We propose a Zero-knowledge based protocol to allow users authenticate with each other without exposing their real identities. We show the effectiveness of our proposed protocol by simulation studies and prototype implementation. We solve the third issue by constructing a reputation based trust management architecture. We particularly focus on the feedback quality problem. In shorting of trusted authority centers in P2P systems, the feedback quality are easily wrecked by the dishonest feedback from malicious peers, which further degrades the computation accuracy of users’ reputation. Our proposed architecture effectively alleviates the damage on computing reputation caused by the feedback cheating. We believe that widely employing above proposed approaches will make P2P systems more secure and reliable. We also extend our study to other distributed systems and propose a privacy-preserving authentication protocol for RFID systems. Keywords: Peer-to-Peer, Anonymity, Privacy-Preserving, Authentication, Key Updating, Secret Sharing, Random Walk, Selected Flooding, Trustworthy Computing, Feedback Quality, Trust Management, Trace Driven Simulation, Zero-Knowledge Proof, Man-in-middle-attack

Bo Hu,H. Vicky Zhao

DOI: https://doi.org/10.1109/icip.2009.5414199

2009-01-01

Abstract:In the emerging peer-to-peer (P2P) live streaming, users cooperate with each other to support efficient delivery of video over networks in live streaming applications. Pollution attack is an effective attack against P2P live streaming, where attackers upload bogus multimedia data to their peers. The polluted data can spread over the entire network, and cause severe quality degradation of the videos. To resist pollution attacks in P2P live streaming, this paper proposes a trust management system that identifies attackers and excludes them from further sharing of multimedia data. We investigate possible attacks against the trust management system and analyze the attack resistance of the proposed system. Our simulation results show that the proposed trust management system can efficiently detect attackers and stimulate user cooperation even under attacks. It helps users receive more clean data and improves the performance of P2P live streaming.

Jinyuan Jia,Yupei Liu,Yuepeng Hu,Neil Zhenqiang Gong

DOI: https://doi.org/10.48550/arXiv.2303.14601

2023-03-26

Abstract:Data poisoning attacks spoof a recommender system to make arbitrary, attacker-desired recommendations via injecting fake users with carefully crafted rating scores into the recommender system. We envision a cat-and-mouse game for such data poisoning attacks and their defenses, i.e., new defenses are designed to defend against existing attacks and new attacks are designed to break them. To prevent such a cat-and-mouse game, we propose PORE, the first framework to build provably robust recommender systems in this work. PORE can transform any existing recommender system to be provably robust against any untargeted data poisoning attacks, which aim to reduce the overall performance of a recommender system. Suppose PORE recommends top-$N$ items to a user when there is no attack. We prove that PORE still recommends at least $r$ of the $N$ items to the user under any data poisoning attack, where $r$ is a function of the number of fake users in the attack. Moreover, we design an efficient algorithm to compute $r$ for each user. We empirically evaluate PORE on popular benchmark datasets.

Cryptography and Security,Information Retrieval,Machine Learning

Leiwen Deng,Yan Gao,Yan Chen,Aleksandar Kumanovic

DOI: https://doi.org/10.1016/j.comnet.2007.11.019

IF: 5.493

2008-01-01

Computer Networks

Abstract:Proxy caching servers are widely deployed in today's Internet. While cooperation among proxy caches can significantly improve a network's resilience to denial-of-service (DoS) attacks, lack of cooperation can transform such servers into viable DoS targets. In this paper, we investigate a class of pollution attacks that aim to degrade a proxy's caching capabilities, either by ruining the cache file locality, or by inducing false file locality. Using simulations, we propose and evaluate the effects of pollution attacks both in Web and peer-to-peer (p2p) scenarios, and reveal dramatic variability in resilience to pollution among several cache replacement policies. We develop efficient methods to detect both false-locality and locality-disruption attacks, as well as a combination of the two. To achieve high scalability for a large number of clients/requests without sacrificing the detection accuracy, we leverage streaming computation techniques, i.e., bloom filters and probabilistic counting. Evaluation results from large-scale simulations show that these mechanisms are effective and efficient in detecting and mitigating such attacks. Furthermore, a Squid-based implementation demonstrates that our protection mechanism forces the attacker to launch extremely large distributed attacks in order to succeed.

Ying-Xi CHEN,Xian-You LI,Zhi GUO,Ming GU

DOI: https://doi.org/10.3969/j.issn.1002-137X.2007.08.024

2007-01-01

Computer Science

Abstract:Due to lack of effective trust management mechanism,there are a lot of deceptive behaviors in P2P networks,which seriously decrease the quality of the network services.In order to improve the quality of the download services,this paper proposes a novel P2P trust model which introduces content similarity to evaluate the peer's trust,and adaptively update the connections with its neighbors based on transaction experience.Experimental results demonstrate that this model can deal with the malicious attacks and provide good performance in terms of communication overhead and scalability.

