2011, Vol.16 No.5, 405-408
Article ID 1007-1202(2011)05-0405-04
DOI 10.1007/s11859-011-0770-7
A Mechanism Based on Reputation
in P2P Networks to Counter
Malicious Packet Dropping
□ PENG Hao1, LU Songnian1,2†, LI Jianhua1,2,
ZHANG Aixin2, ZHAO Dandan1
1. Electronic Engineering Department, Shanghai Jiao Tong
University, Shanghai 200240, China;
2. School of Information Security Engineering, Shanghai Jiao
Tong University, Shanghai 200240, China
© Wuhan University and Springer-Verlag Berlin Heidelberg 2011
Abstract: In P2P (Peer-to-Peer) networks, some malicious peers
can impact overall networks performance. One of the malicious
behaviors of these peers is malicious packet dropping. In this paper, our focus is to detect and to exclude peers that misbehave by
dropping some or all packets. Here, we propose a reputation-based
mechanism for solving the problem efficiently. The proposed
mechanism uses both direct reputation information and indirect
reputation information to compute comprehensive reputation of a
peer. At the same time, history reputation information is also taken
into account when providing in faults tolerance capability and we
regulate the imprecision based on the fact that the cause of packet
dropping can be complex. Finally, the peers with bad comprehensive reputation can be detected easily and then will be excluded
from the network. In this way, our proposed mechanism improves
the performance of P2P networks without increasing computational overhead.
Key words: P2P (Peer-to-Peer); reputation; malicious peers;
packet dropping
CLC number: TP 305
Received date: 2011-06-23
Foundation item: Supported by the National Key Basic Research Program of
China(973 Program) (2010CB731403) and the Opening Project of Key Lab of
Information Network Security of Ministry of Public Security (C09607).
Biography: PENG Hao, male, Ph.D. candidate, research direction: network
communications and information security.E-mail: penghao2007@ sjtu.edu.cn
† To whom correspondence should be addressed. E-mail: snlu@sjtu.edu.cn
0
Introduction
Peer-to-peer (P2P) networking has become a very
active research area in recent years because of its advantages over the traditional Client/Server model for
applications like file sharing, distributed computing, collaborative applications, etc. However, the open nature of
P2P networks makes them vulnerable for malicious peers
trying to manipulate the network.
To solve this problem, many researchers have proposed various methods based on the reputation model
and achieved degrees of success. There are mainly three
kinds of reputation models: web-based, policy- based,
and reputation-based reputation model [1,2]. These models
can be directly or indirectly introduced into P2P networks to build reputation between peers. However, while
peers’ identity privacy is important, it is difficult to be
achieved in fully distributed P2P networks, because reputation usually depends on information related to identity.
Previous works have focused on developing various
reputation models and enhancing identity privacy for
P2P networks in a number of ways. Ref. [3] discusses the
conflicts between privacy and reputation and proposes a
trade-off model between them. In this model, it introduces multi-pseudonym to protect peers’ identity privacy.
Although all the pseudonyms of a peer may not be linked
together by attackers, privacy is not well protected because each pseudonym’s transaction can still be linked.
Ref. [4] alleviates the identity privacy problem in reputation negotiation by hiding the peers’ credentials. Howev-
Wuhan University Journal of Natural Sciences 2011, Vol.16 No.5
406
er, the negotiation process also depends on the disclosure
of information related to each peer’s identity. Ref. [5]
proposes a reputation-based P2P network to achieve
peers’ anonymity by changing the pseudonym. However,
it is implemented using an online TTP (Trusted Third
Part).
It is acknowledged that identity privacy in fully distributed P2P networks is desirable and necessary, but hard
to achieve when building reputation. Therefore, in this paper we propose an assessment mechanism for P2P networks
based on reputation to alleviate this problem. A reputation
model is also developed to improve the safety of P2P networks by implementing a reputation management method.
The rest of the paper is structured as follows. Section 1 describes the proposed mechanism. Section 2 simulates the mechanism and analyzes its performance. Finally, Section 3 concludes the paper.
1
Proposed Mechanism
In our design, the way of preventing malicious
packet dropping in P2P networks is the detection and
exclusion mechanism. Neighbor detecting reputation
mechanism has been suggested as a means to reduce the
opposite effect of malicious peers. In this section, a reputation-based mechanism will be stated in detail for detecting malicious peers.
Our mechanism requires the following assumptions
to accomplish its functions properly:
① All peers can operate in local mode for neighbor
detecting.
② Misbehaving peers are considered to be selfish
and not malicious.
③ Intrusion prevention measures, such as authentication and digital signature, serve as the first line of
defense.
④ The network is a multi-forwarding network.
