Enhancing Collusion Resilience in Reputation Systemshs6ms/publishedPaper/Journal/2015... ·...

1045-9219 (c) 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. Seehttp://www.ieee.org/publications_standards/publications/rights/index.html for more information.

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI10.1109/TPDS.2015.2489198, IEEE Transactions on Parallel and Distributed Systems

1

Enhancing Collusion Resilience in ReputationSystems

Haiying Shen*, Senior Member, IEEE , Yuhua Lin, Student Member, IEEE , Karan Sapra, StudentMember, IEEE , Ze Li

Abstract—Real-world applications, such as peer-to-peer (P2P) networks, e-commerce and social networks, usually employreputation systems to provide guidance in selecting trustworthy node for high system reliability and security. A reputation systemcomputes and publishes reputation score for each node based on a collection of opinions from others about the node. However,collusion behaviors impair the effectiveness of reputation systems in trustworthy node selection. Though many reputationcalculation methods have been proposed to mitigate collusion’s influence, little effort has been devoted to specifically tacklingcollusion. Based on the important collusion behavior characteristics in reputation evaluation and influence on reputation values,we propose a basic collusion detection method to specifically detect suspicious collusion behaviors in pairs. We further optimizethe method by reducing the computing overhead. We also propose two pre-processing methods to firstly identify partial reputationraters of a node that are more likely to be colluders before applying the collusion detection method on them, thus reducing thecollusion detection overhead. Extensive experimental results show that our proposed methods can significantly enhance thecapability of existing reputation systems to detect collusion with low overhead. Also, the pre-processing methods are effective inreducing the collusion detection overhead without affecting the collusion detection accuracy.

Index Terms—Reputation Systems; Trust Systems; Peer-to-Peer Networks; Collusion Detection;

F

1 INTRODUCTION

In real-world applications, such as peer-to-peer (P2P)networks, e-commerce and social networks, nodes orusers without preexisting trust relationships interactwith each other for different purposes (e.g., resourcesharing, transaction and communication). Reputationsystem is a widely used approach in these application-s to enhance collaborations and ensure reliability. Ina reputation system, reputation manager(s) computesand publishes global reputation score for each nodebased on a collection of local reputation ratings fromothers about the node in order to provide guidance inselecting trustworthy nodes. Despite the effectivenessof the reputation systems, they are generally vulner-able to collusion [1, 2], which impairs their effective-ness in trustworthy node selection. In collusion, twoor more malicious nodes conspire to give each otherhigh local reputation values and (or) give all othernodes low local reputation values in order to gainhigh global reputation [3]. Colluders usually offerlow quality of service (QoS) and receive low ratingsfrom nodes outside of the colluding collective [1, 2].Recent studies [4–7] indicate that collusion behaviorscommonly exist in online rating systems.

• * Corresponding Author. Email: [email protected]; Phone: (864) 6565931; Fax: (864) 656 5910.

• Haiying Shen, Yuhua Lin, Karan Sapra and Ze Li are with the Depart-ment of Electrical and Computer Engineering, Clemson University,Clemson, SC, 29634.E-mail: {shenh, yuhual, ksapra, zel}@clemson.edu

Current methods that can indirectly deal with col-lusion focus on how to calculate node reputationsto mitigate the influence of collusion. They can begenerally classified into two groups: (1) a node cal-culates others’ reputations based on its own expe-rience [8]; and (2) a node includes the feedback ofpretrusted nodes and (or) assigns weights to nodes’feedback according to their global reputation [3, 9].These methods can reduce the impact of collusionwhen determining node trustworthiness, but they donot specifically tackle collusion in reputation calcula-tion. Some works [10, 11] detect suspicious collusionbased on the incorporated online social network in thesystem. However, these methods are only suitable forthe systems that incorporate an online social network.Most peer-to-peer and other distributed applicationsdo not incorporate social networks. Also, buildingand maintaining such social networks cost high sys-tem overhead. Unlike the previous works, in thispaper, we directly detect suspicious collusion behav-iors based on user interaction history according tothe behavior characteristics of colluders in reputationevaluation. Our proposed methods can enhance thecapabilities of existing reputation systems to detectand combat collusion. As far as we know, this work isthe first that specifically detects suspicious collectionbehaviors in distributed systems that do not incorpo-rate social networks.

Previous study shows the important behavior char-acteristics of colluders in reputation evaluation. Thatis, the suspected colluders (1) gain high global rep-utations [3], (2) frequently give each other high rep-



2

utation values and (or) give other nodes low repu-tation values [3], (3) receive low ratings from othernodes [1, 2], and (4) tend to conspire in bidirectionalpairs rather than in a group of more than 2 nodes [1].According to the behavior characteristics and influ-ence, we propose a basic collusion detection methodto detect suspicious collusion behaviors in pairs bydirectly monitoring user interaction history with lowoverhead. Based on characteristic (4), we focus oncollusion in pairs in this paper and will briefly explainhow to extend our method for a collusion groupwith more than 2 nodes later on though it is rare.In these methods, the reputation manager(s) detectscollusion based on collected rating values and ratingfrequency between nodes. If two high-reputed nodesgive high ratings to each other at a high frequency,while receive low ratings from other nodes, the twonodes are suspected colluders. We discuss how toconduct collusion detection in centralized reputationsystems using a single reputation manager, and indecentralized reputation systems using a number ofreputation managers. We further optimize the methodby reducing computing overhead.

We also propose two pre-processing methods tofirstly identify partial reputation raters of a node thatare more likely to be colluders before applying the col-lusion detection method on them, thus reducing thecollusion detection overhead. One method is basedon the random cuts in a graph. A node’s graph isformed by its raters and edges from the raters to itselfwith the reputation rating as the edge weight. If thereputation contribution from a random cut is withina reasonable level, the raters in the cut do not needto be checked for collusion. The other pre-processingmethod is based on the k-means clustering algorithm.Based on the collusion detection criteria, the k-meansclustering algorithm clusters all raters of a node. Then,only the clusters matching the collusion criteria needto be checked. The contribution of this work can besummarized below:• A basic collusion detection method to detect sus-

picious collusion behaviors by directly monitor-ing user interaction history.

• An optimized collusion detection method thatreduces computing overhead.

• Random-cut based data pre-processing for collu-sion detection to reduce computing overhead.

• K-means clustering algorithm based data pre-processing for collusion detection to reduce com-puting overhead.

We conduct extensive experiments to compare theproposed collusion detection methods with other rep-utation systems capable of handling collusion andthe effectiveness of the two pre-processing methods.Experimental results show that our proposed col-lusion detection methods significantly enhance thecapability of existing reputation systems in deter-ring collusion with low overhead. Also, the two pre-

processing methods reduce the collusion detectionoverhead while maintain collusion detection accuracy.

In this paper, we use P2P networks as an examplefor real-world applications that need to use repu-tation systems to incentivize node cooperation. Ourproposed methods can be applied to large-scale dis-tributed systems and applications with large-scale dis-tributed users (e.g., e-commerce and social networks).Today’s Internet is still driven by a multitude oflarge-scale distributed systems that efficiently delivera variety of data to end users; everything from files viaBitTorrent, streaming videos via PPLive, to content viaAkamai. Given their reliance on peer-delivery, thesesystems are vulnerable to the significant impact fromselfish nodes. Our work can encourage cooperativenode behaviors and create a trustworthy cyber envi-ronment, which could have an impact on the real-world applications.

The remainder of this paper is as follow. Section 2describes our proposed collusion detection methods.Section 3 presents the performance evaluation of theproposed method compared to existing reputationsystems and the effectiveness of the pre-processingmethods. Section 4 introduces related work in rep-utation systems and in collusion deterrence. Section 5concludes the paper with remarks on our future work.

2 COLLUSION DETECTION METHODS

2.1 Background

Our proposed methods can be built on any reputationsystem to enhance its capacity to combat collusion.In a centralized reputation system, such as the onein Amazon, a resource manager collects the ratingsof all nodes and calculates the reputation values ofall nodes. The decentralized reputation systems aremore complex. We use EigenTrust [3] as an example toexplain how a decentralized reputation system works.

n15

n10

16/0

n8

n6

n10’s trust host

requesterTrust

Fig. 1: A distributed reputa-tion system.

EigenTrust forms a num-ber of high-reputed pow-er nodes into a DistributedHash Table (DHT) for rep-utation aggregation andcalculation. These powernodes are reputation man-agers. We use IDi to rep-resent the DHT ID of nodeni, which is the consisten-t hash value [12] of nodeni’s IP address. The repu-tation manager of reputation ratings on node ni isthe DHT owner of IDi. A node uses DHT functionInsert(IDi,ri) to send the rating of node ni to itsreputation manager, and uses Lookup(IDi) to querythe reputation value of node ni from its reputationmanager. A reputation manager periodically collectsthe ratings and computes the global reputation valuesof its responsible nodes. The joins and departures of



3

reputation managers are handled by the DHT-basedmechanism for node joins and departures [13].

Figure 1 presents a 4-node reputation system builton top of the Chord DHT [13] with 4-bit circular hashspace. Other nodes report to n15 about n10’s localreputation by Insert(10,r10). Node n15 calculatesn10’s global reputation value. When a node, say n6,wants to select a server from several candidates, itqueries for the reputation values of the servers. Forexample, it uses Lookup(10) to query n10’s reputa-tion value, denoted by R10.

There are many ways to calculate global reputationvalues of nodes [3]. We use the local reputationcalculation method in eBay [14] and EigenTrust [3] asan example in this paper. That is, the local reputationrating for each interaction for a node is -1, 0 and 1. Anode’s final reputation is the sum of all its receivedreputation evaluation values. Reputation systemsusually specify a reputation threshold TR. Nodeswhose R ≥ TR are considered as trustworthy whilenodes with R < TR are considered as untrustworthy.To apply our method to the reputation systems thatuse different reputation calculation methods, weregard local reputation rating with ≥ TR as 1, andlocal reputation rating with < TR as -1.

Our collusion detection methods are based on theobservations of the collusion characteristics in repu-tation evaluation in the previous study in [1–3] asshown below:Characteristic 1 (C1). Collusion leads to high reputationof the colluders [3].C2. Among the high-reputed nodes, colluders receive morelow reputations than non-colluders [1, 2].C3. Colluders frequently submit very high ratings for theirconspirators [3].C4. Most collusion behaviors are in pairs, and the collusionof multiple colluders in one group rating each other is veryrare [1].

2.2 Basic Collusion Detection Method

ni nj

High ratings

Low

rat

ings L

ow

ratings

Fig. 2: Collusion model.

Based on the above-mentioned characteris-tics of collusion in rep-utation evaluation (C1-C4), we build a collu-sion model shown inFigure 2 that incorpo-rates all the charac-teristics. In the collu-sion, two nodes (C4)frequently (C3) rate high reputation for each other(C3) in order to increase their global reputation values(C1), but offer low-QoS to other nodes and receive lowratings from other nodes (C2). Based on C4, we onlyfocus on collusion in pairs in this paper. Our goalis to enhance the collusion resilience by mitigatingthe effect from most collusion rather than from allcollusion. We will also briefly explain how to extend

our method for a collusion group with more than 2nodes later on though it is rare.

