Vulnerability in Socially-informed Peer-to-Peer Systems

1
Vulnerability in Socially-informed Peer-to-Peer
Systems

• Jeremy Blackburn
• Nicolas Kourtellis
• Adriana Iamnitchi
• University of South Florida

2
Social and Socially-aware Applications
Internet Applications
Mobile Applications
Applications may contain user profiles, social
networks, history of social interactions,
location, collocation
3
Problems with Current Social Information
Management

• Application specific
• Need to input data for each new application
• Cannot benefit from information aggregation
  across applications
• Typically, data are owned by applications users
  don't have control over their data
• Hidden incentives to have many "friends" social
  information not accurate

4
Our Previous Work Prometheus

• A peer-to-peer social data management service
  that
• Receives data from social sensors that collect
  application-specific social information
• Represents social data as decentralized social
  graph stored on trusted peers
• Exposes API to share social information with
  applications according to user access control
  policies

Prometheus User-Controlled Peer-to-Peer Social
Data Management for Socially-Aware Applications,
N. Kourtellis et al, Middleware 2010
5
Prometheus A P2P Social Data Management Service
6
Social and Peer Networks in Prometheus
7
Social and Peer Topology
8
Applicable to Other Systems

• Socially-informed search
• Contextually-aware information dissemination
• Socially-based augmentation of risk analysis in a
  money-lending peer-to-peer system (such as
  prosper.com)
• Unifying characteristics
• Socially-informed routing of messages between
  nodes in the peer-to-peer network

9
Questions

• What is the vulnerability of such a network?
• What design decisions should be considered?

10
Outline

• Background
• Model
• Vulnerability to
• Malicious users
• Malicious peers
• Experimental Evaluation
• Setup
• Results
• Lessons
• Summary

11
Malicious Users

• Directed graph limits vulnerability
• Even if reciprocal edge created, label and weight
  requirement limit effects
• Lessons for writing social inference functions
  that use the social graph representation

12
Malicious Peers

• Several attack mechanisms that are difficult to
  prevent
• Modifying results sent back to other peers
• Dropping/changing/creating fake requests
• We focus on the results sent back by a peer
• Question how much damage can a peer do in terms
  of the fraction of requests it can manipulate?

13
Experimental Setup

• Social networks
• Synthetic social graph
• Real networks (results not presented in the
  paper)
• Worst case scenario
• Networks have reciprocal edges
• No weight or edge label restriction
• Requests flood neighborhood of radius K
• Mapping users on peers
• Social map communities to peers
• Random

14
Socially-informed P2P Topologies
P2P topology formed by the 25 highest social
bandwidth connections between peers
Social mapping
Random mapping
15
Synthetic Social Network

• 1000 users, 100 peers
• Communities identified with Girvan-Newman
  algorithm
• Lessons
• Social mapping more resilient
• Replication level irrelevant for vulnerability

16
Mappings Users to Peers in Real Social Networks

• Used a recursive version of the Louvain algorithm
  for fast community detection
• Much more scalable than GN
• For the random mapping
• Keep community size same as social
• Reshuffle the community members

17
Communities in Real Networks
Social Network Number of Users Number of Communities with average size S (in users) Number of Communities with average size S (in users) Number of Communities with average size S (in users)
Social Network Number of Users S10 S50 S100
gnutella04 10,876 1,088 218 109
gnutella31 62,561 6,256 1,246 619
enron 33,696 3,370 674 337
epinions 75,877 7,564 1,485 727
slashdot 82,168 8,207 1,607 794
18
Lesson 1 Network Size Matters
Malicious nodes influence a larger percentage of
the network in smaller networks
19
Lesson 2 Social Network Topology Matters

• Size is not an accurate predictor of
  vulnerability
• epinions networks are smaller than slashdot
  networks
• yet vulnerability in epinions is lower

20
Lesson 3 Grouping Matters

• Social user grouping
• always less
• vulnerable than
• random grouping

21
Lesson 4 Size of Group Matters

• 50 users/peer, 674 peers in enron
• 100 users/peer, 619 peers in gnutella31
• yet enron more vulnerable

• More users on peer
• means more
• influence on
• requests
• (random or social)

22
Lessons

• Mapping of users onto peers influences system
  vulnerability
• Socially-aware mappings more resilient
• Replication does not significantly affect
  vulnerability
• Malicious peers can be more effective in small
  networks
• Size of network is not an accurate predictor of
  vulnerability
• Hub peers are most damaging

23
Summary

• A study on the vulnerability of a
  socially-informed peer-to-peer network to
  malicious attacks
• Problem motivated by our previous work but of
  more general applicability
• Socially-aware design is tricky
• Social mapping increases resilience
• Yet peer hubs (an outcome of social mapping)
  decrease resilience