RepTrap: A novel attack on feedback-based reputation systems
Date of Original Version
Reputation systems are playing critical roles in securing today's distributed computing and communication systems. Similar to other security mechanisms, reputation systems can be under attack. In this paper, we report the discovery of a new attack, named RepTrap(Reputation Trap), against feedback-based reputation systems, such as those used in P2P file-sharing systems and E-commerce websites(e.g. Amazon.com). We conduct an in-depth investigation on this new attack, including analysis, case study, and performance evaluation based on real data and realistic user behavior models. We discover that the RepTrap is a strong and destructive attack that can manipulate the reputation scores of users, objects, and even undermine the entire reputation system. Compared with other known attacks that achieve the similar goals, the RepTrap requires less effort from the attackers and causes multi-dimensional damage to the reputation systems. Copyright 2008 ACM.
Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08
Yang, Yafei, Qinyuan Feng, Yan L. Sun, and Yafei Dai. "RepTrap: A novel attack on feedback-based reputation systems." Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08 , (2008). doi:10.1145/1460877.1460888.