A two-level solution to fight against dishonest opinions in recommendation-based trust systems

06/09/2020 ∙ by Omar Abdel Wahab, et al. ∙ Khalifa University University of Waterloo Lebanese American University UQO Concordia University 0

In this paper, we propose a mechanism to deal with dishonest opinions in recommendation-based trust models, at both the collection and processing levels. We consider a scenario in which an agent requests recommendations from multiple parties to build trust toward another agent. At the collection level, we propose to allow agents to self-assess the accuracy of their recommendations and autonomously decide on whether they would participate in the recommendation process or not. At the processing level, we propose a recommendations aggregation technique that is resilient to collusion attacks, followed by a credibility update mechanism for the participating agents. The originality of our work stems from its consideration of dishonest opinions at both the collection and processing levels, which allows for better and more persistent protection against dishonest recommenders. Experiments conducted on the Epinions dataset show that our solution yields better performance in protecting the recommendation process against Sybil attacks, in comparison with a competing model that derives the optimal network of advisors based on the agents' trust values.



There are no comments yet.


page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Collecting recommendations is an important step of any trust establishment process. It involves consulting a set of agents (often referred to as advisors) regarding the behavior of other agents. Therefore, ensuring the authenticity of the collected recommendations is essential to the success of trust modeling. Thus, it is of prime importance to reason about whose opinions to elicit when collecting recommendations and under what circumstances [8]. This can be done either at the collection level by pre-filtering the set of agents to whom recommendation requests should be sent or at the processing level by deciding (out of the collected recommendations) whose opinions to keep and whose opinions to discard or discount. The goal of this work is to come up with a reasoning model that helps trust modelers ensure the authenticity of recommendations at both the collection and processing levels. We argue first that pre-filtering agents at the collection level is quite hard especially in large-scale dynamic settings. In fact, with the growing number of deployed agents (e.g., smart vehicles, robots, etc.), it is becoming quite hard to design a filtering algorithm that can efficiently cover all the existing agents. In addition, the behavior of the agents is often subject to change (i.e., being honest sometimes and dishonest some other times) especially in the presence of smart malicious agents that seek to avoid being detected and punished. Therefore, we chose, in the first part of our solution, to allow agents to self-decide on whether to participate in the recommendation process or not. The decision of the agents is mainly affected by two factors. The first is the amount of resources they can allocate towards trust modeling. For instance, in some applications such as intelligent transportation systems, autonomous cars might prefer to fully dedicate their resources to making real-time driving decisions. The second factor is the accuracy level that agents believe their recommendations have. At this stage, we argue that only honest agents are expected to follow this self-withdrawal principle to both help the decision-making process and maintain their own credibility. On the other hand, dishonest agents are often encouraged to still participate by giving untruthful opinions to manipulate the recommendation decisions. Therefore, further reasoning is needed at the precessing/aggregation level to discard such dishonest opinions. The challenge here is to design an aggregation solution that is resilient to dishonest agents even when such agents form the majority. This is because dishonest agents might take advantage of the self-withdrawal of honest agents to impose their opinions by majority. Worse, dishonest agents might launch some attacks (e.g., Sybil, whitewashing, camouflage, etc.) to further increase their chances of swaying the recommendation decisions.

1.1 Contributions

Our solution is composed of four principal phases: recommendation collection, aggregation to discourage dishonesty, credibility update, and participation motivation. In the first phase, agents are asked by the underlying recommender system to run the decision tree machine learning technique on their datasets to derive appropriate recommendations. Specifying the machine learning technique to be used is essential in our solution to guarantee the homogeneity in terms of opinions origins. Leaving this decision for the agents might lead to inconsistent decisions that are biased towards some machine learning algorithms, dataset size, number of dimensions in the dataset, etc. Our choice of decision tree stems from its lightweight nature which makes it suitable for situations wherein resource-constrained agents exist. Interested agents (e.g., those that have enough resources) train the decision tree algorithm on their datasets which record their previous interactions with agents of different specifications and behavior and decide, based on the obtained accuracy level, on whether to submit their opinions or not. Our decisions for this collection phase provide important insights into two of the stages of trust modeling highlighted by Sen

[8]. The Engage step (who to ask) is moderated by agents having the choice of opting out. The Use step (taking actions based on trust modeling) is also facilitated, as the common reasoning that we require yields insights into the origins of the reputation values provided.

