Professional Documents
Culture Documents
Sybillimit: A Near-Optimal Social Network Defense Against Sybil Attacks
Sybillimit: A Near-Optimal Social Network Defense Against Sybil Attacks
Sybillimit: A Near-Optimal Social Network Defense Against Sybil Attacks
running an approximation algorithm [27] for minimal quotient has more than a handful of network positions, the attacker can
cut will bound the number of sybil identities accepted within fabricate arbitrary network coordinates.
per attack edge, where is the number of honest iden- In reputation systems, colluding sybil nodes may artificially
tities. Also assuming global knowledge and further focusing on increase a (malicious) user’s rating (e.g., in Ebay). Some sys-
scenarios where only honest identities are seeking to be tems such as Credence [32] rely on a trusted central authority to
accepted, SumUp [26] uses adaptive maximum flow on the so- prevent this. There are existing distributed defenses [33], [34]
cial network to bound the number of sybil identities (voters) ac- to prevent such artificial rating increases. These defenses, how-
cepted per attack edge within . ever, cannot bound the number of sybil nodes accepted, and in
Similarly, the complete design of Ostra [24] and SybilInfer fact, all the sybil nodes can obtain the same rating as the ma-
[25] also assume global knowledge about the social network. licious user. Sybil attacks and related problems have also been
Even though both works [24], [25] allude to decentralized de- studied in sensor networks [35], [36], but the approaches and
signs, none of them provides a complete design that is decen- solutions usually rely on the unique properties of sensor net-
tralized. Ostra does not provide guarantees that are provable. works (e.g., key predistribution). Margolin et al. [37] proposed
SybilInfer only proves that sybil nodes will increase the mixing using cash rewards to motivate one sybil node to reveal other
time of the graph and thus affect the probability that a random sybil nodes, which is complimentary to bounding the number
walk starting from a region will end within that region. There is of sybil nodes accepted in the first place.
no result proven on how much the probability is affected. Sybil-
Infer determines the probability via sampling, which by itself C. Social Networks and Their Fast-Mixing Properties
has unknown estimation error. As a result, SybilInfer is not able Besides sybil defense, social networks have been used else-
to prove an end-to-end guarantee on the number of sybil nodes where (e.g., for digital library maintenance in LOCKSS [38]).
accepted. Social networks are one type of trust networks. Unlike many
In contrast to all these above efforts, SybilLimit avoids the other works [32]–[34] on trust networks, SybilLimit does not
need for any global knowledge by using a decentralized secure use trust propagation in the social network.
random route technique. It provably bounds the number of sybil Concurrent with the preliminary version [39] of this paper,
identities accepted per attack edge within while ac- Leskovec et al. [40] independently validate the fast-mixing
cepting nearly all honest nodes. The relationship between Sybil- property of real-world social networks. Their study investigates
Guard and SybilLimit is discussed in more detail in Sections IV over 70 large real-world social and information networks (from
and V-C. a few thousand nodes to over 10 million nodes). They show that
Finally, orthogonal to SybilLimit’s goal of limiting the in nearly every dataset, at nontrivial size scales ( 100 nodes),
number of accepted sybil nodes, Ostra and SumUp further social communities gradually “blend in” more and more with
leverage feedback to modify the weight of the edges in the so- the rest of the network and thus become less and less “commu-
cial network dynamically. Neither of these two feedback-based nity-like.” This in turn implies that, at a nontrivial scale, social
heuristics offers a provable guarantee. Our recent work on networks are expander-like and will likely not contain small
DSybil [28] also uses feedback to defend against sybil attacks quotient cuts in the absence of sybil attacks.
in the context of recommendation systems and provides strong
provable end-to-end guarantees. In scenarios where feedback
is available, we expect that combining these feedback-based III. SYSTEM MODEL AND ATTACK MODEL
techniques with SybilLimit can further strengthen the defense. SybilLimit adopts a similar system model and attack model
as SybilGuard [13]. The system has honest human beings as
B. Other Sybil Defenses honest users, each with one honest identity/node. Honest nodes
Some researchers [29] proposed exploiting the bootstrap tree obey the protocol. The system also has one or more malicious
of DHTs. Here, the insight is that the large number of sybil human beings as malicious users, each with one or more identi-
nodes will all be introduced (directly or indirectly) into the DHT ties/nodes. To unify terminology, we call all identities created by
by a small number of malicious users. Bootstrap trees may ap- malicious users as sybil identities/nodes. Sybil nodes are byzan-
pear similar to our approach, but they have the drawback that tine and may behave arbitrarily. All sybil nodes are colluding
an honest user may also indirectly introduce a large number of and are controlled by an adversary. A compromised honest node
other honest users. Such a possibility makes it difficult to dis- is completely controlled by the adversary and hence is consid-
tinguish malicious users from honest users. Instead of simply ered as a sybil node and not as an honest node.
