RepTrap: A novel attack on feedback-based reputation systems

Document Type

Conference Proceeding

Date of Original Version



Reputation systems are playing critical roles in securing today's distributed computing and communication systems. Similar to other security mechanisms, reputation systems can be under attack. In this paper, we report the discovery of a new attack, named RepTrap(Reputation Trap), against feedback-based reputation systems, such as those used in P2P file-sharing systems and E-commerce websites(e.g. Amazon.com). We conduct an in-depth investigation on this new attack, including analysis, case study, and performance evaluation based on real data and realistic user behavior models. We discover that the RepTrap is a strong and destructive attack that can manipulate the reputation scores of users, objects, and even undermine the entire reputation system. Compared with other known attacks that achieve the similar goals, the RepTrap requires less effort from the attackers and causes multi-dimensional damage to the reputation systems. Copyright 2008 ACM.

Publication Title

Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08