23
Vulnerability in Socially-informed Peer- to-Peer Systems Jeremy Blackburn Nicolas Kourtellis Adriana Iamnitchi University of South Florida
Vulnerability in Socially-informed Peer-to-Peer
Systems
Jeremy Blackburn
Nicolas Kourtellis
Adriana Iamnitchi
University of South Florida
2
Social and Socially-aware Applications
Internet Applications
Mobile Applications
Applications may contain user profiles, social networks, history of social interactions, location, collocation
3
Problems with Current Social Information Management
• Application specific:
– Need to input data for each new application
– Cannot benefit from information aggregation across
applications
• Typically, data are owned by applications: users
don't have control over their data
• Hidden incentives to have many "friends": social
information not accurate
4
Our Previous Work: Prometheus
A peer-to-peer social data management service that:• Receives data from social sensors that collect application-specific social
information
• Represents social data as decentralized social graph stored on trusted peers
• Exposes API to share social information with applications according to user
access control policies
Prometheus: User-Controlled Peer-to-Peer Social Data Management for Socially-Aware Applications, N. Kourtellis et al, Middleware 2010
5
Prometheus: A P2P Social Data Management Service
6
Social and Peer Networks in Prometheus
7
Social and Peer Topology
8
Applicable to Other Systems
• Socially-informed search• Contextually-aware information dissemination• Socially-based augmentation of risk analysis
in a money-lending peer-to-peer system (such as prosper.com)
Unifying characteristics:• Socially-informed routing of messages
between nodes in the peer-to-peer network
9
Questions
• What is the vulnerability of such a network?
• What design decisions should be considered?
10
Outline
• Background• Model• Vulnerability to:
– Malicious users– Malicious peers
• Experimental Evaluation– Setup– Results– Lessons
• Summary
11
Malicious Users
• Directed graph limits vulnerability• Even if reciprocal edge created, label and weight
requirement limit effects• Lessons for writing social inference functions that use
the social graph representation
12
Malicious Peers
• Several attack mechanisms that are difficult to prevent:– Modifying results sent back to other peers– Dropping/changing/creating fake requests
• We focus on the results sent back by a peer– Question: how much damage can a peer do in
terms of the fraction of requests it can manipulate?
13
Experimental Setup
• Social networks:– Synthetic social graph– Real networks (results not presented in the paper)
• Worst case scenario:– Networks have reciprocal edges– No weight or edge label restriction– Requests flood neighborhood of radius K
• Mapping users on peers:– Social: map communities to peers– Random
14
Socially-informed P2P Topologies
P2P topology formed by the 25 highest social bandwidth connections between peers
Social mapping Random mapping
15
Synthetic Social Network
• 1000 users, 100 peers• Communities identified
with Girvan-Newman algorithm
• Lessons:– Social mapping more
resilient– Replication level
irrelevant for vulnerability
16
Mappings Users to Peers in Real Social Networks
• Used a recursive version of the Louvain algorithm for fast community detection– Much more scalable than GN
• For the random mapping: – Keep community size same as social– Reshuffle the community members
17
Communities in Real Networks
Social Network
Number of Users
Number of Communitieswith average size S (in users)
S=10 S=50 S=100
gnutella04 10,876 1,088 218 109
gnutella31 62,561 6,256 1,246 619
enron 33,696 3,370 674 337
epinions 75,877 7,564 1,485 727
slashdot 82,168 8,207 1,607 794
18
Lesson 1: Network Size Matters
Malicious nodes influence a larger percentage of thenetwork in smaller networks
19
Lesson 2: Social Network Topology Matters
Size is not an accurate predictor of vulnerability: • epinions networks are smaller than slashdot networks• yet vulnerability in epinions is lower
20
Lesson 3: Grouping Matters
Social user groupingalways lessvulnerable thanrandom grouping
0.0001
0.001
0.01
0.1
1
10-2 50-2 100-2 10-3 50-3 100-3
fraction of requests influenced
Users per Peer - Hops
Gnutella04-socialGnutella04-random
Enron-socialEnron-random
Gnutella31-social
Gnutella31-randomEpinions-socialEpinions-randomSlashdot-socialSlashdot-random
21
Lesson 4: Size of Group Matters
More users on peer means moreinfluence onrequests(random or social) 0.0001
0.001
0.01
0.1
1
10-2 50-2 100-2 10-3 50-3 100-3
fraction of requests influenced
Users per Peer - Hops
Gnutella04-socialGnutella04-random
Enron-socialEnron-random
Gnutella31-social
Gnutella31-randomEpinions-socialEpinions-randomSlashdot-socialSlashdot-random
• 50 users/peer, 674 peers in enron• 100 users/peer, 619 peers in gnutella31• yet enron more vulnerable
22
Lessons
• Mapping of users onto peers influences system vulnerability– Socially-aware mappings more resilient
• Replication does not significantly affect vulnerability
• Malicious peers can be more effective in small networks
• Size of network is not an accurate predictor of vulnerability
• Hub peers are most damaging
23
Summary
• A study on the vulnerability of a socially-informed peer-to-peer network to malicious attacks
• Problem motivated by our previous work but of more general applicability
• Socially-aware design is tricky:– Social mapping increases resilience– Yet peer hubs (an outcome of social mapping)
decrease resilience
