NOTES FROM MTW 2006
Jean Camp
www.ljean.com/netTrust.html
09:00 - 09:25 Konfidi: Trust Networks Using PGP and RDF (20 + 5 mins)
David Brondsema and Andrew Schamp
Uses email into
"Went with intuitions on trust", having trust being a value between 0
and 1.
This was not bad intuition - it ends up being like BBK. But not having
worked form a more formal basis meant an overall system. Also they use
the square root - which means email recipients are factors many small
numbers for each email.
A confusion between what humans are good at ("I know Bob, what do I
think he knows about cooking?") versus what computers are good at ("You
have a 35% certainty that the sender is Bob").
Uses a FOAF file. It holds all the PGP keys.
No hierarchy or relation between topics.
You do lose privacy and this is an explicit spam/privacy trade-off to
"bring accountability to the web". For this to work, everyone would
have to contribute their social networks.
Jean-> this simply replaces one type of naive absolute trust (I will
allow anyone to write to my email box) with another kind of naive
absolute trust (I will tell everyone about my social network).
09:28 - 09:50
Using Trust and Provenance for Content Filtering on the Semantic
10,000,000 accounts on FOAF
FilmTrust is an instantiation of the generic trust calculation
mechanisms
How can you use this for intelligence uses more broadly?
"Hundreds of thousands of people" work in intelligence
There are certainly other systems that function more to find consensus:
either everyone believe Bush or no one does he lies (btw, "the
president" is underspecified once you are on an international flight. I
believe the local PM has a bit of a reliability problem.) I very much
like the focus on how well the system performs beyond the mechanism of
finding the norm.
Trust ratings could be used to annotate sources and weigh conclusions.
We could use social networks within intelligence agencies to rate
sources and expertise.
Q: Such a centralized trust rating would be immensely valuable to any
insider
A: Insider and subversion attacks are not a issue with today's
networked threats
09:50 - 10:05
Towards a Provenance-Preserving Trust Model in Agent Networks (10 + 5
mins)
There are models that work with multiple models
Model that works with trust and distrust
Lack of a central authority means that agents may provide different or
contradictory data
"the enemy of your enemy is your friend"? an interesting assertion
t-norm is any construction - union, sum, etc
any random operator can be developed
propagation, aggregation, and system updates
Q. Matt Ginsberg was arguing about belief, propositions and
uncertainty. He used the same kind of lattice. Ginsberg is looking at
truth and falsity.
A: Thanks
Q. You trust relative to certain subjects. What is the context of the
trust?
A: There is no way to characterize this trust by content. We want to
attach a context.
QUESTION AND ANSWER PERIOD TO THE PANEL
Do you want an infinite depth of trust or do you want it to be finite
number of steps to worry about completeness and trust logic.
Dave: You never have 100% trust so it will naturally decay to a thresh
hold so trust behind this point you stop calculation
Aaron: If you are far removed perhaps you may want to have great depth
even at low values
Q: If you have multiple paths what do you use?
Dave: If you multiple paths then take the nighest value. Should
completely ind. paths raise the question up higher.
Q: Have you worried about scalability
Dave: No we haven't. One of the benefits is that you could have
multiple servers
Q: Do your models take time into consideration?
Dave: no - the only time you update is if something is filtered
incorrect then you correct it
Patricia: Scores are updated but right now we have time decay
Aaron: I have not thought about that, so you could implement an annual
survey
Q: How can you trust your trust network data? Authenticity and privacy.
Aaron: That is a great question, there is no easy answer
Dave: Are the data open and public, you can't have totally open data
and one of the reasons for open data if the data were closed then you
could have a trust relationship for somebody to run one calculation to
obtain inference of trust relationships. even in a closed system you
could calculate backwards. Then these "just become social and
organizational" problems and my system is technical.
Q: Is it possible not to trust yourself? Can you capture that?
Dave: For our model you automatically trust yourself. You could
redesign the system but then you would loop.
Q: I have been in a case where I have been sure about something but
unsure about something else
Aaron: People may want to write their uncertainty in there
Mark: What does a trust rating of .8 mean? My question of .8 goes to
the heart of how you propagate trust?
Dave: One way to do it is to consider it a probability that the person
will provide a correct answer
Mark: That is a nice answer because it gives you a way to measure
things and fives you a way toe valuate trust across a large network but
that would imply that none of the propagation measures you propose are
valid. If these are statistical methods then there should be a way to
extract data. Even without transitivity we have way to trust people if
we are talking about mathematical methods.
Q: Then what about game theory - there may repeated games that underlie
many trust models.
A: In response to you can always trust someone who always lies to you -
one trust definition is that you trust them to be consistenty
unreliable
Q: Tell me about Baysian updating and calculation.
Patricia: There is also a research value that allows a membershio
function, I trust him very much, then the membership function can be
transformed. If you have the attached membership value. It is ordering.
Allen. Dave: We are not familiar with Baysian updating
Q: Trust is binary - either you trust o you don't. Then once you trust
you want to rank agents. trust, reputation and ratings ?
A: Maybe what I have is more reputation than trust?
Mark: Whether statistical reputations is what you use. If you send a
package then you can look at on-time performance and treat that as
statistical. Then I would have 99% trust but in personal situations it
is not that at all. People are not probabilistic. Trust depends on
motivations.
11:00 - 11:25 Propagating Trust and Distrust to Demote Web Spam (20 + 5
mins)
Baoning Wu, Vinay Goel and Brian Davison
Web search is the access to the Web for hundreds of millions of people
Web spam, spamdexing include many methods: link farms, keyword
stuffing, cloaking, link bombs
Page Rank: Page and Brin, 1998
rank = decay*transition matric* old rank + decay*(uniform distribution
of 1/N)
decay factor == how far you propagate down the set of links on the web
Gyongyi and Garcia-Molina, VLDB 2004
rank = decay*transition matric* old rank + decay*(seed set of sites)
Trust rank assumption the parent divides trust among its children
equally
this may not be optimal because trust may be independent
distrust can also be propagated, which has not been considered in page
rank
three major propagation issues
1. decay of trust
- trust is not perfectly transitive
2. splitting of trust
- trust may not be equally split
3. accumulation of trust
- how do you split trust among children
2. splitting for trust and distrist
equal splitting is the trust rank we saw before, divided by number of
children
constant splitting gives the decayed value to each child
3. accumulation
simple summation
max share {of all values sent by parents]
max parent {sum all values with a max being the thrsehold being the max
value of any parent}
combining trust and distrust
for each node have a trust score and a distrust score, and can have a
weighted difference
Data set: 20M pages from the Swiss search engine from 2004 (20 million
pages)
350 sites with ".ch" domain
seed set
trusted: 20,005 sites
distrust: 3,589 sites as providing web spam
evaluation: run the rankings and see how many webspam sites were in top
1%
PageRank leaves 90 sites in the top 1%
TrustRank leaves 58 spam sites in top 1%
Topical trust rank site resulted in 38 in top 1%
They tried many combinations. They found max share using log splitting
gives only 12 spam sites in top 1%
If we add propagation distrust then the largest number of spam sites in
the top 1% is 52
This depends considerable on seed sets
Evaluation: how much does the graft shift if you use the trusted seed
set?
