The Internet has become the backbone of remote communications, networking, and computing. It offers an incentive platform for many services and applications. People’s lives have been dramatically changed by the fast growth of the Internet. However, it also provides an easy channel for distributing contents that are unwanted by users. Unwanted traffic includes malware, viruses, spam, intrusions, unsolicited commercial advertisements, or unexpected contents. This chapter discusses applying trust management technology to automatically conduct unwanted traffic control in the Internet, especially the mobile Internet. The authors propose a generic unwanted traffic control solution through trust management. It can control unwanted traffic from its source to destinations in a personalized manner according to trust evaluation at a Global Trust Operator and traffic and behavior analysis at hosts. Thus, it can support unwanted traffic control in both a distributed and centralized manner and in both a defensive and offensive way. Simulation-based evaluation shows that the solution is effective with regard to accuracy and efficiency for Botnet intrusion and DDoS intrusion via reflectors. It is also robust against a number of malicious system attacks, such as hide evidence attack, bad mouthing attack, on-off attack, malicious attack of ISP, and combinations, which are playing in conjunction with various traffic intrusions. Meanwhile, the solution can provide personalized unwanted traffic control based on unwanted traffic detection behaviors. A prototype system is implemented to illustrate its applicability for SMS spam control.
Top1. Introduction
The Internet has become the backbone of remote communications, networking, and computing. It carries a vast range of information resources and services, such as the World Wide Web and email. It also gives birth to a wide range of applications, e.g., Voice over Internet Protocol (VoIP), Internet Protocol Television (IPTV), Instant Messaging (IM), E-Commerce, Blogging, and social networking. Nowadays, these applications can be also widely accessed by mobile devices.
At the same time as the Internet provides a great social value, it is bogged down by unwanted traffic, which is malicious, harmful or unexpected for its receiver. While some of the traffic is clearly malicious from the point of view of any benevolent user, some might be viewed as unwanted by one user while another is interested in it. The main tool for distributing unwanted traffic is Botnets. According to the statistics of the Organization for Economic Co-operation and Development (OECD), on average 1.5% of the Internet connected hosts were infected by bots in OECD countries 1. In some countries the level of infection is more than 5%. Botnets are used to spread malware, send spam, attack hosts and networks, collect sensitive information from users and earn money from fraud. The builders and users of Botnets form an ecosystem of shady and criminal activities.
The fact that the Internet does its best to deliver what a sender is sending while it does not ask for the consent of a receiver, causes additional costs to its users. The receivers have to pay for the unwanted traffic in the form of wasting time, investing into and operating spam filtering, firewalls, virus scanning, malware and intrusion detection and cleaning up after infections. What is missing is a systematic way to reform the existing ecosystem of the shady and criminal activity.
However, controlling unwanted traffic is actually difficult due to many technical and social reasons. First, the subjective notion of unwanted traffic and various types of Internet traffic make it difficult to develop a generic solution. Second, any unwanted traffic control system could be the target of hackers. This fact requests that the designed system should be robust against various attacks. Third, we note that security issues are difficult for ordinary users to comprehend leading to low security awareness. This implies that it is preferred to have a usable, automatic and intelligent solution with minimum involvement of the users.
This chapter studies applying trust management technology to conduct unwanted traffic control in the Internet, especially the mobile Internet. We propose a generic unwanted traffic control solution through trust management. It can control unwanted traffic from its source to destinations in a personalized manner according to trust evaluation. We propose to build a trust management system that includes all Internet Service Providers (ISPs), their subscribers (i.e., hosts), and a newly introduced global trust operator (GTO) to evaluate the trust of each system entity in order to decide how to control the unwanted traffic from a specific source. The trust of an entity contains two parts: the global trust that indicates the probability and nature of unwanted traffic sourced from the entity and the detection trust that specifies the detection performance of each entity. We assume that system effectiveness and feasibility follows from three characteristics: accuracy, efficiency and robustness. Accuracy means that the trust value of an entity must reflect the share of unwanted traffic that is sent by hosts subscribed or belonging to the entity. Efficiency means that malicious senders are spotted quickly. Robustness means that the system will continue performing its task accurately and efficiently under any feasible attack strategy of malicious hosts.