Yan Lindsay Sun, Zue Han, Wei Yu, KJ Ray Liu

2006-04-23

Abstract:The performance of distributed networks depends on collaboration among distributed entities. To enhance security in distributed networks, such as ad hoc networks, it is important to evaluate the trustworthiness of participating entities since trust is the major driving force for collaboration. In this paper, we present a framework to quantitatively measure trust, model trust propagation, and defend trust evaluation systems against malicious attacks. In particular, we address the fundamental understanding of trust, quantitative trust metrics, mathematical properties of trust, dynamic properties of trust, and trust models. The attacks against trust evaluation are identified and defense techniques are developed. The proposed trust evaluation system is employed in ad hoc networks for securing ad hoc routing and assisting malicious node detection. The implementation is fully distributed. Simulations show that the proposed system …

Yan Lindsay Sun, Zhu Han, Wei Yu, KJ Ray Liu

2006-03-22

Abstract:Evaluation of trustworthiness of participating entities is an effective method to stimulate collaboration and improve network security in distributed networks. Similar to other security related protocols, trust evaluation is an attractive target for adversaries. Currently, the vulnerabilities of trust evaluation system have not been well understood. In this paper, we present several attacks that can undermine the accuracy of trust evaluation, and then develop defense techniques. Based on our investigation on attacks and defense, we implement a trust evaluation system in ad hoc networks for securing ad hoc routing and assisting malicious node detection. Extensive simulations are performed to illustrate various attacks, the effectiveness of the proposed defense techniques, and the overall performance of the trust evaluation system.

Yan Sun, Zhu Han, KJ Ray Liu

2008-02-01

Abstract:Establishing trust among distributed network entities has been recognized as a powerful tool to secure distributed networks such as MANETs and sensor networks. Similar to most security schemes, trust establishment methods themselves can be vulnerable to attacks. In this article we investigate the benefits of introducing trust into distributed networks, the vulnerabilities in trust establishment methods, and the defense mechanisms. Five attacks against trust establishment methods are identified, and defense techniques are developed. Effectiveness of the attacks and the defense is demonstrated in the scenarios of securing routing protocols and detecting malicious nodes in MANETs.

Hamza Elhamdadi,Adam Stefkovics,Johanna Beyer,Eric Moerth,Cindy Xiong Bearfield,Carolina Nobre

DOI: https://doi.org/10.48550/arXiv.2309.16915

2023-09-29

Abstract:Trust is an essential aspect of data visualization, as it plays a crucial role in the interpretation and decision-making processes of users. While research in social sciences outlines the multi-dimensional factors that can play a role in trust formation, most data visualization trust researchers employ a single-item scale to measure trust. We address this gap by proposing a comprehensive, multidimensional conceptualization and operationalization of trust in visualization. We do this by applying general theories of trust from social sciences, as well as synthesizing and extending earlier work and factors identified by studies in the visualization field. We apply a two-dimensional approach to trust in visualization, to distinguish between cognitive and affective elements, as well as between visualization and data-specific trust antecedents. We use our framework to design and run a large crowd-sourced study to quantify the role of visual complexity in establishing trust in science visualizations. Our study provides empirical evidence for several aspects of our proposed theoretical framework, most notably the impact of cognition, affective responses, and individual differences when establishing trust in visualizations.

Human-Computer Interaction

Sahraoui Dhelim,Nyothiri Aung,Tahar Kechadi,Huansheng Ning,Liming Chen,Abderrahmane Lakas