77% in call cases
q: Maybe the seed set is not useful
A: If we had more data we would love it.
Q: Maximum measure - the second one enables a trusted node to subvert
the ranking. If you get a spam set in your trusted seed site
A: We address the existence of a spam in the seed set
Alex: The current sites are optimized to subvert page rank. One
interesting measure would be cost of subversion
A: We are assuming that propagating along links is valuable. What kind
of factor does it provide.
Alex: I was thinking, what is the measure of spam site cost of fraud,
how much does it cost to build up a web site
Q: You evaluation is false positives. Do you look at the false
negatives?
A: That is very hard to measure. That requires knowing if the search is
as good. We did not know if the trusted sites have been demoted.
Q: What if a blogger is a trusted site and comments address all the
spam link?
A: The introduction of the no-follow-link sites can address this.
11:25 - 11:50 Security and Morality: A Tale of User Deceit (20 + 5
mins)
L. Jean Camp, Cathleen McGrath and Alla Genkina
My talk & I can't take notes. Here are the slides.
Design for Trust
Start with human trust behaviors
Trust
Used for simplification
Encompasses discrete technical problems
privacy, integrity, data security
Embeds discrete policy problems
business behavior, customer service, quality of goods, privacy
Human and Computer Trust
Trust is approached differently by different disciplines
Social Studies of Human Behavior
Studies based on a micro approach
Experiments to evaluate how people extend trust
Game theory
Common assumption: information exposure == trust
Philosophy/ Luhman
Macro approach
Trust is a need
high default to trust
Trust is a tool for simplification
Examine societies and cultural practices
Experimental Definition of Trust
Coleman°s Three Part Test
enables something not otherwise possible
individual who trusts is worse off if the trusted party acts in an
untrustworthy manner
individuals who trust are better off if the trusted party acts in a
trustworthy manner
there is no constraint placed on the trusted party
a time lag exists between a decision to trust and the outcome
Trust & Individiation
People interacting with a computer do not distinguish between
computers as individuals but rather respond to their experience with
"computers°±
People begin too trusting
People learn to trust computers
first observed by Sproull on net in computer scientists in 1991
confirmed by later experiments
Computers are perceived as moral agents
People will continue to extend trust - so creating another source of
trust doesn,t defeat trusting behaviors
Research on Humans Suggest...
Humans may not differentiate between machines
Humans become more trusting of °Æthe network°Ø
Humans begin with too much trust for computers
Confirmed by philosophical macro observation
Confirmed by computer security incidents
E-mail based Scams, Viruses & Hoaxes
Masquerade attacks
Two Hypotheses
1. Do humans respond differently to human or computer "betrayals" in
terms of forgiveness?
2. Do people interacting with a computer distinguish between computers
as individuals or
respond to their experience with "computers°±?
Does tendency to differentiate between remote machines increase with
computer experience?
H1: Response to Failure
Do humans respond differently to human or computer "betrayals" in
terms of forgiveness?
Attacks which are viewed as failures as °Æignored°Ø or forgiven
Technical failures as seen as accidents rather than design decisions
May explain why people tolerate repeated security failures
H2: Differentiation
When people interact with networked computers, they discriminate
among distinct computers (hosts, websites), treating them as distinct
entities, particularly in their readiness to extend trust and secure
themselves from possible harms.
People become more trusting over time
People differentiate more not less with experience
Do people learn to differentiate or trust?
°?educate the user°± may not work
The Experiment
Developed three websites
°?life management°±
Elephantmine.com
Reminders.name
MemoryMinder.us
Initial Tests
What information would you share with each site?
Do you trust the site?
user-defined trust, no macro definition given
Rejected MemoryMinders.us
people dislike lime green?
Other two designs had similar evaluations
Two °?Betrayal°± Types
One group faced a technical betrayal
Another person°Øs data is displayed
°?John Q. Wilson°±
DoB, Credit Card Number, social network data
One group faced a moral betrayal
Change in privacy policy announced
Collection of third party information correlated with compiled data
very common policy
eBay, Face Book, mySpace
Three Step Experiment
Users introduced to first site
Sites in the same order
Users experience betrayal
Half the users have technical failure
Half had privacy change
Both sets of users experience a failure upon departure of first site
Then users go to second site
Findings: Differentiation
Users respond to first site betrayal with significant change in
behavior wrt second site
users had on average seven years experience with Internet
computer experience not at all significant
second site not seen as °?new°± entity
Cannot support the hypothesis that users differentiate
users do not enter each transaction with a new calculation of risk
Findings: Betrayal Type
Stronger reaction to privacy change
Yet technical failure indicated an inability to protect privacy
(table from paper here)
What To Conclude
Assuming the human will act like the computer has been a core design
problem
Either remove assumptions about humans
Or computer security must be designed with social science in mind
Differentiation
The tendency to differentiate between remote machines decreases with
computer experience
More use results in more lumping
Make better lumping
Explains common logon/passwords
along with cognitive limits
°?My Internet is Down°±
Need explicit DO NOT TRUST signals
Observations
Users are bad security managers
PGP, P3P, passwords, °?.
Security should necessarily be a default
Surveys illustrate a continuing confusion of privacy & security
educate All Net Users OR
build upon the connection between the moral (privacy) and technical
(security)
Computer security is built for machines
Passwords
Humans are a bad source of entropy
SSL is broken, for exam[;e
Two categories: secure and not secure
By requiring per-site differentiation does not enable human
differentiation
Every site should include a unique graphic with the lock is a bad
usabillity suggestion because it still requires per-site
differentiation
SSL == Trust all machines with the lock
SSL - secured phishing has already occurred
We need Better lumping, not demands for user differentiation
PKI CRL is built for machine
Different levels of key revocation are needed
Falsified initial credential
All past transactions suspect
Change in status
Future transactions prohibited
Unrecognized hierarchy
Messages are confusing
No domain
No alert when moving to IP address space not connected to DNS
Building for Trust
Security technologies are not adopted, e.g., patching, PGP
Security technologies do not address user conceptions of trust
Patching
more secure machine with regular updates to Microsoft?
PGP
s igned email w/o confidentiality to most people
Technologies linking security (competence) to privacy (beneficence)
these may prove more effective in trust building than security alone
Example Project
http://www.ljean.com/netTrust.html
Focused on individuals' social context
computer - computer trust
computer- human trust
Explicit °?do not trust°± signals
11:50 - 12:15 Investigations into Trust for Collaborative Information
Repositories: A Wikipedia Case Study (20 + 5 mins)
Deborah McGuinness, Honglei Zeng, Paulo Pinheiro da Silva, Li Ding,
Dhyanesh Narayanan and Mayukh Bhaowal
Make systems more usable and operation to users
Provenance of information and trust are required to make Wikopedia
accepted.
