A Trust-Based Reputation Management System

Abstract

Since its inception in the early 1990s, e-commerce in consumer-to-consumer (C2C) markets has achieved great success, with significant projected growth. For example, the Internet auction provider, eBay, has established itself as the largest global player in this market, with $34.2 billion worth of merchandise being auctioned in 2004 and 135 million registered users in 32 markets worldwide. The C2C domain, analogous to its conventional physical marketplace equivalent, is built on trust. Buyers send payments to complete strangers from whom they have purchased goods and trust that the goods will be sent in return. Sellers trust buyers to make good on their payments. All users risk loss, both financial and of their time. Users establish reputations about their trustworthiness through an integrated feedback collection and distribution system, i.e., a reputation management system. Thus, an online marketplace approximates its traditional predecessors as a system in which the human concepts of trust, risk, and reputation are critical to performance. The apparent benefits of interacting in such a strongly-networked global market are accompanied by innovative adaptations of traditional hazards. The Internet, while connecting disparate user groups to increase transaction potential and shared knowledge about the marketplace, also permits user anonymity and transactional intangibility, which can lead to fraud, theft, and collusion. Reputation management systems attempt to limit incorrect behaviour and to assist decision making by providing records of feedback about interactions, called recommendations, for each community participant. These systems are not without their own limitations. First, commercial reputation management systems typically promote usability over accurate evidentiary analysis, meaning that data which could be extremely useful to decision-making is disregarded by the evidence collection mechanism so that ease-of-use is maintained for community members when they are voluntarily providing feedback. This first issue leads directly to the second, which is inaccurate evidentiary analysis with regard to contextual relevance in terms of user role, timeliness of evidence, and environmental context. In this regard, trustworthiness is usually linked solely to the overall number of positive recommendations about a user, regardless of the interaction context being considered. Third, the dynamics of user interactions are not addressed, and interaction dynamics in such an evidence-rich environment are difficult, if not impossible, for an average user to manually detect. Without the ability to analyse interaction dynamics, the fourth and fifth issues arise, namely that the analysis of whether or not a user provides useful and accurate recommendations about another user or whether or not a group of users are colluding with malicious intent are both difficult to observe. Sixth, risk is not explicitly calculated by the reputation system, and may not be assessed by the user at all. Seventh, and finally, a reputation is often no more than an overall summary of a collection of thousands of individual recommendations rather than an explicit portrayal of the trust and risk involved in a context-specific interaction.

This thesis describes a trust-based reputation management system (RMS) that addresses each of the above issues. The system resolves the ease-of-use versus accuracy problem by maintaining usability viii but with enhanced collection and analysis of evidence with regard to domain-specific behaviour. Furthermore, the system provides increased accuracy of evidentiary analysis with regard to context by assessing evidence in terms of role, timeliness, and environment. Interaction dynamics are also considered in the system?s decision-making process, thus providing for the ability to limit exposure to risk from unreliable recommendations as well as the ability to assess the likelihood of colluding behaviour. The risk of an interaction resulting in malicious behaviour is explicitly analysed and stated to the user. Finally, the reputation summary is replaced by the explicit assessment of the trust and risk involved in interacting with another user, providing a security decision as advice to a user on whether or not to engage in an interaction. The RMS builds on the work of the SECURE (Secure Environments for Collaboration among Ubiquitous Roaming Entities) project. Grounded on a formal model, the SECURE trust-based decision-making framework applies trust and risk to evidence in a manner comparable to the human decision-making process. We use the SECURE model as a basis with which to design our own application-specific mechanisms for reputation management in Internet auctions, and these mechanisms provide for the observation of domain-specific behaviour such as fraud and theft, assessment of contextual relevance, and analysis of risk in financial terms that is made explicit to the end user. Additionally, in the reputation management for Internet auctions application domain, SECURE is deficient in analysing the dynamic aspects of marketplace networks, and therefore we design additional techniques for interaction management. These techniques underlie an extension to the SECURE framework that includes methods for the weighting of recommendations based on the application of recommendation weighting policy to trustworthy recommendation paths within the graph of marketplace participants; and the identification of colluding behaviour between users within the marketplace community, by assessing interaction dynamics between users over time. Our evaluation of the RMS shows that it reduces complexity, increases accuracy, and maintains usability of reputation management for Internet auction users. It validates that the RMS, in its observation and identification of normal and abnormal domain-specific behaviour, reduces complexity by providing accurate decision-making advice to users. Furthermore, the evaluation confirms that the analysis of context in terms of role, time, and environmental factors can further reduce complexity in the decision-making process while maintaining usability. Additionally, the evaluation demonstrates that recommendation weighting can protect a user against the potential unreliability of recommended evidence. Finally, the evaluation establishes that a reputation management system based on a computational trust-based decision-making model can counter the issues in existing commercial reputation management systems and provide increased benefit to users interacting in the Internet auction domain.