Mirror Candidate Ranking in the Regular Mode

SOUP’s regular mode makes use of knowledge that a node does not have during bootstrap-ping, but can obtain after it has established social relations to other users. It will then leverage observations of these users to rank mirror candidates.

As illustrated in Figure 8.1, a node uin regular mode maintains two data structures: a Knowledge Base(KB) andExperience Set (ES). In the knowledge base, every entry is about a node thatuknows. With regard to an entry for nodev, ifvis a mirror ofu,uwill record anexperience value(expv) based onu’s friends’ experience regardingvin the KB.

A nodew isfriends withuif there is an edge (u,w)in the OSN’s social graph G, which represents a social connection between both nodes. The experience value is the basis for ranking mirrors.

117 8.3 Mirror Candidate Ranking in the Regular Mode

(c) After Exchange of Experience Sets

Figure 8.1: Maintenance of knowledge baseKB(top table) and experience setsES(bottom table) at nodeu. Initially,uonly knows one node (nodewin (a)), which is also friends withu(i.e.,sr(u,w) =1). Asulearns about new nodes, it adds them to KB_u(e.g.,x,yin (b)). For each friend, nodeufurther observes the performance of the friend’s mirrors and records its experiences inESu(f riend)(e.g.,win (b)).

ualso receivesESj(u)from each friend j, allowinguto calculate the experience ranking for each node inKB_u(c). Asucontinues to record its own experiences for friend nodes (c), nodewhas replaced nodev₂—for whichuobserved a bad performance—with nodev₄.

u

Figure 8.2: An example for a recording of Experience Sets. Here, nodewhas selected the nodesv₁,v₂andv₃as mirrors for her data. During the time in whichwis offline, nodeutries to requestw’s data from different mirrors. Whileuis successful in retrieving the desired data fromv₁andv₃, a request towardsv₂fails. urecords these observations in the experience sets and periodically transmits the collected sets tow. Based on all collected experience sets submitted by her friends,wcan then rank its existing mirrors and react to their performance. In case of a bad performance,wwill increase mirrors or select different nodes as mirrors,wcan reduce the mirrors in case of a good performance.

In addition, the entry forvwill record whether or notvis friends withuand a Time-To-Live(TTL) value that decreases every timeudoes not choosevas a mirror (TTL not shown in Figure 8.1).

Also, for every nodewthat is a friend ofu,urecords an experience setESu(w)as shown in Figure 8.2. This set recordsu’s observations ofw’s mirrors; that is, when requestingw’s data (Step 1 in Figure 8.2),urecords whether or not the data is available atw’s mirrors (see Figure 8.1b). It will then periodically transmit its experiences tow(Step 2).

Besides confining overhead, the experience set exchange is limited to friends for two further reasons:

(i) Users request the their friends’ profiles more often than those of strangers. This way, they can record experience sets on the fly when requesting the data anyway.

(ii) The limitation raises the bar for malicious nodes trying to perform slander, as they have to establish social connections to their victims first.

119 8.3 Mirror Candidate Ranking in the Regular Mode Thus, for every node jthatuis friends with,uwill receive an experience setESj(u)from j, which includes j’s observations aboutu’s mirrors. For any mirrorv, nodeu can then calculatev’s experience value—which also serves asv’s ranking—as:

exp_v= (1−α)·exp^old_v +α·1

wherenis the number of experience sets thatu’s friends have reported,o_(j,v)is the number of observations regardingvthat a friend jis reporting since the last experience set exchange, omax is the maximum number of observations that jcan report, and av_(j,v) ∈[0,1] is the availability ofvduring j’s requests ofu’s data. Equation (8.3.1) was designed with respect to a trade-off between accuracy and security:

• Accuracy. u usually does not carewhotried to access its data (especially since the exchange of observations is limited to friend nodes). Instead, it cares for the number of attempts and successes of each reporting node in receiving its data. For instance, in retrieving u’s data fromv, if one node reports 100% success (9 successes out of 9 attempts) while another reports 0% (0 out of 1), vshould not receive a mediocre ranking since in total 9 out of 10 attempts succeeded.

• Security. However, a single malicious node or multiple collaborating Sybil accounts could report huge numbers of manipulated observations, outweighing a lot of regu-larly observing nodes. Recall that existing defenses against vote manipulations by Sybils have been shown to be ineffective (Chapter 6). Hence, the maximum number of observations, omax, that a node can report is limited to confine the influence of a few (potentially malicious) nodes in this calculation.

Withexp_vcomputed as above, a significant portion of the recommending nodes, i.e., the friends ofu, need to be malicious to have an impact on the selection scheme, while the experience from nodes with more observations still carries more weight.

Finally,α is the aging factor of observations, and a more recent observation carries more weight than an older one (exp^old_v ). Otherwise, a malicious node could perform a traitor attack, where it obtains an excellent reputation just to exploit it afterwards. In particular, such a node could offer exceptional storage capacities and online time, and thereby likely getting selected as a mirror by many users, just to disappear later. Or, the quality of a mirror could suddenly deteriorate because of accidental reasons like connectivity problems.

Applying the aging factor supports quick adaption to such situations. However,α should also not be over-valued, since a performance degradation can be temporary as well. When evaluating α, it appears that observing only the most recent observations might in fact lead to unstable mirror sets. Choosingα =0.75 provided the best experimental trade-off between adaptation and stability.

Algorithm 1The mirror selection at nodeu. Given a ranked list of candidates foru,Cu,u will select the highest ranked nodes fromCuuntil the estimated data request failure from the already selected mirrors is below the target error rateε.uwill then apply the social filterβ to the not selected follow-up nodes inCuwho are friends withu. The filter checks whether or not these nodes perform close to a selected mirror node, with whomuis not friends. If so, the mirror node is replaced. Finally,uadds a random node to the mirror set to prevent the overlooking of better nodes.

M_u: set ofu’s mirrors, initially empty C_u: a ranked list of mirror candidates r_v: a candidatev’s ranking value

# Select nodes from C_u

# Apply social filter to nodes in M_u

# (sr(u,v)=1 if u is friends with v; 0 otherwise.)