arX

iv:1

407.

4945

v1 [

cs.S

I] 1

8 Ju

l 201

41

Friends or Foes: Distributed and RandomizedAlgorithms to Determine Dishonest

Recommenders in Online Social NetworksYongkun Li, Member, IEEE John C.S. Lui, Fellow, IEEE

Abstract—Viral marketing is becoming important due to the popularity of online social networks (OSNs). Companies may provideincentives (e.g., via free samples of a product) to a small group of users in an OSN, and these users provide recommendations to theirfriends, which eventually increases the overall sales of a given product. Nevertheless, this also opens a door for “malicious behaviors”:dishonest users may intentionally give misleading recommendations to their friends so as to distort the normal sales distribution. Inthis paper, we propose a detection framework to identify dishonest users in OSNs. In particular, we present a set of fully distributedand randomized algorithms, and also quantify the performance of the algorithms by deriving probability of false positive, probability offalse negative, and the distribution of number of detection rounds. Extensive simulations are also carried out to illustrate the impact ofmisleading recommendations and the effectiveness of our detection algorithms. The methodology we present here will enhance thesecurity level of viral marketing in OSNs.

Index Terms—Dishonest Recommenders, Misbehavior Detection, Distributed Algorithms, Online Social Networks

✦

1 INTRODUCTION

IN the past few years, we have witnessed an exponen-tial growth of user population in online social net-

works (OSNs). Popular OSNs such as Facebook, Twitterand Taobao [1] have attracted millions of active users.Moreover, due to the rapid development of intelligentcell phones and their integration of online social net-working services [37], [38], many users have integratedthese services into their daily activities, and they oftenshare various forms of information with each other.For example, users share their opinions on purchasedproducts with their friends, and they may also receiveor even seek recommendations from their friends beforedoing any purchase. Therefore, when one buys a prod-uct, she may be able to influence her friends to do furtherpurchases. This type of influence between users in OSNsis called the word-of-mouth effect, and it is also referredas social influence.

Due to the large population and the strong social influ-ence in OSNs, companies are also adapting a new way toreach their potential customers. In particular, instead ofusing the conventional broadcast-oriented advertisement(e.g., through TV or newspaper), companies are nowusing target-oriented advertisement which takes advan-tage of the social influence so to attract users in OSNsto do their purchases. This new form of advertisementcan be described as follows: firms first attract a small

• Yongkun Li is with the school of computer science and technology,University of Science and Technology of China.E-mail: yongkunlee@gmail.com

• John C.S. Lui is with the Department of Computer Science and Engineer-ing, The Chinese University of Hong Kong.E-mail: cslui@cse.cuhk.edu.hk

fraction of initial users in OSNs by providing free ordiscounted samples, then rely on the word-of-moutheffect to finally attract a large amount of buyers. As theword-of-mouth effect spreads quickly in social networks,this form of advertisement is called the viral marketing,which is a proven and effective way to increase the salesand revenue for companies [16], [19], [25], [33].

We like to emphasize that viral marketing in OSNs doexist in the real world. One particular prime example isthe Taobao [1], which is one of the major operations un-der the Alibaba group, and it is the biggest e-commercewebsite in China. As of June 2013, Taobao has over 500million registered users and 60 million of regular visitorsper day. It also hosts more than 800 million types ofproducts and represents 100 million dollars turnover peryear [5], [6]. Users can buy various types of productsfrom Taobao, and they can also run their own shops inselling products. Moreover, Taobao also developed anapplication addon called Friends Center on top of thewebsite. With this application addon, users in Taobaocan follow other users just like the following relationshipin Twitter, hence, an OSN is formed on top of this e-commerce system. In this OSN, users can share manytypes of information with their friends, including theproducts they purchased, the shops they visited, as wellas the usage experiences or opinions on products orshops. In particular, users can also forward their friends’posts or even give comments. In addition to using theFriends Center in Taobao, one can also associate herTaobao account with her account in Sina Weibo [2],[3], which is the biggest OSN in China. According toWeibo’s prospectus, the monthly active users of Weiboreached 143.8 million in March 2014, and the daily activeusers also reached 66.6 million [7]. By associating Taobao

2

account with Sina Weibo, users can easily share theirpurchasing experience and ratings on products withtheir friends in Weibo. Based on Taobao and Weibo,many companies can easily perform target-oriented ad-vertisement to promote their products. In fact, this typeof advertisement can be easily launched in any OSN.