DOI: https://doi.org/10.1109/JIOT.2022.3201772

2022-08-27

Abstract:A trust management system (TMS) is an integral component of any IoT network. A reliable trust management system must guarantee the network security, data integrity, and act as a referee that promotes legitimate devices, and punishes any malicious activities. Trust scores assigned by TMSs reflect devices' reputations, which can help predict the future behaviours of network entities and subsequently judge the reliability of different network entities in IoT networks. Many TMSs have been proposed in the literature, these systems are designed for small-scale trust attacks, and can deal with attacks where a malicious device tries to undermine TMS by spreading fake trust reports. However, these systems are prone to large-scale trust attacks. To address this problem, in this paper, we propose a TMS for large-scale IoT systems called Trust2Vec, which can manage trust relationships in large-scale IoT systems and can mitigate large-scale trust attacks that are performed by hundreds of malicious devices. Trust2Vec leverages a random-walk network exploration algorithm that navigates the trust relationship among devices and computes trust network embeddings, which enables it to analyze the latent network structure of trust relationships, even if there is no direct trust rating between two malicious devices. To detect large-scale attacks, suck as self-promoting and bad-mouthing, we propose a network embeddings community detection algorithm that detects and blocks communities of malicious nodes. The effectiveness of Trust2Vec is validated through large-scale IoT network simulation. The results show that Trust2Vec can achieve up to 94\% mitigation rate in various network scenarios.

Networking and Internet Architecture

Tong Qin,Xinran Liu

DOI: https://doi.org/10.14257/ijgdc.2014.7.1.13

2014-01-01

International Journal of Grid and Distributed Computing

Abstract:Internet-based virtual computing environments (iVCE) are open, anonymous and dynamic in nature. Such characteristics bring about threats and vulnerabilities in providing trusted services and improving resource utilization. Therefore, a dynamic trust model for distinguishing service and recommendation is proposed. In this paper, we analyze multidimensional decision factors related to the evaluation of autonomous node, such as user satisfaction, reward function, punishment function and time decay function. According to the network connection degree of node, our model assigns a new trust weight that specifically describes the relationship between network and trust in iVCE. We then propose a dynamic quantitative model for measuring different kinds of trust. Simulation results indicate that our model can effectively cope with malicious behavior and exhibits evident advantages in resource utilization compared with existing models.

Jianwei Yang,Xiaolin Gui,Jian An,Feng Tian

DOI: https://doi.org/10.1049/cp.2014.0750

2014-01-01

Abstract:In crowd-computing service, untrusted service nodes threaten the user security and service quality. To find the trusted node sets (community structure) in trust relationship networks, we propose a novel scheme named community structure detecting algorithm in trust relationship networks (CDATN). In this scheme, we first introduce the factors of weight and direction to build a directed-weighted model for the trust relationship network. Then we define the vertex similarity index and design the objective function to control the clustering process. Finally, the service nodes can be eventually divided into different trusted node sets, which provide a reference for the service nodes selection. Experimental results show that the scheme can effectively detect and identify the trusted node sets in the trust relationship network, and presents a better performance in contrast to the existing algorithm.

Xinxin Fan,Ling Liu,Mingchu Li,Zhiyuan Su

DOI: https://doi.org/10.4108/icst.collaboratecom.2012.250420

2012-01-01

Abstract:This paper argues that trust and reputation models should take into account not only direct experiences (local trust) and experiences from the circle of “friends”, but also be attack resilient by design in the presence of dishonest feedbacks and sparse network connectivity. We first revisit EigenTrust, one of the most popular reputation systems to date, and identify the inherent vulnerabilities of EigenTrust in terms of its local trust vector, its global aggregation of local trust values, and its eigenvector based reputation propagating model. Then we present EigenTrust++, an attack resilient trust management scheme. EigenTrust++ extends the eigenvector based reputation propagating model, the core of EigenTrust, and counters each of vulnerabilities identified with alternative methods that are by design more resilient to dishonest feedbacks and sparse network connectivity under four known attack models. We conduct extensive experimental evaluation on EigenTrust++, and show that EigenTrust++ can significantly outperform EigenTrust in terms of both performance and attack resilience in the presence of dishonest feedbacks and sparse network connectivity against four representative attack models.