TABLE 1: A list of notations in the paper.∆t the time period for updating global reputationsNi # of all ratings for ni in ∆tN(i,j) # of ratings from nj for ni in ∆tN(i,−j) # of ratings from all nodes except nj for ni in ∆t

N+(i,j)

# of positive ratings from nj for ni in ∆t

N+(i,−j)

# of positive ratings from all nodes except nj for ni in ∆t

N−(i,j)

# of negative ratings from nj for ni in ∆t

N−(i,−j)

# of negative ratings from all nodes except nj for ni in ∆t

a percent of positive ratings in all ratings from nj for ni

b percent of positive ratings from all nodes except nj for ni

Ta threshold of the a valueTb threshold of the b valueTN threshold of rating frequencyTR threshold of reputation to check (un)trustworthy nodesI average interactions for node ni in some time period Trmax average maximum reputation contribution during a unit period

We define a number of notations shown in Table 1for a pair of nodes ni and nj . We use a to denote thepercent of positive ratings in all ratings from nj for ni,and use b to denote the percent of positive ratings inall ratings from all nodes except nj for ni. We specifya threshold Ta for a and a threshold Tb for b. Ta andTb can be determined by the historical data of a andb of pairs of nodes with high interaction frequency.For example, in our crawled data [15], for thosesuspicious colluders found, using the threshold=20 forthe average number of transactions of a seller-buyerpair per year, the average a=98.37 and average b=1.63.If we want to reduce the false negatives in collusiondetection, we can decrease Ta and increase Tb. Onthe other hand, if we want to reduce the number offalse positives in collusion detection, we can increaseTa and decrease Tb. We use ∆t to denote the timeperiod for updating global reputations and use N(i,j)

to denote the number of ratings from nj for ni in∆t . We also specify rating frequency threshold TNfor N(i,j) to show how frequently nj rates ni. Forexample, based on our trace data [15], TN=20/year.

In our proposed collusion detection method, re-source manager(s) relies on reputation values andfrequencies of ratings between a pair of nodes for col-lusion detection according to the collusion model inFigure 2. We first describe the method in a centralizedreputation system, and then describe how the methodworks in a decentralized reputation system.

Centralized Reputation System. Based on C1, s-ince colluders usually have high reputation values,which is their objective by colluding, and reputationsystems regard nodes whose R ≥ TR as high-reputednodes, we can only check high-reputed nodes todetect colluders. For each node in the system, thecentralized reputation manager keeps track of thenumber of ratings (N(i,j)) and the number of positiveratings (N+

(i,j)) during ∆t of every other node to thisnode. The reputation manager builds an n×n matrix,where n is the number of nodes in the network. Thematrix records the reputation ratings for nodes whoseR ≥ TR. If node ni’s reputation value Ri ≥ TR, matrix



4

element hij=< IDi, Ri, N+(i,j), N(i,j) > (1 ≤ j ≤ n).

Otherwise, hij=empty.

The manager periodically updates the matrix withits collected information and detects collusion accord-ing to the characteristics in the collusion model. Incollusion detection, the manager scans each row in thematrix in the top-down manner, and scans elements ineach row from the left to the right. For high-reputednode ni (C1) in a row (non-empty line), the managerchecks hij from every other node nj (each column)for ni. If Rj≥TR and N(i,j)≥TN , which means nj alsohas a high reputation (C1) and nj rates ni frequently(C3), then N+

(i,j) is further checked. If N+(i,j)/N(i,j)≥Ta,

which means a large portion of nj ’s ratings are posi-tive (C3), then the ratings from all other nodes exceptnj (all other columns) are checked. The manager scanseach element in the line of ni except hij and calculatethe sum of all positive ratings, N+

(i,−j), and the sum ofall ratings, N(i,−j). If N+

(i,−j)/N(i,−j)<Tb, which meansa large portion of ratings from other nodes except njare negative (C2), then we can conclude that ni’s highreputation is mainly caused by nj ’s frequent ratingsthat are deviated from most others’ rating values. Ascollusion is usually a mutual rating behavior basedon C4, then the reputation manager checks whethernode nj is a high-reputed node and whether its highreputation is mainly caused by frequent ratings fromni that are deviated from most others’ rating values.Specifically, the manager finds the row of nj in the ma-trix and repeats the same process for nj to check if nj ’shigh reputation is also mainly caused by ni’s ratings.If N(j,i)≥TN , N+

(j,i)/N(j,i)≥Ta and N+(j,−i)/N(j,−i)<Tb,

ni and nj are very likely to be colluding. Then, in theperiodical global reputation updating, the reputationmanager can reduce the reputation values of nodes niand nj to punish their colluding behaviors. During thechecking process, after an hij is checked, the managermarks hij and hji to indicate that the two elementsno longer need checking.

Decentralized Reputation System. Decentralizedreputation systems distribute the role of the central-ized resource manager to a number of trustworthynodes. We use Mi to denote the reputation managerof node ni. As mentioned, a reputation manager Mi

of node ni keeps track of all ratings of other nodesfor ni. Thus, using the same way as the centralizedreputation systems, each reputation manager buildsan n × n matrix, where n is the number of its re-sponsible nodes. For reputation manager Mi, for eachof its responsible node ni with Ri≥TR, if N(i,j)>TN ,N+

(i,j)/N(i,j)≥Ta and N+(i,−j)/N(i,−j)<Tb, ni is suspect-

ed to collude with nj . Then, if Mi is the reputationmanager of node nj , it uses the same method in thecentralized reputation system for the collusion detec-tion. Otherwise, Mi contacts nj ’s reputation managerMj by the DHT function Insert(j,msg). Then, Mj

checks Rj and ratings from ni for nj . If nj has high

reputation and its reputation is mainly caused byni’s frequent ratings that deviate from most others’ratings, i.e., Rj≥TR, N(j,i)≥TN , N+

(j,i)/N(j,i)≥Ta andN+

(j,−i)/N(j,−i)<Tb, Mj sends a positive response toMi indicating that ni and nj are likely to be colluders.Then, in the periodical global reputation updating,reputation managers Mi and Mj can reduce the rep-utation values of nodes ni and nj , respectively, topunish their colluding behaviors. Algorithm 1 showsthe pseudo-code of the collusion detection method.

Algorithm 1 Pseudo-code of the collusion detectionmethod in a centralized reputation system.1: /*Return pairs of nodes that are detected as colluders*/2: for each ni with reputation value Ri≥TR do3: for each reputation rater nj of ni do4: if nj ’s reputation value Rj≥TR then5: if CheckCollusion(ni, nj ) && CheckCollusion(nj , ni) then6: Record ni and nj as colluders7: Function CheckCollusion(ni, nj )8: if rating frequency from ni for nj is ≥TN then9: if percent of positive ratings from ni for nj is ≥Ta then

10: if percent of the positive ratings from other nodes is < Tb

11: return true12: return false

We use m to denote the number of high-reputednodes and n to denote the total number of nodes inthe system.

Proposition 2.1: In the collusion detection method,the computation complexity to identify colluders inthe P2P system is O(mn2).

Proof: For each high-reputed node ni (1 ≤ i ≤m), at most n elements should be checked. For eachchecking, at most n elements are scanned. Thus, thecomputation complexity to identify colluders in thesystem is O(mn2).

The collusion detection method can effectively i-dentify the colluders based on the characteristics ofcollusion behaviors in reputation evaluation. Howev-er, in order to calculate N+

(i,−j) and N(i,−j), for eachrater nj , each element in matrix line i should bescanned, generating a high computing cost. Therefore,we propose an optimized collusion detection methodthat produces much lower computation cost.

2.3 Optimized Collusion Detection MethodIn the optimized collusion detection method, a re-source manager does not need to scan each elementin matrix line i for each N(i,j) (1 ≤ j ≤ n). Eachmanager detects collusion only based on the globalreputation value of each of their responsible nodes niand frequency of ratings of each of other nodes for ni.According to the global reputation value calculationmethod, for a given pair of nodes ni and nj , we canget:

b · (Ni −N(i,j)) = N+(i,−j)

(1− b) · (Ni −N(i,j)) = N−(i,−j)

a ·N(i,j) = N+(i,j)

(1− a) ·N(i,j) = N−(i,j)N+

(i,−j) +N+(i,j) −N−(i,−j) −N−(i,j) = Ri

⇒ Ri = 2b(Ni −N(i,j)) + 2aN(i,j) −Ni. (1)



5

Figure 3 visualizes Formula (1) when 1≥a≥Ta (i)and Tb≥b≥0 (ii). The surface in the figure showsthe range of the reputation values of a suspect-ed colluder corresponding to given values of N(i,j)

and Ni, given different set of a and b. Condi-tions (i) and (ii) mean that a large portion of

Percent of positive

ratings of node j

Percent of positive

ratings of other nodes

Rep

utat

ion

valu

e

1T

b

0 Ta

2b(Ni−N

(i, j))+2aN

(i, j)−N

i

Fig. 3: Reputations of colluders.

ratings from nj are pos-itive, whereas a largeportion of ratings fromother nodes are nega-tive. In this case, ni’shigh reputation is main-ly caused by node nj ’sratings. Thus, we suspec-t that nodes ni and njcollude with each other.Since (Ni − N(i,j))>0 and N(i,j)>0, based on Equa-tion (1) and the conditions (i) and (ii), we can derive

2Tb(Ni −N(i,j)) + 2N(i,j) −Ni ≥ Ri ≥ 2TaN(i,j) −Ni. (2)Thus, if the values of N(i,j), Ni and Ri conform

Formula (2), node ni and nj are very likely to col-lude with each other. Therefore, to detect possiblecollusion, each reputation manager Mi first identifiesnodes whose R≥TR. For each of such node ni, themanager then checks the rating frequency of eachrater of ni, N(i,j). If N(i,j)≥TN , the manager then usesFormula (2) to check whether ni’s high reputation ispossibly due to its collusion with nj .

In the case that Formula (2) is satisfied, if Mi is nj ’sreputation manager, it checks whether nj ’s high rep-utation is possibly due to its collusion with ni usingthe same way. Otherwise, Mi uses Insert(j,msg)to contact the reputation manager of nj . Reputationmanager Mj conducts the same process to check ifnj ’s high reputation is possibly due to its collusionwith ni. If Rj≥TR, N(j,i)≥TN and Formula (2) are alsosatisfied, ni and nj are very likely to be colluding witheach other. Algorithm 2 shows the pseudo-code of theoptimized collusion detection method.

Proposition 2.2: In the optimized collusion detectionmethod, the computation complexity to identify col-luders in the P2P system is O(mn).

