VIGILAR LA IRA Y LOS RESENTIMIENTOS

In reputation management in a virtual marketplace, a reputation marks the community’s judgment as to the trustworthiness of an actor, i.e., seller, buyer, or bidder, based on behaviour exhibited in interactions with that actor. Thus, another role emerges when Internet auctions utilise reputation management systems for enabling feedback about entity trustworthiness, i.e., the role of recommender. Trustworthiness for each of these roles can be evaluated by typifying correct behaviour and evaluating observed behaviour in relation to a taxonomy of possible behaviour classifications. In this section, we propose such a taxonomy of behaviour in virtual marketplaces, Internet auctions in particular, that use reputation management to encourage correct behaviour in interactions. The behaviour types are highlighted in the Venn diagram in Figure 21, and detailed in Table 3.

While the taxonomy includes the classification of ‘normal’, i.e., correct, behaviour types, it also classifies types of anomalous behaviour that exist in this specific application domain. Where relevant, similarities are highlighted between Internet auction domain-specific behaviour and the more general types of malicious behaviour and system threats classified in Table 2. We note also that some behaviour types are sub-classed according to an entity’s role. For example, normal behaviour differs according to role, i.e., a seller typically carries out different duties than a buyer.

Hack Theft Bad Behaviour Collusion Reputation Tampering Normal Types 1, 16 New/Unknown Type 2 Type 3 Type 4 Type 5 Type 6 Type 7 Type 8 Type 9 Type 10 Type 11 Type 12 Type 13

Bad Over Time

Type 14

Inconsistent Over Time

Type 15

End-Game Con

Table 3: Behaviour types in virtual marketplaces with reputation management Behaviour Type Behaviour

Type 1: Normal Behaviour

Seller

• Sells a product/service to a buyer.

• Accepts bids from a bidder in an auction transaction.

• Does not misrepresent self.

• Describes item/service correctly.

• Ships on time, appropriately packaged.

• Adheres to stated return policy.

• Communicates appropriately before, during, and after the transaction.

• Leaves appropriate feedback. Buyer

• Purchases a seller’s product/service.

• Does not misrepresent self.

• Has ability and intention to pay for the product/service.

• Pays in full, on time, and payment clears.

• Communicates appropriately before, during, and after the transaction.

• Leaves appropriate feedback. Bidder

• Special case of buyer, seen in online auctions rather than in non-auction e-commerce transactions.

• Bids on a seller’s product/service.

• Does not misrepresent self.

• Bids genuinely (i.e., does not display bad behaviour and bids with the intention and ability to pay for the item if bidding is successful).

Recommender

• Passes a recommendation regarding a seller or buyer with whom he has interacted in the past.

• Does not misrepresent self.

• Is accurate and truthful. Type 2:

New/Unknown

New entity, seller/buyer/bidder, in the marketplace. No information (feedback/reputation) yet.

Related to Table 2: Newcomer attack. Protracted exploitation of the newcomer attack is a basic Sybil attack.

Type 3: Hacker

Hacks bid (bid tampering, e.g., seller hacks a bidder’s bid to make it look higher).

Hacks seller/bidder account.

Table 3: Behaviour types in virtual marketplaces with reputation management Behaviour Type Behaviour

Type 4: Hacker Thief

Seller sells on hacked account and does not deliver goods. Buyer pays with hacked/stolen credit card/Paypal account.

Related to Table 2: Identity theft and bad guys.

Type 5: Thief

Buyer receives goods and does not pay.

Seller receives payment and does not deliver goods. Actor poses as escrow service to do either of above. Seller accepts return but does not credit buyer. Buyer accepts return payment but does not return item.

Related to Table 2: Bad guys.

Type 6: Thieving Bad Behaviour

Selling stolen goods, e.g., advertising original/genuine version of MS Office and really selling pirated CD.

Related to Table 2: Bad guys.

Type 7: Bad Behaviour (General)

Sells counterfeit goods. Sells goods not as described. Spurious bidding.

Improper bid retraction.

Non-paying bidder/buyer (NPB) wins auction and does not pay.

Unwelcome bidder/buyer, for some seller specified criteria of unwelcome.

Related to Table 2: Bad guys.

Type 8: Colluding Bad Behaviour

Shilling, e.g., seller uses conspirators or alternate identities in order to bid up the prices in his auctions.

Bid retraction/default scam, e.g., two bidders collude to result in item being sold for very low price.

Related to Table 2: Collusion clique, collusion with supporters, collusion with camouflage, indirect Sybil attack, and general Sybil attack.

Type 9: Collusion

Trades on a new/alternate identity after one identity’s account is suspended for engaging in bad behaviour.

Related to Table 2: basic Sybil attack.

Type 10: Colluding Reputation Tampering

Increases positive feedback by trading between conspirators or aliases Launches defamation attack via multiple conspirators or aliases.

Related to Table 2: Collusion clique, collusion with supporters, collusion with camouflage, defamation, indirect Sybil attack, and general Sybil attack.

Table 3: Behaviour types in virtual marketplaces with reputation management Behaviour Type Behaviour

Type 11: Reputation Tampering

Inappropriate/inaccurate/defamatory feedback.

Feedback solicitation, i.e., propositioning entities to engage in interaction for the purposes of enhancing reputation. For example, including language like “Build your feedback score quickly” in the listing title of a very inexpensive item might be considered to be feedback solicitation. After accumulating positive feedback in this way, they might immediately begin selling more expensive items.

Feedback extortion, i.e., when a seller or a buyer threatens to leave negative feedback in order to force a result, e.g., a buyer threatening to leave a negative recommendation unless he gets a discount on his purchase.

Related to Table 2: Collusion clique, collusion with supporters, collusion with camouflage, defamation, indirect Sybil attack, and general Sybil attack.

Type 12: Hacked Reputation Tampering

Hacked feedback database for purpose of falsely increasing or decreasing a entity’s reputation.

Related to Table 2: Identity theft.

Type 13: Bad Over Time

Consistent bad behaviour, e.g., Types 3 – 12, over time, in any of the domain-specific roles.

Type 14: Inconsistent Over Time

Fluctuations between various types of behaviour over time.

For example, an eBay PowerSeller may only cheat 2% of the time but still maintain a very good reputation.

Related to Table 2: Oscillation, mixed behaviour, chaotic behaviour, and misconfiguration attacks. It is difficult to determine the motivation behind inconsistent behaviour over time, although, as evidence accumulates, it may be possible to subclass inconsistent behaviour according to one of the more fine-grained attack profiles in the Table 2 correlation.

Type 15: End-Game Con

Builds up a good reputation over time (Type 16) and then uses the good reputation for a rip-off sale/purchase in a high profit context before discontinuing the account.

Related to Table 2: Waiting attack.

Hacks the account of an actor who has built up a good reputation over time (Type 16) and then uses the good reputation for a rip-off sale/purchase in a high profit context before discontinuing the account.

Related to Table 2: Identity theft.

Type 16: Good Over Time

Consistent good behaviour (Type 1), for some definition of ‘good’, over time, in any of the domain-specific roles.