Reputation Attacks Detection for Effective Trust Assessment among Cloud Services

Consumers' feedback is a good source to help assess overall trustworthiness of cloud services. However, it is not unusual that a trust management system experiences malicious behaviors from its users (i.e., collusion or Sybil attacks). In this paper, we propose techniques for the detection of reputation attacks to allow consumers to effectively identify trustworthy cloud services. We introduce a credibility model that not only identifies misleading trust feedbacks from collusion attacks but also detects Sybil attacks, either strategic (in a long period of time) or occasional (in a short period of time). We have collected a large collection of consumer's trust feedbacks given on real-world cloud services (over 10, 000 records) to evaluate and demonstrate the applicability of our approach and show the capability of detecting such malicious behaviors.

[1]  Klara Nahrstedt,et al.  A trust management framework for service-oriented environments , 2009, WWW '09.

[2]  Paul A. Pavlou,et al.  Evidence of the Effect of Trust Building Technology in Electronic Markets: Price Premiums and Buyer Behavior , 2002, MIS Q..

[3]  Max Mühlhäuser,et al.  Towards a Trust Management System for Cloud Computing , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[4]  Quan Z. Sheng,et al.  Trust as a Service: A Framework for Trust Management in Cloud Environments , 2011, WISE.

[5]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[6]  Max Mühlhäuser,et al.  Fusion of Opinions under Uncertainty and Conflict -- Application to Trust Assessment for Cloud Marketplaces , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[7]  Frank Leymann,et al.  Compliant Cloud Computing (C3): Architecture and Language Support for User-Driven Compliance Management in Clouds , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[8]  Quan Z. Sheng,et al.  Credibility-Based Trust Management for Services in Cloud Environments , 2011, ICSOC.

[9]  Athman Bouguettaya,et al.  Rater Credibility Assessment in Web Services Interactions , 2009, World Wide Web.

[10]  Tim Roughgarden,et al.  Algorithmic Game Theory , 2007 .

[11]  Schahram Dustdar,et al.  Trustworthy interaction balancing in mixed service-oriented systems , 2010, SAC '10.

[12]  Kai Hwang,et al.  Trusted Cloud Computing with Secure Resources and Data Coloring , 2010, IEEE Internet Computing.

[13]  Cong Wang,et al.  Security Challenges for the Public Cloud , 2012, IEEE Internet Computing.

[14]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[15]  Frank Dickmann,et al.  Technology Transfer of Dynamic IT Outsourcing Requires Security Measures in SLAs , 2010, GECON.

[16]  Siani Pearson,et al.  Privacy, Security and Trust Issues Arising from Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[17]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[18]  Sherali Zeadally,et al.  Trust management of services in cloud environments: Obstacles and solutions , 2013, CSUR.