Information Technology Reference
In-Depth Information
never be lower than 1. Thus, the suspicious values of both
QE
and
MD
are greater
than 1. Upon detecting suspicious values, we pass to the second step.
In the second step the aim is to find the origin(s) of the suspicion. First, the devia-
tions from either the mode, median or mean values of all the recommendations as-
signed to the node are calculated. The rationale behind this is that the majority of the
nodes will assign correct recommendations, which will result in higher deviations
from each of the above values in the cases of the wrong recommendations. This in-
formation can further be used in various ways, yet we choose to couple it with the
reputation system, in the way the origins of the bad mouthing will result in lowered
reputation, and their recommendations will not be considered. Thus, the calculated
deviations are normalized to the range [0, 1], in the way the entity that is the origin of
the maximal deviation has the lowest reputation, i.e. 0, while the origin of the mini-
mal one has the highest reputation, i.e. 1. The reputations of the rest of the nodes are
linearly interpolated between 0 and 1.
3.3 Self-Organizing Maps Algorithm
The self-organizing maps (SOM) algorithm [12] follows the standard steps of SOM
execution, as given in [12]. The only problem-specific point is the centre, i.e. node
representation and updating. Each centre is implemented as a collection whose size
can be changed on the fly and whose elements are the
k
-grams defined in the previous
text with assigned occurrence or frequency. The adjustment of nodes (that belong to
the map area to be adjusted) is performed in the following way:
If an
n
-gram of the input instance
v
(
t
)
exists in the node, its value) is modified
according to the centre update given in [12];
•
•
If an
n
-gram of the instance
v
(
t
) does not exist in the cluster centre, the
n
-gram is
added to the centre with occurrence equal to 1.
4 Experimental Evaluation
The proposed algorithm has been tested on the reputation systems simulator devel-
oped by our research group and designed using the C++ programming language. The
network consists of a number of distributed entities, and it can simulate a number of
distributed systems, such as wireless sensor networks, wireless mesh networks, etc.
The reputation can be calculated in various ways, which are the implementation of the
class
ReputationServer
. In the testing scenario, the entities assign recommendations to
their neighbors. The bad mouthing attack is initiated at a certain moment and is com-
posed of a number of malicious nodes that falsely assign low reputation to some of
their neighbors in a random fashion. The time in the simulator is measured in time
ticks, where the ticks are the moments of time the recommendations are being pub-
lished to the rest of the world.
In the following experiments we will present the performance of the approach in
various scenarios, varying the attack strength and the starting point of the attack.
There will be two typical situations: in the first case the attack will start after the end
of training, so the training will be performed with “clean” data, while in the second
case we will have the situations where the training data contains the traces of attacks
Search WWH ::
Custom Search