Skip to Main Content
The Internet offers an enormous potential for all kinds of services, from Web search to online shopping, from social networks to multi-player online games,from online auctions to online encyclopedias. Many of these services thrive due to a vibrant community support. Making services open to community support offers great potentials but makes them also vulnerable to malicious behavior. Malicious behavior in the form of vandalism or denial-of-service attacks is easy to detect. However, there are much more subtle forms of attacks. In fact,often an attacker does not have to find holes and backdoors in order to harm a service or use it to the own advantage. Often, it perfectly suffices to stay within the legal use of a service in order to harm or exploit it. So-called legal attacks have the problem that they could very well be normal behavior, which is why it is hard to detect and filter them. For example, the fact that suddenly a certain piece of information is heavily accessed might be due to the fact that it is suddenly very popular for some reason. However, this could also be due to an adversarial attack. Popular services like the standard email system, Google and Wikipedia and many peer-to-peer systems are continuously attacked. I will show how to model some of these attacks as simple games between an adversary and the system. As I will show, in several cases it is possible for the system to function correctly despite the presence of an adversary and without the system having to determine who is behaving well and who is adversarial.
Date of Conference: 28-30 Oct. 2010