In the second phase, the opinions from different agents are aggregated by the underlying recommender system using the Dempster-Shafer Theory (DST) of evidence [9] to arrive at final aggregate initial trust scores. The aggregation technique takes into consideration the collusion attacks (i.e., Sybil, camouflage, and whitewashing) that might occur among agents to give dishonest recommendations with the purpose of promoting/demoting some agents and accounts for the special case where dishonest agents are the majority. In the credibility update phase, we propose a mechanism to update the credibility scores of the agents that participate in the recommendation collection phase and ensure the authenticity of the recommendation process [10, 12, 13]. Finally, in the participation motivation phase, we argue that in settings where agents may be both requesters and providers of information (such as service-oriented environments) agents will be particularly motivated to assist when recommendations are requested. We discuss this component of our model in greater detail, later in the paper.

2 Related Work

In [1], the authors assume that users have a network of trusted peers and combine the opinions of these advisors, averaging their ratings on commonly rated items. Trust and social similarity are merged to represent the active user’s preferences and generate appropriate recommendations, for the case when little is known about the user. In [4], the authors employ collaborative filtering to ease the recommendation process using a two-stage methodology. In the first stage, users are represented in the form of a social network graph and the task is to collect trust statements regarding newcomer users. In the second stage, all the trust statements are analyzed and aggregated using the averaging technique to predict the trust scores of the newcomer users. In [3], the authors propose a three-phase approach to address the problem of cold-start users. In the first phase, the C

and Naive Bayes techniques are employed to assign new users to specific groups. In the second phase, an algorithm is proposed to explore the neighbors of the new user and an equation is presented to compute the similarity between new users and their neighbors in terms of characteristics. In the final phase, a prediction method is used to estimate the final rating of the new user for every existing item, where the rating is a weighted sum of ratings submitted by the user’s neighbors on the corresponding item. In


, local information obtained through analyzing users’ past ratings is used to assign initial trust values for ubiquitous devices (e.g. smart vehicles). More specifically, this approach uses Singular Value Decomposition, which represents known trust values as linear combinations of numeric features and then combines them to estimate the unknown trust value.

The primary contrast with the aforementioned models can be outlined in three main points. First, the discussed approaches deal with dishonest recommendations at either the collection or processing level. Our solution operates on both levels to increase the protection against dishonest recommendations. Second, in the approaches that operate at the collection level, the choice of evaluating the adequacy of the agents in participating in the recommendation process is left only to the recommender system through computing the optimal network of agents that maximize trust, without accounting for the self-willingness and self-confidence of the agents themselves. In other words, although some agents might be highly trusted in general, this does not mean that they will be providing accurate recommendations for all types of requests. The accuracy here might vary according to the data available to these agents, the characteristics of the agents being recommended, and the technique used to compute recommendations. To tackle this challenge, we leave in this work the choice for the agents to self-asses their own ability in participating in the recommendation process or not. In addition, we force the agents to use a common recommendation computation technique (i.e., decision tree) to increase the homogeneity of the received recommendations. Third, different from the literature which employs aggregation techniques that might be vulnerable to manipulation, we take advantage of DST to perform the aggregation in a manner that is sensitive to possible dishonesty even in extreme cases wherein dishonest agents might be the majority.