counting the number of nodes introduced directly and indirectly, There is an undirected social network among all the nodes,
SybilLimit distinguishes sybil nodes from honest nodes based where each undirected edge corresponds to a human-established
on graph mixing time. It was shown [29] that the effectiveness trust relation in the real world. The adversary may create ar-
of the bootstrap tree approach deteriorates as the adversary cre- bitrary edges among sybil nodes in the social network. Each
ates more and more sybil nodes, whereas SybilLimit’s guaran- honest user knows his/her neighbors in the social network, while
tees hold no matter how many sybil nodes are created. Some the adversary has full knowledge of the entire social network.
researchers [30] assume that the attacker has only one or small The honest nodes have undirected edges among themselves
number of network positions in the Internet. If such assumption in the social network. For expository purposes, we sometimes
holds, then all sybil nodes created by the attacker will have sim- also consider the undirected edges as directed edges. The
ilar network coordinates [31]. Unfortunately, once the attacker adversary may eavesdrop on any messages sent in the protocol.
888 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 18, NO. 3, JUNE 2010
Fig. 3. Protocol for suspects to do random routes and register their public keys.
random route. This means that the adversary can register only TABLE II
public keys for all the sybil nodes combined. In KEY NOTATIONS
order to accept a suspect , must find an intersection between
its random route and ’s random route and then confirm that
is properly registered at the intersecting node. As a result, only
sybil nodes will be accepted per attack edge. For
, the total number of sybil nodes accepted
is .
Fig. 5. Protocol for V to verify S . V has r counters c ;...c initialized to zero at startup time.
from the set of non-escaping tails from honest suspects. The requires that accepting should not result in a large “load spike”
reason is that random routes are back-traceable, and starting and cause the load on any tail to exceed . Here,
from a non-escaping tail, one can always trace back to the is the current average load across all ’s tails, and is
starting node of the random route, encountering only honest some universal constant that is not too small (we use in
nodes. This means that an honest suspect will never need to our experiments). In comparison, SybilGuard does not have any
compete with the sybil nodes for a tail as long as its random balance condition.
route is non-escaping. 2) Performance Overheads: The verification protocol can
After the secure random route protocol stabilizes (i.e., all be made highly efficient. Except for Steps 1 and 3, all steps
propagations have completed), the following properties are in the protocol involve only local computation. Instead of di-
guaranteed to hold: rectly sending public keys in Step 1, can readily use a
• In every s-instance, each directed edge in the honest region Bloom Filter [14] to summarize the set of keys. In Step 3, for
allows only one public key to be registered. every intersecting tail in , needs to contact one node. On av-
• In every s-instance, an honest suspect can always register erage, the number of intersections between a verifier and an
its public key with its non-escaping tail (if any) in that honest suspect in the honest region is with ,
s-instance. resulting in messages. The adversary may intentionally
• In every s-instance, among all the directed edges in the introduce additional intersections in the sybil region between
honest region, sybil nodes can register their public keys ’s and ’s escaping tails. However, if those extra intersecting
only with tainted tails. This is because nodes communicate nodes (introduced by the adversary) do not reply, can black-
with only their neighbors (together with proper authentica- list them. If they do reply and if is overwhelmed by the over-
tion) and also because the counter in the registration mes- head of such replies, then the adversary is effectively launching
sage is incremented at each hop. a DoS attack. Notice that the adversary can launch such a DoS
• In every s-instance (v-instance), if an honest suspect (an attack against even if were not running SybilLimit. Thus,
honest verifier ) has a non-escaping tail “ ,” then such attacks are orthogonal to SybilLimit.
knows ’s and ’s public keys.
4) User and Node Dynamics: Most of our discussion so far C. Key Ideas in SybilLimit, vis-à-vis SybilGuard
assumes that the social network is static and all nodes are online.
All techniques in SybilGuard to efficiently deal with user/node This section highlights the key novel ideas in SybilLimit that
dynamics, as well as techniques to properly overwrite stale reg- eventually lead to the substantial end-to-end improvements over
istration information for preventing certain attacks [13], apply to SybilGuard.