Proof: For each high-reputed node ni (1 ≤ i ≤ m),at most n elements should be checked for collusiondetection. Thus, the computation complexity to iden-tify colluders in the system is O(mn).

Discussion of the Effectiveness of Our Method.Our method is proposed specifically based on theobservations of the collusion characteristics in repu-tation evaluation from previous studies [1–3] listed inSection 2.1. Therefore, if a collusion does not showthese characteristics, our method will not be effectivein detecting it. However, if collusion nodes do notshow these characteristics, their purpose of conduct-ing collusion may not be reached. We will discusshow nodes can avoid showing each characteristic,and the effectiveness of our method in each case inthe next paragraph. To achieve high effectiveness of

Algorithm 2 Pseudo-code of the optimized collusion de-tection method in a decentralized reputation system.1: /*Return pairs of nodes that are detected as colluders*/2: for each responsible node ni do3: if Ri ≥ TR then4: for each rater nj of ni do5: if nj ’s rating frequency is no less than TN (N(i,j) ≥ TN )6: if N(i,j), Ni and Ri satisfy Formula (2) then7: Ask reputation manager of nj to check the collusion8:9: if Receive a positive collusion detection result for ni and nj

then10: return ni and nj

11: end if12:13: /*Receive a request to check the collusion of nj and its responsible

node ni*/14: if Ri ≥ TR then15: if ni’s rating frequency is no less than TN (N(i,j) ≥ TN ) then16: if N(i,j), Ni and Ri satisfy Formula (2) then17: Send positive msg to Mj indicating ni and nj are colluders

our method, it is important to determine appropriatevalues for the thresholds (including TN , Ta and Tb)to reduce both false negatives and false positives.Strict settings will find the colluders that are not soaggressive but generate more false positives, whileloose settings will generate more false negatives. Ourmethod aims to enhance collusion resilience by miti-gating the effect from most collusions instead of fromall collusions. Our experimental results show that ourmethod can reach more than 99% precision rate, recallrate and F1 measurement.

Discussion of Underlying Basis. Our collusiondetection method finds nodes whose behaviors matchthe characteristics of collusion in reputation evalua-tion (C1-C4). Then, an attacker can use evasion tech-niques to remain undetected by avoiding exhibitingthese characteristics in their behaviors. It is very un-likely for an attacker to avoid C1 because the purposeof collusion exactly is to gain high reputation. Ifcolluders try to avoid C2, they need to try to receivefewer low reputation ratings; the only way for thisis to be cooperative. Then, the nodes do not have tobe colluders since they can earn high reputation bybeing cooperative. If colluders try to avoid C3, theymust not rate each other frequently with high ratings,which however is the basic behavior of collusion. Inorder to offset non-colluders’ low ratings and to gainhigh reputation, colluders must rate each other at arelatively high frequency and with a relatively highrating. Therefore, it is also difficult to avoid C3. Toavoid C4, colluders can rate each other in a groupwith more than two nodes and avoid collusion inpairs. It is indicated in [1] that most group collusionsare in pairs and groups of three of more are rare in afile sharing system. Thus, in this paper, we focus oncollusion in pairs in observing collusion. We can easilyextend our methods to observe possible collusionbehaviors in a group such as ni→nj→nk→ni, where→means highly frequent ratings with high reputation



6

values. Using our method, we can find ni→nj , nj→nkand nk→ni. Then, if we find these observed behaviorsform a loop, it is likely to be a group collusion. Weleave the details of the detection of group collusionas our future work.

Discussion of Possible Attacks. The proposed col-lusion detection method may be abused by attackersto reach their malicious goals. For example, a colludercan submit fake high ratings with high frequencyfor a normal node, with the purpose of misleadingthe system into falsely identifying the normal nodeas a colluder. However, this attack will not succeedunder the proposed collusion detection method. Asaccording to Algorithm 1, only when a normal nodereceives a small portion of positive ratings from othernodes besides the colluder (i.e., N+

(j,−i)/N(j,−i)<Tb),this normal node will be identified as a colluder. Also,only when two nodes mutually rate each other withhigh ratings frequently, they will be considered aspotential colluders. Thus, if a normal node behavesgood and receives positive ratings from other nodesand it does not rate highly and frequently for thecolluders, this attack fails to mislead the system intofalsely identifying it as a colluder.2.4 Pre-processing using Random CutsIn the optimized collusion detection method, for eachnode with R ≥ TR, to sequentially find nodes withN(i,j)≥TN generates high overhead, especially in alarge-scale P2P system with thousands or even mil-lions of nodes. To increase the collusion detection scal-ability with lower overhead, we introduce a randomcut based pre-processing method that first identifiesthe possible colluders before applying the optimizedcollusion detection method on these nodes.

In the random cut based pre-processing method,each reputation manager draws a graph G = (V,E)based on its received reputation feedback. Figure 4shows an example of such a graph. In the graph, Vconsists of the manager’s responsible nodes and theirraters (i.e., reputation reporting nodes) and E is aset of edges. A uni-directional link eij is built fromnode nj to node ni if nj has reported ni’s reputation.Each edge eij has a weight wij , which equals theaccumulated value of node nj ’s reported reputationvalues for ni (i.e., reputation contribution from nj toni) during ∆t . Then, ni’s reputation equals:

Ri =∑

k⊂|Ei|

wik, (3)

where Ei denotes all edges pointing to ni.Recall that if ni and nj are colluding, a large portion

of ratings for ni from nj are positive, whereas alarge portion of ratings from other nodes for ni arenegative. That is, if we cut the edge from nj to ni,then Ri drops sharply. For example, in Figure 4,the reputation contributions (link weights) from re-porting nodes for n1 starting at n12 in the clock-wise direction are {1,−1, 26, 4,−2, 0, 1,−1}, and thosefor n2 starting at n5 in the clockwise direction are

Colluding edges

Colludingnodes

1 ‐1

24

4‐20

1

‐1 1 ‐2

0

1 ‐1 2

1

1 2

3

4 5 6

7

8910

1213

14

11

26

Fig. 4: A graph G = (V,E)showing reputation contributionbetween different nodes.

Cut (C)

Reciprocal cut (C’)

1 1 2

3

4 5

6 7 9

Fig. 5: Graph cut.

{−2, 1, 0, 2,−1, 1, 24, 1}. Then, R1 = 28 and R2 = 26.When we remove the edge e12 and e21, then theirreputations drop significantly, i.e., R1 = 2 and R2 = 2.This means n1 and n2 contributes greatly to the highreputations of each other and are possibly colludingto boost each other’s reputation values.

Based on this phenomenon, for each node ni withRi ≥ TR, as shown in Figure 5, we cut a ran-domly selected group of neighboring edges (denotedby C) pointing to ni. If Ri does not drop sharply,C is unlikely to contain colluder(s), then only theremaining subgraph (i.e., reciprocal cut denoted byC’) needs to be checked. In this way, many nodes donot need to be checked compared to the optimizedcollusion detection method, thus saving overhead. Weintroduce the details of this algorithm below.

Node ni’s graph is formed by ni and other nodeswith edges pointing to ni, denoted by Gi. On Gi, weperform a cut on randomly selected neighboring p·dGi

edges, where p is a percent constant and dGi is thedegree of ni in graph Gi. We use R(G) to denote thereputation contribution to ni from nodes in graph G.Then, Ri(Gi) = Ri(C) + Ri(C

′). We set a thresholdrt = ηrmax, where rmax is the average maximumreputation contribution during a unit time periodfrom a node in the historical data and η is a percentdetermined by the collusion detection strictness. IfRi(C) ≤ rtdC , which means that nodes in C gavereasonable ratings with high probability, then we donot need to further check nodes in C. Otherwise, wecontinually repeat the same random cut operationon C. The reciprocal cut C ′ is handled in the samemanner. As the subgraph C with Ri(C) > rtdCis repeatedly cut to a smaller subgraph, finally thepossible colluders are located that gave ni higherrating than the reasonable level. In the worst case, fornode ni, the random cut operation needs to check allneighbors of ni to find its possible colluders. Thus,the computation complexity of the random cut pre-processing is O(ndmax), where dmax is the maximumdegree of all nodes.

Let’s use Oi to denote the group of observed pos-sible colluders of ni. For each node nj ∈ Oi, ni’sreputation manager checks whether nj ’s Oj containsni. If yes, the manager uses Formula (2) to determineif ni and nj are colluders. If nj is managed by adifferent manager, then ni’s manager needs to contactnj ’s manager to get nj ’s Oj using the method we in-troduced previously. Therefore, the random cut based



7

pre-processing method helps produce a much smallerscope of suspected colluders before using Formula (2)in the optimized collusion detection method, thusgreatly reducing overhead.Algorithm 3 Pseudo-code of the random cut based pre-processing executed by the reputation manager for a node.Input: G: graph of node ni

Output: O: a vector of suspected colluders of ni

1: Function CheckCollusion(G,O)2: (C,C’) = GetRandomCut(G) ( dC

dG= p)

3: if Ri(C) > rtdC then4: if dC > 1 then5: CheckCollusion(C,O)6: else7: Insert(O,C) //insert possible colluder C into vector O8: if Ri(C

′) > rtdC′ then9: if dC′ > 1 then

10: CheckCollusion(C’,O)11: else12: Insert(O,C’) //insert possible colluder C’ to vector O

Algorithm 3 shows the pseudocode for the randomcut based pre-processing method executed by a repu-tation manager. The reputation manager of node ni(Mi) executes CheckCollusion(Gi, Oi) to obtain thesuspected colluders of node ni in Oi. It is a recursivealgorithm and can be divided into two steps. In thefirst step, Mi obtains a random cut (C) and a recipro-cal cut (C ′) in the graph (line 2). In the second step, Mi

checks the possible colluders in C (lines 3-9) and C ′

(lines 10-16), respectively. When checking the possiblecolluders, Mi checks if the reputation contributionfrom C is greater than a reasonable level. If yes, therepossibly exist colluders of C and then Mi recursivelycalls this function with C as the parameter. Otherwise,Mi checks C ′. Similarly, if C ′ contains possible collud-ers, Mi recursively calls this function with C ′ as theparameter. Otherwise, no further checking is needed.Each reputation manager executes this algorithm foreach of its responsible nodes.

2.5 Pre-processing using K-Means ClusteringWe also propose a pre-processing method using k-means clustering to reduce the scope of nodes forcollusion checking in order to improve the perfor-mance of computationally intensive collusion detec-tion methods in large-scale P2P systems.

In data mining, k-means clustering algorithm [16] isa method of cluster analysis, which aims to partitiona set of observations into k cluster such that eachobservation belongs to the cluster with the nearestmean. K-means clustering algorithm can also workin a multiple-dimensional space.

