Anyone who uses the internet will be aware of ratings and reviews, for example when booking a hotel. How much trust can we place in reviews we read online? Perhaps internet trolls bombarded a site with negative ratings, or perhaps a company's PR person wrote something glowingly positive for their client? Most people have a degree of skepticism. Ratings can also be used behind the screens, for example when flagging possible malware. Can we automate decisions based on ratings? Is there a formulaic way of using the ratings without being deceived? Our research proposes a foundation to enable secure decisions based on ratings.
Ratings are especially important in open networks, which play a large role in the internet of things. In open networks, participants are potentially malicious (attackers), yet we may rely on information that they provide. In current analysis of networks that use potentially unfair ratings, assumptions are made about the attackers. For example, that they maximise their profit, or want to perform specific actions. In reality, however, we cannot know what the attackers want or will do. This is the crucial challenge in our approach: we provide solutions with a proven risk-bound, regardless of the behaviour of the attackers.
Using information theory, digital networks are able to reconstruct signals despite noise. By modelling correct decisions as a signal, and attacks as noise, we have proven in previous work that typically, information is carried in ratings. With techniques similar to those applied in digital networks, we can reconstruct the correct decision. So, we propose a framework of methods to use information to come to correct decisions despite attacks.
Our framework consists of general techniques regarding transforming ratings to correct decisions, and of decision schemes based on these techniques. There are two major applications: a centralised system making a decision, and a decentralised system where individuals make decisions. Centralised examples are YouTube deleting content on the basis of copyright claims, Facebook censoring obscene material and finding fraudulent merchants on an e-commerce system. Decentralised example are ad-hoc networks, where distant nodes are selected to route sensitive information, peer to peer networks, with malicious peers breaking protocol, and peer assessment, where students have to grade their peers. We deliver both a centralised and a decentralised system that makes provably correct decisions under all attacks.
A major component of the framework is the theoretical foundation for ratings. We define three desirable properties: robustness, optimality and stability. A decision scheme is called epsilon-robust if it provides the wrong decision with a probability under epsilon. With sufficient ratings from sources that are sufficiently probably honest, this is easy to obtain. Optimality is about reducing the cost (amount and complexity of ratings) to the minimum. Stability means that if the degree of honesty is lower than expected, the decision scheme cannot be improved without raising costs. We investigate in which contexts robustness, optimality and stability can combine, and at which cost this occurs.
The most interesting context is dynamic: where users can determine (with a probability of false positives/negatives) the veracity of previous ratings. This dynamic context is both theoretically and practically interesting. The theoretical interest is that more advanced information theoretic techniques are required, and there may be deep links to other fields, such as adversarial machine learning. The practical interest is that in many systems, sources are being used more than once, and decision makers do have a vague idea about the quality of older ratings. Provably effective use of this dynamic information has not been achieved, and will improve the security of rating systems.
The result of this research will be to provide more secure rating systems.
|