Florian Skopik

Modeling and mining of dynamic trust in complex service-oriented systems

The global scale and distribution of companies have changed the economy and dynamics of businesses. Web-based collaborations and cross-organizational processes typically require dynamic and context-based interactions between people and services. However, finding the right partner to work on joint tasks or to solve emerging problems in such scenarios is challenging due to scale and temporary nature of collaborations. Furthermore, actor competencies evolve over time, thus requiring dynamic approaches for their management. Web services and SOA are the ideal technical framework to automate interactions spanning people and services. To support such complex interaction scenarios, we discuss mixed service-oriented systems that are composed of both humans and software services, interacting to perform certain activities. As an example, consider a professional online support community consisting of interactions between human participants and software-based services. We argue that trust between members is essential for successful collaborations. Unlike a security perspective, we focus on the notion of social trust in collaborative networks. We show an interpretative rule-based approach to enable humans and services to establish trust based on interactions and experiences, considering their context and subjective perceptions.

Combating advanced persistent threats

An advanced persistent threat (also known as APT) is a deliberately slow-moving cyberattack that is applied to quietly compromise interconnected information systems without revealing itself. APTs often use a variety of attack methods to get unauthorized system access initially and then gradually spread throughout the network. In contrast to traditional attacks, they are not used to interrupt services but primarily to steal intellectual property, sensitive internal business and legal documents and other data. If an attack on a system is successful, timely detection is of paramount importance to mitigate its impact and prohibit APTs from further spreading. However, recent security incidents, such as Operation Shady Rat, Operation Red October or the discovery of MiniDuke - just to name a few - have impressively demonstrated that current security mechanisms are mostly insufficient to prohibit targeted and customized attacks. This paper therefore proposes a novel anomaly detection approach which is a promising basis for modern intrusion detection systems. In contrast to other common approaches, which apply a kind of black-list approach and consider only actions and behaviour that match to well-known attack patterns and signatures of malware traces, our system works with a white-list approach. Our anomaly detection technique keeps track of system events, their dependencies and occurrences, and thus learns the normal system behaviour over time and reports all actions that differ from the created system model. In this work, we describe this system in theory and show evaluation results from a pilot study under real-world conditions.

Start Trusting Strangers? Bootstrapping and Prediction of Trust

Web-based environments typically span interactions between humans and software services. The management and automatic calculation of trust are among the key challenges of the future service-oriented Web. Trust management systems in large-scale systems, for example, social networks or service-oriented environments determine trust between actors by either collecting manual feedback ratings or by mining their interactions. However, most systems do not support bootstrapping of trust. In this paper we propose techniques and algorithms enabling the prediction of trust even when only few or no ratings have been collected or interactions captured. We introduce the concepts of mirroring and teleportation of trust facilitating the evolution of cooperation between various actors. We assume a user-centric environment, where actors express their opinions, interests and expertises by selecting and tagging resources. We take this information to construct tagging profiles, whose similarities are utilized to predict potential trust relations. Most existing similarity approaches split the three-dimensional relations between users, resources, and tags, to create and compare general tagging profiles directly. Instead, our algorithms consider (i) the understandings and interests of actors in tailored subsets of resources and (ii) the similarity of resources from a certain actor-groups point of view.

Trust and Reputation Mining in Professional Virtual Communities

Communication technologies, such as e-mail, instant messaging, discussion forums, blogs, and newsgroups connect people together, forming virtual communities. This concept is not only used for private purposes, but is also attracting attention in professional environments, allowing to consult a large group of experts. Due to the overwhelming size of such communities, various reputation mechanisms have been proposed supporting members with information about peoples trustworthiness with respect to their contributions. However, most of todays approaches rely on manual and subjective feedback, suffering from unfair ratings, discrimination, and feedback quality variations over time. To this end, we propose a system which determines trust relationships between community members automatically and objectively by mining communication data. In contrast to other approaches which use these data directly, e.g., by applying natural language processing on log files, we follow a new approach to make contributions visible. We perform structural analysis of discussions, examine interaction patterns between members, and infer social roles expressing motivation, openness to discussions, and willingness to share data, and therefore trust .

Expert Discovery and Interactions in Mixed Service-Oriented Systems

Web-based collaborations and processes have become essential in todays business environments. Such processes typically span interactions between people and services across globally distributed companies. Web services and SOA are the defacto technology to implement compositions of humans and services. The increasing complexity of compositions and the distribution of people and services require adaptive and context-aware interaction models. To support complex interaction scenarios, we introduce a mixed service-oriented system composed of both human-provided and Software-Based Services (SBSs) interacting to perform joint activities or to solve emerging problems. However, competencies of people evolve over time, thereby requiring approaches for the automated management of actor skills, reputation, and trust. Discovering the right actor in mixed service-oriented systems is challenging due to scale and temporary nature of collaborations. We present a novel approach addressing the need for flexible involvement of experts and knowledge workers in distributed collaborations. We argue that the automated inference of trust between members is a key factor for successful collaborations. Instead of following a security perspective on trust, we focus on dynamic trust in collaborative networks. We discuss Human-Provided Services (HPSs) and an approach for managing user preferences and network structures. HPS allows experts to offer their skills and capabilities as services that can be requested on demand. Our main contributions center around a context-sensitive trust-based algorithm called ExpertHITS inspired by the concept of hubs and authorities in web-based environments. ExpertHITS takes trust-relations and link properties in social networks into account to estimate the reputation of users.