In Section 2.2, we indicated that for reputationmanager Mi, for each of its responsible node ni withRi≥TR, if Rj ≥ TR, N(i,j)>TN , N+

(i,j)/N(i,j)≥Ta andN+

(i,−j)/N(i,−j)<Tb, ni is suspected to collude withnj . Sequentially checking each rater for a given nodeni produces high overhead. To resolve this problem,reputation manager Mi uses the k-mean clusteringalgorithm to cluster the raters of ni based on the abovecriteria to identify only the clusters of nodes that are

likely to be ni’s colluders, and then uses the optimizedcollusion detection method for further checking.

Thus, we set four dimensions: Rj , N(i,j),N+

(i,j)/N(i,j) and N+(i,−j)/N(i,−j). That is, each

rater of ni has a 4-dimensional dataset (a tuple of 4elements). Reputation manager Mi performs k-meansclustering and obtains k clusters. The value of k ispredefined. It should be set to a value as small aspossible in order to reduce the computation timebut without compromising the collusion detectionperformance. We show the performance of differentk values in Section 3. Each cluster is representedby the 4-dimensional coordinates of its centroid. Mi

then uses the optimized collusion detection methodon the clusters of interests (COI), in which mostnodes satisfy the aforementioned conditions. We setthresholds αTR, αTN , αTa and βTb, where α < 1and β > 1 are parameters determined based onthe dispersed degree of the actual criterion values.Suppose a cluster’s centroid is (x1, x2, x3, x4); ifx1 > αTR, x2 > αTN , x3 > αTa and x4 < βTb, thiscluster is COI. All nodes belonging to a COI need tobe checked, thus reducing all raters of ni to a smallergroup of nodes for collusion checking and henceimproving the efficiency of the collusion detectionmethod. The computation complexity of the k-meansclustering algorithm is O(dmax

4k+1 log dmax) [16], sothe complexity of the pre-processing method usingthe k-means clustering is O(ndmax

k log dmax).

3 PERFORMANCE EVALUATIONNetwork model. Since this work is the first thatspecifically detect suspicious collection behaviors indistributed systems that do not incorporate socialnetworks, there is no collusion detection method wecan use to compare with our methods. Then, to e-valuate our collusion resilient methods, we measurethe performance of EigenTrust [3] and PowerTrust [17]with and without our collusion resilient methods. Weconsider a generic P2P resource (e.g., file) sharingnetwork in which the nodes are able to issue resourcequeries and resource offers with different qualitiesdirectly between each other. We built an unstructuredP2P network with 200 nodes unless otherwise spec-ified. The ratio of the number of individual node’sinterests to the number of all interest categories issimilar to the actual ratio in our crawled trace datafrom Overstock [11]. Specifically, we assume there are20 interest categories in the system. The number ofinterests a node has is randomly chosen from [1,5],and the interests are randomly chosen from the 20interests. In the P2P network, nodes with the sameinterest are connected with each other in a cluster. Anode with z interests is in z clusters. Each node in thesystem has maximum 50 units of capacity (i.e., it canhandle 50 requests simultaneously per query cycle).For a request of a file of an interest, a node queriesall of its neighbors in the cluster of the interest, and



8

0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

0.16

1 917

25

33

41

49

57

65

73

81

89

97

10

511

312

112

913

714

515

316

116

917

718

519

3

Reputa

tion v

alu

e

Node ID

Probability of good behaviorof colluders = 0.6

0

0.02

0.04

0.06

0.08

0.1

0.12

0.14

0.16

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Reputa

tion v

alu

e

Node ID

Probability of goodbehavior of colluders =0.6

Fig. 6: Reputation distribution in EigenTrust when B=0.6(Pretrusted node IDs 1-3, colluder IDs: 4-11).

0

0.02

0.04

0.06

0.08

0.1

0.12

1 917

25

33

41

49

57

65

73

81

89

97

10

51

13

12

11

29

13

71

45

15

31

61

16

91

77

18

51

93

Reputa

tion v

alu

e

Node ID


0

0.02

0.04

0.06

0.08

0.1

0.12

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Reputa

tion v

alu

e

Node ID


Fig. 7: Reputation distribution in EigenTrust when B=0.2 (Pretrustednode IDs 1-3, colluder IDs: 4-11).

chooses its highest-reputed neighbor with availablecapacity greater than 0. If a number of options havean identical reputation value, then the client randomlyselects a node as a server.

Node model. We consider three types of nodes:pretrusted nodes, colluders and normal nodes unlessotherwise indicated. The pretrusted nodes alwaysprovide authentic files to the requesters. Normalnodes provide inauthentic files with a defaultprobability of 20% unless otherwise specified. We useB to denote the probability that a colluder offers anauthentic file (i.e., good behavior). We randomly chose3 pretrusted nodes and 8 colluders. In order to showthe results more clearly, the IDs of the pretrustednodes were set to 1, 2 and 3, and the IDs of thecolluders were set to 4-11. The weight of the ratingsfrom pretrusted nodes was set to 0.5 in EigenTrust.

Simulation execution. In the simulation process, anode can only send out a file request when it is active.The probability that a node is active is randomlychosen from [0.3, 0.8]. The simulation proceeds insimulation cycles. Each simulation cycle is subdividedinto 20 query cycles. In each query cycle, each nodeissues a query if it is active. Each experiment has 20simulation cycles. Each experiment ran 5 times andwe report the average of the results finally.

Collusion model. In addition to functioning asnormal nodes, colluders also mutually rate each otherwith positive values in order to boost the reputationsof each other. We paired up two colluders and letthem rate each other 10 times per simulation cycle.

Reputation model. The initial reputation value ofeach node is 0. Similar to the rating mechanism usedin Amazon and Overstock, a client gives a serverrating 1 when it receives an authentic file and rating-1 when it receives an inauthentic file. A node’s localreputation value equals to the sum of all ratings. Eachnode updates reputations once after each simulationcycle based on the EigenTrust reputation calculationmethod. The reputation threshold TR was set to 0.05,and the rating frequency threshold TN was to 100ratings per simulation cycle. Other parameter settingsinclude Ta=90% and Tb=30%. These are empiricalvalues that can better identify uncooperative nodesin our experimental settings. With a collusion-resilientreputation system, we expect to see that the nodeswith IDs 4-11 (i.e., colluders) have extremely low rep-utation values and the normal nodes have comparablyhigher reputation values.

0

0.05

0.1

0.15

0.2

0.25

0.3

1 91

72

53

34

14

95

76

57

38

18

99

71

05

113

121

129

137

145

153

161

169

177

185

193

Rep

uta

tio

n v

alu

e

Node ID

Probability of good behavior ofcolluders = 0.2

0

0.05

0.1

0.15

0.2

0.25

0.3

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Rep

uta

tio

n v

alu

e

Node ID


Fig. 8: Reputation distribution in EigenTrust with compro-mised pretrusted nodes when B=0.2 (Pretrusted node IDs 1-3,colluder IDs: 4-11).3.1 Effectiveness of EigenTrustFigure 6 shows the reputation distribution of all n-odes and nodes with IDs in 1 − 20 when B = 60%in EigenTrust. We see that high-reputed nodes areskewed at pretrusted nodes with IDs in 1 − 3 andcolluders with IDs in 4 − 11. We also can see thatsome normal nodes have relatively higher reputationsthan others. The reputations of pretrusted nodes arehigher than normal nodes, but are significantly lowerthan colluders. Since the colluders behave well withprobability of 60%, they gain a certain number of highratings though they have 40% probability to receivenegative ratings. Furthermore, colluders increase thereputations of each other greatly through collusion,which helps them attract many file requests to fur-ther increase their reputations. The results show thatEigenTrust cannot detect the collusion behavior andits generated reputations cannot accurately reflect thetrustworthiness of nodes.

Figure 7 shows the reputation distribution of allnodes and nodes with IDs in 1−20 when the colludersoffer authentic files at a probability of 20%. From thisfigure, we can see that some normal nodes have high-er reputations while others have lower reputations.This is because at first when all reputation values are0, nodes randomly choose servers. Since the chosenservers earn reputation, they will have higher proba-bility to be chosen and to further increase their reputa-tions later on. Comparing this figure with Figure 6, wecan see that EigenTrust is able to reduce the reputationvalues of the colluders when B = 20%. Though col-luders can try to increase the reputation of each other,the reputations they receive from many other nodesare very low since they only have 20% good behaviorprobability. Therefore, they are unable to greatly boostthe reputation of each other due to the low weight oftheir ratings. Therefore, EigenTrust can reduce the in-fluence of collusion behaviors in the system when thecolluders offer low QoS services at most of the time.

In above experiment, we assume that the pretrusted



9

0

0.01

0.02

0.03

0.04

0.05

0.06

0.07

0.08

1 91

72

53

34

14

95

76

57

38

18

99

710

511

312

112

913

714

515

316

116

917

718

519

3

Re

pu

tati

on

va

lue

Node ID


0

0.01

0.02

0.03

0.04

0.05

0.06

0.07

0.08

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Re

pu

tati

on

va

lue

Node ID


Fig. 9: Reputation distribution in PowerTrust when B=0.6(Colluder IDs: 4-11).

0

0.01

0.02

0.03

0.04

0.05

0.06

0.07

1 91

72

53

34

14

95

76

57

38

18

99

710

511

312

112

913

714

515

316

116

917

718

519

3

Re

pu

tati

on

va

lue

Node ID


0

0.002

0.004

0.006

0.008

0.01

0.012

0.014

0.016

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Rep

uta

tio

n v

alu

e

Node ID


Fig. 10: Reputation distribution in PowerTrust when B=0.2 (ColluderIDs: 4-11).

0

0.05

0.1

0.15

0.2

0.25

1 91

72

53

34

14

95

76

57

38

18

99

71

05

11

31

21

12

91

37

14

51

53

16

11

69

17

71

85

19

3

Re

pu

tati

on

va

lue

Node ID

Probability of good behaviorsof colluders = 0.2

0

0.001

0.002

0.003

0.004

0.005

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

Rep

uta

tio

n v

alu

e

Node ID


Fig. 11: Reputation distribution in our proposed collusionresilient methods when B=0.2 (Colluder IDs: 4-11).