SybilLimit without modification. We do not elaborate on these 1) Intersection Condition: To help convey the intuition, we
due to space limitations. will assume in the following. In SybilLimit, each node
uses random routes of length
B. Verification Protocol instead of a single random route of length
1) Protocol Description: After the secure random route pro- as in SybilGuard.1 In SybilGuard, each node along a random
tocol stabilizes, a verifier can invoke the verification protocol route corresponds to a “slot” for registering the public key of
in Fig. 5 to determine whether to accept a suspect . must some node. The adversary can fake distinct random routes of
satisfy both the intersection condition (Steps 2–4 in Fig. 5) and length that cross the attack edge and enter the honest region.
the balance condition (Steps 5–7) to be accepted. This means that the adversary will have
The intersection condition requires that ’s tails and ’s tails slots for the sybil nodes in SybilGuard.
must intersect (instance number is ignored when determining In SybilLimit, the tail of each random route corresponds to
intersection), with being registered at the intersecting tail. In a “slot” for registration. In any given s-instance, the adversary
contrast, SybilGuard has an intersection condition on nodes (in- can fake distinct random routes of length that cross the
stead of on edges or tails). For the balance condition, main-
tains counters corresponding to its tails. Every accepted sus- p
1As an engineering optimization, a degree-d node in SybilGuard can perform
d random routes of length 2( n log n), but this does not improve SybilGuard’s
pect increments the “load” of some tail. The balance condition asymptotic guarantees.
892 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 18, NO. 3, JUNE 2010
attack edge and enter the honest region. Notice that here Sybil- 3) Benchmarking Technique: The SybilLimit protocol in
Limit reduces the number of such routes by using a that is Figs. 3 and 5 assumes that is known. Obviously,
much smaller than . Furthermore, because we are concerned without global knowledge, every node in SybilLimit needs
only with tails now, in the given s-instance, the adversary will to estimate locally. Recall that SybilGuard also needs to
have only slots. With s-instances, the adversary will have estimate some system parameter (more specifically, the length
such slots total for all the sybil nodes. of the walk). SybilGuard uses the sampling technique to do
This reduction from slots to slots is so, which only works for . To allow any
the first key step in SybilLimit. , SybilLimit avoids sampling completely. In-
However, doing random routes introduces two problems. stead, it use a novel and perhaps counterintuitive benchmarking
The first is that it is impossible for a degree- node to have more technique that mixes the real suspects with some random bench-
than distinct random routes if we directly use SybilGuard’s ap- mark suspects that are already known to be mostly honest. The
proach. SybilLimit observes that one can use many independent technique guarantees that a node will never overestimate
instances of the random route protocol while still preserving regardless of the adversary’s behavior. If the adversary causes
the desired convergence/back-traceability property. The second an underestimation for , somewhat counterintuitively, the
problem is more serious. SybilGuard relies on the simple fact technique can ensure that SybilLimit still achieves its end
that the number of distinct routes from the adversary is . All guarantees despite the underestimated . We will leave the
slots on the same route must have the same public key registered. detailed discussion to Section VII.
This ensures that the total number of sybil nodes registered is . VI. PROVABLE GUARANTEES OF SYBILLIMIT
In SybilLimit, there are distinct routes from the adversary.
Thus, a naive design may end up accepting While the intersection and balance conditions are simple at
sybil nodes, which is even worse than SybilGuard. SybilLimit’s the protocol/implementation level, it is far from obvious why
key idea here is to perform intersections on edges instead of on the designs provide the desired guarantees. We adopt the phi-
nodes. Because the stationary distribution on edges is always losophy that all guarantees of SybilLimit must be proven mathe-
matically because experimental methods can cover only a subset
uniform in any graph, it ensures that the flip-side of the Birthday
of the adversary’s strategies. Our proofs pay special attention to
Paradox holds. Namely, slots are both sufficient and
the correlation among various events, which turns out to be a
necessary for intersection to happen (with high probability). To-
key challenge. We cannot assume independence for simplicity
gether with earlier arguments on the number of slots in Sybil-
because, after all, SybilLimit exactly leverages external correla-
Limit, this will eventually allow us to prove that the number of
tion among random routes. The following is the main theorem
sybil nodes with tails intersecting with ’s non-escaping tails
on SybilLimit’s guarantee.
