from weak online reputation metrics to standardized … weak online reputation metrics to...

Report

Post on 20-Mar-2018

223 Views

Category:

Documents

3 Downloads

Preview:

Click to see full reader

TRANSCRIPT

ITUWorkshopon“FutureTrustandKnowledgeInfrastructure”,Phase2

Geneva,Switzerland1July2016

Fromweakonlinereputationmetricstostandardizedattack-resistanttrustmetrics

Dr.Jean-MarcSeigneurPresidentatRéputaction SAS,ChiefReputationOfficeratGLOBCOINSeniorLecturerandResearchManageratMedi@LAB,CUIISS,G3S,

UniversityofGenevaJean-MarcSeigneur@reputaction.com

Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics

• Conclusion• Q&A

Onlinereputationeconomy

• By2026,thankstoonlineratings– “amoresuccessfulhospitalityandleisuresectorhasthe

potentialtoaddanextra£2bntotheUKeconomywiththeimpactonthesector’slargesupplychaincontributingafurther£1.2bn.”[Barclays,2016]

Mainonlinee-reputation ratingsservices forthegeneral public

• Especiallyinthetourismindustry– Around60%ofthehotelratingsby2providersonly[TCIResearchFrench,2015]• Booking,whoseratingsareverifiedbecausebasedafterpaymenthasbeenmade,takingaround25%ofthenightcost

• TripAdvisor,whoseratingsarenotverified

• Somehow:eBay,Yelp,Klout,TrustPilot,TrustYou,FacebookReviews,GoogleReviews…

RatingsforGoogleSEO

Amajorpitfall:trustinonlineratingsdecreases

• RepresentativesurveysofFrenchpeople– [Testntrust,2013]

• 89%trustonlineratingsin2010• 76%trustonlineratingsin2013

– [NielsenInstitute,2013]• 71%trustonlineratingsin2007• 51%trustonlineratingsin2013

Issuesofonlinereputationmetrics• eBay

– firsttoproposeanonline reputationsolution in1995– easierbecause

• centralized• focusedononecontextonly:onlineauctions• withrealmoneytransactionstraces

– Issues• same pointsforsuccessfully selling aFerrarioraUSBkey• changein2008:sellers cannot ratebuyers inorder to increase negative ratingsofsellers

• aggressivemarketing(Naymz/Visible.me spam,Reputation.comoveralarmingemails)

• resellingofprivatedatawithoutuserconsent(Rapleaf 1.0/Trustfuse)• difficultandincompletecollection,verificationandmanagementofratings• TripAdvisor

– Guiltyof falseratingsorsuccessfullyattacked• UK,2009:suedby2000hotelsassociation,changeofslogan“reviewsyoucantrust”to

“reviewsfromourcommunity”• France,2011:non-partnerhotelslistedasfullybookedevenifstillavailable inreal• Italy,2014and2015:

– feeof500kEurosbytheItaliananti-trustbodyduetounclearexplanationregardingthevalidityoftheirratings

– ghostrestaurantrankedasbestrestaurantofatouristiccity• Tunisia,2016:traveler's choiceawardgiventothehotelinTunisiawherean

Islamistterroristattackleft30Britishholidaymakersdeadlastsummer

e-Reputationratingsmainaspects

• Ratingsverifiedornot• Closedoropenalgorithmsinordertoevaluatetheirattack-

resistancebytheresearchcommunity– securitybyobscurityisbelievedtobelesssecurebythe

researchcommunity• Open,restrictedornoAPItoaccess/managethem• Theirvisualizationordigitalrepresentation

– Quantitativeonly• Scaleofstarsbetween1to5…

– Qualitativeaswell• Needofautomatedlanguagesentiment analysis

Howtovisualizetrusteffectively?