Allowing users to access, view, and analyze information informed by
trust ratings. This enables users to:
- access the trustworthiness of documents that are colaboratively
created
- monitor changes in trustworthiness of dynamic documents and provide
timely notification of possible malicious content modification
- identify trustworthy information with visualization tools
- access shareable trust information among heterogeneous information
Two critical elementsL
revisions
wikis allow updates from others
pages are destructively changed, as opposed to follow-ups
rating based systems
web sites support and encourage explicit ratings of contributors
wikis have no explicit trust rating
Core elements of trust
articles ={0, 1, fragments
fragment = {author, history, revision}
Link ratio: the ration between the number of citation occurances/ the
number of non-cite occurances
There may be no reason to link
articles on "love" vs. 'Gauss' Law"
revision actions: insertion, deletion, and modification
revision trust
trust of new fragment = (trust of previous fragment) -/+ (trust of new
fragment as a function of trust in author)
PML - proof markup language is a representation language designed to be
able to encode information agents may need in order to evaluate results
- including where information came from and where it came from
PML has an OWL encoding and XML serialization
Our current work explands PML to include representation primitives for
trust
In two examples, the results are quire different. Author-based trust
under-rates authors who make very basic or corrective contributions so
that authors do not link to.
inference web: iw.stanford.edu
simple mark-up
foto.stanford.edu/mediawiki-1.4.12/index.pphp/Main_Page
Q: Does churn indicate a problem? How often a page is viewed versus how
often a page is edited?
Churn may be a problem or it may be that a few people get incensed over
a specific topic and then the author rating would suffer. However,
content consistency rating would give a very good indicator of churn.
13:45 - 14:00 Invited talk by Paul Walsh, Segala (15 mins)
We developed a machine-readable trust-mark. The machine-readable nature
of it, with semantic metadata. We work with ICRA (internet content
rating association)
ICRA has replaced PICS with PICS with icing. Segala is moving
seriously into the filtering market.
Segala rejects the static visual icon method.
TrustWatch: GeoTrust
Hacker safe crtificate
Fiduciary
Trustee
annotate's search and then provides information
We are working with Mozilla's premium developer
Search Annotation:
has a green check as good,
red x as unknown
an orange check for something that is self-labeled
maybe something else for rejected claims
Search Filter:
only third party verified results but it also gets rid of non-verified
results
There are already trustmark providers
Branded browsers are one element, for example, content
Limited usability but good marketing. no doubt it will be widely
adopted.
Q: make a distinction between P3P
A: I don't know if you could. But compared with PICS it is extremely
flexible in content.
Mark: The assumption is that content is static is that correct? What is
the contract with the user?
A; Users can complain if it is bad.
Mark: Strategically one could act in a trustworthy manner and then
obtain the trust marks, and then become untrustworthy. The same games
can be played with TrustMark as with any other certification.
A: Absolutely. We are developing mechanisms, but humans required.
Q: This is for generic claims. Not for trust claims. So sites can make
generic claims: usable for blind people, can increase type size, etc.
It is highly useful for usability.
We have a list of potential code of conduct. We want a trust mark that
will provide machine-readable trust marks.
We are not saying that this site is more trusted.
----------------
14:00 - 14:25 Context-aware Trust Evaluation Functions for Dynamic
Reconfigurable Systems (20 + 5 mins)
Santtu Toivonen, Gabriele Lenzini and Ilkka Uusitalo
Work connected with the Trust4All project.
Objectivel Contextual information has influence on trust.
Clearly user/device and network context influences trust. How do we
take that into account in network trust determination.
Definitions:
trust- subjective unidirectional relationship
trustor- subject of trust
trustee - object of trust relationship
trustworthiness- the degree to which the trustor considers the trustee
s trustworthy
trustworthiness evaluation- process executived by the trustor in order
to determine the trustworthiness of the trustee
quality attributes -static attributes of the trustee, e.g,, name, date
of birth, device type
context attributes - nonstatic attributes of trustee, e.g., location,
device type
trust scope - delineation of atttributes into context and quality
Constructed as a multilayer system, with each trust decision consisting
of contextual and static/ quality attributes
In the example, the context attributes are based on a specific download
from a specific mechanism
The two authors of the paper thought of this at the same time. We have
multiple symmetric options.
the final trust function at time i in context C based on reputation of
other agents and recommendations of the agents
Some examples:
"When the device has little processing power, this component performs
better than others."
Conceptually it is very complete. The combination of context,
local/global recommendations, and social network is very interesting.
----------------------------
14:25 - 14:40 How Certain is Recommended Trust-Information (10 + 5 mins)
Uwe Roth and Volker Fusenig
Think about that I am in the area of network topology and we are
lokking at developing a new (overlay? top?) network that is based on
trust.
]
One expects that part of the information that is given by malicious
participants may be reliable or not. Reliable sources may yet be
incorrect
When we build up router trust relations how do we compile information
from multiple nodes.
When a route is unknown then it is trusted. If y is unknown then x
chooses a path by random to reduce the influence of nodes. He
transforms the network, or his knowledge of the network into a decision
tree. As he chooses a route through both the network and the
corresponding decision tree, X chooses at random to trust Y or not,
Sometimes just throwing a coin is better than making a decision on an
exteneded decision tree reflecting trust.
I don't think trust has anything to do with probability. Trust is based
in cognitive processes and moral reasoning. It is not a probability.
reliability are often used as equivalent but I think it is the same
Results of the design of trust - selected routing
influence of malicious participants lies in the percentage of malicious
nodes
limiting the tree to 6-8 hops makes the system more useful.
Q: This decision tree you use for eventually reaching a trusted node.
It looks like a Markov chains do have efficient algorithsm for
computing prob of reaching given sub-edges. Th might be useful.
A; We think maybe this is a dead end for research. Does it really make
sense to go further than 8 hops? Obviously we don't want to introduce
this decision-making into real routiing.
Q: When you say you do a random walk do you do multiple paths?
A: No we do one walk. We also include learning in future projects.
Routing can be a learning trust experience. This uses only local
routing information which limits the ability of malicious parties.
--------------------------------------------------
KEYNOTE: Spam and the Power of Social Networks
(I believe this is all web spam)
Disincentives for spamming: social and economic
Depending on the type and target data spam is easier to fight
For social networks we have various elements of social networks:
web pages, web links, blogs, dynamic sites
news indexes, rss feeds, contracted information
advertisers? he says you cna trust advertisers? confusing.
Produced data
Yahoos' groups
Ycars
Yhealth
Direct interaction information
query logs: spelling, phrases
click-thru 0 relevance, wording, intent
social: links, communities, dialogues
Current challenges
Scraper spam
copies good content and adds monetization (e.g., Google Adsense)
Synthetic text
biolerplate, randomized, built around key prhases
Query-targeted spam
each page targets a single tail query in larger auto-constructed hosts
DNS spam
many domains using the same server
Blog spam
based on ownership rather than exploiting log interest
68,000 blogspot.com hosts all generated by the same spmmer in 2005
1.nursingresources.blogspot.com
.....
67,799) startrakresourcesforyou.blogspot.com
Great example of web spam for "texas boxer dog breeder" and "russian
women looking for love"
(Hey it turns out if you search for "russian boxer dogs looking for
love" you get no hits.)
Flickr - community phenomenon
millions of user share nd tag each others' photograph
anchor text is collective knowledge used to create a search
mentions "THE WISDOM OF CROWDS by James Surowiecki"
Challenges in social media
what is the rating and reputation system
cope with spam by shared ratings
where else can you use distributed power?