0

0.005

0.01

0.015

0.02

0.025

0.03

0.035

0.04

1 91

72

53

34

14

95

76

57

38

18

99

71

05

11

31

21

12

91

37

14

51

53

16

11

69

17

71

85

19

3

Re

pu

tati

on

va

lue

Node ID


0

0.005

0.01

0.015

0.02

0.025

0.03

0.035

0.04

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Re

pu

tati

on

va

lue

Node ID


Fig. 12: Reputation distribution in EigenTrust employing ourproposed methods when B=0.6 (Pretrusted node IDs 1-3, col-luder IDs: 4-11).

nodes are trustable and are not involved in the col-lusion. In this experiment, we assume that pretrustednode n1 colludes with node n4 and pretrusted noden2 colludes with n6. Nodes n4 − n11 are still pairedup and collude with each other. Colluders offer au-thenticate files with probability of 0.2. Figure 8 showsthe reputation distribution of all node and the first20 nodes. We see that the high-reputed nodes areskewed among pretrusted nodes and colluders, andthe reputations of nodes n4−n7 are boosted while thereputation value of nodes n8 − n11 are much lowercompared to Figure 7. The reason is that becausepretrusted nodes n1 and n2 rate highly on node n4 andnode n6, since EigenTrust assigns more weight to theratings of pretrusted nodes, n4 and n6’s reputationsare significantly increased. Since node n4 and noden6 rate highly on their colluding partners n5 and n7,respectively, the reputations of n5 and n7 also increasegreatly. Because nodes always choose the highest-reputed nodes with available capacity, the reputationsof these colluders continually increase and ultimatelyeven exceed the pretrusted nodes’ reputations. Theresult implies that compromising pretrusted nodeswill exacerbate the negative impact of collusion on thereputation system, and EigenTrust cannot effectivelydeal with such malicious behaviors.3.2 Effectiveness of PowerTrustPowerTrust can mitigate the influence of collusion. Itselects most reputable nodes as power nodes. Theglobal reputation of a node is aggregated from lo-cal ratings weighted by the global reputation of theraters. PowerTrust updates the global reputations ofnodes with a decaying factor and adds an additionalvalue to the global reputations of power nodes. Thus,PowerTrust significantly improves global reputationaccuracy. As PowerTrust does not use pretrusted n-odes, we did not deploy pretrusted nodes in theexperiments for PowerTrust. Figures 9 shows a wholepicture and partial details of the reputation distribu-tion in the system when B = 60%. We can see that

colluders gain higher reputation values than others.Since the colluders have 60% probability to behavewell, they gain a certain number of high ratingsfrom authentic transactions. The results show thatPowerTrust is not effective in deterring the collusionbehavior and its generated reputations cannot accu-rately reflect the trustworthiness of nodes.

Figure 10 shows the reputation distribution of allnodes and the first 20 nodes when B = 20%. Thedistribution shows a similar trend as that in Figure 9due to the same reason. The colluders in Figure 10achieve lower reputations than those in Figure 9. Ascolluders have 80% probability to offer fraudulenttransactions, which damages their reputation.

3.3 Effectiveness of Our Proposed MethodsOur Proposed Methods. We then test the collusiondetection effectiveness of our proposed basic collu-sion detection method (denoted by Unoptimized) andoptimized collusion detection method (denoted byOptimized). In this experiment, there are no pretrustednodes. After the methods detect the colluders, theyset their reputations to 0. Since Unoptimized and Op-timized are only used for collusion detection and theyuse the same reputation value calculation, their finalreputation distributions of the nodes are the same.Thus we only use one figure to show the results ofboth Unoptimized and Optimized. We show the resultsof both Unoptimized and Optimized in Figures 11 withthe probability of good behavior of colluders equalsto 20%. They shows that both Unoptimized and Opti-mized can detect all colluders, which indicates that themethods can effectively detect the colluders based ontheir contact frequency and reputation values.

EigenTrust with Our Proposed Methods. Next, wetest how Unoptimized and Optimized can help enhanceEigenTrust’s capability in detecting collusion. SinceUnoptimized and Optimized generate the same resultsin collusion detection, we use Optimized to representboth and use EigenTrust+Optimized to denote Eigen-



10

0

0.01

0.02

0.03

0.04

0.05

0.06

0.07

1 81

52

22

93

64

35

05

76

47

17

88

59

29

91

06

113

120

127

134

141

148

155

162

169

176

183

190

197

Rep

uta

tio

n v

alu

e

Node ID


0

0.005

0.01

0.015

0.02

0.025

0.03

0.035

0.04

0.045

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Rep

uta

tio

n v

alu

e

Node ID


Fig. 13: Reputation distribution in EigenTrust employing ourproposed methods when B=0.2 (Pretrusted node IDs 1-3, col-luder IDs: 4-11).

00.0050.01

0.0150.02

0.0250.03

0.0350.04

0.0450.05

1 91

72

53

34

14

95

76

57

38

18

99

7105

113

121

129

137

145

153

161

169

177

185

193

Rep

uta

tio

n v

alu

e

Node ID


00.005

0.010.015

0.020.025

0.030.035

0.040.045

0.05

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Re

pu

tati

on

va

lue

Node ID

Probability of good behavorof colluders = 0.2

Fig. 14: Reputation distribution in EigenTrust employing ourproposed methods with compromised pretrusted nodes whenB=0.2 (Pretrusted node IDs 1-3, colluder IDs: 4-11).

00.020.040.060.08

0.10.120.140.160.18

1 91

72

53

34

14

95

76

57

38

18

99

71

05

11

31

21

12

91

37

14

51

53

16

11

69

17

71

85

19

3

Re

pu

tatio

n v

alu

e

Node ID


0

0.002

0.004

0.006

0.008

0.01

0.012

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Re

pu

tatio

n v

alu

e

Node ID


Fig. 15: Reputation distribution in PowerTrust employing ourproposed methods when B=0.6 (Colluder IDs: 4-11).

0

0.02

0.04

0.06

0.08

0.1

0.12

1 91

72

53

34

14

95

76

57

38

18

99

71

05

11

31

21

12

91

37

14

51

53

16

11

69

17

71

85

19

3

Reputa

tion v

alu

e

Node ID


0

0.005

0.01

0.015

0.02

0.025

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

Reputa

tion v

alu

e

Node ID


Fig. 16: Reputation distribution in PowerTrust employing ourproposed methods when B=0.2 (Colluder IDs: 4-11).

Trust employing Optimized. Figure 12shows the repu-tation distribution of all nodes and nodes IDs in 1−20in EigenTrust+Optimized when the colluders offer au-thentic files with probability of 60%. Comparing toFigure 6, we find that EigenTrust+Optimized leads toincreased average reputation values for many normalnodes. The results demonstrate the effectiveness ofOptimized in detecting collusion.

Figure 13 shows the reputation distribution of allnodes and the first 20 nodes in EigenTrust+Optimizedwhen the colluders offer authentic files with prob-ability of 20%. Comparing to Figure 7, we observethat EigenTrust+Optimized increases the reputations ofnormal nodes by a greater amount than EigenTrust.The results confirm the effectiveness of Optimized incollusion detection based on rating patterns.

Figure 14 shows the reputation distribution of thenodes in EigenTrust+Optimized in the same scenarioas Figure 8. Comparing Figure 14 and Figure 8, we seethat EigenTrust+Optimized increases the reputationsof normal nodes in EigenTrust. By compromisingpretrusted nodes, colluders can receive much higherreputations than pretrusted nodes in EigenTrust.While in EigenTrust+Optimized, both colluders andcompromised pretrusted nodes receive 0 reputationvalues. Since the pretrusted node with ID=3 does notinvolve in the collusion, its reputation value is stillhigh. In conclusion, our proposed Unoptimized andOptimized collusion detection methods can greatly en-hance the collusion detection capability of EigenTrust.

PowerTrust with Our Proposed Methods. Fig-ure 15 shows the reputation distribution in Pow-erTrust+Optimized when B = 60%. It shows that Pow-erTrust+Optimized can reduce the negative impact ofcollusion by reducing the high reputations of collud-ers with IDs 4−11 to 0. Figure 16 shows the reputationdistribution of the system in PowerTrust+Optimizedwhen B = 20%. Comparing to Figure 10, we ob-serve that PowerTrust+Optimized deter collusion by

reducing colluders’ reputation values to 0. The resultsconfirm the effectiveness of our proposed methods incollusion detection based on the rating patterns.

Comparison between Different Methods. We thenuse precision rate and recall rate to show the effective-ness of our proposed method in collusion detection.EigenTrust and PowerTrust do not have collusiondetection mechanisms, so we used two thresholds andconsider nodes with reputations below the thresholdas colluders. One threshold equals the average rep-utation value of all nodes (i.e., 0.005) and the otherthreshold equals the highest reputation among thereal colluders. EigenTrust using the two thresholds aredenoted by EigenTrust-0.005 and EigenTrust-highest,respectively. The same to PowerTrust. We use Eigen-Trust /w and PowerTrust w/ to represent EigenTrustand PowerTrust with our proposed method. As in[18], we randomly chose a certain percent of nodes ascolluders and varied the percent value in testing. Col-luders offer authenticate files with probability of 20%.

Table 2 shows the precision rate, recall rate and F1

measure in colluder detection in different methodswith different percents of colluders. We see that whenthe percent of colluders equals to 10%, EigenTrust-0.005 and PowerTrust-0.005 perform the worst amongdifferent methods, with precision rates of 11.2% and10.4%, respectively. Though EigenTrust-highest andPowerTrust-highest improve the precision rates, theyare still very low (lower than 14%). With our pro-posed collusion detection method, EigenTrust andPowerTrust achieve precision rates as high as around90%. We also see that as the percent of colludersincreases, our method makes EigenTrust and Pow-erTrust maintain their precision rates at approximately90%, and the precision rates of other methods in-crease since more colluders have reputations belowthe threshold. These results confirm the effectivenessof our method in colluder detection.

EigenTrust-0.005 and PowerTrust-0.005 yield the



11

TABLE 2: Precision/Recall/F1 measure of collusion detection.

% of colluders Precision Recall F1 measure10 20 30 10 20 30 10 20 30

EigenTrust-highest 13.7 24.6 33.4 100 100 100 24.1 39.5 50.1EigenTrust-0.005 1.9 9.6 11.2 7.4 25.1 27.3 3 13.9 15.9EigenTrust w/ 99.1 98.9 99.3 100 92.8 83.3 99.5 95.8 90.6PowerTrust-highest 10.2 21.4 32.7 100 100 100 18.5 35.3 49.3PowerTrust-0.005 1.5 7.3 10.4 5.3 24.7 26.8 2.3 11.3 14.9PowerTrust w/ 99.2 99.3 99.5 99.4 93.3 82.8 99.3 96.2 90.4

lowest recall rates since colluders can get high reputa-tions even with the strategies of EigenTrust and Pow-erTrust. EigenTrust-highest and PowerTrust-highestexhibit the best recall rates because we chose thehighest reputation value of colluders as the threshold,but at the cost of low precision rates. Our proposedmethod can increase the recall rates of EigenTrust andPowerTrust significantly. We see that as the percentof colluders increases, the recall rates of EigenTrust-highest and PowerTrust-highest keep at 100% dueto our selected threshold, those of EigenTrust-0.005and PowerTrust-0.005 increase since more colludersincrease the probability of a colluder having repu-tation lower than the threshold. The recall rates ofEigenTrust w/ and PowerTrust w/ show a slight de-crease. When there are more colluders in the system,the number of undetected colluders increases fasterthan the number of detected colluders in our methodbecause the percent of colluders that satisfy the col-lusion checking conditions decreases. As a result, therecall rates with our method decreases.F1 measure is the harmonic mean of precision and

recall. We see that both EigenTrust w/ and Pow-erTrust w/ generate much higher F1 scores thanother methods. The result indicates that our proposedmethod is effective in identifying colluders.