(more precisely, ’s uniform non-escaping tails—see later) is
Theorem 3: Assume that the social network’s honest region
per attack edge.
is fast-mixing and . For any given constants
2) Balance Condition: In SybilGuard, the verifier’s random (potentially close to zero) and , there is a set of
route is either escaping or non-escaping, resulting in an honest verifiers and universal constants and , such
“all-or-nothing” effect. For SybilGuard to work, this single that using and in SybilLimit will guar-
random route must be non-escaping. Because of the large antee that for any given verifier in the set, with probability of
of , the escaping probability will be once at least , accepts at most sybil nodes per attack
reaches . Using much shorter random routes of edge and at least honest nodes.
length in SybilLimit decreases such escaping probability. For the remaining small fraction of honest verifiers, Sybil-
On the other hand, because a verifier in SybilLimit needs to Limit provides a degraded guarantee that is not provable. Be-
do such routes, it remains quite likely that some of them cause of space limitations, we will provide mostly intuitions in
are escaping. In fact, with and , the following and leave formal/complete proofs to our technical
the probability of at least one of the routes being escaping report [43].
in SybilLimit is even larger than the probability of the single
length- random route being escaping in SybilGuard. Thus, so A. Intersection Condition
far we have only made the “all-or-nothing” effect in SybilGuard 1) Preliminaries: Classifying Tails and Nodes: As prepara-
fractional. tion, we first carefully classify tails and nodes. Later, we will
SybilLimit relies on its (new) balance condition to address need to use different techniques to reason about different types
this fraction of escaping routes. To obtain some intuition, let us of tails and nodes. Table III summarizes the key definitions we
imagine the verifier ’s tails as bins that can accommodate up will use. Consider a given verifier (or suspect ) and a given
to a certain load. When accepts a suspect , out of all of ’s v-instance (or s-instance). We classify its tail into three possibil-
tails that intersect with ’s tails, conceptually increments the ities: 1) the tail is an escaping tail (recall Section V-A); 2) the tail
load of the least loaded tail/bin. Because of the randomness in is not escaping and is drawn from the (uniform) edge stationary
the system, one would conjecture that all of ’s tails should distribution (i.e., a uniform tail); or 3) the tail is not escaping
have similar load. If this is indeed true, then we can enforce and is drawn from some unknown distribution on the edges (i.e.,
a quota on the load of each tail, which will in turn bound the a non-uniform tail).2 In a given v-instance, the routing tables
number of sybil nodes accepted by ’s escaping tails. Later, we
2A finite-length random walk can only approach but never reach the stationary
will show that the balance condition bounds the number within distribution. Thus a small fraction of tails will be non-uniform (also see Theorem
. 1).
YU et al.: SybilLimit: A NEAR-OPTIMAL SOCIAL NETWORK DEFENSE AGAINST SYBIL ATTACKS 893
B. Balance Condition erty here is that because the escaping probability of such random
In this section, for any verifier , we treat all of its non- routes is , even without invoking SybilLimit, we are assured
uniform tails as escaping tails. Obviously, this only increases that . The test set contains the real suspects
the adversary’s power and makes our arguments pessimistic. that wants to verify, which may or may not happen to belong
The goal of the balance condition is to bound the number of to . We similarly define and . Our technique will hinge
sybil nodes accepted by ’s escaping tails without significantly upon the adversary not knowing or (see later for how to
hurting honest suspects (who are subject to the same balance ensure this), even though it may know and .
condition). While the condition is simple, rigorously reasoning To estimate , a verifier starts from and then re-
about it turns out to be quite tricky due to the external correla- peatedly doubles . For every value, verifies all suspects
tion among random routes and also adversarial disruption that in and . It stops doubling when most of the nodes in
may intentionally cause load imbalance. This introduces chal- (e.g., 95%) are accepted, and then makes a final determination
lenges particularly for proving why most honest suspects will for each suspect in .
satisfy the balance condition despite all these disruptions.
B. No Overestimation
1) Effects on Sybil Suspects: Here, we focus on the intu-
ition. An honest verifier has a total of tails, out of which Once reaches , most of the suspects in will in-
roughly are escaping tails (by Lemma deed be accepted, regardless of the behavior of the adversary.
4). Those uniform tails together will accept at most Furthermore, because , having an of
honest suspects and at most sybil suspects (from will enable us to reach the threshold (e.g., 95%) and stop
the intersection condition). Given the various randomness in the doubling further. Thus, will never overestimate (within a
system, one would hope that each uniform tail should accept factor of 2).
roughly suspects.
