The problem: unauthorised or malicious activities performed by clients on servers while clients consume services (e.g. e
Introduction Related work Proposed solution Adversary model Future work and conclusion References
A Behavioural Model for Client Reputation A client reputation model based on behavioural history
A Basu, I Wakeman, D Chalmers and J R Robinson Software Systems Group, Department of Informatics University of Sussex
Trust in Mobile Environments workshop in IPIFTM 2008 17 June 2008 Trondheim, Norway
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Outline 1
Introduction
2
Related work
3
Proposed solution Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
4
Adversary model
5
Future work and conclusion
6
References A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Introduction The problem: unauthorised or malicious activities performed by clients on servers while clients consume services (e.g. email spam) without behavioural history, clients behaviour is assessed on a case-by-case basis, which leads to chances of false positives no prior knowledge of malicious clients, hence more false negatives
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Introduction (contd.)
Research question: Can a local and a global reputation scheme based on behavioural history of strong network identities (of clients) be used to enforce policies for network interactions in order to reduce or prevent unsolicited communications or transactions between clients and servers over a network?
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Introduction (contd.)
Applicable scenarios: email spam control use of Web services other forms of non-anonymous network communication
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Related work
Taxonomy: application scenarios (e.g. email spam control) trust and reputation systems (although mostly on provider/seller reputation) behavioural history ([WM07, ABP05])
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Network entities
Clients Servers Global Reputation Analyser (GRA) – implementation could be centralised or distributed which are conceptually represented in a diagram as follows
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Conceptual overview
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Proposed solution breakdown
Behaviour analysis – behaviour analyser with generalised input and quantised behaviour output Local reputation – the local response to change in behaviour as well as effect of no activity over time
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Proposed solution breakdown (contd.)
Reputation reporting mechanism – how do servers report reputation of clients to the GRA Confidence matrix – ‘social network’ of servers and the confidences between themselves Global reputation – the calculation and interpretation of a global view of client reputations
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Behaviour analysis An input tuple consisting of: client identifier a set of observed values the type of observation made timestamp of observation A policy specific analysis on the tuple to output quantised behaviour (positive or negative integral values) Could implement features, e.g. detection of repetition of behaviour
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Behaviour analysis (contd.) An example of behaviour analysis on email spam could include observation of: volume of email traffic type of traffic (e.g. continuous or sporadic) compliance with regulations feedback from spamtraps ... [CH07]
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Local reputation response
Good (positive) reputation gets better with good behaviour until it reaches a positive saturation Good reputation will decrease more rapidly with bad behaviour than it will improve with good behaviour Bad (negative) reputation gets worse with bad behaviour until it reaches a negative saturation Bad reputation increases with good behaviour at a slower rate than it worsens with bad behaviour
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Local reputation response (contd.) 1.5 1.25 Theoretical positive saturation (rpsat)
1 0.75
Arbitrary positive reputation (rv ) p
Reputation score (r)
0.5 0.25 0 −0.25
Arbitrary negative reputation (r ) v
n
−0.5 −0.75 −1
Theoretical negative saturation (rnsat)
−1.25 −1.5 −1000
−800
−600
−400
−200
A Basu, I Wakeman, D Chalmers and J R Robinson
0 Behaviour (b)
200
400
600
800
1000
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Time decay of local reputation
saturated reputation denotes too good or too bad often needs a decay with no activity over time helps a saturated bad reputation to recover slowly with time also questions a saturated good reputation if there has been no activity over time
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Time decay of local reputation (contd.) 1.5 1.25 Theoretical positive saturation (rpsat)
1 0.75
Arbitrary positive saturation (rv ) p
Reputation score (r)
0.5 0.25
Positive default (rpdef)
0 Negative default (r
)
ndef
−0.25
Arbitrary negative saturation (rv ) n
−0.5 −0.75 −1
Theoretical negative saturation (r
)
nsat
−1.25 −1.5 0
100
200
300
400
A Basu, I Wakeman, D Chalmers and J R Robinson
500 Time (t)
600
700
800
900
1000
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
What happens prior to reporting
Identities of clients and servers must be known to the GRA All communications between a client or a server and the GRA are encrypted
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
What happens prior to reporting (contd.) A reputation report is a tuple (γ) consisting of: a context of reporting (sort of application type) recorded reputation slope parameters (λ and µ) timestamp of the report identifier for the server Any report in the same context from the same server overrides any previous report
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
The reporting sequence
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Social network of servers
An asymmetric weighted digraph with nodes (servers) connected through directed edges with a confidence rating w in the range [0 1] on each edge (note that wi,j = 0 essentially means that the directed edge ei,j does not exist
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Confidence matrix
W := (wi,j )n×n A matrix computed from the adjacency matrix of the social network graph using the given confidence ratings on existing edges Once computed, W can act as a lookup table for the direct confidence that any server node vi has in any other server node vj so long as they are connected in the social network graph
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Global reputations of clients
act as opinion sharing between servers interpretation depends on the perspective of querying server reported reputations for a client are maintained in a set (Γ) in the GRA
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Behaviour analysis Local reputation Reputation reporting mechanism Confidence matrix Global reputation
Calculation of global reputation
the set Γ of γ tuples (reputation reports) is scavenged and old reports are removed; the size of the set does not grow indefinitely confidence matrix used to obtain the report from the server in which the querying server has highest confidence(s) What the querying server does with the reputation and the confidence is implementation and policy specific
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Types of attack
Manipulation of global reputation Exploitation of reputation DoS (or DDoS) attack on the GRA DoS (or DDoS) attack on a server Man-in-the-middle attack and others to be investigated ([CH07])
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Simulation
Using a multi-threaded Java-based discrete event simulator that I have coded, which essentially has a blocking priority queue for scheduling events prioritised by the event times and a dispatcher that uses a cached thread pool of different event handlers to simulate different types of events Helps simulate the model from an application level; network level activities such as failure of network link can be simulated
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Simulation (contd.)
Detailed logging possible Snapshot facility, obtaining statistics, etc. – future work
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Future work
Evaluate the performance using data synthetically generated from web spam traces Open issue: a feedback from the querying server on the global reputation of a particular client may be used to alter the querying server’s confidence on some of the other server, which have been used to build the response to the reputation query
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Conclusion
An attempt to resolve some of the open issues with previous work on behavioural history Proposal for client reputation based on behavioural history A possibility to empower servers in decision making based on past history of clients A possible reduction of false positives as well as false negatives
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
References M. Allman, E. Blanton, and V. Paxson. An Architecture for Developing Behavioral History. In Proc. Workshop on Steps to Reducing Unwanted Traffic on the Internet, 2005. E. Carrara and G Hogben. Reputation-based systems: a security analysis. Position paper no. 2 in European Network and Information Security Agency, 2007. S. Wei and J. Mirkovic. Building Reputations for Internet Clients. Electronic Notes Theoretical Computer Science, 179:17–30, 2007. A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation
Introduction Related work Proposed solution Adversary model Future work and conclusion References
Questions?
Thank you for listening
A Basu, I Wakeman, D Chalmers and J R Robinson
A Behavioural Model for Client Reputation