3 Proposed Solution

3.1 Solution Overview

The proposed solution can be summarized as follows. Each agent maintains a dataset which corroborates its previous interactions with agents of different specifications and behavior. This dataset is assumed to be labelled in the sense that the agent would classify each interaction as being either trustworthy or untrustworthy based on the degree of its satisfaction on the behavior of the agents involved in the interaction. Upon the receipt of a recommendation request from recommender system

regarding agent , agent has the choice to decide on whether to participate in the recommendation process or not. If accepts to participate, it will train the decision tree classifier on its dataset to predict the trustworthiness of based on the potential similarities between the specifications of and those of the agents that has previously dealt with (i.e., content-based recommendation). Based on the results of the machine learning classifier, agent recommends agent as being either trustworthy or untrustworthy. To avoid biased recommendations, the recommender system collects recommendations from multiple agents and aggregates them using DST to come up with a final aggregate decision that is resilient to dishonesty. Since the performance of DST is greatly dependent on the credibility of the parties giving the judgements, the third step involves updating the credibility scores of the participating agents on the basis of the convergence/divergence of their opinions w.r.t the final judgement given by DST. The proposed recommendation system is depicted in Algorithm 1 (executed by the recommender system).

1:Input: agent subject to recommendation
2:Input: Set of agents eligible to participate in the recommendation process
3:Output: Recommendation decision of recommender system on agent
4:procedure Recommendation
5:     Broadcast the recommendation request to the set of agents
6:     for each agent do
7:          Agent trains the decision tree classifier
8:          Agent derives the recommendation on agent using decision tree
9:     end for
10:     Use Eq. (1) to compute the belief in ’s trustworthiness
11:     Use Eq. (2) to compute belief in ’s untrustworthiness
12:     if then
13:           =trustworthy
14:     else
15:           =untrustworthy
16:     end if
17:     Update the credibility score of each agent using Eq. (5)
18:end procedure
Algorithm 1 Recommendation Algorithm

3.2 Recommendation Collection

When an agent receives a recommendation request, it has the choice to either participate in the process or not. This voluntary aspect of participation is a building block in our solution to ensure fairness for both advisors and agents subject to recommendation. For example, some agents might not be willing to spend some time and resources helping other agents make choices. Moreover, some agents might not have sufficient accuracy (determined by the machine learning technique), lacking any similarity between the specifications of the agents dealt with and those of the agent being recommended. Therefore, refraining from participating would be the best choice for such agents instead of giving inaccurate recommendations (thanks to the credibility update mechanism proposed in Section 3.4). In case agents agree to participate, they first use the decision tree technique to predict the behavior of the underlying agents and derive the appropriate recommendations. Note that decision tree has been chosen for the considered problem due to its lightweight nature which requires no heavy computations nor long training time. This is important to (1) incentivize agents to participate in the recommendation collection process since they would not be required to use significant amounts of their resources (e.g., battery) to derive recommendations, and (2) minimize the time required to collect recommendations especially when it comes to urgent recommendation requests which require prompt answers.

3.3 Aggregation to discourage dishonesty

The purpose of this phase is to aggregate the different recommendations collected as per the previous phase in a non-collusive manner, i.e., in such a way that is resilient to agents that submit misleading recommendations to promote/demote some other agents. To do so, DST, which is known for its power in combining observations coming from multiple sources having different levels of credibilities, is employed. It is true that DST has been used in many proposals for trust establishment purposes [15, 14]; however, the main difference between our recommendations aggregation mechanism and the existing DST-based trust establishment techniques is that our solution requires no predefined thresholds to make a final decision on whether the agent should be trusted or not. Specifically, contrary to the existing approaches whose performance is greatly dependent on a certain threshold, we propose to compute both the belief in an agent’s trustworthiness and untrustworthiness and comparing them to arrive at a final decision. Moreover, we propose in this work to weigh each witness (recommendation) based on the credibility score of its issuer, to reflect the dynamism of recommenders’ honesty.

Formally, let be a set composed of three hypotheses representing the possible recommendations on a certain agent, where means trustworthy, means untrustworthy, and

means uncertainty between trust and distrust. The basic probability assignment (bpa)

of a particular hypothesis given by agent on agent is proportional to the credibility score of . Specifically, if agent having a credibility score of has recommended agent as being trustworthy, then the bpa’s of the different hypotheses are computed as follows: , , and . Otherwise, if recommends as being untrustworthy, then the bpa’s of the hypotheses are computed as follows: , , and . Having defined the bpa’s, the final aggregate belief function regarding a certain hypothesis is computed through summing up all the bpa’s coming from different recommenders upholding this hypothesis . The belief function that recommender system computes regarding agent ’s trustworthiness after having consulted two recommenders and is given in Eq. (1).


