TWC: Small: Collaborative: Reputation-Escalation-as-a-Service: Analyses and Defenses

TWC：小型：协作：声誉升级即服务：分析和防御

• 批准号: 1618684
• 负责人: Sencun Zhu
• 金额: $ 30万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2016
• 资助国家: 美国
• 起止时间: 2016-07-01 至 2020-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1618684&HistoricalAwards=false
• 关键词: TWC; Small; Collaborative; Reputation; Escalation

Living in an age when services are often rated, people are increasingly depending on reputation of sellers or products/apps when making purchases online. This puts pressure on people to gain and maintain a high reputation by offering reliable and high-quality services and/or products, which benefits the society at large. Unfortunately, due to extremely high competition in e-commerce or app stores, recently reputation manipulation related services have quickly developed into a sizable business, which is termed Reputation-Escalation-as-a-Service (REaaS). As REaaS attacks grow in scale, effective countermeasures must be designed to detect and defend against them. This research addresses REaaS from two aspects. First, it aims to understand the economics of REaaS by conducting empirical studies of e-markets. Second, it aims to develop defensive measures, which involve both technical approaches and market intervention. The technical approaches focus on detection of REaaS from e-markets, and novel detection techniques will be developed using content analysis, machine learning, social ties, and graph theory. For market invention, after a holistic analysis of REaaS, this research aims to identify its bottleneck (the weakest link) and also measure the efficacy of intervention. The outcome of this data-driven security research will enhance security education with labs based on social-economic data analysis. The success of this research will attract more attention of industry practitioners, government sectors, and academia to jointly tackle the REaaS problem.

生活在一个经常对服务进行评级的时代，人们在网上购物时越来越依赖卖家或产品/应用程序的声誉。这给人们带来了压力，通过提供可靠和高质量的服务和/或产品来获得和保持高声誉，这对整个社会都有好处。不幸的是，由于电子商务或应用商店的竞争异常激烈，最近声誉操纵相关服务迅速发展成为一项规模可观的业务，称为声誉升级即服务（REaaS）。随着REaaS攻击规模的增长，必须设计有效的对策来检测和防御它们。本研究从两个方面探讨了REaaS。首先，本文旨在通过对电子市场进行实证研究来理解REaaS的经济学。其次，它旨在制定防御性措施，包括技术手段和市场干预。技术方法侧重于从电子市场中检测REaaS，并且将使用内容分析、机器学习、社会关系和图论开发新的检测技术。对于市场发明，本研究在对REaaS进行整体分析后，旨在找出其瓶颈（最薄弱环节），并衡量干预的有效性。这项数据驱动的安全研究成果将通过基于社会经济数据分析的实验室加强安全教育。本研究的成功将引起业界、政府部门和学术界的更多关注，共同解决REaaS问题。