Shuaishuai Tan,Xiaoping Li,Qingkuan Dong

DOI: https://doi.org/10.1109/tvt.2015.2495325

IF: 6.8

2016-01-01

IEEE Transactions on Vehicular Technology

Abstract:The rapidly developing ad-hoc network technology has a wide range of applications, such as vehicular ad-hoc networks (VANETs), wireless sensor networks (WSNs), and emergency and military communications. Due to the characteristics such as openness and dynamic topology, ad-hoc networks suffer from various attacks in the data plane. Even worse, some attacks can subvert or bypass the frequently used identity-based security mechanisms. To secure the data plane of ad-hoc networks, we propose a novel trust management system. In the system, fuzzy logic is employed to formulate imprecise empirical knowledge, which is used to evaluate the path trust value. Together with fuzzy logic, graph theory is adopted to build a novel trust model for calculating the node trust value. To defend against increasing attacks to trust management systems, such as slandering and harboring, we propose a filtering algorithm. An efficient trustworthiness decay method is also designed to resolve the conflict about the decaying historical trust value in a trust-based routing decision. Additionally, we present a feasible trust factor collection approach to assure that the trust management system is compatible with other security primitives, such as encryption and encapsulation. Finally, we implement the proposed trust management system by integrating it into the optimized link state routing (OLSR) protocol. Simulation results show that the proposed trust management system works well in detecting and resisting data-plane attacks.

Lixiang Li,Jürgen Kurths,Yixian Yang,Guole Liu

DOI: https://doi.org/10.1155/2014/189213

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:In recent years, the complex network as the frontier of complex system has received more and more attention. Peer-to-peer (P2P) networks with openness, anonymity, and dynamic nature are vulnerable and are easily attacked by peers with malicious behaviors. Building trusted relationships among peers in a large-scale distributed P2P system is a fundamental and challenging research topic. Based on interpersonal relationships among peers of large-scale P2P networks, we present prevention and trust evaluation scheme, called IRTrust. The framework incorporates a strategy of identity authentication and a global trust of peers to improve the ability of resisting the malicious behaviors. It uses the quality of service (QoS), quality of recommendation (QoR), and comprehensive risk factor to evaluate the trustworthiness of a peer, which is applicable for large-scale unstructured P2P networks. The proposed IRTrust can defend against several kinds of malicious attacks, such as simple malicious attacks, collusive attacks, strategic attacks, and sybil attacks. Our simulation results show that the proposed scheme provides greater accuracy and stronger resistance compared with existing global trust schemes. The proposed scheme has potential application in secure P2P network coding.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Xinxin Fan,Ling Liu,Mingchu Li,Zhiyuan Su

DOI: https://doi.org/10.1109/tpds.2016.2611660

IF: 5.3

2017-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:As advanced computing and communication technologies penetrate every aspect of our life, we have witnessed the persistent growth of open systems where entities interact with one another without prior knowledge or experiences. Trust becomes an important metric in such open systems. This paper presents a dependable trust management scheme-GroupTrust, and a working systemto support GroupTrust. It makes three original contributions. First, we identify a set of vulnerabilities that are common in existing reputation based trust models. We show that reputation trust built solely on direct experiences or by combining direct experiences with uniform trust propagation can be vulnerable. Second, we develop GroupTrust, a dependable trust management scheme to provide reliable trust management in the presence of dishonest ratings, malicious camouflage, and malicious collusive behaviors. The GroupTrust scheme is novel in two aspects: (i) we develop a pairwise similarity based feedback credibility to enhance the resilience of trust computation in the presence of dishonest ratings; (ii) we propose to propagate trust based on a Susceptible-Infected-Recovered ( SIR) model, which defines trust propagation threshold to control how trust should be propagated. Finally, we evaluate the effectiveness of GroupTrust against four threat models using both simulated and real world datasets. Our experimental results show that feedback credibility based local trust computation can effectively constrain strategically malicious participants from taking advantages of their dishonest ratings. SIR-based trust propagation control enables safe trust propagation and blocks irrational trust propagation. We show that GroupTrust scheme significantly outperforms other trust models in terms of both performance and attack resilience in the presence of dishonest feedbacks, sparse feedbacks, and strategically malicious participants against four representative threat models.

