Recommendation/Reputation. Ennan Zhai

Transcription

1 Recommendation/Reputation Ennan Zhai

2 Lecture Outline Background Reputation System: EigenTrust & Credence Sybil-Resitance: DSybil

3 Lecture Outline Background Reputation System: EigenTrust & Credence Sybil-Resitance: DSybil

4 Motivating Example

5 Motivating Example

6 Motivating Example Search Result

7 Motivating Example Search Result

8 Motivating Example Search Result It is high possible for the consumer to select a bad object

9 Motivating Example Search Result But reputation systems can help you!

10 Reputation/Recommendation What is the reputation system?

11 Reputation/Recommendation What is the reputation system? What is the recommendation system?

12 Reputation/Recommendation What is the reputation system? What is the recommendation system? Difference?

13 Categories of Reputation Systems Three different types: Peer-based reputation systems, e.g., EigenTrust;

14 Categories of Reputation Systems Three different types: Peer-based reputation systems, e.g., EigenTrust; Object-based reputation systems, e.g., Credence;

15 Categories of Reputation Systems Three different types: Peer-based reputation systems, e.g., EigenTrust; Object-based reputation systems, e.g., Credence; Hybrid reputation systems, e.g., Scrubber.

16 Lecture Outline Background Reputation System: EigenTrust & Credence Sybil-Resitance: DSybil

17 Lecture Outline Background Reputation System: EigenTrust & Credence Sybil-Resitance: DSybil

18 EigenTrust The first peer-based reputation system: Similar to PageRank; Not a pure decentralized system.

19 Credence

20 Credence lice Request Decentralized file-sharing system

21 Credence Name Sources Voters F 10 P 2 P 6 P 2 P 4 P 6 F 22 P 2 P 6 P 8 P 2 P 7 lice F 4 P 2 P 4 P 2 P 4 P 7 F 6 P 11 P 13 P 14 P 11

22 Computing each File s Reputation Name Sources Voters F 10 P 2 P 6 P 2 P 4 P 6 F 22 P 2 P 6 P 8 P 2 P 7 lice F 4 P 2 P 4 P 2 P 4 P 7 F 6 P 11 P 13 P 14 P 11

23 File s Reputation Credence uses weighted averaging to compute the reputation of a file.

24 File s Reputation n Rep(F) = V i θ( lice,voter_i ) i=1 n θ( lice,voter_i ) i=1 [ -1, 1 ] Credence uses weighted averaging to compute the reputation of a file.

25 File s Reputation n The vote cast by voter i on F (+1 or -1) Rep(F) = V i θ( lice,voter_i ) i=1 n θ( lice,voter_i ) i=1 [ -1, 1 ]

26 File s Reputation n The vote cast by voter i on F (+1 or -1) Rep(F) = V i θ( lice,voter_i ) i=1 n θ( lice,voter_i ) i=1 [ -1, 1 ] The similarity between lice and voter i The range is [-1, +1].

27 Similarity between Nodes P 2 θlice, P4 lice P 4 P 6

28 Similarity between Nodes θ = (p-ab) / a (1-a) b(1-b)

29 Similarity between Nodes θ = (p-ab) / a (1-a) b(1-b) For the overlapping voting set (e.g., S) between lice and P i :

30 Similarity between Nodes θ = (p-ab) / a (1-a) b(1-b) For the overlapping voting set (e.g., S) between lice and P i : a = # of positive votes cast by lice on the files in S # of all the votes cast by lice on the files in S

31 Similarity between Nodes θ = (p-ab) / a (1-a) b(1-b) For the overlapping voting set (e.g., S) between lice and P i : a = b = # of positive votes cast by lice on the files in S # of all the votes cast by lice on the files in S # of positive votes cast by C i on the files in S # of all the votes cast by C i on the files in S

32 Similarity between Nodes θ = (p-ab) / a (1-a) b(1-b) For the overlapping voting set (e.g., S) between lice and P i : a = b = # of positive votes cast by lice on the files in S # of all the votes cast by lice on the files in S # of positive votes cast by C i on the files in S # of all the votes cast by C i on the files in S # of positive votes cast by both lice and C p = i on the files in S # of all the votes agreed by both lice and C i on the files in S

