ENSAYAR LA PRACTICA DE LOS DOCE PASOS El antiguo médico de cabecera nos decía, "Cuando todo le falle,

In this section, we proposed the design of a Reputation Management System (RMS) for Internet auctions based on extending the SECURE trust- and risk-based decision-making framework. We tailored, and extended, the SECURE trust, evidence, and risk mechanisms to this application domain and our contributions in this regard are described as follows.

First, we designed the RMS in such a way as to increase accuracy in decision-making for users of Internet auctions while maintaining usability. Initially, we classified application-specific behaviour as a taxonomy of normal and anomalous user behaviour types. Then, we designed SECURE event structures and configurations to model the event types needed to predict the likelihood of role-specific user behaviour in future interactions. We adapted the event structures and the associated evaluation methods of the trust model, i.e., interaction histories and the eff and eval functions, to allow for the assessment of gathered extra-auction evidence in the form of observations and recommendations at a level of granularity that permits both usability and increased precision in decision-making. The assessment of evidentiary relevance based on contextual aspects further increases accuracy. Furthermore, we designed components with which to analyse interaction dynamics, i.e., recommendation weighting based on path analysis and collusion detection based on auction-duration events, to enhance the precision of the decision-making process. Automating the analysis of evidence using the RMS allows for increased accuracy as well as reducing the complexity in decision making as more evidence may be assessed than a human user is capable of manually processing.

Second, the RMS is designed to incorporate contextual elements in the decision-making process. Although SECURE was designed to allow for the assessment of context, it did not include the

specification of a mechanism to perform this task. Our application of the SECURE approach proposes the design of a mechanism with which to assess contextual relevance, with which we extend the SECURE eff function. Therefore the evidence being assessed for an interaction decision is related to the context of the decision rather than obliging a user to make a decision in the absence of context, as is the case in existing reputation management systems. We analyse context based on user role, environmental factors of item category and price, timeliness of evidence, and the context of interaction dynamics, i.e., the relationships between members of a group of users participating in a given auction. SECURE was designed to allow for the assessment of temporal context, and our application proposes a new time fading mechanism that we use to extend the eval function so as to allow evidence to be weighted based on timeliness. Thus the output security decision is less ambiguous, and again more accurate, than a decision made in which context is disregarded. Additionally, evidence is often too abundant for a human user to filter out evidence according to contextual relevance, and hence this aspect of our design also permits increased usability while reducing complexity.

Third, the RMS design provides methods, based on our extension to the original SECURE framework, for the analysis of evidence about interaction dynamics, i.e., information about relationships between pairs of users. Internet auction system observations about the dynamics of user interactions are evaluated, e.g., whether or not a user provides useful and accurate recommendations about another user and whether or not a user employs a specific interaction strategy, such as collusion with malicious intent, when interacting with another user. As in the case of determining which information is more contextually relevant to a decision at hand, it is impossible for a user to manually assess an overwhelming amount of system observations about complex interaction dynamics to determine which information is relevant when considering whether or not to interact with a given set of users. Therefore, the RMS further adds usability while reducing complexity.

Fourth, the RMS uses risk analysis methods based on the SECURE risk model to assess user trustworthiness, thus making explicit to a user the expected cost of an interaction resulting in favourable or undesirable result. Moreover, we extend the SECURE approach to include methods with which to analyse both contextual risk and risk based on interaction dynamics. We designed the risk methods in such a way as to expose risk in financial terms, according to traditional security risk assessment techniques that users comprehend, as an alternative to the more subjective utility theoretic risk methods incorporated in the original SECURE design.

Finally, the result of the RMS decision-making process is advice that is provided to a user considering an Internet auction interaction. This decision guides a user to make a correct decision about entering into an interaction based on the RMS’s automated evaluation of contextually relevant evidence in terms of trust, risk, and interaction dynamics. The security decision is therefore more useful to and usable by a user than the current reputation summary information currently provided by commercial reputation management systems.

3.7

Chapter Summary

This chapter addressed issues outstanding in the reputation management systems currently used to support decision-making in Internet auction applications and presented a design for a reputation management system based on extending the SECURE decision-making framework.

First, the SECURE approach was described, including its trust, collaboration, and risk models, framework components, decision-making processes, and implementation. This description also covered a discussion of the general threats that SECURE was designed to protect against.

Next, the deployment of SECURE in the spam filtering domain was discussed, which encompassed the description of how the SECURE trust, collaboration, and risk models were applied in this domain, as well as a brief examination of the implementation and evaluation of the SECURE spam filtering application.

Third, a general description of the reputation management in virtual marketplaces application domain was put forward, including our development of an application-specific taxonomy of behaviour that classifies both normal and anomalous types of behaviour in this domain.

Then, we applied the SECURE approach to a new domain, i.e., that of reputation management in Internet auctions. The design of a Reputation Management System (RMS) based on the SECURE trust- and risk-based decision-making framework was proposed. An overview of the design was given, and our rationale for our design decisions was presented with regard to requests, entity recognition, trust and evidence processes, risk assessment, and access control. Additionally, our rationale was described for extending the SECURE framework to include interaction management such that decision-making might be enhanced through the analysis of trustworthy recommendation paths between users and observations about potential colluding behaviour. We illustrated how these two new interaction management components may be integrated into the SECURE framework and detailed the enhanced decision-making process. The proposed design of the RMS addressed existing issues with regard to reputation management in Internet auctions in terms of reducing complexity, increasing accuracy, and maintaining usability.