C. Underestimation Will Not Compromise SybilLimit’s
The balance condition thus intends to impose a limit
Guarantees
of on the number of suspects that each tail can
accept. This is effective because has only roughly It is possible for the adversary to cause an underestimation
escaping tails. Thus, the total number of by introducing artificial intersections between the escaping
of sybil suspects accepted by the escaping tails will be roughly tails of and the escaping tails of suspects in . This may
, which is precisely cause the threshold to be reached before reaches .
what we are aiming for. Of course, is unknown to Sybil- What if SybilLimit operates under an ? Interest-
Limit, thus the protocol uses a floating bar as in Fig. 5. Our ingly, SybilLimit can bound the number of sybil nodes accepted
technical report [43] explains further and formalizes the above within per attack edge not only when , but
arguments. also for (see [43] for proofs). To obtain some intu-
2) Effects on Honest Suspects: Reasoning about the effects ition, first notice that the number of sybil nodes with tails inter-
of the balance condition on honest suspects is the most com- secting with ’s uniform tails (Section VI-A) can only decrease
plex part in SybilLimit’s proof. For space limitations, we leave when is smaller. Second, the arguments regarding the number
the arguments and proofs to our technical report [43], which of sybil nodes accepted by ’s escaping tails and non-uniform
shows that most of the honest suspects will satisfy the balance tails (Section VI-B) hinges only upon the fraction of those tails
condition. and not the value of .
Using , however, will decrease the probability
VII. ESTIMATING THE NUMBER OF ROUTES NEEDED of tail intersection between the verifier and an honest suspect.
We have shown that in SybilLimit, a verifier will accept Here, we leverage a second important property of the bench-
honest suspects with probability if . mark set. Namely, conditioned upon the random routes for
The constant can be directly calculated from the Birthday picking benchmark nodes being non-escaping, the adversary
Paradox and the desired end probabilistic guarantees. On the will not know which nodes are picked as benchmark nodes. (If
other hand, is unknown to individual nodes. Adapting the the adversary may eavesdrop messages, we can readily encrypt
sampling approach from SybilGuard (as reviewed in Section IV) messages using edge keys.) As a result, given an honest suspect,
is not possible because that approach is fundamentally limited the adversary cannot tell whether it belongs to or . If
to . most (e.g., 95%) of the suspects in are accepted, then most
suspects in must be accepted as well, since
A. Benchmarking Technique . If most suspects in are accepted under ,
SybilLimit uses a novel and perhaps counterintuitive bench- the adversary must have intentionally caused intersection be-
marking technique to address the previous problem by mixing tween and the suspects in . Because the adversary
the real suspects with some random benchmark nodes that are cannot tell whether an honest suspect belongs to or , it
already known to be mostly honest. Every verifier maintains cannot introduce intersections only for suspects in ; it must
two sets of suspects: the benchmark set and the test set . introduce intersections for suspects in as well. Thus, most
The benchmark set is constructed by repeatedly performing suspects in will be accepted as well under the given .
random routes of length and then adding the ending node
(called the benchmark node) to . Let and be the set D. Further Discussions
of honest and sybil suspects in , respectively. SybilLimit does The benchmarking technique may appear counterintuitive in
not know which nodes in belong to . However, a key prop- two aspects. First, if SybilLimit uses an underestimated , it
YU et al.: SybilLimit: A NEAR-OPTIMAL SOCIAL NETWORK DEFENSE AGAINST SYBIL ATTACKS 895
TABLE IV
SOCIAL NETWORK DATA SETS
X. CONCLUSION
This paper presented SybilLimit, a near-optimal defense
against sybil attacks using social networks. Compared to our
previous SybilGuard protocol [13] that accepted
sybil nodes per attack edge, SybilLimit accepts only
sybil nodes per attack edge. Furthermore, SybilLimit provides
this guarantee even when the number of attack edges grows to
. SybilLimit’s improvement derives from the com-
bination of multiple novel techniques: 1) leveraging multiple
independent instances of the random route protocol to perform
Fig. 9. DBLP.
many short random routes; 2) exploiting intersections on edges
instead of nodes; 3) using the novel balance condition to deal
with escaping tails of the verifier; and 4) using the novel bench-
marking technique to safely estimate . Finally, our results on
real-world social networks confirmed their fast-mixing prop-
erty and, thus, validated the fundamental assumption behind
SybilLimit’s (and SybilGuard’s) approach. As future work,
we intend to implement SybilLimit within the context of some
real-world applications and demonstrate its utility.
ACKNOWLEDGMENT
Fig. 10. Kleinberg. The authors would like to thank J. Roozenburg for allowing
them to use his Friendster data set and R. Wouhaybi for allowing
them to use her LiveJournal data set. The authors also would like
intersection condition, while the second is bounded by the bal- to thank C. Lesniewski-Laas and the anonymous reviewers of
ance condition. In all figures, the number of sybil nodes ac- Oakland’08 and IEEE/ACM TRANSACTIONS ON NETWORKING
cepted grows roughly linearly with . The asymptotic guarantee for many helpful comments on the paper.
of SybilLimit is sybil nodes accepted per attack edge.