Spammers many times either look like or are social networks
but the web has larger social networks
examples
statistical deviation is suspicious (Korea has one large, and three
satellite, the three satellite were large and were spam)
any bounded amount of work is suspicious
spammers link support has shorter incoming path
Fraud types:
Rival click - rival of ad company employees clickers to click thu ads
to exhaust budget
Publisher click - publishers pay someone to click to get paid
Budder click fraud: keyword bidders employer clickers to raise
click-thru rate. a higher click-thru rate increases the probability of
appearing in Google ad space thereby getting more ads for less money
Anti-bidder click fraud: keyword bidders employer clickers to lower
competitors click-thru rate. a lower click-thru rate increases the
probability of appearing in Google ad space
Misdirect: fake queries, fake bids, fake ads
the first two exist but probably are not common. Maybe not over 10% but
we are talking about something that impacts the relationship search
engines and advertisers, so in that way it may not be common but it is
significant.
WINE'05 paper
Click-fraud resistant methods for learning click-thru rates" Immorlica,
Lain, Mahdian and Talwar WINE 2005
Looks like a standard paper that illustrates the second-price auctions
cannot be manipulated by a single party. and 2nd price auctions reveal
true valuation.
Alex: one way to resolve this problem is if you get only the problem if
you make it pure attention span.
A: Yes you could also make it so that you only pay if someone buys
Defenses
-relevance
freshness
How do we fight web spam?
-mix of algrithmic and editorial techniques
editors do catch egregious spammers
this would be fine if it scaled
-editors interact with algorithms by
providing test cases
-prevent spam from distorting ranking
How to collbarate
-true spam-data sharing between indexers is problematic
-can indexers share spammer list with publishers
-id publishers had choice what would they do with spam?
Microsoft rep: the difference between spammers and advertisers is that
spammers do not pay us?
Seriously, BMW just got dropped for being a spammer by Microsoft or
Yahoo!
In the move from the search to advertiser from search engine there is
no link
If you combine IP query frequency you can see outliers. Most of the
outliers are spam. We were able to easily detect spam.
Two Microsoft reps, one Yahoo! rep but we only talked about Google.
That was odd.
16:00 - 16:15 Quality Labeling of Web Content: The Quatro approach
Vangelis Karkaletsis, Andrea Perego, Phil Archer, Kostas Stamatakis,
Pantelis Nasikas and David Rose
Missed most of this due to hall discussions.
Apparently it is about invalid labels and uses the example of
pornography.
16:15 - 16:30 A Study of Web Search Engine Bias and its Assessment (10
+ 5 mins)
Ing-Xiang Chen and Cheng-Zen Yang
These guys examine previous bias examinations then use the same terms
used by others.
The bias represents the "deviation of the norm from the results of a
search engine"
The method proposed tells users only deviations not the contents.
Therefore we will add to the study by examining content. In our study
we will define a "norm" by using "representative" search engines.
Previous Experiment:
1. select a pool of search engines as 'the norm'
2. transform URLS into vectors
3. calculate the similarity
4. normalize
This study defines norms as:
1. designed for different subject areas
2. has its own mechanism for rating
3. ??
Scores are calculated based on word count as well as presentation.
The deviation or bias is considered the angel between the "bias".
About, AltaVista, Excite, Google, Inktomi, Lycos, MSN, Overture, Teoma
and Yahoo
We selected "hot terms" chosen from Lycos fifty.
Google, Lycos, Alta Vista have the least indexical bias
Google Yahoo Lycos have the least content bias
A diagram illustrates search engine deviation from the norm.
16:30 - 16:45 Phishing with Consumer Electronics - Malicious Home
Routers (10 + 5 mins)
Alex Tsow
It is straight-forward to subvert routers and make targeted attacks.
Available to millions
The seller can choose his or her own jurisdiction
There are reputation systems that measure transactional satisfaction -
you could resell the wireless router and it is unlikely to be noticed
at all.
Imagine you give router away or allow 15 routers per week to sell.
131 of 145 Linsys 802.11g sold in a week.
estimate 3 victims per router
45 victims a week is roughly 1% of all victims attributed to phishing
each individual is subject to investment services, across a wide
spectrum
It is a likely profitable attack.
Benefits:
looking at average fraud rates are $6,383 per victim
$2100 misuse of victim accounts
That makes it $14-5M dollars
Total distribution overhead
$34,000 - $81,000
Malicious embedded software it is a business plan.
Must be able to trust your hardware vendor.
At $5-20M a year someone is or will be doing this.
q: You don't have to sell your hardware you can just have people
download your router software. It is hard for me to imagine how a virus
scanner for a router would work.
a: Of course there are many ways to solve this but no one has invested
in it
You could also look for open wireless networks with a default password
and zap them.
SO if man picked random default passwords you could eliminate this
threat
Q: How hard is this?
A: I trolled the web. There was no hack on the source code I just added
a malicious configuration.
A creative mind is more dangerous than technical skills.
Q: Is there a unique property of wireless that makes it worse?
A: The property of making it work from afar makes it more dangerous.
Another idea I am looking at is wireless routers spreading malware to
other routers. So there is a secondary channel that is not a function
of the Internet.
Race pharming exploits a race condition and hijacks the session.
This kind of thing combined with malicious malware can make the
malicious spread of malware novel.
Q: Do you see particular vulnerabilities in mesh networks.
A; That is beyond my expertise.
MINI Panel
Pantelis: One thing about describing content in an online database. But
these are not optimized on the lower level yet. This could possibly not
make it as user friendly as it could be. My system takes ten seconds to
return.
Q: Any time you see a dialogue you'll say yes if you a user. Will the
average user evaluate those claims.
A: You could do small tricks and make the default yes.
A: People are not put off by cigarette warnings.
A: Is the technology part is for naught?
A: There are three parts: social norms, security technology, and user
experience.
A; In the end the average user will not read an XML file because he is
not going to read them. Work has to be done in the interface.
A: I am in tech side. Human interaction doesn't play a role. I am
looking at computer-2-computer trust in the routing environment. In my
research it is a window into game theory not a real people action.
A: Id' like to pick up on a point that there is a trade-off between
usability and security. There is vast improvement in user interfaces
that we can get better interaces. We can have better interfaces and
better security. There may be a trade-off but we are nowhere near that.
A: Hendler pointer out the terrible move to social and network trust,
and the idea of integrating the social interaction into trust
interaction
A; Whenever we are talking about user interfaces will social networks
really going to help? If it is context reliant we need to distinguish
between users that some things should be done automatically. Will the
social network function?
Hendler: there is a pop-up for films when you visit Jens website. I
know who is in my social network. I can make justification. Systems
tell you "this is trustworthy" or "this is dangerous".
Mark: A couple of us were in a previous trust meeting and we had a
discussion system about eBay. eBay's reputation system gives very
overly optimistic ratings. In fact, there are disincentives to report
honestly. Negative ratings get suppressed and there is retaliation risk
to being negative.
Hendler: Why make ratings public?
Mark: Then we have a believability problem and the social problem.