Zhen Chen,Taiyu Bao,Wenchao Qi,Dianlong You,Linlin Liu,Limin Shen

DOI: https://doi.org/10.1016/j.eswa.2023.121630

IF: 8.5

2023-10-12

Expert Systems with Applications

Abstract:With the proliferation and deepening of service-oriented architecture, more and more enterprises and organizations are exposing their computing functions and big data to the Internet in the form of cloud APIs to support service-oriented software development. This has resulted in a plethora of cloud APIs with similar functionality appearing on the Web, drowning users in a sea of cloud API choices. To solve this problem, quality of service (QoS)-aware recommender system is then widely applied to the selection of cloud APIs. Due to the dynamic and open network environment, the QoS-aware cloud API recommender systems are vulnerable to data poisoning attacks, where attackers inject poisoned data to skew the recommender system and make the recommendation direction follow the attacker's will. Given the lack of data poisoning attack methods and robustness analysis for existing QoS-aware cloud API recommender systems, in this work, we first built a general poisoning attack framework for QoS-aware cloud API recommender systems to elucidate and standardize the attack process. Then, we proposed a deep learning-based poison attack approach, which uses generative adversarial network (GAN) to learn the cloud API QoS data distribution of real users in an adversarial way, so as to generate high-quality fake user attack vectors. We conducted extensive experiments on real-world QoS datasets, and the experimental results show that our proposed GAN-based poisoning attack is effective and can better hide itself from being detected. In addition, we analyzed the data poisoning attack mechanism and the robustness of the cloud API recommender system based on four categories of twelve recommendation methods, thereby raising awareness about the security of cloud API recommendation and helping the recommender system defenders to develop more targeted defense strategies.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Ioannis Pogkas,Vassil Kriakov,Zhongqiang Chen,Alex Delis

DOI: https://doi.org/10.1007/s12083-008-0018-2

IF: 3.488

2009-01-01

Peer-to-Peer Networking and Applications

Abstract:To address the two most critical issues in P2P file-sharing systems: efficient information discovery and authentic data acquisition, we propose a Gnutella-like file-sharing protocol termed Adaptive Gnutella Protocol (AGP) that not only improves the querying efficiency in a P2P network but also enhances the quality of search results at the same time. The reputation scheme in the proposed AGP evaluates the credibility of peers based on their contributions to P2P services and subsequently clusters nodes together according to their reputation and shared content, essentially transforming the P2P overlay network into a topology with collaborative and reputed nodes as its core. By detecting malicious peers as well as free-riders and eventually pushing them to the edge of the overlay network, our AGP propagates search queries mainly within the core of the topology, accelerating the information discovery process. Furthermore, the clustering of nodes based on authentic and similar content in our AGP also improves the quality of search results. We have implemented the AGP with the PeerSim simulation engine and conducted thorough experiments on diverse network topologies and various mixtures of honest/dishonest nodes to demonstrate improvements in topology transformation, query efficiency, and search quality by our AGP.

Jing Jiang,YongJun Li,QinYuan Feng,Peng Huang,YaFei Dai

DOI: https://doi.org/10.1007/s11432-010-4087-5

2010-01-01

Science China Information Sciences

Abstract:File pollution is a problem that is threatening security and availability in peer-to-peer environments, and could eventually be fatal to the survival of these systems. Current methods of fake file detection, which are based on trust mechanisms or file characteristics, do not consider the problems such as interference of multiple user sharing behaviors, the difficulty in obtaining large amounts of raw data, and malicious fraud immediately after version publication. This is the first time that differences in the sharing habits of users and particularly long retention time for individual files have been detected, which impact fake file detection. This paper proposes a pollution prevention model based on multiple user sharing behaviors, which reduces interference in multiple user sharing behaviors and malicious fraud immediately after version publication. It designs a low-cost implementation mechanism for use in structured peer-to-peer networks, which automatically collects a large amount of user file-sharing information and alleviates difficulties in obtaining large quantities of raw data. A parameter configuration is also given in this paper. Simulation experiments use realistic system logs and prove that this approach detects fake files accurately and quickly, thus decreasing download times of fake files, effectively guaranteeing almost 100% real file downloads and resisting file pollution.

Yang Liu,Chun Yuan,Yu-Zhuo Zhong

DOI: https://doi.org/10.1007/978-3-540-72905-1_31

2007-01-01

Abstract:With the enrichment of digital content over the Internet, more and more people are using software for content sharing especially for multimedia content sharing, and most of these softwares are on the basis of P2P architecture which makes good use of high scalability and high efficiency. However, most P2P file sharing systems do not have security mechanism to protect intellectual property of authors and issuers. Moreover, it is difficult to control each peer's behavior due to its self-control principle and light-weight server. So we propose a new system based on P2P architecture for file sharing, to which we apply new DRM (Digital Right Management) mechanisms. Results have shown that our system outperforms other systems in features of security, server load and scalability.