Figs. 7–10 show that this asymptotic term translates REFERENCES
to around between 10 (in Friendster, LiveJournal, and Klein-
[1] J. Douceur, “The Sybil attack,” in Proc. IPTPS, 2002, pp. 251–260.
berg) to 20 (in DBLP). As a concrete numerical comparison [2] Q. Lian, Z. Zhang, M. Yang, B. Y. Zhao, Y. Dai, and X. Li, “An empir-
with SybilGuard, SybilGuard [13] uses random routes of length ical study of collusion behavior in the Maze P2P file-sharing system,”
in the million-node Kleinberg graph. Because Sybil- in Proc. IEEE ICDCS, 2007, p. 56.
[3] M. Steiner, T. En-Najjary, and E. W. Biersack, “Exploiting KAD: Pos-
Guard accepts sybil nodes per attack edge, this translates to sible uses and misuses,” ACM SIGCOMM Comput. Commun. Rev., vol.
1906 sybil nodes accepted per attack edge for Kleinberg. Thus, 37, no. 5, pp. 65–70, Oct. 2007.
numerically in Kleinberg, SybilLimit reduces the number of [4] “E-Mule.” [Online]. Available: http://www.emule-project.net
[5] L. Lamport, R. Shostak, and M. Pease, “The byzantine generals
sybil nodes accepted by nearly 200-fold over SybilGuard. problem,” ACM Trans. Prog. Languages Syst., vol. 4, no. 3, pp.
One can also view Figs. 7–10 from another perspective. The 382–401, 1982.
three data sets Friendster, LiveJournal, and Kleinberg all have [6] V. Prakash, “Razor.” [Online]. Available: http://razor.sourceforge.net
roughly one million nodes. Therefore, in order for the number [7] B. Awerbuch and C. Scheideler, “Towards a scalable and robust DHT,”
in Proc. ACM SPAA, 2006, pp. 318–327.
of sybil nodes accepted to reach , the number of attack edges [8] M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach,
needs to be around 100 000. To put it another way, the adver- “Secure routing for structured peer-to-peer overlay networks,” in Proc.
sary needs to establish 100 000 social trust relations with honest USENIX OSDI, 2002, pp. 299–314.
[9] A. Fiat, J. Saia, and M. Young, “Making Chord robust to byzantine
users in the system. As a quick comparison under Kleinberg, attacks,” in Proc. ESA, 2005, pp. 803–814.
SybilGuard will accept sybil nodes once reaches around [10] E. Damiani, D. C. di Vimercati, S. Paraboschi, P. Samarati, and F. Vi-
500 (since ). Some simple experiments further show olante, “A reputation-based approach for choosing reliable resources
in peer-to-peer networks,” in Proc. ACM CCS, 2002, pp. 207–216.
that with , the escaping probability of the random [11] L. von Ahn, M. Blum, N. J. Hopper, and J. Langford, “CAPTCHA:
routes in SybilGuard will be above 0.5, and SybilGuard can no Using hard AI problems for security,” in Proc. IACR Eurocrypt, 2003,
longer provide any guarantees at all. Finally, DBLP is much pp. 294–311.
[12] A. Ramachandran and N. Feamster, “Understanding the network-level
smaller (with 100 000 nodes), and because of the slightly larger behavior of spammers,” in Proc. ACM SIGCOMM, 2006, pp. 291–302.
needed for DBLP, the number of sybil nodes accepted will [13] H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman, “SybilGuard:
reach roughly when is 5000. Defending against sybil attacks via social networks,” IEEE/ACM Trans.
Netw., vol. 16, no. 3, pp. 576–589, Jun. 2008.
Finally, we have also performed experiments to investigate [14] M. Mitzenmacher and E. Upfal, Probability and Computing. Cam-
SybilLimit’s guarantees on much smaller social networks with bridge, U.K.: Cambridge Univ. Press, 2005.
only 100 nodes. To do so, we extract 100-node subgraphs from [15] J. Kleinberg, “The small-world phenomenon: An algorithm perspec-
our social network data sets. As a concise summary, we observe tive,” in Proc. ACM STOC, 2000, pp. 163–170.
[16] S. Boyd, A. Ghosh, B. Prabhakar, and D. Shah, “Gossip algorithms:
that the number of sybil nodes accepted per attack edge is still Design, analysis and applications,” in Proc. IEEE INFOCOM, 2005,
around 10 to 20. vol. 3, pp. 1653–1664.