My notes follow. Wait two weeks and I can html them.
thanks,
-Jean
NOTES FROM MTW 2006
Jean Camp
www.ljean.com/netTrust.html
MS Mincho
Courier09:00 - 09:25 Konfidi:
Trust Networks Using PGP and RDF (20 + 5 mins)
David Brondsema and Andrew Schamp
Uses email into
"Went with intuitions on trust", having trust being a value between 0
and 1.
This was not bad intuition - it ends up being like BBK. But not having
worked form a more formal basis meant an overall system. Also they use
the square root - which means email recipients are factors many small
numbers for each email.
A confusion between what humans are good at ("I know Bob, what do I
think he knows about cooking?") versus what computers are good at
("You have a 35% certainty that the sender is Bob").
Uses a FOAF file. It holds all the PGP keys.
No hierarchy or relation between topics.
You do lose privacy and this is an explicit spam/privacy trade-off to
"bring accountability to the web". For this to work, everyone would
have to contribute their social networks.
Jean-> this simply replaces one type of naive absolute trust (I will
allow anyone to write to my email box) with another kind of naive
absolute trust (I will tell everyone about my social network).
09:28 - 09:50
Using Trust and Provenance for Content Filtering on the Semantic
10,000,000 accounts on FOAF
FilmTrust is an instantiation of the generic trust calculation
mechanisms
How can you use this for intelligence uses more broadly?
"Hundreds of thousands of people" work in intelligence
There are certainly other systems that function more to find
consensus: either everyone believe Bush or no one does he lies (btw,
"the president" is underspecified once you are on an international
flight. I believe the local PM has a bit of a reliability problem.) I
very much like the focus on how well the system performs beyond the
mechanism of finding the norm.
Trust ratings could be used to annotate sources and weigh conclusions.
We could use social networks within intelligence agencies to rate
sources and expertise.
Q: Such a centralized trust rating would be immensely valuable to any
insider
A: Insider and subversion attacks are not a issue with today's
networked threats
09:50 - 10:05
Towards a Provenance-Preserving Trust Model in Agent Networks (10 + 5
mins)
There are models that work with multiple models
Model that works with trust and distrust
Lack of a central authority means that agents may provide different or
contradictory data
"the enemy of your enemy is your friend"? an interesting assertion
t-norm is any construction - union, sum, etc
any random operator can be developed
propagation, aggregation, and system updates
Q. Matt Ginsberg was arguing about belief, propositions and
uncertainty. He used the same kind of lattice. Ginsberg is looking at
truth and falsity.
A: Thanks
Q. You trust relative to certain subjects. What is the context of the
trust?
A: There is no way to characterize this trust by content. We want to
attach a context.
QUESTION AND ANSWER PERIOD TO THE PANEL
Do you want an infinite depth of trust or do you want it to be finite
number of steps to worry about completeness and trust logic.
Dave: You never have 100% trust so it will naturally decay to a thresh
hold so trust behind this point you stop calculation
Aaron: If you are far removed perhaps you may want to have great depth
even at low values
Q: If you have multiple paths what do you use?
Dave: If you multiple paths then take the nighest value. Should
completely ind. paths raise the question up higher.
Q: Have you worried about scalability
Dave: No we haven't. One of the benefits is that you could have
multiple servers
Q: Do your models take time into consideration?
Dave: no - the only time you update is if something is filtered
incorrect then you correct it
Patricia: Scores are updated but right now we have time decay
Aaron: I have not thought about that, so you could implement an annual
survey
Q: How can you trust your trust network data? Authenticity and
privacy.
Aaron: That is a great question, there is no easy answer
Dave: Are the data open and public, you can't have totally open data
and one of the reasons for open data if the data were closed then you
could have a trust relationship for somebody to run one calculation to
obtain inference of trust relationships. even in a closed system you
could calculate backwards. Then these "just become social and
organizational" problems and my system is technical.
Q: Is it possible not to trust yourself? Can you capture that?
Dave: For our model you automatically trust yourself. You could
redesign the system but then you would loop.
Q: I have been in a case where I have been sure about something but
unsure about something else
Aaron: People may want to write their uncertainty in there
Mark: What does a trust rating of .8 mean? My question of .8 goes to
the heart of how you propagate trust?
Dave: One way to do it is to consider it a probability that the person
will provide a correct answer
Mark: That is a nice answer because it gives you a way to measure
things and fives you a way toe valuate trust across a large network
but that would imply that none of the propagation measures you propose
are valid. If these are statistical methods then there should be a way
to extract data. Even without transitivity we have way to trust people
if we are talking about mathematical methods.
Q: Then what about game theory - there may repeated games that
underlie many trust models.
A: In response to you can always trust someone who always lies to you
- one trust definition is that you trust them to be consistenty
unreliable
Q: Tell me about Baysian updating and calculation.
Patricia: There is also a research value that allows a membershio
function, I trust him very much, then the membership function can be
transformed. If you have the attached membership value. It is
ordering.
Allen. Dave: We are not familiar with Baysian updating
Q: Trust is binary - either you trust o you don't. Then once you trust
you want to rank agents. trust, reputation and ratings ?
A: Maybe what I have is more reputation than trust?
Mark: Whether statistical reputations is what you use. If you send a
package then you can look at on-time performance and treat that as
statistical. Then I would have 99% trust but in personal situations it
is not that at all. People are not probabilistic. Trust depends on
motivations.
11:00 - 11:25 Propagating Trust and Distrust to Demote Web Spam (20 +
5 mins)
Baoning Wu, Vinay Goel and Brian Davison
Web search is the access to the Web for hundreds of millions of people
Web spam, spamdexing include many methods: link farms, keyword
stuffing, cloaking, link bombs
Page Rank: Page and Brin, 1998
rank = decay*transition matric* old rank + decay*(uniform distribution
of 1/N)
decay factor == how far you propagate down the set of links on the web
Gyongyi and Garcia-Molina, VLDB 2004
rank = decay*transition matric* old rank + decay*(seed set of sites)
Trust rank assumption the parent divides trust among its children
equally
this may not be optimal because trust may be independent
distrust can also be propagated, which has not been considered in page
rank
three major propagation issues
1. decay of trust
- trust is not perfectly transitive
2. splitting of trust
- trust may not be equally split
3. accumulation of trust
- how do you split trust among children
2. splitting for trust and distrist
equal splitting is the trust rank we saw before, divided by number of
children
constant splitting gives the decayed value to each child
3. accumulation
simple summation
max share {of all values sent by parents]
max parent {sum all values with a max being the thrsehold being the
max value of any parent}
combining trust and distrust
for each node have a trust score and a distrust score, and can have a
weighted difference
Data set: 20M pages from the Swiss search engine from 2004 (20 million
pages)
350 sites with ".ch" domain
seed set
trusted: 20,005 sites
distrust: 3,589 sites as providing web spam
evaluation: run the rankings and see how many webspam sites were in
top 1%
PageRank leaves 90 sites in the top 1%
TrustRank leaves 58 spam sites in top 1%
Topical trust rank site resulted in 38 in top 1%
They tried many combinations. They found max share using log splitting
gives only 12 spam sites in top 1%
If we add propagation distrust then the largest number of spam sites
in the top 1% is 52
This depends considerable on seed sets
Evaluation: how much does the graft shift if you use the trusted seed
set?