3.4 Performance ComparisonWe use Random cut, K-means and K-means+Random cutto denote the optimized collusion detection methodwith the pre-processing using random cuts, with thepre-processing using k-means clustering, and with thepre-processing using k-means clustering first and thenusing random cuts. We set p to 0.3 and set rt to 0.4 inour random cut method.

Figure 17 shows the percent of the file requests sentto the colluders in the total number of requests in thesystem versus the number of colluders in the systemin Unoptimized, Optimized, EigenTrust, Random cut,K-means and K-means+Random cut. In this experiment,the setting of EigenTrust is identical to Figure 7. If thecomputed global reputation values can more accu-rately reflect the actual behavior of nodes, the numberof requests sent to the colluders should be smaller.Since EigenTrust is not effective at collusion detection,colluders have high reputations, they receive manyfile requests from other nodes. The results indicatethat our methods are more effective in thwartingcollusion, and our proposed pre-processing methodsdo not compromise accuracy of collusion detection.

We plot Figure 18 without EigenTrust to see thedifferences between all our methods. We see that K-

0

0.1

0.2

0.3

0.4

0.5

0.6

0.7

0.8

8 18 28 38 48 58

Perc

en

t o

f re

qu

ests

sen

t to

co

llu

ders

Number of colluders

UnoptimizedOptimizedEigenTrustRandom CutK-meansK-means+Random cut

Fig. 17: Effectiveness ofthwarting collusion (withEigenTrust).

0

0.005

0.01

0.015

0.02

0.025

0.03

8 18 28 38 48 58

Pe

rce

nt

of

req

ue

sts

s

en

t to

co

llu

de

rs

Number of colluders

UnoptimizedOptimizedRandom cutK-meansK-means+Random cut

cut

Fig. 18: Effectiveness ofthwarting collusion (withoutEigenTrust).

means, Random cut and K-means+Random cut generate aslightly higher percentage of requests sent to colluder-s. As K-means partitions all raters of a node to differentclusters, there is a possibility that a colluder lieswithin a non-COI cluster. In Random cut, a colludingedge might be missed in checking if rt value is large.

Figure 19 shows the percent of file requests sent tocolluders versus the number of nodes in the system.The total number of colluders was set to 64 in this

0.01

0.1

1

200 400 1000 2000

Perc

en

t o

f re

qu

ests

sen

t to

co

llu

ders

Number of nodes

Unoptimized OptimizedEigenTrust Random cutK-means K-means+Random cut

Fig. 19: Effectiveness ofthwarting collusion withdifferent network size.

experiment. Both X and Yaxes are in a logarithmicscale. We see a decline inthe percentage of request-s sent to colluders in al-l methods when there aremore nodes in the sys-tem. EigenTrust is not aseffective as our methodsin thwarting collusion be-cause even when the number of the nodes in thesystem increases, the colluders still have high repu-tation and thus a large number of request are sent tothem. We also see that K-means has higher percent andit decreases more slowly than our other methods asthe number of nodes in the system increases due tothe reason that a colluder may lie within a non-COIcluster as explained previously.

We define operation cost as the number of computercycles for thwarting collusion. The operation cost ofEigenTrust includes the cost for calculating all globalreputations for all nodes, and the operation cost ofour methods includes the cost for information analysisand computation, and the pre-processing. Figure 20shows the operation costs of Unoptimized, Optimized,EigenTrust, Random cut, K-means and K-means+Randomcut. The figure shows that Unoptimized generates sig-nificantly higher operation cost than others. This isbecause for each high-reputed node in the system,Unoptimized needs to scan all raters for rating valuesand frequency for each rater. The operation cost inEigenTrust is caused by the recursive matrix calcula-tion, which is determined by the number of the nodesrather than the number of colluders in the system.Hence, the operation cost of EigenTrust is constant asthe number of colluders in the system increases.

In order to see the differences between other meth-ods, we draw Figure 21 without Unoptimized. Wesee that EigenTrust produces higher operation cost



12

0

2000000

4000000

6000000

8000000

10000000

12000000

14000000

16000000

8 16 32 64

Op

era

tio

n c

ost

Number of colluders

UnoptimizedOptimizedEigenTrustRandom cutK-meansK-means+Random cut

Fig. 20: Operation cost ofthwarting collusion.

0

50000

100000

150000

200000

250000

300000

350000

400000

450000

8 16 32 64

Op

erati

on

co

st

Number of colluders

Optimized

EigenTrust

Random cut

K-means

K-means+Random cut

Fig. 21: Operation cost ofthwarting collusion (withoutUnoptimized).

0

10000

20000

30000

40000

50000

60000

70000

80000

90000

100000

8 16 32 64

Op

era

tio

n C

ost

Number of colluders

OptimizedRandom cutK-meansK-means+Random cut

Fig. 22: Operation cost ofthwarting collusion (withoutUnoptimized or EigenTrust).

0

10000

20000

30000

40000

50000

8 16 32 64

Op

erati

on

co

st

Number of colluders

Random cut

K-means

K-means+Random cut

Fig. 23: Operation cost for thepre-processing step.

than Optimized and other methods. The operation costof Optimized is very low because there is no needto scan the ratings from a node’s raters. The onlyoperation cost of Optimized is caused by checkingthe high contacting frequency between high-reputednodes and collusion inference. We see that Randomcut, K-means and K-means+Random cut produce similaroperation cost as Optimized, which indicates that theadditional cost of pre-processing does not exceed thecollusion detection cost saved by pre-processing. Weplot Figure 22 to show the operation cost of Optimized,Random cut, K-means and K-means+Random cut. We no-tice that K-means produces lower operation cost thanOptimized due to the reason that K-means clusteringalgorithm reduces the scope of suspected colludersfor collusion checking.

3.5 Performance of Pre-processingWe plot Figure 23 to show the operation cost for onlythe pre-processing step (without collusion detectioncost) in K-means, Random cut and Random cut+K-means.Compared to Figure 22, we see that the pre-processingstep in different pre-processing methods generatevery low cost. These additional costs are lower thanthe cost saved from collusion detection by these pre-processing methods; that is, they bring about morebenefits than cost. We also see that as the number ofcolluders in the system increases, the operation cost ofRandom cut and Random cut+K-means increase steadilywhile that of K-means remains relatively constant. Thisis because the cost of K-means is independent of thenumber of colluders since it only creates clusters forthe given number of nodes, while more colludersmake Random cut to have more recursive operations.

Next, we present the efficiency of the pre-processingmethod with different number of reputation managersand network sizes. We use the k-means clustering asan example. In order to show the efficiency measuredby real processing time, we used the Palmetto Super-computer [19] in Clemson University for experiments.The Palmetto Supercomputer has 15,120 computingcores and we used each core to simulate a node or areputation manager.

Figure 24 shows the computation time for pre-processing using k-means clustering with varyingnumber of reputation managers and nodes in thesystem. Because we aim to test the efficiency of thek-means clustering, we assume that each node hasR ≥ TR so that the clustering is on all nodes. In

0

20

40

60

80

100

120

140

160

2000 4000 8000 16000 32000 64000 128000

Tim

e (s

ec.)

Total number of nodes in the system

1-RM 8-RM 16-RM 32-RM 64-RM 128-RM 256-RM 512-RM 1024-RM

1-RM

8-RM 16-RM 32-RM

Fig. 24: Computation time fork-means clustering vs. thenumber of nodes.

0

2

4

6

8

10

12

n/500 n/1000 n/2000 n/3000 n/4000

Tim

e (sec.)

Value of K

16‐RM 32‐RM64‐RM 128‐RM256‐RM 512‐RM1024‐RM

Fig. 25: Computation time fork-means clustering vs. the val-ue of k.

the figure, ”m-RM” means there are m reputationmanagers in the system. “1-RM” represents the cen-tralized reputation system. In the system, each nodehas received a reputation rating from every othernode, and k was set to n/1000 (n is the number ofnodes in the system) in order to keep the number ofclusters to be the same for different network sizes.From the figure, we see that the run time of the k-means clustering increases as the number of nodes inthe system increases or as the number of reputationmanagers decreases. The time increases exponentiallyin “1-RM”. As more nodes in the system generatemore ratings, the k-means clustering needs more timeto create clusters. Also, we observe that the run timegrowth in a fully decentralized system is much slowerthan that of the centralized method. Therefore, thedecentralized reputation system is more suitable thanthe centralized method in large-scale P2P systems.Figure 25 shows the computation time for the systemwith 128,000 nodes and different number of RMswhen k is varied from n/500 to n/4000. We seethat computation time decreases when k decreasesdue to the same reason as in Figure 24. Overall, thecomputation time is short especially when there areno less than 128 RMs, which indicates that the k-means clustering based pre-processing is suitable forlarge-scale P2P systems.

4 RELATED WORK

Recent studies show that collusion behaviors com-monly exist in online rating systems [4–7]. Allah-bakhsh et al. [4] studied the impact of collusion attacksusing the logs of Amazon online rating system, andshowed that current rating systems are vulnerable tocollusion attacks. You et al. [5] found that sellers inconsumer-to-consumer (C2C) markets use collusionattacks to manipulate their reputations by studying adataset from Taobao, the largest C2C market in China.You et al. [6] studied the damage of collusion attacks



13

to crowdsourcing systems by analyzing anonymizedproduct ratings obtained from a large e-commerceorganization. They found that colluders are able toboost the ratings of their products by cooperatingwith others. Allahbakhsh et al. [7] showed that userscan give unfair evaluations to products by studyingthe MovieLens dataset from a famous online movierating systems. Therefore, it is important to enhancingcollusion resilience in reputation rating systems.

Many previous reputation systems focus on howto accurately calculate the global reputation value ofnodes. PowerTrust [17] dynamically selects a smallnumber of most reputable nodes using a distributedranking mechanism. The work in [8] focuses on first-hand reputation calculation, in which a node onlybelieves its own observations. Li et al. [20] used a timeattenuation function to calculate local trust rating, andthen applied a scalable feedback aggregating over-lay to compute trustworthiness of nodes. Koutrouliet al. [21] proposed a credit-based recommendationexchange mechanism. Ammar et al. [22] studied theproblems to rank items based on partial user inputs.Yao et al. [23] indicated that previous trust inferenceapproaches largely ignore other important propertiesand proposed a multi-aspect trust inference model.Akavipat et al. [24] presented a framework for en-hancing lookups in redundant DHTs by tracking howwell other nodes service lookup requests. Costa andFurtado et al. [25] presented a reputation-based taskscheduling strategy for distributed database systems.