898 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 18, NO. 3, JUNE 2010
[17] A. Flaxman, “Expansion and lack thereof in randomly perturbed [45] J. Roozenburg, “A literature survey on Bloom filters,” Delft Univ.
graphs,” Microsoft Research, Tech. Rep., 2006 [Online]. Available: Technol., 2005, unpublished.
ftp://ftp.research.microsoft.com/pub/tr/TR-2006-118.pdf [46] R. H. Wouhaybi, “Trends and behavior in online social communities,”
[18] T. Anderson, “SIGCOMM’06 public review on ‘SybilGuard: De- Intel Corp., Hillsboro, OR, 2007, unpublished.
fending against sybil attacks via social networks’,” 2006 [Online]. [47] “Dataset: DBLP.” [Online]. Available: http://kdl.cs.umass.edu/data/
Available: http://www.sigcomm.org/sigcomm2006/discussion/ dblp/dblp-info.html
[19] L. Backstrom, D. Huttenlocher, J. Kleinberg, and X. Lan, “Group for-
mation in large social networks: Membership, growth, and evolution,”
in Proc. ACM KDD, 2006, pp. 44–54.
[20] M. Girvan and M. E. J. Newman, “Community structure in social Haifeng Yu received the B.E. degree from Shanghai
and biological networks,” Proc. Nat. Acad. Sci., vol. 99, no. 12, pp. Jiaotong University, Shanghai, China, in 1997, and
7821–7826, 2002. the M.S. and Ph.D. degrees from Duke University,
[21] A. Mislove, M. Marcon, K. P. Gummadi, P. Druschel, and B. Bhat- Durham, NC, in 1999 and 2002, respectively.
tacharjee, “Measurement and analysis of online social networks,” in He is currently an Assistant Professor with the De-
Proc. ACM/USENIX IMC, 2007, pp. 29–42. partment of Computer Science, National University
[22] S. Wasserman and K. Faust, Social Network Analysis. Cambridge, of Singapore. Prior to joining National University of
U.K.: Cambridge Univ. Press, 1994. Singapore, he was a Researcher with Intel Research
[23] H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman, “SybilGuard: Pittsburgh, Pittsburgh, PA, and an Adjunct Assistant
Defending against sybil attacks via social networks,” in Proc. ACM Professor with the Department of Computer Science,
SIGCOMM, 2006, pp. 267–278. Carnegie Mellon University, Pittsburgh, PA. His cur-
[24] A. Mislove, A. Post, K. Gummadi, and P. Druschel, “Ostra: Leveraging rent research interests cover distributed systems, distributed systems security,
trust to thwart unwanted communication,” in Proc. USENIX NSDI, distributed algorithms, and distributed systems availability. More information
2008, pp. 15–30. about his research is available at http://www.comp.nus.edu.sg/~yuhf.
[25] G. Danezis and P. Mittal, “SybilInfer: Detecting sybil nodes using so-
cial networks,” presented at the NDSS, 2009.
[26] N. Tran, B. Min, J. Li, and L. Subramanian, “Sybil-resilient online con-
tent voting,” in Proc. USENIX NSDI, 2009, pp. 15–28. Phillip B. Gibbons (M’89) received the B.A. degree
[27] T. Leighton and S. Rao, “An approximate max-flow min-cut theorem in mathematics from Dartmouth College, Hanover,
for uniform multicommodity flow problems with applications to ap- NH, in 1983, and the Ph.D. degree in computer sci-
proximation algorithms,” in Proc. FOCS, 1988, pp. 422–431. ence from the University of California at Berkeley in
[28] H. Yu, C. Shi, M. Kaminsky, P. B. Gibbons, and F. Xiao, “DSybil: 1989.
Optimal sybil-resistance for recommendation systems,” in Proc. IEEE He is currently a Principal Research Scientist at
Symp. Security Privacy, 2009, pp. 283–298. Intel Labs Pittsburgh, Pittsburgh, PA. He joined Intel
[29] G. Danezis, C. Lesniewski-Laas, M. F. Kaashoek, and R. An- after 11 years at (AT&T and Lucent) Bell Laborato-
derson, “Sybil-resistant DHT routing,” in Proc. ESORICS, 2005, ries, Murray Hill, NJ. His research interests include
Springer-Verlag LNCS 3679, pp. 305–318. parallel/distributed computing, databases, and sensor
[30] R. Bazzi and G. Konjevod, “On the establishment of distinct identities systems, with over 120 publications. More informa-
in overlay networks,” in Proc. ACM PODC, 2005, pp. 312–320. tion about his research is available at http://www.pittsburgh.intel-research.net/
[31] T. S. E. Ng and H. Zhang, “Predicting Internet network distance with people/gibbons/.
coordinates-based approaches,” in Proc. IEEE INFOCOM, 2002, vol. Dr. Gibbons is a Fellow of the Association for Computing Machinery (ACM).