77% in call cases
q: Maybe the seed set is not useful
A: If we had more data we would love it.
Q: Maximum measure - the second one enables a trusted node to subvert
the ranking. If you get a spam set in your trusted seed site
A: We address the existence of a spam in the seed set
Alex: The current sites are optimized to subvert page rank. One
interesting measure would be cost of subversion
A: We are assuming that propagating along links is valuable. What kind
of factor does it provide.
Alex: I was thinking, what is the measure of spam site cost of fraud,
how much does it cost to build up a web site
Q: You evaluation is false positives. Do you look at the false
negatives?
A: That is very hard to measure. That requires knowing if the search
is as good. We did not know if the trusted sites have been demoted.
Q: What if a blogger is a trusted site and comments address all the
spam link?
A: The introduction of the no-follow-link sites can address this.
11:25 - 11:50 Security and Morality: A Tale of User Deceit (20 + 5
mins)
L. Jean Camp, Cathleen McGrath and Alla Genkina
My talk & I can't take notes. Here are the slides.
Design for Trust
Start with human trust behaviors
Trust
Used for simplification
Encompasses discrete technical problems
privacy, integrity, data security
Embeds discrete policy problems
business behavior, customer service, quality of goods, privacy
Human and Computer Trust
Trust is approached differently by different disciplines
Social Studies of Human Behavior
Studies based on a micro approach
Experiments to evaluate how people extend trust
Game theory
Common assumption: information exposure == trust
Philosophy/ Luhman
Macro approach
Trust is a need
high default to trust
Trust is a tool for simplification
Examine societies and cultural practices
Experimental Definition of Trust
Coleman°s Three Part Test
enables something not otherwise possible
individual who trusts is worse off if the trusted party acts in an
untrustworthy manner
individuals who trust are better off if the trusted party acts in a
trustworthy manner
there is no constraint placed on the trusted party
a time lag exists between a decision to trust and the outcome
Trust & Individiation
People interacting with a computer do not distinguish between
computers as individuals but rather respond to their experience with
"computers°±
People begin too trusting
People learn to trust computers
first observed by Sproull on net in computer scientists in 1991
confirmed by later experiments
Computers are perceived as moral agents
People will continue to extend trust - so creating another source of
trust doesn,t defeat trusting behaviors
Research on Humans Suggest...
Humans may not differentiate between machines
Humans become more trusting of °Æthe network°Ø
Humans begin with too much trust for computers
Confirmed by philosophical macro observation
Confirmed by computer security incidents
E-mail based Scams, Viruses & Hoaxes
Masquerade attacks
Two Hypotheses
1. Do humans respond differently to human or computer "betrayals" in
terms of forgiveness?
2. Do people interacting with a computer distinguish between
computers as individuals or
respond to their experience with "computers°±?
Does tendency to differentiate between remote machines increase with
computer experience?
H1: Response to Failure
Do humans respond differently to human or computer "betrayals" in
terms of forgiveness?
Attacks which are viewed as failures as °Æignored°Ø or forgiven
Technical failures as seen as accidents rather than design decisions
May explain why people tolerate repeated security failures
H2: Differentiation
When people interact with networked computers, they discriminate
among distinct computers (hosts, websites), treating them as distinct
entities, particularly in their readiness to extend trust and secure
themselves from possible harms.
People become more trusting over time
People differentiate more not less with experience
Do people learn to differentiate or trust?
°?educate the user°± may not work
The Experiment
Developed three websites
°?life management°±
Elephantmine.com
Reminders.name
MemoryMinder.us
Initial Tests
What information would you share with each site?
Do you trust the site?
user-defined trust, no macro definition given
Rejected MemoryMinders.us
people dislike lime green?
Other two designs had similar evaluations
Two °?Betrayal°± Types
One group faced a technical betrayal
Another person°Øs data is displayed
°?John Q. Wilson°±
DoB, Credit Card Number, social network data
One group faced a moral betrayal
Change in privacy policy announced
Collection of third party information correlated with compiled data
very common policy
eBay, Face Book, mySpace
Three Step Experiment
Users introduced to first site
Sites in the same order
Users experience betrayal
Half the users have technical failure
Half had privacy change
Both sets of users experience a failure upon departure of first site
Then users go to second site
Findings: Differentiation
Users respond to first site betrayal with significant change in
behavior wrt second site
users had on average seven years experience with Internet
computer experience not at all significant
second site not seen as °?new°± entity
Cannot support the hypothesis that users differentiate
users do not enter each transaction with a new calculation of risk
Findings: Betrayal Type
Stronger reaction to privacy change
Yet technical failure indicated an inability to protect privacy
(table from paper here)
What To Conclude
Assuming the human will act like the computer has been a core
design problem
Either remove assumptions about humans
Or computer security must be designed with social science in mind
Differentiation
The tendency to differentiate between remote machines decreases with
computer experience
More use results in more lumping
Make better lumping
Explains common logon/passwords
along with cognitive limits
°?My Internet is Down°±
Need explicit DO NOT TRUST signals
Observations
Users are bad security managers
PGP, P3P, passwords, °?.
Security should necessarily be a default
Surveys illustrate a continuing confusion of privacy & security
educate All Net Users OR
build upon the connection between the moral (privacy) and technical
(security)
Computer security is built for machines
Passwords
Humans are a bad source of entropy
SSL is broken, for exam[;e
Two categories: secure and not secure
By requiring per-site differentiation does not enable human
differentiation
Every site should include a unique graphic with the lock is a bad
usabillity suggestion because it still requires per-site
differentiation
SSL == Trust all machines with the lock
SSL - secured phishing has already occurred
We need Better lumping, not demands for user differentiation
PKI CRL is built for machine
Different levels of key revocation are needed
Falsified initial credential
All past transactions suspect
Change in status
Future transactions prohibited
Unrecognized hierarchy
Messages are confusing
No domain
No alert when moving to IP address space not connected to DNS
Building for Trust
Security technologies are not adopted, e.g., patching, PGP
Security technologies do not address user conceptions of trust
Patching
more secure machine with regular updates to Microsoft?
PGP
s igned email w/o confidentiality to most people
Technologies linking security (competence) to privacy (beneficence)
these may prove more effective in trust building than security alone
Example Project
http://www.ljean.com/netTrust.html
Focused on individuals' social context
computer - computer trust
computer- human trust
Explicit °?do not trust°± signals
11:50 - 12:15 Investigations into Trust for Collaborative Information
Repositories: A Wikipedia Case Study (20 + 5 mins)
Deborah McGuinness, Honglei Zeng, Paulo Pinheiro da Silva, Li Ding,
Dhyanesh Narayanan and Mayukh Bhaowal
Make systems more usable and operation to users
Provenance of information and trust are required to make Wikopedia
accepted.