However, existing reputation systems are vulnera-ble to collusion [1]. Current methods that can indirect-ly deal with collusion focus on how to calculate nodereputations to mitigate the influence of collusion.EigenTrust [3] breaks collusion collectives by usingthe feedback of pretrusted nodes. Fan et al. [26] recom-mended reputation value to evaluate the resource ser-vice behavior, and recommending reputation value toevaluate the trust recommendation behavior of nodes.RCA [27] uses tamper-evident logs for all messagesto discover all misreporting and protocol violations.Some works [28, 29] calculate the similarity amongusers who provide ratings for suspicious products(that are suspected to receive abnormal ratings) todetect potential colluders.

Some works leverage social networks to combat col-lusion. SocialTrust [11] adaptively adjusts the weightof ratings based on the social distance and interestrelationship between nodes to combat collusion. InSorcery [10], a client labels a content provider as acolluder if the provider’s votings on some items donot agree with that of the its friends. SocialLink [30]uses a weighted transaction network to manage thetrust among non-friends, and it can thwart collusionbecause nodes need to upload files in order to receivefiles from non-friends.

Sybil attacks share similar features as collusion andmany works use the social network clustering feature

to handle the sybil attacks. The works in [31, 32] usesybil region and random walk strategy to determinewhether a node is potentially a sybil attack node. Theworks in [33–38] restrict the number of attack edgesbetween honest regions (i.e., the regions including allnon-malicious nodes) and sybil regions (i.e., the re-gions with all sybil nodes). The work in [39] uses land-mark routing-based techniques to efficiently approxi-mate credit payments over large networks to reducethe overhead on computationally expensive networkanalysis in the previous sybil tolerance systems.

Unlike the previous works that either adjust theglobal reputation calculation method to mitigate theinfluence of collusion or rely on social networks todetect collusion which is not suitable for systemswithout social networks or brings extra overhead, ourproposed collusion-resilient methods directly detectsuspicious collusion behaviors based on the behaviorcharacteristics of colluders in reputation evaluationwith low overhead.

5 CONCLUSIONThough many reputation systems try to reduce theinfluence of collusion on calculating reputation val-ues, there are few works that specifically tackle collu-sion. According to collusion behavior characteristicsin reputation evaluation, we propose collusion detec-tion methods to thwart collusion behavior and fur-ther optimize the method by reducing the computingcost. We also propose two pre-processing methodsto shrink the scope of nodes to apply the collusiondetection methods in order to reduce the overhead,which is especially important in large-scale networks.Experimental results show the higher capacity of themethods in combating collusion in comparison withthe EigenTrust and PowerTrust reputation systems,and the effectiveness of our proposed pre-processingmethods in reducing overhead. In our future work, wewill investigate how to detect a collusion collectivehaving more than two nodes, and consider othercollusion patterns (i.e, repetition, spam account andtraffic concentration) [1] in collusion detection.

ACKNOWLEDGEMENTSThis research was supported in part by U.S. NSFgrants NSF-1404981, IIS-1354123, CNS-1254006, CNS-1249603, and Microsoft Research Faculty Fellowship8300751. An early version of this work was presentedin the Proc. of ICPP’12 [15].REFERENCES[1] Q. Lian, Z. Zhang, M. Yang, B. Y. Zhao, Y. Dai, and X. Li,

“An empirical study of collusion behavior in the maze P2Pfile-sharing system,” in Proc. of ICDCS, 2007.

[2] S. Zhao and V. Lo, “Result verification and trust-basedscheduling in open peer-to-peer sharing systems,” in Proc. ofP2P, 2005.

[3] S. D. Kamvar, M. T. Schlosser, and H. Garcia-Molina, “Theeigentrust algorithm for reputation management in P2P net-works,” in Proc. of WWW, 2003.

[4] M. Allahbakhsh, A. Ignjatovic, B. Benatallah, S. Beheshti,N. Foo, and E. Bertino, “Detecting, representing and queryingcollusion in online rating systems,” CoRR, abs/1211.0963, 2012.



14

[5] W. You, L. Liu, M. Xia, and C. Lv, “Reputation inflationdetection in a chinese c2c market,” Electronic Commerce Researchand Applications, vol. 10, no. 5, pp. 510–519, 2011.

[6] A. KhudaBukhsh, J. Carbonell, and P. Jansen, “Detecting non-adversarial collusion in crowdsourcing,” in Proc. of HCOOMP,2014.

[7] M. Allahbakhsh and A. Ignjatovic, “An iterative method forcalculating robust rating scores,” TPDS, vol. 26, no. 2, pp. 340–350, 2015.

[8] A. A. Selcuk, E. Uzun, and M. R. Pariente, “A reputation basedtrust management system for P2P networks,” InternationalJournal of Network Security, 2008.

[9] K. Walsh and E. G. Sirer., “Experience with a distributedobject reputation system for peer-to-peer filesharing,” in Proc.of NSDI, 2006.

[10] E. Zhai, R. Chen, Z. Cai, L. Zhang, E. K. Lua, H. Sun, S. Qing,L. Tang, and Z. Chen, “Sorcery: Could we make P2P contentsharing systems robust to deceivers?” in Proc. of P2P, 2009.

[11] Z. Li, H. Shen, and K. Sapra, “Leveraging social networksto combat collusion in reputation systems for peer-to-peernetworks,” IEEE Transactions on Computers (TC), vol. 62, no. 9,pp. 1745 – 1759, 2013.

[12] D. Karger, E. Lehman, T. Leighton, M. Levine, D. Lewin,and P. R., “Consistent hashing and random trees: Distributedcaching protocols for relieving hot spots on the World WideWeb,” in Proc. of STOC, 1997.

[13] I. Stoica, R. Morris, D. Liben-Nowellz, D. R. Kargerz, M. F.Kaashoekz, F. Dabekz, and H. Balakrishnan, “Chord: A scal-able peer-to-peer lookup protocol for Internet applications,”IEEE TON, 2003.

[14] “ebay,” http://www.ebay.com [accessed in August 2015].[15] Z. Li, H. Shen, and K. Sapra, “Collusion detection in reputation

systems for peer-to-peer networks,” in Proc. of ICPP, 2012.[16] M. R. Anderberg, Cluster Analysis for Applications. Academic

Press, 1973.[17] R. Zhou and K. Hwang, “Powertrust: A robust and scalable

reputation system for trusted peer-to-peer computing.” IEEETPDS, 2007.

[18] L. Canon, E. Jeannot, and J. Weissman, “A Scheduling andCertification Algorithm for Defeating Collusion in DesktopGrids,” in Proc. of ICDCS, 2011.

[19] “Palmetto Supercomputer - Clemson University,”http://citi.clemson.edu/palmetto/[accessed in August2015].

[20] X. Li, F. Zhou, and X. Yang, “Scalable Feedback Aggregating(SFA) Overlay for Large-Scale P2P Trust Management,” TPDS,2012.

[21] E. Koutrouli and A. Tsalgatidou, “Credible recommendationexchange mechanism for P2P reputation systems,” in Proc. ofSAC, 2013.

[22] A. Ammar and D. Shah, “Efficient rank aggregation usingpartial data,” in Proc. of SIGMETRICS, 2012.

[23] Y. Yao, H. Tong, X. Yan, F. Xu, and J. Lu, “Matri: a multi-aspectand transitive trust inference model,” in Proc. of WWW, 2013.

[24] R. Akavipat, M. Al-Ameen, A. Kapadia, Z. Rahman,R. Schlegel, and M. Wright, “ReDS: A Framework forReputation-Enhanced DHTs,” TPDS, vol. 1, no. 99, pp. 1–10,2014.

[25] R. Costa and P. Furtado, “Elections and reputation for highdependability and performance in distributed workload exe-cution,” TPDS, vol. 1, no. 99, pp. 1–10, 2014.

[26] X. Fan, M. Li, J. Ma, Y. Ren, H. Zhao, and Z. Su, “Behavior-based reputation management in P2P file-sharing networks,”J. Comput. Syst. Sci., 2012.

[27] P. Aditya, M. Zhao, Y. Lin, A. Haeberlen, P. Druschel, B. Mag-gs, and B. Wishon, “Reliable Client Accounting for P2P-Infrastructure Hybrids,” in Proc. of NSDI, 2012.

[28] Y. Liu, Y. Yang, and Y. Sun, “Detection of collusion behaviorsin online reputation systems,” in Proc. of ACSSC, 2008.

[29] Y. Yang, Y. Sun, S. Kay, and Q. Yang, “Defending onlinereputation systems against collaborative unfair raters throughsignal modeling and trust,” in Proc. of SAC, 2009.

[30] K. Chen, G. Liu, H. Shen, and F. Qi, “SocialLink: UtilizingSocial Network and Transaction Links for Effective TrustManagement in P2P File Sharing Systems,” in Proc. of P2P,2015.

[31] A. Mohaisen, N. Hopper, and Y. Kim, “Keep Your Friends

Close: Incorporating Trust into Social Network-based SybilDefenses,” in Proc. of INFOCOM, 2011.

[32] W. Wei, X. Fengyuan, C. Chiu, and L. Qun, “SybilDefender:Defend Against Sybil Attacks in Large Social Networks,” inProc. of INFOCOM, 2012.

[33] T. Nguyen, L. Jinyang, S. Lakshminarayanan, and S. Chow,“Optimal Sybil-Resilient Peer Admission Control,” in Proc. ofINFOCOM, 2011.

[34] J. L. N. Tran, B. Min and L. Subramanian, “Sybil-ResilientOnline Content Voting,” in Proc. of NSDI, 2009.

[35] H. Yu, M. Kaminsky, and A. D. Flaxman, “Sybilguard: De-fending against sybil attacks via social networks,” in Proc. ofSIGCOMM, 2006.

[36] H. Yu, P. Gibbons, M. Kaminsky, and F. Xiao, “Sybillimit: Anear-optimal social network defense against sybil attacks,” inProc. of IEEE SP, 2008.

[37] W. Wei, F. Xu, C. Tan, and Q. Li, “Sybildefender: Defendagainst sybil attacks in large social networks,” in Proc. ofINFOCOM, 2012.

[38] L. Shi, S. Yu, W. Lou, and Y. Hou, “Sybilshield: An agent-aided social network-based sybil defense among multiplecommunities,” in Proc. of INFOCOM, 2013.

[39] B. Viswanath, M. Mondal, and K. Gummadi, “Canal: Scalingsocial network-based sybil tolerance schemes,” in Proc. ofEuroSys, 2012.

Haiying Shen received the BS degree in Computer Science and Engineering from Tongji University, China in 2000, and the MS and Ph.D. degrees in Computer Engineering from Wayne State University in 2004 and 2006, respectively. She is currently an Assistant Professor in the Holcombe Department of Electrical and Computer Engineering at Clemson University. Her research interests include distributed and parallel computer systems and computer networks, with an emphasis on peer-to-peer and content delivery networks, mobile computing, wireless sensor networks, and grid and cloud computing. She was the Program Co-Chair for a number of international conferences and member of the Program Committees of many leading conferences. She is a Microsoft Faculty Fellow of 2010 and a member of the IEEE and ACM.