1.1 Reputation Model
As mentioned above, the properties of P2P networks, such as peer-independence and lack of central
management, means that detecting in P2P networks can
only be performed in a fully distributed way. Thus, each
peer should be responsible for detecting its neighbors’
behaviors for itself.
We present a reputation-based assessment mechanism for detecting and excluding malicious peers. The
proposed mechanism relies on reputation mechanism for
detecting neighbor peers’ forwarding and for computing
whether a peer is malicious or not. Here are some related
definitions.
Definition 1 Assessment of direct reputation represents direct experience of detecting to a neighboring
peer.
Definition 2 Assessment of indirect reputation represents the synthesis resulting by aggregating multiple
recommendation opinions about a peer.
Definition 3 Assessment of comprehensive reputation represents the final evaluation to neighboring
peers. It can be defined as one peer’s comprehensive
perception of another peer with regard to performing
forwarding operation. A peer with a good comprehensive
reputation means it behaves very well, while peers with
bad comprehensive reputation are malicious.
1.2 Assessment of Direct Reputation
In P2P networks, only fully distributed detecting
techniques can be applied in P2P networks because of
the lack of a central management peer. Assessment of
direct reputation in our mechanism depends on neighbor
observations and analysis. Each peer overhears its
neighboring peers’ packet forwarding activities and detects any abnormal behaviors independently.
The reputation value is hard to quantify because
many dynamic factors are involved. If a peer detects a
packet dropping of a neighboring peer by overhearing, it
cannot determine whether the neighbor is selfish or
failed to forward because of congestion or collision.
Then, an approach based on fuzzy analysis can be used
to deal with this problem.
In our design, the assessment of direct reputation is
not only related to a peer’s packet-forwarding ratio, but
also related to the busy state of peers. Considering these,
we define a packet forwarding ratio and busy degree to
evaluate it. Peer “A” computes packet-forwarding ratio
of peer “B” r (a, b) using the following metric:
n( a, b)
r ( a, b) 
(1)
t ( a, b)
In formula (1), n(a, b) is the number of packets
forwarded by peer “B” during a fixed time, t (a, b) is
the total number of packets forwarded by peer “B” during a fixed time.
Peer “A” computes peer “B” busy degree u(a, b)
using the following metric:
u ( a, b)
d ( a, b) 
(2)
max(a, b)
In formula (2), u(a, b) is the number of packets
forwarded by peer “B” per unit time, max(a, b) is the
maximum number of packets that can be forwarded per
PENG Hao et al : A Mechanism Based on Reputation in P2P Networks to …
unit time.
According to the rules above, peer “A” computes
peer “B” direct reputation D (a, b) using the following
metric:
(3)
D(a, b)   r (a, b)  (1   ) d (a, b)
where  is a weight of packet-forwarding ratio and
1   is a weight of busy degree. Packet-forwarding
ratio may be deemed to be more important than busy
degree, so packet-forwarding ratio will be given greater
weight in the reputation calculations.
1.3 Assessment of Indirect Reputation
Direct observations may not always be effective
because of the weakness described in Ref. [6]. If a peer
makes decisions only based on firsthand information, it
is hard to make sure whether all of its neighboring peers
are normal or not. Using second-hand information can
accelerate the detection and subsequent isolation of malicious peers in P2P networks.
Collaborative detection between peers can be
achieved by broadcasting reputation information to the
neighboring peers. In our design, when peer “A” receives
recommendation reputations of peer “B” from l neighboring peers, peer “A” computes the indirect reputation
of peer “B” ID(a, b) using the following formula:
ID(a, b) 
1 l
 ID( Ni , b) R(a, Ni )
n i 1
(4)
where ID(a, b) is the recommendation reputation value
of peer “B” from peer Ni and R ( a, N i ) is the comprehensive reputation value of peer Ni stored in peer “A”.
1.4 Assessment of Comprehensive Reputation
In our assessment mechanism, every peer has a table that stores a comprehensive reputation value about its
neighbors. Peer “A” updates the comprehensive reputation value of peer “B” on the basis of D(a,b) and
ID(a, b) . Peer “A” computes comprehensive reputation
of peer “B” C (a, b) using the following formula:
C (a, b)   D(a, b)  (1  ) ID(a, b)
(5)
where  is the weight of the direct reputation and
0 ≤  ≤ 1. A peer can make  bigger to increase the
weight of its own observation and then to decrease bad
influence caused by false information from misbehaving
peers. When   1 , it means the peer does not receive
recommendation.
Reputation value should be updated dynamically
because of the dynamic environment in P2P networks.