Allowing users to access, view, and analyze information informed by
trust ratings. This enables users to:
- access the trustworthiness of documents that are colaboratively
created
- monitor changes in trustworthiness of dynamic documents and provide
timely notification of possible malicious content modification
- identify trustworthy information with visualization tools
- access shareable trust information among heterogeneous information
Two critical elementsL
revisions
wikis allow updates from others
pages are destructively changed, as opposed to follow-ups
rating based systems
web sites support and encourage explicit ratings of contributors
wikis have no explicit trust rating
Core elements of trust
articles ={0, 1, fragments
fragment = {author, history, revision}
Link ratio: the ration between the number of citation occurances/ the
number of non-cite occurances
There may be no reason to link
articles on "love" vs. 'Gauss' Law"
revision actions: insertion, deletion, and modification
revision trust
trust of new fragment = (trust of previous fragment) -/+ (trust of new
fragment as a function of trust in author)
PML - proof markup language is a representation language designed to
be able to encode information agents may need in order to evaluate
results - including where information came from and where it came from
PML has an OWL encoding and XML serialization
Our current work explands PML to include representation primitives for
trust
In two examples, the results are quire different. Author-based trust
under-rates authors who make very basic or corrective contributions so
that authors do not link to.
inference web: iw.stanford.edu
simple mark-up
foto.stanford.edu/mediawiki-1.4.12/index.pphp/Main_Page
Q: Does churn indicate a problem? How often a page is viewed versus
how often a page is edited?
Churn may be a problem or it may be that a few people get incensed
over a specific topic and then the author rating would suffer.
However, content consistency rating would give a very good indicator
of churn.
13:45 - 14:00 Invited talk by Paul Walsh, Segala (15 mins)
We developed a machine-readable trust-mark. The machine-readable
nature of it, with semantic metadata. We work with ICRA (internet
content rating association)
ICRA has replaced PICS with PICS with icing. Segala is moving
seriously into the filtering market.
Segala rejects the static visual icon method.
TrustWatch: GeoTrust
Hacker safe crtificate
Fiduciary
Trustee
annotate's search and then provides information
We are working with Mozilla's premium developer
Search Annotation:
has a green check as good,
red x as unknown
an orange check for something that is self-labeled
maybe something else for rejected claims
Search Filter:
only third party verified results but it also gets rid of non-verified
results
There are already trustmark providers
Branded browsers are one element, for example, content
Limited usability but good marketing. no doubt it will be widely
adopted.
Q: make a distinction between P3P
A: I don't know if you could. But compared with PICS it is extremely
flexible in content.
Mark: The assumption is that content is static is that correct? What
is the contract with the user?
A; Users can complain if it is bad.
Mark: Strategically one could act in a trustworthy manner and then
obtain the trust marks, and then become untrustworthy. The same games
can be played with TrustMark as with any other certification.
A: Absolutely. We are developing mechanisms, but humans required.
Q: This is for generic claims. Not for trust claims. So sites can make
generic claims: usable for blind people, can increase type size, etc.
It is highly useful for usability.
We have a list of potential code of conduct. We want a trust mark that
will provide machine-readable trust marks.
We are not saying that this site is more trusted.
----------------
14:00 - 14:25 Context-aware Trust Evaluation Functions for Dynamic
Reconfigurable Systems (20 + 5 mins)
Santtu Toivonen, Gabriele Lenzini and Ilkka Uusitalo
Work connected with the Trust4All project.
Objectivel Contextual information has influence on trust.
Clearly user/device and network context influences trust. How do we
take that into account in network trust determination.
Definitions:
trust- subjective unidirectional relationship
trustor- subject of trust
trustee - object of trust relationship
trustworthiness- the degree to which the trustor considers the trustee
s trustworthy
trustworthiness evaluation- process executived by the trustor in order
to determine the trustworthiness of the trustee
quality attributes -static attributes of the trustee, e.g,, name, date
of birth, device type
context attributes - nonstatic attributes of trustee, e.g., location,
device type
trust scope - delineation of atttributes into context and quality
Constructed as a multilayer system, with each trust decision
consisting of contextual and static/ quality attributes
In the example, the context attributes are based on a specific
download from a specific mechanism
The two authors of the paper thought of this at the same time. We have
multiple symmetric options.
the final trust function at time i in context C based on reputation of
other agents and recommendations of the agents
Some examples:
"When the device has little processing power, this component performs
better than others."
Conceptually it is very complete. The combination of context,
local/global recommendations, and social network is very interesting.
----------------------------
14:25 - 14:40 How Certain is Recommended Trust-Information (10 + 5
mins)
Uwe Roth and Volker Fusenig
Think about that I am in the area of network topology and we are
lokking at developing a new (overlay? top?) network that is based on
trust.
]
One expects that part of the information that is given by malicious
participants may be reliable or not. Reliable sources may yet be
incorrect
When we build up router trust relations how do we compile information
from multiple nodes.
When a route is unknown then it is trusted. If y is unknown then x
chooses a path by random to reduce the influence of nodes. He
transforms the network, or his knowledge of the network into a
decision tree. As he chooses a route through both the network and the
corresponding decision tree, X chooses at random to trust Y or not,
Sometimes just throwing a coin is better than making a decision on an
exteneded decision tree reflecting trust.
I don't think trust has anything to do with probability. Trust is
based in cognitive processes and moral reasoning. It is not a
probability.
reliability are often used as equivalent but I think it is the same
Results of the design of trust - selected routing
influence of malicious participants lies in the percentage of
malicious nodes
limiting the tree to 6-8 hops makes the system more useful.
Q: This decision tree you use for eventually reaching a trusted node.
It looks like a Markov chains do have efficient algorithsm for
computing prob of reaching given sub-edges. Th might be useful.
A; We think maybe this is a dead end for research. Does it really make
sense to go further than 8 hops? Obviously we don't want to introduce
this decision-making into real routiing.
Q: When you say you do a random walk do you do multiple paths?
A: No we do one walk. We also include learning in future projects.
Routing can be a learning trust experience. This uses only local
routing information which limits the ability of malicious parties.
--------------------------------------------------
KEYNOTE: Spam and the Power of Social Networks
(I believe this is all web spam)
Disincentives for spamming: social and economic
Depending on the type and target data spam is easier to fight
For social networks we have various elements of social networks:
web pages, web links, blogs, dynamic sites
news indexes, rss feeds, contracted information
advertisers? he says you cna trust advertisers? confusing.
Produced data
Yahoos' groups
Ycars
Yhealth
Direct interaction information
query logs: spelling, phrases
click-thru 0 relevance, wording, intent
social: links, communities, dialogues
Current challenges
Scraper spam
copies good content and adds monetization (e.g., Google Adsense)
Synthetic text
biolerplate, randomized, built around key prhases
Query-targeted spam
each page targets a single tail query in larger auto-constructed hosts
DNS spam
many domains using the same server
Blog spam
based on ownership rather than exploiting log interest
68,000 blogspot.com hosts all generated by the same spmmer in 2005
1.nursingresources.blogspot.com
.....
67,799) startrakresourcesforyou.blogspot.com
Great example of web spam for "texas boxer dog breeder" and "russian
women looking for love"
(Hey it turns out if you search for "russian boxer dogs looking for
love" you get no hits.)
Flickr - community phenomenon
millions of user share nd tag each others' photograph
anchor text is collective knowledge used to create a search
mentions "THE WISDOM OF CROWDS by James Surowiecki"
Challenges in social media
what is the rating and reputation system
cope with spam by shared ratings
where else can you use distributed power?