Similarly, the belief function computed by regarding agent ’s untrustworthiness after having consulted two recommenders and is given in Eq. (2).


Finally, the belief function computed by regarding agent being either trustworthy or untrustworthy (i.e., uncertainty) after having consulted two recommenders and is given in Eq. (3).


Note that the values produced by the different belief functions are real-valued numbers between and , i.e., , , . Finally, the decision of the recommender system regarding a certain agent is taken by computing the beliefs in ’s trustworthiness and untrustworthiness and comparing them, i,e., if , is deemed trustworthy; otherwise, is considered as being untrustworthy.

3.4 Credibility Update Mechanism

The credibility scores of the participating agents need to be constantly updated in order to maintain the authenticity of the recommendation process. That is, honest recommenders should get their credibility values increased and dishonest recommenders should undergo a decrease in their credibility values. We propose in Eq. (5) a credibility update mechanism using which the recommender system updates its credibility belief toward every agent that has submitted a recommendation on another agent upon the request of .


where , , and C 1 and C 2 are two conditions such that:

C 1


C 2


The main idea of Eq. (5) is to update the credibility score of each recommender agent proportionally to the difference between her submitted recommendation on agent and the final decision yielded by the DST-based aggregation mechanism. In this way, the agents whose recommendations converge to the final decision of the recommender system receive an increase in their credibility scores and those whose recommendations are far from the final decision undergo a decrease in their credibility scores. This process is of prime importance to guarantee the honesty of the recommendation process since the performance of the DST aggregation technique is highly dependent on the credibility scores of the recommenders.

3.5 Incentive Mechanism and Participation Motivation

In order to motivate the agents to participate in the recommendation process, we propose in this section an incentive mechanism which links the participation of the agents with the number of inquiries that they are allowed to make. Initially, all agents have an equal amount of inquiries that they are allowed to make from any other agent. This amount is then updated during the recommendation process as shown in Eq. (6). Specifically, every certain period of time, the number of inquiries that an agent is allowed to make from any other agent get increased in terms of the number of inquiries coming from that has answered, as well as the credibility score of believed by , i.e.,


In Eq. (6), denotes the total number of inquiry requests that is allowed to make from , denotes the number of recommendations that has answered in favor of , and denotes the credibility score of agent believed by agent . In this way, the agents that refuse to participate in the recommendation process would, over time, end up being unable to make any request from any other agent. In addition, by linking the number of inquiries with the credibility score of the recommender agent, we aim at motivating those agents to provide honest opinions.

4 Experimental Evaluation

4.1 Experimental Setup and Datasets

We compare our solution with the MET recommendation-based trust model proposed in [2]. The objective of MET is to derive the optimal trust network that provides the most accurate estimation of sellers’ reputation scores in duopoly environments. To carry out these experiments, we consider a similar environment to that considered in [2] by simulating three types of attacks that can be launched by consulted agents (i.e, advisors) to mislead the recommendation-based trust establishment process (i.e., Sybil, camouflage, and whitewashing) and setting the percentage of attackers to of the total number of advisors. We compare both approaches in terms of Mean Absolute Error (MAE), which is computed as follows: , where is the actual trust score of item , is the trust value of item estimated by the trust model, and is the number of consulted agents. In Sybil attacks, dishonest agents generate several fake identities in an attempt to manipulate the trust aggregation process by submitting a large number of dishonest recommendations. In camouflage attacks, attackers try to fool the trust system by providing honest recommendations in the beginning to build good credibility scores and then start to submit dishonest recommendations. In whitewashing, dishonest agents try to clear their bad credibility history through continuously creating new identities.