Xinxin Fan,Ling Liu,Rui Zhang,Quanliang Jing,Jingping Bi

DOI: https://doi.org/10.48550/arXiv.1909.11355

2019-09-25

Abstract:Decentralized trust management is used as a referral benchmark for assisting decision making by human or intelligence machines in open collaborative systems. During any given period of time, each participant may only interact with a few of other participants. Simply relying on direct trust may frequently resort to random team formation. Thus, trust aggregation becomes critical. It can leverage decentralized trust management to learn about indirect trust of every participant based on past transaction experiences. This paper presents alternative designs of decentralized trust management and their efficiency and robustness from three perspectives. First, we study the risk factors and adverse effects of six common threat models. Second, we review the representative trust aggregation models and trust metrics. Third, we present an in-depth analysis and comparison of these reference trust aggregation methods with respect to effectiveness and robustness. We show our comparative study results through formal analysis and experimental evaluation. This comprehensive study advances the understanding of adverse effects of present and future threats and the robustness of different trust metrics. It may also serve as a guideline for research and development of next generation trust aggregation algorithms and services in the anticipation of risk factors and mischievous threats.

Social and Information Networks,Cryptography and Security

Xin Fan,Wenjie Luo,Xiaoju Dong,Rui Su

DOI: https://doi.org/10.1007/978-981-13-2203-7_45

2018-01-01

Abstract:Analyzing network data is one of the important means to safeguard network security. However, how to detect anomalies and trace back the origin of attacks in the enlarging scale of network data is still a challenge now. This paper designs and implements a network visualization system, which meets three main requirements: the situation awareness of the whole network, the rapid detection of anomalies, and the track of attack source. To combine multiple visualization technologies reasonably, the system provides information from three levels. It also uses unsupervised learning methods to detect anomalies in different ways. Therefore, the system enhances the ability of identifying abnormal behaviors from network data. Its efficiency is tested by the usage of data in the ChinaVis 2016.

Wenye Zhu,Chengxiang Tan,Qian Xu,Ya Xiao

DOI: https://doi.org/10.3233/jifs-189729

2021-01-01

Journal of Intelligent & Fuzzy Systems

Abstract:The cross-trust domain environment in which heterogeneous identity alliances are located often does not have a completely trusted centralized trust root, and different trust domains and entities also have specific security requirements. In view of the above problems, we believe that trust measurement of cross-domain identities based on risk assessment is an effective method to achieve decentralized proof of user identities in heterogeneous cyberspace. There are various risk assessment models. We choose the more mature attack graph theory in the existing research to apply to the new field of cross-trust domain management of heterogeneous identities. We propose an attribute attack graph evaluation model to evaluate cross-domain identities through risk measurement of attributes. In addition, heterogeneous identity alliances also have architectural risks, especially the risk of decentralized underlying structures. In response to this problem, we identify the risk of the identity alliance infrastructure, and combine the risk assessment and presentation system design to verify the principle.

Nicole Hynek,Saminu M. Salisu,E. Mayr,F. Windhager

DOI: https://doi.org/10.2312/TRVIS.20191187

Abstract:Trust is an important factor that mediates whether a user will rely and build on the information displayed in a visualization. Research in other fields shows that there are different mechanisms of trust building: Users might elaborate the information deeply and gain a good understanding of the uncertainties in the data and quality of the information. But they might also use superficial cues as indicators for trust. Which processes are activated depends on the trustworthiness on the side of the visualization and on the trust perception by the users. We lay out challenges for future research to further improve our understanding of trust in information visualization.

Computer Science

Shouhuai Xu,Xiaohu Li,Timothy Paul Parker,Xueping Wang

DOI: https://doi.org/10.1109/tifs.2010.2093521

IF: 7.231

2011-01-01

IEEE Transactions on Information Forensics and Security

Abstract:How can we protect sensitive data of average users? In this paper, we propose taking advantage of real-life social trust between average users (called "trust-based social networks") as well as threshold cryptography. This leads to a new type of complex systems, for which we define and characterize the following novel properties: 1) attack-resilience, which captures the consequences of computers getting compromised; 2) security utility of anonymous social networks, which captures the security gained when the underlying social network links are not known to the attacker; 3) security utility of psychological soundness, which captures the security gained when a user keeps a decisive share of its sensitive data; 4) availability, which captures the effect when computers are not always responsive; 5) the trade-off between attack-resilience and availability.