• Trustvisualizationhasarealbusinessimpact:+8%pricepremium[Johnston,1996]

TrustPlus• 2006to2012,decentralized,closedalgorithm,notverifiedratings,interestingtrustvisualization

• Scorebetween0and100• Startedin2008– focusingone-reputationinfluence– boughtforaround100millions$in2014– closedalgorithm– basedondetectedevidencesuchasnumberoffollowers/fansandtheirownscoreengagementofposts

– knowntobeeasilyattackedduetotheeasysetupoffakeaccounts

FakeAccounts,Clicks,RatingsandReviews

Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics

• Conclusion• Q&A

ComputationalTrust• Oneofitsmaingoalistoachieveattack-resistanttrustmetrics• Atrustmetricconsistsofthedifferentcomputationsandcommunications

whicharecarriedoutbythetrustor(andhis/hernetwork)tocomputeatrustvalueinthetrustee

• Atrustvalueisthedigitalrepresentationofthetrustworthinessorleveloftrustintheentityunderconsiderationandisanon-enforceableestimateoftheentity’sfuturebehaviorinagivencontextbasedonpastevidence,mainly:– directobservations,– recommendations fromanidentified recommender,– reputationasanaggregatedvaluefromnotclearlyidentified recommender(s).

• 3maintypesoftrustareconsideredinsocialresearch:– interpersonal trust,– dispositional trust,– systemtrust.

• Interpersonaltrustiscrucialwhensystemtrustcannotbeenforced,forexample,intheubiquitouscomputingworldoftheInternetofThings(IoT).

[Seigneur,2005]

McKnight&ChevernyTrustSocialModel

TrustEngineandTrustMetricsAttacks

• Thetrustmetricsareattackedbymeansof:– Identityusurpationattacks– Identitymultiplicityattacks

• Douceur’sSybilAttackisthemostwell-known– Coalitionsofmotivateduserscomparedtootherlazyuserswhodonotrate

Trust Engine’s Security Perimeter

Decision-making

ER

VirtualIdentities

Trust ValueComputation

Risk Analysis

Decision

RequestEvidenceManager

EvidenceStore

ResearchRepresentationsofTrustValues

[Marsh,2016]

[SECURE,2005]

[WangandVassileva,2003]

Agenda• Introduction• Today’sWeakOnlineReputationMetrics• ComputationalTrustEngines• TowardsStandardizedAttack-ResistantTrustMetrics

• Conclusion• Q&A

RandomAttack

4 randomly attacked9 directly compromised20 not compromised

NetworkTopologyEngineeredAttack

4 most connected attacked20 compromised9 not compromised

TrustTransfer:Sybil-attackResistantTrustMetric

(100,2)

(60,5)(180,0)(90,3)

(48,1)

(70,0)(12,0) (12,0)

à (36,1)

(100,2)

(60,5)(180,0)(90,3)

(48,1)

(70,0)

(12,0)

12fakedeventsmayhavebeenintroducedinthenetwork

[Seigneur, 2005]

TrustTransferExample

RecommenderSearchPolicy(RSP)

RecommendationPolicy(RP)

Thesearchforrecommendersmaybeextendedtocontactsofrecommenders.

?

Thetotalamountoftrusttransferredmaybesharedbetweenseveralrecommenders.

R

TS

10positiveoutcomesneeded

Start:R(22,2)

Start:S(32,2)

End:R(12,2)S(10,0)

End:S(22,2)

S(10)?T(10)?

YesYes

[Seigneur, 2005]

Conclusion

• Caremustbetakenwhenstandardizingtrustinordertonotdeceivetheusersandkeeptheirtrustinthetruststandard

• Attack-resistanttrustmetricsshouldbeopenandeasytobereviewedbytheresearchcommunity

• Ideally,themostattack-resistanttrustmetricsshouldbestandardized

Q&A

• Thanksforyourattention!• Jointhethe290+Trustcompcommunitymembers– http://www.trustcomp.org/group-mailing-list– ACMSACtrust/reputationTRECKtrackCFP• Deadline:15th September2016

Jean-Marc.Seigneur@reputaction.com

top related

10. online reputation management -...
Documents
online reputation management and tinder, recover reputation
Marketing
emergent practice in capstone report online corporate...
Documents
comparing and evaluating metrics for reputation...
Documents
online reputation guide
Business
reputation management - monitor your online reputation
Business
tension between researchers' reputation driven metrics and...
Documents
local reputation advisor online reputation smart guide
Business
online reputation management - how to manage your reputation...
Business
craig online reputation
Documents
online pr & online reputation management
Marketing
online management reputation
Small Business & Entrepreneurship
online reputation attacks against companies: response...
Documents
online reputation
Business
agbar in 2013 -...
Documents
online reputation management - future point of view...online...
Documents
digital reputation online networking social recruiting ·...
Documents
online reputation facts
Business
new metrics for reputation management in p2p networks
Documents
online reputation management workbook...
Documents