detecting temporal sybil attacks
n. lathia, s. hailes & l. capra
mobisys seminar, sept. 29 2009

the web is based on cooperation...

the web is crowd-sourced...
ratings: recommender, retrieval systems
captchas: digitising text
wikis: knowledge repositories

crowd-sourcing is cooperation...
my ratings compute your recommendations.
your reviews inform my decisions.
your links help search engines to respond to my queries.

cooperation is policed by reputation and trust
ebay: online trade and markets
#followfriday on twitter ? trust
ratings, ratings, ratings...

...we cooperate without knowing each other
people are (nearly) anonymous
why could this be a problem?

for example, recommender systems:
recommendations → people → rate items →
classification algorithms → recommendations →
people...

problem with anonymity:
recommendations → people → rate items →
classification algorithms → recommendations →
people...
can you trust them? are they real people?
are they rating honestly?

sybil attacks:
...when an attacker tries to subvert the system by
creating a large number of sybils—pseudonymous
identities—in order to gain a disproportionate amount of
influence...

sybil attacks: why? how?
random: inject noise, ruin the party for everyone
targetted: promote/demote items. make money?
APIs: rate content automatically.

recommender system sybil attack:
shilling, profile injection, ...
“honest” ratings
attacker's ratings

each sybil rates:
target, selected, filler items
target: item that attacker wants promoted/demoted
selected: similar items, to deceive the algorithm
filler: other items, to deceive humans

how to defend a recommender system?

a) treat it as a classification problem
where are the sybils?
“honest” ratings
attacker's ratings

problems with classification approach:
when is your system under attack?
when to run classifier?

problems with classification approach:
when are sybils damaging your recommendations?
wait until they have all rated?

proposal:
b) monitor recommender system over time

contributions:
1. force sybils to draw out their attack
2. learn normal temporal behaviour
3. monitor for wide range of attacks
4. force sybils to attack more intelligently

1. force sybils to draw out their attack
rather than appear, rate, disappear
how? distrust newcomers

distrust newcomers
prediction shift
→ time →

distrust newcomers
prediction shift
→ time →

distrust newcomers
prediction shift
→ time →

1. force sybils to draw out their attack
how? distrust newcomers
sybils are forced to appear more than once

examining temporal attack behaviour
single sybil – – – – group of sybils
target, target,
filler, filler,
selected selected,
but also:

group size and dynamics
how many
sybils?
how many ratings per sybil?

how can they behave?
(many, few) (many, many)
how many
sybils?
(few, few) (few, many)
how many ratings per sybil?

how can does this affect the data?
impact = how much malicious data
how many
sybils?
how many ratings per sybil?

how to measure attacks?
precision, recall, impact
tp tp #sybil ratings
pr = re = imp =
tp + fp tp + fn #ratings

how to detect these attacks? monitor!
item-level system-level
how many
sybils?
user-level
how many ratings per sybil?

how to detect these attacks? monitor!
system-level
how many
sybils?
how many ratings per sybil?

overview of the methodology
1. monitor: look at how data changes over time
2. flag: look at how data changes under attack

1. system level

1. system level - attack

(system) avg ratings per user
1. monitor: exp. weighted moving avg.
mut = (β mut-|w|) + ((1-β) Rt/Ut)
2. flag: incoming ratings above moving threshold
Rt/Ut > mut + (αg σt)
(parameters α, β updated automatically)

1. system level - evaluation
simulated data: play with data variance, attack
amplitude

1. system level - evaluation
simulated data: play with data variance, attack
amplitude

1. system level - evaluation
real data: netflix ratings (+ timestamps)

1. system level - evaluation
real data: netflix ratings (+ timestamps)

item-level system-level
how many
sybils?
user-level
how many ratings per sybil?

(user-level) similar monitor/flag solution
1. monitor:
a. how many high-volume raters?
b. how much do high-volume raters rate?
2. flag: group size-ratings above threshold
file:///C:/Documents%20and%20Settings/User/Desktop/misc/documents/19%20attacks/wsdm_2010/img/highVolume.jpg file:///C:/Documents%20and%20Settings/User/Desktop/misc/documents/19%20attacks/wsdm_2010/img/highRatings.jpg

(user-level) evaluation: real data
how many
sybils?
how many ratings per sybil?

(user-level) evaluation: real data
how many
sybils?
how many ratings per sybil?

(user-level) evaluation: real data
item-level system-level
how many
sybils?
user-level
how many ratings per sybil?

(item-level) slightly different context
1. the item is rated by many users
define many? using how other items were rated
2. the item is rated with extreme ratings
define extreme? what is avg item mean?
3. (from a + b) the item mean ratings shifts
nuke or promote?
flag: if all three conditions broken. Why?
1 → popular item. 2 → few extreme ratings. 3 → cold start item
1 + 2 but not 3 → attack doesn't change anything

3. evaluate: simulated attacks on real data

what next? attackers can defeat these defenses
the ramp-up attack

but...

conclusions:
1. force sybils to draw out their attack
2. learn normal temporal behaviour
3. monitor system, users, items
4. force sybils to attack more intelligently