33 Example θ = (p-ab) / a (1-a) b(1-b) : +1 : -1 : -1 : +1 B: +1 B: -1 B: +1 B: +1 File 1 File 2 File 3 File 4

34 Practical Issues There are a few practical issues in Credence: Cold start; Overlapping voting history.

35 Possible Solution Flow-based Reputation: C θ ac = θ ab * θ bc B

36 Possible Solution Flow-based Reputation: 0.72 C θ ac = θ ab * θ bc B

37 Recall Reputation Computation n Rep(F) = V i θ( lice,voter_i ) i=1 n θ( lice,voter_i ) i=1 [ -1, 1 ] Why it works?

38 Reputation Name Sources Voters F 10 P 2 P 6 P 2 P 4 P 6 F 22 P 2 P 6 P 8 P 2 P 7 lice F 4 P 2 P 4 P 2 P 4 P 7 F 6 P 11 P 13 P 14 P 11

39 Reputation Name Sources Voters F 10 = 0.8 P 2 P 6 P 2 P 4 P 6 F 22 P 2 P 6 P 8 P 2 P 7 lice F 4 P 2 P 4 P 2 P 4 P 7 F 6 P 11 P 13 P 14 P 11

40 Reputation Name Sources Voters F 10 = 0.8 P 2 P 6 P 2 P 4 P 6 F 22 = 0.5 P 2 P 6 P 8 P 2 P 7 lice F 4 P 2 P 4 P 2 P 4 P 7 F 6 P 11 P 13 P 14 P 11

41 Reputation Name Sources Voters F 10 = 0.8 P 2 P 6 P 2 P 4 P 6 F 22 = 0.5 P 2 P 6 P 8 P 2 P 7 lice F 4 = 0.9 P 2 P 4 P 2 P 4 P 7 F 6 P 11 P 13 P 14 P 11

42 Reputation Name Sources Voters F 10 = 0.8 P 2 P 6 P 2 P 4 P 6 F 22 = 0.5 P 2 P 6 P 8 P 2 P 7 lice F 4 = 0.9 P 2 P 4 P 2 P 4 P 7 F 6 = 0.6 P 11 P 13 P 14 P 11

43 Ranking Name Sources Voters F 4 = 0.9 P 2 P 4 P 2 P 4 P 7 F 10 = 0.8 P 2 P 6 P 2 P 4 P 6 lice F 6 = 0.6 P 11 P 13 P 14 P 11 F 22 = 0.5 P 2 P 6 P 8 P 2 P 7

44 Discussions Credence is a practical system but has many problems: Cold start; Overlapping voting history; Sybil attack.

45 Sybil ttack

46 Sybil ttack Sybil attack is the killer of reputation systems: What is sybil attack?

47 Sybil ttack Sybil attack is the killer of reputation systems: What is sybil attack? How does sybil attack compromise Credence?

48 Sybil ttack Sybil attack is the killer of reputation systems: What is sybil attack? How does sybil attack compromise Credence? Can we defend against sybil attack?

49 Lecture Outline Background Reputation System: EigenTrust & Credence Sybil-Resitance: DSybil

50 Lecture Outline Background Reputation System: EigenTrust & Credence Sybil-Resitance: DSybil

51 Sybil Defense very hot but very hard topic Many good efforts

52 DSybil Based on feedback and reputation Loss (# of bad recommendations) is provable O(D logm) even under worst-case attack D: Dimension of the objects (less than 10 in Digg) M: Max # of sybil identities voting on each obj The authors prove Dsybil s loss is optimal

53 Challenges It is very challenging to defend against sybil: 1. How to identify correct but non-helpful votes?

54 Challenges It is very challenging to defend against sybil: 1. How to identify correct but non-helpful votes? 2. How to assign initial trust to new identities?

55 Challenges It is very challenging to defend against sybil: 1. How to identify correct but non-helpful votes? 2. How to assign initial trust to new identities? 3. How exactly to grow trust?

56 Challenges It is very challenging to defend against sybil: 1. How to identify correct but non-helpful votes? 2. How to assign initial trust to new identities? 3. How exactly to grow trust? 4. How to rank the results?

57 Key #1: Heavy-Tail Distribution Leveraging typical voting behavior of honest users: Exist very active users who cast many votes

58 Key #1: Heavy-Tail Distribution Leveraging typical voting behavior of honest users: Exist very active users who cast many votes % of users casting x votes # votes cast (on various objs)

59 Key #1: Heavy-Tail Distribution Leveraging typical voting behavior of honest users: Exist very active users who cast many votes % of users casting x votes # votes cast (on various objs)

60 Key Insight #2 Key #2: If user is already getting enough help, then do not give out more trust: This insight enables us to avoid giving trust to some sybil identities; The insight can make us strike an optimal balance.

61 System Model Objects to be recommended are either good or bad;

62 System Model Objects to be recommended are either good or bad; Votes are positive. Namely, DSybil only has positive votes.

