^{1,2}

^{1,2}

^{1,2}

^{1}

^{2}

This paper proposes a dynamic trust and risk evaluation model based on high-order moments. The credibility of an entity is measured with trust degree and risk value comprehensively. Firstly, considering the dynamic and time decay characters of trust, a time attenuation function is defined, and direct trust is further expressed. Subsequently, in order to improve the accuracy of feedback trust, a filter mechanism is constructed to eliminate the false feedback, combining coefficient of skewness with hypothesis test. More importantly, the weights of direct trust and feedback trust are derived subjectively and adaptively with the moments and frequency of direct interactions. Furthermore, risk is evaluated with direct risk and feedback risk, which are obtained by mainly using coefficient of variation and coefficient of kurtosis. Risk value can be used to measure the stability of providing services. Simulation results show that the proposed model not only has high accuracy, but also resists effectively collusive attacks and strategic malicious behaviors.

With the rapid development of network technology, peer-to-peer networks have been widely applied in a variety of distributed application systems, such as P2P file sharing, electronic commerce [

In recent years, trust relationships under different application conditions have been analyzed [

At present, the weighted average method is used to quantify trust in most of the literatures. Li et al. [

Except for the weighted average method, trust models are presented using probability and statistical methods. Wang et al. [

Although much new progress has been made in the existing researches, there are still some problems, which mainly are reflected in the following respects. First, dynamic is the biggest challenge in the evaluation and forecasting of trust relationship, due to the fact that trust relationship changes dynamically over time and has the time attenuation character in which interaction information further from current time has the weaker influence to trust relationship. Therefore, how to depict the time decay precisely and improve the accuracy and dynamic adaptation is a very difficult job. Secondly, false feedback filter is prerequisite to guarantee the correctness of feedback trust. At present, attacks against trust systems emerge endlessly in [

According to the above problems, this paper models behavior trust and risk evaluation using high-order moments. First of all, a time attenuation function is defined to characterize dynamic and time decay of trust more flexibly. Based on this, the direct trust is computed combined with the moments and frequency of direct interactions between entities. Subsequently, before calculating feedback trust, feedback interaction information is filtered through establishing a statistical model with standard coefficient of skewness and hypothesis testing, eliminating the false feedback. Then the feedback trust is calculated with the time attenuation function. Next, according to the basic principles, considering the number and moments of direct interactions, we give a weight setting method which is adaptive and dynamically adjusted as the interaction continues. On this basis, in order to fully study its ability to provide service, the stability of target entity behavior is measured by analyzing the discrete and sharp degree with coefficient of variation and standard coefficient of kurtosis of two samples: direct interactions and real feedback information. Further, risk evaluation model is given with the weighted average method. To measure the ability of the target entity, the values of trust and risk evaluation are both taken into account so as to make a trust decision.

The remainder of this paper is organized as follows. Section

This section mainly gives the computational expressions of direct trust and feedback trust, and then total trust is ultimately quantified with the weighted average method. Set entity

As we know, trust has the characteristics of time decay; that is, the interactions results farther from the current time have the weaker influence on the current trust value. Consequently, those interactions only in a certain period close to the current time are necessary to be analyzed so as to obtain the current trust degree. Given

For any

Based on (

Consider

Through analysis, it is known that

Time attenuation function

From Figure

Combining the direct interactions

For any

Set

After entity

This model adopts the storage and distribution means based on DHT for the interaction information of any entity. In order to more effectively resist malicious attacks, overlay network is used similar to DHTON presented in [

The Chord network is first described. In a Chord network, every entity is represented by a

There is not distinction between direct trust and feedback trust in the algorithm of computing trust in [

According to the time instant of each interaction,

In each time interval

In order to filter the false feedback effectively, standard coefficient of skewness and hypothesis testing are used to analyze the feedback information. In statistics, coefficient of skewness is a measurement to reflect the skewness condition of sample distribution, including the degree and direction of skewness.

Suppose

The false feedback filter method is given using Definition

Set a threshold value

It is when

When

For any

Using the real feedback interactions

To calculate the total trust with weighted average method, the weight setting needs to follow the following two principles at least:

the weight of direct trust should be not less than the weight of feedback trust; that is to say,

lowering the weight

Based on the above principles, a theorem is first proven before the computing method of the weights is derived.

For any

For any

For any

For any

Based on the principles of the weight setting, combining the conclusion of Theorem

From Theorem

To sum up, substituting (

In the open and dynamical network environment, trust and risk are the important factors to make security decisions. Trust computing can provide guidance for safety decision-making and risk evaluation is an objective reference for trust computation [

In this paper, we use the stability of providing this service of entity

Set

Although the coefficient of variance can measure the dispersion degree of the sample, two samples with the same coefficient of variance have different kurtosis in many cases. Therefore, the standard coefficient of kurtosis is further used to reflect the sharpness of the sampling distributions.