To conduct the experiments, real-world trust data from the Epinions111http://www.epinions.com/ large Web community are employed. Epinions allows users to express their opinions regarding a wide variety of items (e.g., movies, cars, etc.) in the form of numeric ratings from the interval , with being the rating which represents the least satisfaction level and being the rating which represents a full satisfaction level. Epinions allows users as well to rate each other on the basis of the meaningfulness of their submitted ratings. The dataset consists of approximately items rated by users, where a total of reviews are collected [4]. We chose to use Epinions when comparing with other approaches thanks to its large-scale nature, which allows us to better test the generalizability of the studied solutions. The machine learning classifier has been trained on the dataset following the -fold cross-validation approach (with ) [6]. Note finally that the experiments have been conducted using Matlab in a -bit Windows environment on a machine equipped with an Intel Core i- CPU GHz Processor and GB RAM.

4.2 Results and Discussion

Our Solution MET
Table 1: Mean Absolute Error (MAE) comparison of items’ initial trust estimation between our solution and MET [2]

We notice from Table 1 that our solution decreases the MAE compared to MET in the presence of Sybil attacks. In fact, MET is based on the idea of generating various networks of advisors with different trust values using evolutionary operators and then keeping the best network that consists of advisors having the highest trust values. However, even in the optimal network of advisors, there is still some chances of encountering a minority of advisors that might provide inaccurate recommendations. Worse, in the case of Sybil attacks, such a minority might even become a majority by creating a large number of fake identities. In such cases, MET provides no countermeasures against such advisors. On the other hand, our solution operates not only at the collection level but also at the recommendation aggregation level, thus providing an additional countermeasure against dishonesty. Specifically, in our approach, we broadcast the recommendation requests to the set of available advisors and allow these advisors to self-assess their degrees of accuracy prior to submitting their recommendations. Thereafter, we aggregate the recommendations coming from advisors having different levels of credibility using the Dempster-Shafer method, which is mainly influenced by the credibility of the agents, rather than their number. This makes our solution quite resilient to Sybil attacks and efficient even in scenarios in which dishonest advisors might form the majority [11].

On the other hand, in camouflage attacks, MET entails lower MAE compared to our solution. The reason is that in such a type of attacks, dishonest advisors initially provide honest recommendations to build up good credibility scores, prior to starting their dishonest recommendations. This makes our recommendation-based trust aggregation method, which is mainly influenced by the credibility scores of the advisors, to be vulnerable to such attackers for a short period of time (i.e., the period at which dishonest advisors switch their behavior and start providing misleading recommendations). When it comes to whitewashing attacks, our solution and MET show relatively similar resilience to such attacks. In fact, MET keeps only the network of advisors with the most suitable trust values according to some evolutionary operators, which makes it hard for whitewashing agents to get into these networks. In our solution, even though some dishonest agents might clear their bad credibility history and rejoin the network again, such newcomer agents aren’t expected to have high credibility values as compared to those honest agents who have strived to build and retain high credibility scores. Consequently, the presence of camouflage attackers does not have a significant impact on the performance of our solution.

(a) Sybil
(b) Camouflage
(c) Whitewashing
Figure 1: The effects of Sybil, camouflage, and whitewashing attacks on the MAE entailed by our solution

In Fig. 1, we study in more detail the effects of each of the three types of attacks on our solution. We can notice from Fig. 0(a) that Sybil attacks have no effect on our solution, for the reasons mentioned above. From Fig. 0(b)

, we can see that up to the fifth iteration (the period during which camouflage attackers provide honest recommendations to gain high credibility scores), the MAE entailed by our solution is low. At the fifth iteration (the time moment at which camouflage attackers start to change their behavior by providing dishonest recommendations), the MAE of our solution is reported to be relatively high (i.e.,

). Starting from the sixth iteration, our solution starts to recognize the camouflage attackers and decrease their credibility, thus leading to gradually improving the performance and decreasing the MAE. Finally, from 0(c), we notice that whitewashing attacks have a small effect on the performance of our solution for the reasons mentioned in the previous paragraph.

5 Conclusion and Future Work

Ensuring the honesty of recommendations is a building block for the success of any recommendation-based trust model. We proposed in this paper a mechanism to deal with dishonest recommendations at both the collection and processing levels. Experimental results on a real-life dataset revealed that our solution considerably increases the accuracy of recommendations in the presence of Sybil attackers. Our solution shows also significant resilience to whitewashing and camouflage attacks.