63 System Model Objects to be recommended are either good or bad; Votes are positive. Namely, DSybil only has positive votes. DSybil is personalized:

64 fter search, we enter one round 2 good objs 2 bad objs DSybil does not know which are good

65 fter search, we enter one round 2 good objs 2 bad objs DSybil does not know which are good Each round has a pool of objects: DSybil recommends one object for lice to consume;

66 fter search, we enter one round 2 good objs 2 bad objs DSybil does not know which are good Each round has a pool of objects: DSybil recommends one object for lice to consume; lice provides feedback after consumption;

67 fter search, we enter one round 2 good objs 2 bad objs DSybil does not know which are good Each round has a pool of objects: DSybil recommends one object for lice to consume; lice provides feedback after consumption; DSybil adjusts reputations based on the feedback.

68 Initial Round E: 0.2 F: 0.2 H: 0.2 G: 0.2 H: 0.2 Total: 0.4 Total: 0.2 Total: 0.2 Total: 0.2 Each identity starts with initial trust 0.2 n object is overwhelming if total trust >=C (C = 1.0)

69 Initial Round E: 0.2 F: 0.2 H: 0.2 G: 0.2 H: 0.2 Total: 0.4 Total: 0.2 Total: 0.2 Total: Recommend uniformly random object

70 Initial Round E: 0.2 F: 0.2 H: 0.2 G: 0.2 H: 0.2 Total: 0.4 Total: 0.2 Total: 0.2 Total: Recommend uniformly random object 2. djust reputation after feedback - if obj is bad, multiply trust of voters by β= if obj is good, multiply trust of voters by α= 2

71 Rounds with Overwhelming Obj E: 1.0 H: 0.2 Total: 1.2 G: 0.2 H: 0.2 Total: 0.4 F: 1.0 Total: 1.0

72 Rounds with Overwhelming Obj E: 1.0 H: 0.2 Total: 1.2 G: 0.2 H: 0.2 Total: 0.4 F: 1.0 Total: Recommend arbitrary overwhelming object

73 Rounds with Overwhelming Obj E: 1.0 H: 0.2 Total: 1.2 F: 1.0 Total: Recommend arbitrary overwhelming object

74 Rounds with Overwhelming Obj E: 1.0 H: 0.2 Total: 1.2 F: 1.0 Total: Recommend arbitrary overwhelming object - Will confiscate sufficient trust if obj is bad

75 Rounds with Overwhelming Obj E: 1.0 H: 0.2 Total: 1.2 F: 1.0 Total: Recommend arbitrary overwhelming object - Will confiscate sufficient trust if obj is bad 2. djust trust after feedback - if obj is bad, multiply trust of voters by β= if obj is good, no additional trust given out (#2 key)

76 Why it works?

77 Guide Guide: set of honest users in the system are very active. Usually, the votes casted by guides can cover 60% objects.

78 Guide Guide: set of honest users in the system are very active. Usually, the votes casted by guides can cover 60% objects. % of users casting x votes # votes cast (on various objs)

79 Guide X X X X,Y Y Y, W,I W The minimal guide has 2 elements: {X,Y} or {X,W} or {X,}

80 Guide X X X X,Y Y Y, W,I W The minimal guide has 2 elements: {X,Y} or {X,W} or {X,} Note that DSybil does not know who are the guide

81 Guide X X X X,Y Y, Y, W,I X,W X Minimal guide = {X}

82 Guide X X Y W B B

83 Guide X X Y W B B {X,Y} or {X,W}

84 Guide X X Y W B B

85 Guide X X Y W B B Guide = {}

86 Leveraging Key Insight #1 The elements in the minimal guide is typically small in practice

87 Leveraging Key Insight #1 The elements in the minimal guide is typically small in practice Small number of elements -> will encounter guides frequently when picking random objs: * Reputation to guides quickly grow to C

88 Leveraging Key Insight #1 The elements in the minimal guide is typically small in practice Small number of elements -> will encounter guides frequently when picking random objs: * Reputation to guides quickly grow to C * This will result in overwhelming objs

89 Leveraging Key Insight #2 Consuming good overwhelming obj = lice already has sufficient help

90 Leveraging Key Insight #2 Consuming good overwhelming obj = lice already has sufficient help Thus do not give out additional reputation: * Prevent sybil identities from getting reputation for free * May hurt honest identities (but remember this is optimal)

91 Provable Guarantees Proof: ^^^ ++== ~~~,,l. End of Proof Proof for O(D logm) loss even under worst-case attack

92 Sybil ttack Summary gain, sybil-defense is very interesting but very hard In the future lecture, we will learn social network based solution against sybil attack.