Cheng-Zhong Xu received B.S. and M.S. degrees from Nanjing University in 1986 and 1989, respectively, and a Ph.D. degree in Computer Science from the University of Hong Kong in 1993. He is currently a Professor in the Department of Electrical and Computer Engineering of Wayne State University and the Director of Sun’s Center of Excellence in Open Source Computing and Applications. His research interests are mainly in distributed and parallel systems, particularly in scalable and secure Internet services, autonomic cloud management, energy-aware task scheduling in wireless embedded systems, and high performance cluster and grid computing. He has published more than 160 articles in peer-reviewed journals and conferences in these areas. He is the author of Scalable and Secure Internet Services and Architecture (Chapman & Hall/CRC Press, 2005) and a co-author of Load Balancing in Parallel Computers: Theory and Practice

Haiying Shen received the BS degree inComputer Science and Engineering fromTongji University, China in 2000, and the MSand Ph.D. degrees in Computer Engineeringfrom Wayne State University in 2004 and2006, respectively. She is currently an Asso-ciate Professor in the Department of Elec-trical and Computer Engineering at Clem-son University. Her research interests includedistributed computer systems and computernetworks, with an emphasis on P2P and con-

tent delivery networks, mobile computing, wireless sensor networks,and cloud computing. She is a Microsoft Faculty Fellow of 2010, asenior member of the IEEE, and a member of the ACM.

Yuhua Lin

Yuhua Lin received both his BS degree in Software Engineering and MS degree in Computer science from Sun Yat-sen University, China in 2009 and 2012 respectively. He is currently a Ph.D student in the Department of Electrical and Computer Engineering of Clemson University. His research interests include social networks and reputation system.

Yuhua Lin received both his BS degree andMS degree in Computer Engineering fromSun Yat-sen University, China in 2009 and2012 respectively. He is currently a Ph.Dstudent in the Department of Electrical andComputer Engineering of Clemson Universi-ty. His research interests include social net-works and reputation systems.

Karan Sapara received the BS degree incomputer engineering from Clemson Univer-sity, in 2011, and is currently working towardthe PhD degree in the Department of Elec-trical and Computer Engineering at Clem-son University. His research interests includeP2P networks, distributed and parallel com-puter systems, and cloud computing. He is astudent member of the IEEE.

15

[7] Y. Yao, X. Tang, and E. Lim, “In-network processing of nearestneighbor queries for wireless sensor networks,” in Proc. of DAS-FAA06, 2006.

[8] R. Szewczyk, J. Polastre, A. Mainwaring, and D. Culler, “Lessonsfrom a Sensor Network Expedition,” in Proc. of EWSN, 2004.

[9] C. Intanagonwiwat, R. Govindan, and D. Estrin, “Directed Diffu-sion: A Scalable and Robust Communication Paradigm for SensorNetworks,” in Proc. of Mobicom, 2000.

[10] W. Zhang, G. Cao, and T. L. Porta, “Data Dissemination withRing-Based Index for Wireless Sensor Networks,” in Proc. of ICNP,2003, pp. 305–314.

[11] S. Madden, M. J. Franklin, and J. M. H. W. Hong, “TAG: a TinyAGgregation Service for Ad-Hoc Sensor Networks,” in Proc. ofOSDI, 2002.

[12] F. Ye and G. Zhong, “GRAdient Broadcast: A Robust Data Deliv-ery Protocol for Large Scale Sensor Networks,” WINET, 2005.

[13] H. Luo, F. Ye, J. Cheng, S. Lu, and L. Zhang, “Ttdd: Two-tier datadissemination in large-scale sensor networks,” Wireless Networks,vol. 11, pp. 161–175, 2002.

[14] S. Ratnasamy, B. Karp, S. Shenker, D. Estrin, R. Grovindan,L. Yin, and F. Yu, “Data-centric storage in sensornet with ght: Ageographic hash table,” in Proc. of MONET, 2003.

[15] S. Ratnasamy, B. Karp, S. Shenker, D. Estrin, and L. Yin, “Data-centric storage in sensornets with GHT, a geographic hash table,”MONET, vol. 8, pp. 427–442, 2003.

[16] X. Li, Y. J. Kim, and W. Hong, “Multi-dimensional range queriesin sensor networks,” in Proc. of SenSys, 2003.

[17] D. Ganesan, “DIMENSIONS: Why do we need a new datahandling architecture for sensor networks,” in Proc. of the ACMHotNets, 2002, pp. 143–148.

[18] D. Ganesan, A. Cerpa, Y. Yu, D. Estrin, W. Ye, and J. Zhao,“Networking issues in wireless sensor networks,” JPDC, 2004.

[19] B. Greenstein, D. Estrin, R. Govindan, S. Ratnasamy, andS. Shenker, “Difs: A distributed index for features in sensor net-works,” in Proc. of SNPA, 2003.

[20] J. Li, J. Jannotti, D. S. J. De, C. David, R. Karger, and R. Morris, “Ascalable location service for geographic ad hoc routing,” in Proc. ofMobiCom, 2000.

[21] J. Newsome and D. Song, “GEM: Graph EMbedding for routingand data-centric storage in sensor networks without geographicinformation,” in Proc. of SenSys, 2003.

[22] A. Caruso, S. Chessa, S. De, and R. Urpi, “GPS free coordinateassignment and routing in wireless sensor networks,” in Proc. ofIEEE INFOCOM, 2005, pp. 150–160.

[23] P. Desnoyers, D. Ganesan, and P. Shenoy, “Tsar: A two tiersensor storage architecture using interval skip graphs,” in Proc.of SenSys05. ACM Press, 2005, pp. 39–50.

[24] C. T. Ee and S. Ratnasamy, “Practical data-centric storage,” in Proc.of NSDI, 2006.

[25] M. Aly, K. Pruhs, and P. K. Chrysanthis, “KDDCS: A load-balanced in-network data-centric storage scheme in sensor net-work,” in Proc. of CIKM, 2006, pp. 317–326.

[26] F. Bian, X. Li, R. Govindan, and S. Schenker, “Using hierarchicallocation names for scalable routing and rendezvous in wirelesssensor networks,” in Proc. of SenSys, 2004, pp. 305–306.

[27] J. Xu, X. Tang, and W. chien Lee, “A new storage scheme forapproximate location queries in object tracking sensor networks,”IEEE TPDS, vol. 19, pp. 262–275, 2008.

[28] M. Li and Y. Liu, “Rendered path: range-free localization inanisotropic sensor networks with holes,” in Proc. of MobiCom, 2007.

[29] H. Shen, T. Li, and T. Schweiger, “An Efficient Similarity SearchingScheme Based on Locality Sensitive Hashing,” in Proc. of ICDT,2008.

[30] D. Karger, E. Lehman, T. Leighton, M. Levine, D. Lewin, andR. Panigrahy, “Consistent Hashing and Random Trees: DistributedCaching Protocols for Relieving Hot Spots on the World WideWeb,” in Proc. of STOC, 1997, pp. 654–663.

[31] W. Nejdl, W. Siberski, M. Wolpers, and C. Schmnitz, “Routingand clustering in schema-based super peer networks,” in Proc. ofIPTPS, 2003.

[32] P. A. Bernstein, F. Giunchiglia, A. Kementsietsidis, J. Mylopoulos,L. Serafini, and I. Zaihrayeu, “Data management for peer-to-peercomputing: A vision,” in Proc. of WebDB, 2002.

[33] A. Y. Halevy, Z. G. Ives, P. Mork, and I. Tatarinov, “Piazza: Datamanagement infrastructure for semantic web applications,” in Proc.of WWW, 2003.

[34] “In how many ways can m balls be distributed into n boxes?”http://www.fen.bilkent.edu.tr/ otekman/disc/usef.pdf.

[35] G. Wang, G. Cao, T. L. Porta, and W. Zhang, “Sensor relocationin mobile sensor networks,” in Proc. of IEEE INFOCOM, 2005.

[36] L. Hu and D. Evans, “Localization for mobile sensor networks,”in Proc. of MobiCom, 2004.

[37] F. Liu, X. Cheng, D. Hua, and D. Chen, “Location discovery forsensor networks with short range beacons,” IJAHUC, 2009.

[38] R. Fonseca, S. Ratnasamy, J. Zhao, and C. T. Ee, “Beacon vectorrouting: scalable point-to-point routing in wireless sensornets,” inProc. of NSDI, 2005.

[39] N. Bulusu, J. Heidemann, and D. Estrin, “Gps-Less Low-CostOutdoor Localization For Very Small Devices,” IEEE Personal Com-munications Magazine, vol. 7, no. 5, pp. 28–34, 2000.

[40] “The one simulator. http://www.netlab.tkk.fi/.”[41] H. Shen, T. Li, L. Zhao, and Z. Li, “SDS: Distributed Spatial-

Temporal Similarity Data Storage in Wireless Sensor Networks,”in Proc. of ICCCN, 2009.

Haiying Shen received the BS degree in Com-puter Science and Engineering from Tongji Uni-versity, China in 2000, and the MS and Ph.D.degrees in Computer Engineering from WayneState University in 2004 and 2006, respectively.She is currently an Assistant Professor in theDepartment of Electrical and Computer Engi-neering, and the Director of the Pervasive Com-munications Laboratory of Clemson University.Her research interests include distributed com-puter systems and computer networks, with an

emphasis on peer-to-peer and content delivery networks, mobile com-puting, wireless sensor networks, and grid computing. Her researchwork has been published in top journals and conferences in theseareas. She was the Program Co-Chair for a number of internationalconferences and member of the Program Committees of many leadingconferences. She is a member of the IEEE and ACM. She is MicrosoftResearch Faculty Fellow of 2010.

Lianyu Zhao received the BS and MS degreesin Computer Science from Jilin University, China.He is currently a Ph.D. student in the Depart-ment of Electrical and Computer Engineeringof Clemson University. His research interestsinclude wireless sensor network, routing proto-cols, applications and security issues in P2Pnetworks.

Ze Li received the BS degree in Electronics andInformation Engineering from Huazhong Univer-sity of Science and Technology, China, in 2007.He is currently a Ph.D. student in the Depart-ment of Electrical and Computer Engineeringof Clemson University. His research interestsinclude distributed networks, with an emphasison peer-to-peer and content delivery networks,wireless multi-hop cellular networks, game the-ory and data mining. He is a student member ofIEEE.

Ze Li received the BS degree in Electronicsand Information Engineering from HuazhongUniversity of Science and Technology, Chinain 2007, and the Ph.D. degree in ComputerEngineering from Clemson University. His re-search interests include distributed networks,with an emphasis on peer-to-peer and con-tent delivery networks. He is currently a datascientist in the MicroStrategy Incorporation.

Enhancing Collusion Resilience in Reputation Systemshs6ms/publishedPaper/Journal/2015... ·...

Documents

Transcript of Enhancing Collusion Resilience in Reputation Systemshs6ms/publishedPaper/Journal/2015... ·...