Three issues are important to continue to consider for future work. The first is that of identity management, which is important to verify the identities of the recommenders and prevent identity impersonation and/or duplication. To address this issue, we plan to integrate blockchain-based solutions such as uport222https://www.uport.me/ into our solution. Another issue is addressing cases where peers have subjective differences. In the future, we plan to extend our solution to support situations wherein users might use different evaluation functions, thus learning these functions in a manner similar to that of the BLADE system [7]. A final concern is to continue to incentivize peers to provide recommendations. This is an ongoing concern for recommender systems, especially in crowdsourced environments.


  • [1] G. Guibing, Z. Jie, and T. Daniel (2014) Merging trust in collaborative filtering to alleviate data sparsity and cold start. Knowledge-Based Systems 57, pp. 57–68. Cited by: §2.
  • [2] S. Jiang, J. Zhang, and Y. Ong (2013) An evolutionary model for constructing robust trust networks. In Proceedings of the 2013 international conference on Autonomous agents and multi-agent systems, pp. 813–820. Cited by: §4.1, Table 1.
  • [3] B. Lika, K. Kolomvatsos, and S. Hadjiefthymiades (2014) Facing the cold start problem in recommender systems. Expert Systems with Applications 41 (4), pp. 2065–2073. Cited by: §2.
  • [4] P. Massa and P. Avesani (2006) Trust-aware bootstrapping of recommender systems. In ECAI workshop on recommender systems, pp. 29–33. Cited by: §2, §4.1.
  • [5] D. Quercia, S. Hailes, and L. Capra (2007) TRULLO-local trust bootstrapping for ubiquitous devices. In Mobile and Ubiquitous Systems: Networking & Services, 2007. MobiQuitous 2007. Fourth Annual International Conference on, pp. 1–9. Cited by: §2.
  • [6] P. Refaeilzadeh, L. Tang, and H. Liu (2009) Cross-validation. In Encyclopedia of database systems, pp. 532–538. Cited by: §4.1.
  • [7] K. Regan, P. Poupart, and R. Cohen (2006) Bayesian reputation modeling in e-marketplaces sensitive to subjectivity, deception and change. In

    Proceedings of the National Conference on Artificial Intelligence

    Vol. 21, pp. 1206. Cited by: §5.
  • [8] S. Sen (2013) A comprehensive approach to trust management. In Proceedings of the 2013 international conference on Autonomous agents and multi-agent systems, pp. 797–800. Cited by: §1.1, §1.
  • [9] G. Shafer (1992) Dempster-shafer theory. Encyclopedia of artificial intelligence, pp. 330–331. Cited by: §1.1.
  • [10] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad (2015) A survey on trust and reputation models for web services: single, composite, and communities. Decision Support Systems 74, pp. 121–134. Cited by: §1.1.
  • [11] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad (2018) Towards trustworthy multi-cloud services communities: a trust-based hedonic coalitional game. IEEE Transactions on Services Computing 11, pp. 184–201. Cited by: §4.2.
  • [12] O. A. Wahab, J. Bentahar, H. Otrok, and A. Mourad (2019) Resource-aware detection and defense system against multi-type attacks in the cloud: repeated bayesian stackelberg game. IEEE Transactions on Dependable and Secure Computing. Cited by: §1.1.
  • [13] O. A. Wahab, R. Cohen, J. Bentahar, H. Otrok, A. Mourad, and G. Rjoub (2020) An endorsement-based trust bootstrapping approach for newcomer cloud services. Information Sciences. Cited by: §1.1.
  • [14] J. Wang and H. Sun (2009) A new evidential trust model for open communities. Computer Standards & Interfaces 31 (5), pp. 994–1001. Cited by: §3.3.
  • [15] B. Yu and M. P. Singh (2002) An evidential model of distributed reputation management. In Proceedings of the first international joint conference on Autonomous Agents and Multiagent Systems: Part 1, pp. 294–301. Cited by: §3.3.