So our design takes into account the peer’s historical
reputation, which helps us calculate a peer’s comprehensive reputation. In this way, peer “A” can compute the
407
comprehensive reputation of peer “B” C (a, b) using
the following formula:
C (a, b)   Cold (a, b)  (1   ) Cnew (a, b)
(6)
The first part Cold (a, b) describes the comprehensive reputation value of peer ‘B’ figured in the reputation
value table of peer “A” in the past. The second part
Cnew (a, b) reflects the peer B’s new comprehensive reputation value computed currently based on formula (5). 
is the weight of the peer’s past comprehensive reputation
value and 0 ≤  ≤ 1 . If   1 , history reputation value
will play an important role and vice-versa.
Each comprehensive reputation is initialized to 0.5.
The lower the comprehensive reputation the peer has, the
higher the possibility of misbehavior the peer has. When
the comprehensive reputation value of a peer is below a
certain threshold, it is broadcasted to all the neighboring
peers.
2
Simulation Results
To evaluate the effectiveness of the proposed assessment mechanism, a software simulator built from
scratch is adopted. In our simulation design, we use a
mesh topology with 25 000 peers selected randomly.
This mesh represents a general topology and it can also
be applied to specific P2P networks [7]. The simulator
relies on a discrete time paradigm and the time step is
equal to 225 ms.
To perform the simulation analysis, we adopted the
following parameter values. For the sake of clarity only 10
minutes of the overall simulation is presented. To obtain a
realistic simulation we limited the available bandwidth.
According to the application characteristics of P2P networks, the bandwidth is unable to keep a sustained speed
of 5.00 Mb/s, but rather tends to stabilize around a maximum 2.75 Mb/s. The movement of all peers was randomly
generated with a maximum speed of 2.5 Mb/s and an average pause of 30 s. Each simulation runs 500 simulation
seconds. The result is shown in Fig. 1. The vertical axis
shows the comprehensive reputation value in different
forwarding rate, while the horizontal shows the time.
From Fig. 1, it is found that normal peers can obtain
a high reputation value ranging from 0.787 to 0.964 after
a while; the comprehensive reputation of a peer that forwards packets with a rate of 80% can reach a reputation
value ranging from 0.609 to 0.824. As the forwarding
rate decreases, the comprehensive reputation of the malicious peer decreases from the value 0.5 to a value close
Wuhan University Journal of Natural Sciences 2011, Vol.16 No.5
408
to 0.011 gradually.
The changing of comprehensive reputation is gradual. This is because we take history reputation into consideration and deliberate that faults are tolerant. However,
Fig. 1
the differences of comprehensive reputation between
malicious peer and normal peers are still obvious. In this
way, we can decide to select which peers to communicate and isolate the malicious peers.
Comparison of comprehensive reputations of different forwarding rates
tions with fuzzy reputation aggregation[J]. IEEE Internet
3
Conclusion
Computing, 2005, 9(6): 24-34.
[3] Seigneur J M, Jensen C D. Trading privacy for reputa-
In this paper, we proposed a reputation-based
mechanism to counter malicious packet dropping in P2P
networks. It can offer defense against malicious peers
and improve the peer’s quality of service, thus it can ensure P2P network’s communication security and robustness. However, the mechanism proposed in the paper
only uses a reputation threshold to avoid attackers and
then attackers in P2P networks may also adjust adaptively. To enhance our design here, in future work, we will
introduce other mechanisms such as anonymity and load
balance to optimize the mechanism.
tion[C]// Proc 2nd International Conf on Reputation Management (LNCS 2995). Oxford: Springer-Verlag, 2004: 93107.
[4] Bradshaw R W, Holt J E, Seamons K E. Concealing complex
policies with hidden credentials[C]// Proc 11th ACM Conf on
Computer and Communications Security, New York: ACM
Press, 2004: 146-157.
[5] Miranda H, Rodrigues L. A framework to provide anonymity
in reputation networks[C]// Proc 3rd Annual International
Conf on Mobile and Ubiquitous networks: Networks and
Services. San Jose: IEEE Press, 2006: 1-4.
[6] Despotovic Z, Aberer K. P2P reputation management: Prob-
References
abilistic estimation vs. social networks [J]. Computer Networks, 2006, 50(4): 485-500.
[1] Bertino E, Ferrari E, Squicciarini A. Reputation-X: A peer-
[7] Lua E K, Crowcroft J , Pias M, et al. A survey and compari-
to-peer framework for reputation establishment [J]. IEEE
son of peer-to-peer overlay network mechanisms [J]. IEEE
Transaction on Knowledge and Data Engineering, 2004,
Commun. Survey and Tutorial, 2005, 7(2): 72-93.
16(7): 827-842.
[2] Song S, Hwang K, Zhou R, et al. Reputationed P2P transac-
□