1 / 23

Vulnerability in Socially-informed Peer-to-Peer Systems

Explore vulnerabilities and design considerations in socially-informed peer-to-peer networks, focusing on malicious users and peers. Lessons from experiments on social network mapping and community detection.

baileyb
Download Presentation

Vulnerability in Socially-informed Peer-to-Peer Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Vulnerability in Socially-informed Peer-to-Peer Systems Jeremy Blackburn Nicolas Kourtellis Adriana Iamnitchi University of South Florida

  2. Social and Socially-aware Applications Internet Applications Mobile Applications Applications may contain user profiles, social networks, history of social interactions, location, collocation

  3. Problems with Current Social Information Management Application specific: Need to input data for each new application Cannot benefit from information aggregation across applications Typically, data are owned by applications: users don't have control over their data Hidden incentives to have many "friends": social information not accurate

  4. Our Previous Work: Prometheus A peer-to-peer social data management servicethat: Receives data from social sensors that collect application-specific social information Represents social data as decentralized social graph stored on trusted peers Exposes API to share social information with applications according to user access control policies Prometheus: User-Controlled Peer-to-Peer Social Data Management for Socially-Aware Applications, N. Kourtellis et al, Middleware 2010

  5. Prometheus: A P2P Social Data Management Service

  6. Social and Peer Networks in Prometheus

  7. Social and Peer Topology

  8. Applicable to Other Systems • Socially-informed search • Contextually-aware information dissemination • Socially-based augmentation of risk analysis in a money-lending peer-to-peer system (such as prosper.com) Unifying characteristics: • Socially-informed routing of messages between nodes in the peer-to-peer network

  9. Questions • What is the vulnerability of such a network? • What design decisions should be considered?

  10. Outline • Background • Model • Vulnerability to: • Malicious users • Malicious peers • Experimental Evaluation • Setup • Results • Lessons • Summary

  11. Malicious Users • Directed graph limits vulnerability • Even if reciprocal edge created, label and weight requirement limit effects • Lessons for writing social inference functions that use the social graph representation

  12. Malicious Peers • Several attack mechanisms that are difficult to prevent: • Modifying results sent back to other peers • Dropping/changing/creating fake requests • We focus on the results sent back by a peer • Question: how much damage can a peer do in terms of the fraction of requests it can manipulate?

  13. Experimental Setup • Social networks: • Synthetic social graph • Real networks (results not presented in the paper) • Worst case scenario: • Networks have reciprocal edges • No weight or edge label restriction • Requests flood neighborhood of radius K • Mapping users on peers: • Social: map communities to peers • Random

  14. Socially-informed P2P Topologies P2P topology formed by the 25 highest social bandwidth connections between peers Social mapping Random mapping

  15. Synthetic Social Network • 1000 users, 100 peers • Communities identified with Girvan-Newman algorithm • Lessons: • Social mapping more resilient • Replication level irrelevant for vulnerability

  16. Mappings Users to Peers in Real Social Networks • Used a recursive version of the Louvain algorithm for fast community detection • Much more scalable than GN • For the random mapping: • Keep community size same as social • Reshuffle the community members

  17. Communities in Real Networks

  18. Lesson 1: Network Size Matters Malicious nodes influence a larger percentage of the network in smaller networks

  19. Lesson 2: Social Network Topology Matters Size is not an accurate predictor of vulnerability: • epinions networks are smaller than slashdot networks • yet vulnerability in epinions is lower

  20. Lesson 3: Grouping Matters Social user grouping always less vulnerable than random grouping

  21. Lesson 4: Size of Group Matters • 50 users/peer, 674 peers in enron • 100 users/peer, 619 peers in gnutella31 • yet enron more vulnerable More users on peer means more influence on requests (random or social)

  22. Lessons • Mapping of users onto peers influences system vulnerability • Socially-aware mappings more resilient • Replication does not significantly affect vulnerability • Malicious peers can be more effective in small networks • Size of network is not an accurate predictor of vulnerability • Hub peers are most damaging

  23. Summary • A study on the vulnerability of a socially-informed peer-to-peer network to malicious attacks • Problem motivated by our previous work but of more general applicability • Socially-aware design is tricky: • Social mapping increasesresilience • Yet peer hubs (an outcome of social mapping) decrease resilience

More Related