Lei Li,Xiaoyong Li,Yali Gao

DOI: https://doi.org/10.1007/978-3-319-72395-2_1

2017-01-01

Abstract:With the gradually sharing of threat intelligences, users concern more about their trustworthiness, which is difficult to be judged. Some threat intelligence sharing platforms choose to show the risk or credibility, and inform users the trustworthiness of the threat intelligence. Several researchers have proposed the requirements and techniques for threat intelligence trust assessment. However, they do not present any tool-based or model solutions. In this paper, we present a Trustworthiness Determination Approach for Threat Intelligence (MTIV) to make up these shortcomings. First, we propose a framework to excavate threat intelligence via multiple sharing platforms, and extract multidimensional trustful features of the threat intelligence. Based on these, contributions of dimensional trustful features to the trustworthiness determination can be derived. Then we introduce Deep Belief Network (DBN) to determine the trustworthiness of the threat intelligence. The experimental results verify that MTIV is more effective than traditional methods. Our work will be of benefit to build a more credible threat intelligence sharing platform, and enhance the capability of real-time detection and resisting the cyberspace attacks.

Zhongyang Kan,Changzhen Hu,Zhigang Wang,Guoqiang Wang,Xiaolong Huang

DOI: https://doi.org/10.1109/icacc.2010.5487236

2010-01-01

Abstract:With the rapid development of Internet and the expanding application fields of network applications, it is not enough to maintain the network security only depend on those professional network technical administrators. In this paper a novel visualization tool based on treemap, which is called NetVis, is introduced to bind the network security technique and general network management together in an integrated visualization. NetVis is designed in 2D view. The experiments show that NetVis can not only detect the abnormal activities in the network, but also make the network management more intuitive and efficient.

Zhiyuan Su,Ling Liu,Mingchu Li,Xinxin Fan,Yang Zhou

DOI: https://doi.org/10.1145/2754934

IF: 3.35

2015-01-01

ACM Transactions on the Web

Abstract:Distributed service networks are popular platforms for service providers to offer services to consumers and for service consumers to acquire services from unknown parties. eBay and Amazon are two well-known examples of enabling and hosting such service networks to connect service providers to service consumers. Trust management is a critical component for scaling such distributed service networks to a large and growing number of participants. In this article, we present ServiceTrust++, a feedback quality-sensitive and attack resilient trust management scheme for empowering distributed service networks with effective trust management capability. Compared with existing trust models, ServiceTrust++ has several novel features. First, we present six attack models to capture both independent and colluding attacks with malicious cliques, malicious spies, and malicious camouflages. Second, we aggregate the feedback ratings based on the variances of participants' feedback behaviors and incorporate feedback similarity as weight into the local trust algorithm. Third, we compute the global trust of a participant by employing conditional trust propagation based on the feedback similarity threshold. This allows ServiceTrust++ to control and prevent malicious spies and malicious camouflage peers from boosting their global trust scores by manipulating the feedback ratings of good peers and by taking advantage of the uniform trust propagation. Finally, we systematically combine a trust-decaying strategy with a threshold value-based conditional trust propagation to further strengthen the robustness of our global trust computation against sophisticated malicious feedback. Experimental evaluation with both simulation-based networks and real network dataset Epinion show that ServiceTrust++ is highly resilient against all six attack models and highly effective compared to EigenTrust, the most popular and representative trust propagation model to date.

Weidong Fang,Wuxiong Zhang,Wei Chen,Tao Pan,Yepeng Ni,Yinxuan Yang

DOI: https://doi.org/10.1155/2020/2643546

2020-09-10

Wireless Communications and Mobile Computing

Abstract:As a key component of the information sensing and aggregating for big data, cloud computing, and Internet of Things (IoT), the information security in wireless sensor network (WSN) is critical. Due to constrained resources of sensor node, WSN is becoming a vulnerable target to many security attacks. Compared to external attacks, it is more difficult to defend against internal attacks. The former can be defended by using encryption and authentication schemes. However, this is invalid for the latter, which can obtain all keys of the network. The studies have proved that the trust management technology is one of effective approaches for detecting and defending against internal attacks. Hence, it is necessary to investigate and review the attack and defense with trust management. In this paper, the state-of-the-art trust management schemes are deeply investigated for WSN. Moreover, their advantages and disadvantages are symmetrically compared and analyzed in defending against internal attacks. The future directions of trust management are further provided. Finally, the conclusions and prospects are given.

computer science, information systems,telecommunications,engineering, electrical & electronic