Denote

Using Definitions

The larger the coefficient of variation, the higher the dispersion degree of a sample, which shows that the ability of providing service is more unstable. The larger the standard coefficient of kurtosis, the higher the concentration degree, which shows that the ability of providing service is more stable. Therefore, the larger the coefficient of variance, the lower the coefficient of kurtosis, and the risk of selecting

The two coefficients of kurtosis

For the two coefficients of variance

Based on the above analysis, the direct risk

In conclusion, the credibility of entity

We make the simulation to analyze the performance of the proposed model based on Peersim, a popular simulator of the P2P network. In the network, there are 2000 entities and 10000 kinds of services, in which 8000 are normal, 1000 are fake, and the remainders are vicious. We first use the RMS error to measure the accuracy of the proposed model. Subsequently, the dynamic is verified as the behavior of an entity changes over time. Furthermore, the percentage of successful interactions and the pass ratio of malicious services are adopted to analyze the performance of resisting the collusive attack and strategic malicious attacks.

We verify the accuracy through computing the root-mean-square (RMS) of the aggregated total trust of all entities [

It can be observed that the RMS error of our model is lower than the DHTrust and PowerTrust in Figure

RMS errors with different percentages of malicious entities.

The experiment is conducted to verify the dynamic of the proposed model. Assume that the behavior of an entity changes as time evolves. It can provide good services in the first 5 time intervals. Subsequently, it becomes unstable and provides honest services with probabilities of 0.9 and 0.8 from the 6th to 10th time interval and from 11th to 15th time interval, respectively. Next, it returns the good state. Trust degree of the entity changes as specified in Figure

The trust degree of a dynamical entity.

When the entity changes from good to bad, trust degree descends quickly and, after 2 time intervals, the evaluated trust degree can reflect the real situation. However, trust degree grows slowly if it varies from bad to good and it takes almost 5 intervals to reach the real value. This phenomenon shows that it is necessary to take a long time to accumulate trust degree and it can be viewed as the punishment for the unstable behaviours before.

In the existing attack models, collusive attack is generally considered as the biggest threat aiming at the trust systems. This attack model mainly includes full collusion and spies. In the “full collusion” model, all entities of a malicious collective provide bogus services and create false positive feedback recommendation to all the other entities of the collectives. In the model “spies,” the malicious collective is divided into two groups: spies and malicious. The spies provide honest services to obtain a high reputation and simultaneously give false positive feedback to the malicious part of the collective. In order to analyze the performance of the proposed model to resist the collusive attack, two measurement indexes are first given as follows.

Set

Set

To measure the effect of collusive malicious entities, it is assumed that the percentages of malicious ones are 10% and 20%, respectively, half of which are spies. In this simulation experiment, 300 cycles are conducted and there are several services in every cycle. The comparisons of the proposed model with DHTrust and EigenTrust are detailed in Figures

Pass ratio of malicious services.

The ratio of successful services.

The left parts of Figures

The performance of the proposed model when strategic malicious entities exist in the network is analyzed in this subsection. Such malicious entities can be divided into two kinds in general. One kind is to promote trust degree with small deals and provide the fake services or malicious attacks for the big deals. The other is to provide the normal service when its credibility is low and give the fake services or malicious attacks after trust is improved.

In this experiment, we assume that the percentages of strategic malicious entities are 10%, 20%, and 30% and each half of such entities takes the two strategies, respectively.

The curves in Figure

The ratio of successful services.

In this paper, a dynamic trust and risk quantitative model is established. The credibility of an entity is measured by two indicators: total trust and risk value. Total trust is obtained with the weighted average method through considering direct interactions and feedback information comprehensively. In order to ensure the accuracy, a feedback filter model about feedback information based on coefficient of skewness and hypothesis test is proposed. Additionally, the weights allocation mechanism is adaptive. Furthermore, risk value is used to describe the stability of providing services, which is modeled with coefficient of variation and coefficient of kurtosis. Through simulation experiments, it is verified that the proposed model makes significant improvement in accuracy and dynamic and then it is robust to collusive malicious attacks and strategic malicious attacks.

The authors declare that there is no conflict of interests regarding the publication of this paper.

The authors would like to express their sincere appreciation to the anonymous reviewers for their insightful comments, which have greatly aided them in improving the quality of the paper. This work is supported by the National Basic Research Program of China (973 Program) (nos. 2012CB315905 and 2012CB315901).