Trustworthy interaction balancing in mixed service-oriented systems

Web-based collaboration systems typically require dynamic and context-based interactions between people and services. To support such complex interaction scenarios, we introduce a mixed service-oriented system that is composed of both humans and software services, collaborating and interacting to perform certain activities. As an example, consider a professional online help and support community spanning interactions between human participants and software-based services. Trust between these members is essential for successful collaborations and has been extensively studied in the context of social and collaborative networks. In this paper, we discuss trust from a collaborative and social point of view instead of a security perspective. Our approach follows an interaction monitoring and an interpretative rule-based trust inference model established on previous behavior. However, trust relations encourage network members to continue interacting with successful (and thus trusted) collaboration partners, and to avoid, or even refuse, interactions with unknown actors. This behavior has negative side-effects from a global community perspective. Given the help and support environment, a small number of popular network members will become increasingly overloaded with support requests. We solve this load and interaction balancing problem by the means of trustworthy request delegations.

Runtime Behavior Monitoring and Self-Adaptation in Service-Oriented Systems

Mixed service-oriented systems composed of human actors and software services build up complex interaction networks. Without any coordination, such systems may exhibit undesirable properties due to unexpected behavior. Also, communications and interactions in such networks are not preplanned by top-down composition models. Consequently, the management of service-oriented applications is difficult due to changing interaction and behavior patterns that possibly contradict and result in faults from varying conditions and misbehavior in the network. In this paper we present a self-adaptation approach that regulates local interactions to maintain desired system functionality. To prevent degraded or stalled systems, adaptations operate by link modification or substitution of actors based on similarity and trust metrics. Unlike a security perspective on trust, we focus on the notion of socially inspired trust. We design an architecture based on two separate independent frameworks. One providing a real Web service test bed extensible for dynamic adaptation actions. The other is our self-adaptation framework including all modules required by systems with self-* properties. In our experiments we study a trust and similarity based adaptation approach by simulating dynamic interactions in the real Web services test bed.

Interaction mining and skill-dependent recommendations for multi-objective team composition

Web-based collaboration and virtual environments supported by various Web 2.0 concepts enable the application of numerous monitoring, mining and analysis tools to study human interactions and team formation processes. The composition of an effective team requires a balance between adequate skill fulfillment and sufficient team connectivity. The underlying interaction structure reflects social behavior and relations of individuals and determines to a large degree how well people can be expected to collaborate. In this paper we address an extended team formation problem that does not only require direct interactions to determine team connectivity but additionally uses implicit recommendations of collaboration partners to support even sparsely connected networks. We provide two heuristics based on Genetic Algorithms and Simulated Annealing for discovering efficient team configurations that yield the best trade-off between skill coverage and team connectivity. Our self-adjusting mechanism aims to discover the best combination of direct interactions and recommendations when deriving connectivity. We evaluate our approach based on multiple configurations of a simulated collaboration network that features close resemblance to real world expert networks. We demonstrate that our algorithm successfully identifies efficient team configurations even when removing up to 40% of experts from various social network configurations.

A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing

Abstract The Internet threat landscape is fundamentally changing. A major shift away from hobby hacking toward well-organized cyber crime can be observed. These attacks are typically carried out for commercial reasons in a sophisticated and targeted manner, and specifically in a way to circumvent common security measures. Additionally, networks have grown to a scale and complexity, and have reached a degree of interconnectedness, that their protection can often only be guaranteed and financed as shared efforts. Consequently, new paradigms are required for detecting contemporary attacks and mitigating their effects. Today, many attack detection tasks are performed within individual organizations, and there is little cross-organizational information sharing. However, information sharing is a crucial step to acquiring a thorough understanding of large-scale cyber-attack situations, and is therefore seen as one of the key concepts to protect future networks. Discovering covert cyber attacks and new malware, issuing early warnings, advice about how to secure networks, and selectively distribute threat intelligence data are just some of the many use cases. In this survey article we provide a structured overview about the dimensions of cyber security information sharing. First, we motivate the need in more detail and work out the requirements for an information sharing system. Second, we highlight legal aspects and efforts from standardization bodies such as ISO and the National Institute of Standards and Technology (NIST). Third, we survey implementations in terms of both organizational and technological matters. In this regard, we study the structures of Computer Emergency Response Teams (CERTs) and Computer Security Incident Response Teams (CSIRTs), and evaluate what we could learn from them in terms of applied processes, available protocols and implemented tools. We conclude with a critical review of the state of the art and highlight important considerations when building effective security information sharing platforms for the future.

Resource and Agreement Management in Dynamic Crowdcomputing Environments

Open Web-based and social platforms dramatically influence models of work. Today, there is an increasing interest in outsourcing tasks to crowd sourcing environments that guarantee professional processing. The challenge is to gain the customers confidence by organizing the crowds mixture of capabilities and structure to become reliable. This work outlines the requirements for a reliable management in crowd computing environments. For that purpose, distinguished crowd members act as responsible points of reference. These members mediate the crowds workforce, settle agreements, organize activities, schedule tasks, and monitor behavior. At the center of this work we provide a hard/soft constraints scheduling algorithm that integrates existing agreement models for service-oriented systems with crowd computing environments. We outline an architecture that monitors the capabilities of crowd members, triggers agreement violations, and deploys counteractions to compensate service quality degradation.