Spammers many times either look like or are social networks
but the web has larger social networks
examples
statistical deviation is suspicious (Korea has one large, and three
satellite, the three satellite were large and were spam)
any bounded amount of work is suspicious
spammers link support has shorter incoming path
Fraud types:
Rival click - rival of ad company employees clickers to click thu ads
to exhaust budget
Publisher click - publishers pay someone to click to get paid
Budder click fraud: keyword bidders employer clickers to raise
click-thru rate. a higher click-thru rate increases the probability of
appearing in Google ad space thereby getting more ads for less money
Anti-bidder click fraud: keyword bidders employer clickers to lower
competitors click-thru rate. a lower click-thru rate increases the
probability of appearing in Google ad space
Misdirect: fake queries, fake bids, fake ads
the first two exist but probably are not common. Maybe not over 10%
but we are talking about something that impacts the relationship
search engines and advertisers, so in that way it may not be common
but it is significant.
WINE'05 paper
Click-fraud resistant methods for learning click-thru rates"
Immorlica, Lain, Mahdian and Talwar WINE 2005
Looks like a standard paper that illustrates the second-price auctions
cannot be manipulated by a single party. and 2nd price auctions reveal
true valuation.
Alex: one way to resolve this problem is if you get only the problem
if you make it pure attention span.
A: Yes you could also make it so that you only pay if someone buys
Defenses
-relevance
freshness
How do we fight web spam?
-mix of algrithmic and editorial techniques
editors do catch egregious spammers
this would be fine if it scaled
-editors interact with algorithms by
providing test cases
-prevent spam from distorting ranking
How to collbarate
-true spam-data sharing between indexers is problematic
-can indexers share spammer list with publishers
-id publishers had choice what would they do with spam?
Microsoft rep: the difference between spammers and advertisers is that
spammers do not pay us?
Seriously, BMW just got dropped for being a spammer by Microsoft or
Yahoo!
In the move from the search to advertiser from search engine there is
no link
If you combine IP query frequency you can see outliers. Most of the
outliers are spam. We were able to easily detect spam.
Two Microsoft reps, one Yahoo! rep but we only talked about Google.
That was odd.
16:00 - 16:15 Quality Labeling of Web Content: The Quatro approach
Vangelis Karkaletsis, Andrea Perego, Phil Archer, Kostas Stamatakis,
Pantelis Nasikas and David Rose
Missed most of this due to hall discussions.
Apparently it is about invalid labels and uses the example of
pornography.
16:15 - 16:30 A Study of Web Search Engine Bias and its Assessment (10
+ 5 mins)
Ing-Xiang Chen and Cheng-Zen Yang
These guys examine previous bias examinations then use the same terms
used by others.
The bias represents the "deviation of the norm from the results of a
search engine"
The method proposed tells users only deviations not the contents.
Therefore we will add to the study by examining content. In our study
we will define a "norm" by using "representative" search engines.
Previous Experiment:
1. select a pool of search engines as 'the norm'
2. transform URLS into vectors
3. calculate the similarity
4. normalize
This study defines norms as:
1. designed for different subject areas
2. has its own mechanism for rating
3. ??
Scores are calculated based on word count as well as presentation.
The deviation or bias is considered the angel between the "bias".
About, AltaVista, Excite, Google, Inktomi, Lycos, MSN, Overture, Teoma
and Yahoo
We selected "hot terms" chosen from Lycos fifty.
Google, Lycos, Alta Vista have the least indexical bias
Google Yahoo Lycos have the least content bias
A diagram illustrates search engine deviation from the norm.
16:30 - 16:45 Phishing with Consumer Electronics - Malicious Home
Routers (10 + 5 mins)
Alex Tsow
It is straight-forward to subvert routers and make targeted attacks.
Available to millions
The seller can choose his or her own jurisdiction
There are reputation systems that measure transactional satisfaction -
you could resell the wireless router and it is unlikely to be noticed
at all.
Imagine you give router away or allow 15 routers per week to sell.
131 of 145 Linsys 802.11g sold in a week.
estimate 3 victims per router
45 victims a week is roughly 1% of all victims attributed to phishing
each individual is subject to investment services, across a wide
spectrum
It is a likely profitable attack.
Benefits:
looking at average fraud rates are $6,383 per victim
$2100 misuse of victim accounts
That makes it $14-5M dollars
Total distribution overhead
$34,000 - $81,000
Malicious embedded software it is a business plan.
Must be able to trust your hardware vendor.
At $5-20M a year someone is or will be doing this.
q: You don't have to sell your hardware you can just have people
download your router software. It is hard for me to imagine how a
virus scanner for a router would work.
a: Of course there are many ways to solve this but no one has invested
in it
You could also look for open wireless networks with a default password
and zap them.
SO if man picked random default passwords you could eliminate this
threat
Q: How hard is this?
A: I trolled the web. There was no hack on the source code I just
added a malicious configuration.
A creative mind is more dangerous than technical skills.
Q: Is there a unique property of wireless that makes it worse?
A: The property of making it work from afar makes it more dangerous.
Another idea I am looking at is wireless routers spreading malware to
other routers. So there is a secondary channel that is not a function
of the Internet.
Race pharming exploits a race condition and hijacks the session.
This kind of thing combined with malicious malware can make the
malicious spread of malware novel.
Q: Do you see particular vulnerabilities in mesh networks.
A; That is beyond my expertise.
MINI Panel
Pantelis: One thing about describing content in an online database.
But these are not optimized on the lower level yet. This could
possibly not make it as user friendly as it could be. My system takes
ten seconds to return.
Q: Any time you see a dialogue you'll say yes if you a user. Will the
average user evaluate those claims.
A: You could do small tricks and make the default yes.
A: People are not put off by cigarette warnings.
A: Is the technology part is for naught?
A: There are three parts: social norms, security technology, and user
experience.
A; In the end the average user will not read an XML file because he is
not going to read them. Work has to be done in the interface.
A: I am in tech side. Human interaction doesn't play a role. I am
looking at computer-2-computer trust in the routing environment. In my
research it is a window into game theory not a real people action.
A: Id' like to pick up on a point that there is a trade-off between
usability and security. There is vast improvement in user interfaces
that we can get better interaces. We can have better interfaces and
better security. There may be a trade-off but we are nowhere near
that.
A: Hendler pointer out the terrible move to social and network trust,
and the idea of integrating the social interaction into trust
interaction
A; Whenever we are talking about user interfaces will social networks
really going to help? If it is context reliant we need to distinguish
between users that some things should be done automatically. Will the
social network function?
Hendler: there is a pop-up for films when you visit Jens website. I
know who is in my social network. I can make justification. Systems
tell you "this is trustworthy" or "this is dangerous".
Mark: A couple of us were in a previous trust meeting and we had a
discussion system about eBay. eBay's reputation system gives very
overly optimistic ratings. In fact, there are disincentives to report
honestly. Negative ratings get suppressed and there is retaliation
risk to being negative.
Hendler: Why make ratings public?
Mark: Then we have a believability problem and the social problem.