1, pp. 170–179. He has served as an Associate Editor for the Journal of the ACM, the IEEE
[32] K. Walsh and E. G. Sirer, “Experience with an object reputation system TRANSACTIONS ON COMPUTERS, and the IEEE TRANSACTIONS ON PARALLEL
AND DISTRIBUTED SYSTEMS. He has served on over 40 conference program
for peer-to-peer filesharing,” in Proc. USENIX NSDI, 2006, p. 1.
[33] A. Cheng and E. Friedman, “Sybilproof reputation mechanisms,” in committees, including serving as Program Chair/Co-Chair/Vice-Chair for the
Proc. ACM P2PEcon, 2005, pp. 128–132. SPAA, SenSys, IPSN, DCOSS, and ICDE conferences.
[34] M. Feldman, K. Lai, I. Stoica, and J. Chuang, “Robust incentive tech-
niques for peer-to-peer networks,” in Proc. ACM Electron. Commerce,
2004, pp. 102–111.
[35] J. Newsome, E. Shi, D. Song, and A. Perrig, “The Sybil attack in sensor Michael Kaminsky received the B.S. degree from
networks: Analysis & defenses,” in Proc. ACM/IEEE IPSN, 2004, pp. the University of California at Berkeley in 1998, and
259–268. the S.M. and Ph.D. degrees from the Massachusetts
[36] B. Parno, A. Perrig, and V. Gligor, “Distributed detection of node repli- Institute of Technology, Cambridge, in 2000 and
cation attacks in sensor networks,” in Proc. IEEE Symp. Security Pri- 2004, respectively.
vacy, 2005, pp. 49–63. He is currently a Research Scientist at Intel Labs
[37] N. B. Margolin and B. N. Levine, “Informant: Detecting sybils using Pittsburgh, Pittsburgh, PA, and an Adjunct Research
incentives,” in Proc. Financial Cryptography, 2007, pp. 192–207. Scientist at Carnegie Mellon University, Pittsburgh,
[38] P. Maniatis, M. Roussopoulos, T. J. Giuli, D. S. H. Rosenthal, and M. PA. He is generally interested in computer science
Baker, “The LOCKSS peer-to-peer digital preservation system,” ACM systems research, including distributed systems, net-
Trans. Comput. Sys., vol. 23, no. 1, pp. 2–50, Feb. 2005. working, operating systems, and network/systems se-
[39] H. Yu, P. B. Gibbons, M. Kaminsky, and F. Xiao, “SybilLimit: A near- curity. More information about his research is available at http://www.pitts-
optimal social network defense against sybil attacks,” in Proc. IEEE burgh.intel-research.net/people/kaminsky/.
Symp. Security Privacy, 2008, pp. 3–17. Dr. Kaminsky is a Member of the Association for Computing Machinery
[40] J. Leskovec, K. Lang, A. Dasgupta, and M. Mahoney, “Statistical (ACM).
properties of community structure in large social and information
networks,” in Proc. Int. Conf. WWW, 2008, pp. 695–704.
[41] T. Lindvall, Lectures on the Coupling Method. New York: Dover,
2002. Feng Xiao received the B.E. degree from the Uni-
[42] I. Abraham and D. Malkhi, “Probabilistic quorums for dynamic sys- versity of Science and Technology of China, Hefei,
tems,” in Proc. DISC, 2003, pp. 60–74. China, in 2007.
[43] H. Yu, P. B. Gibbons, M. Kaminsky, and F. Xiao, “SybilLimit: A near- He is currently a graduate program student
optimal social network defense against sybil attacks,” School of Com- with the Department of Computer Science, Na-
puting, Nat. Univ. Singapore, Tech. Rep. TRA2/08, Mar. 2008 [On- tional University of Singapore. His research
line]. Available: http://www.comp.nus.edu.sg/~yuhf/sybillimit-tr.pdf interests cover distributed system security, dis-
[44] Z. Bar-Yossef, R. Kumar, and D. Sivakumar, “Sampling algorithms: tributed computing, and peer-to-peer systems.
Lower bounds and applications,” in Proc. ACM STOC, 2001, pp. More information about his research is available at
266–275. http://www.comp.nus.edu.sg/~xiaof.