However, the possibility of doing target-oriented ad-vertisement in OSNs also opens a door for maliciousactivities. Precisely, dishonest users in an OSN mayintentionally give misleading recommendations to theirneighbors, e.g., by giving high (low) rating on a low-quality (high-quality) product. To take advantage of theword-of-mouth effect, firms may also hire some usersin an OSN to promote their products. In fact, this typeof advertisement becomes very common in Taobao andWeibo. Worse yet, companies may even consider payingusers to badmouth their competitors’ products. Due tothe misleading recommendations given by dishonestusers, even if a product is of low quality, people maystill be misled to purchase it. Furthermore, products ofhigh quality may lose out since some potential buyersare diverted to other low-quality products.

As we will show in Section 7.2 via simulation, mislead-ing recommendations made by dishonest users indeedhave a significant impact on the market share. In partic-ular, a simple strategy of promoting one’s own productwhile bad-mouthing competitors’ products can greatlyenhance the sales of one’s product. Furthermore, even ifa product is of low quality, hiring a small percentage ofusers to promote it by providing misleading recommen-dations can severely shift the market share on variousproducts. Therefore, it is of big significance to identifydishonest users and remove them from the networks soas to maintain the viability of viral marketing in OSNs.With respect to the normal users in OSNs, it is alsoof big interest to identify the dishonest users amongtheir neighbors so as to obtain more accurate recom-mendations and make wiser decisions on purchasingproducts. Motivated by this, this paper addresses theproblem of detecting dishonest recommenders in OSNs,in particular, how can a normal user discover and identifyfoes from a set of friends during a sequence of purchases?

However, it is not an easy task to accurately identifydishonest users in OSNs. First, an OSN usually containsmillions of users, and the friendships among these usersare also very complicated, which can be indicated bythe high clustering coefficient of OSNs. Second, usersin an OSN interact with their friends very frequently,which makes it difficult to identify dishonest users bytracing and analyzing the behaviors of all users in acentralized way. Last but not the least, in the scenarioof OSNs, honest users may also have malicious behav-iors unintentionally, e.g., they may simply forward thereceived misleading recommendations given by theirdishonest neighbors without awareness. Conversely, dis-honest users may also act as honest ones sometimes so asto confuse their neighbors and try to evade the detection.Therefore, the distinction between dishonest users and

honest ones in terms of their behaviors becomes obscure,which finally makes the detection more challenging.

To address the problem of identifying dishonest rec-ommenders in OSNs, this work makes the followingcontributions:

• We propose a fully distributed and randomized algo-rithm to detect dishonest recommenders in OSNs.In particular, users in an OSN can independentlyexecute the algorithm to distinguish their dishonestneighbors from honest ones. We further exploit thedistributed nature of the algorithm by integratingthe detection results of neighbors so as to speed upthe detection, and also extend the detection algo-rithm to handle network dynamics, in particular, the“user churn” in OSNs.

• We provide theoretical analysis on quantifying theperformance of the detection algorithm, e.g., proba-bility of false positive, probability of false negative,and the distribution of time rounds needed to detectdishonest users.

• We carry out extensive simulations to validate theaccuracy of the performance analysis, and furthervalidate the effectiveness of our detection algorithmusing a real dataset.

The outline of this paper is as follows. In Section 2,we review related work and illustrate the difference ofdetecting dishonest users in OSNs from that in generalrecommender systems. In Section 3, we formulate thetype of recommendations and the behavior of users inOSNs. In Section 4, we present the detection algorithmin detail, and also provide theoretical analysis on theperformance of the algorithm. In Section 5, we developa cooperative algorithm to speed up the detection, andin Section 6, we design a scheme to deal with thenetwork dynamics of OSNs. We demonstrate the severeimpact of misleading recommendations and validate theeffectiveness of the detection algorithms via simulationsin Section 7, and finally conclude the paper in Section 8.

2 RELATED WORK

A lot of studies focus on the information spreading effectin OSNs, e.g., [22], [29], and results show that OSNsare very beneficial for information spreading due totheir specific natures such as high clustering coefficient.To take advantage of the easy-spreading nature andthe large population of OSNs, viral marketing which isbased on the word-of-mouth effect is becoming popularand has been widely studied, e.g., [16], [19], [25], [33]. Inparticular, because of the strong social influence in OSNs,a small fraction of initial buyers can even attract a largeamount of users to finally purchase the product [29],[39]. A major portion of viral marketing research thinksviral marketing as an information diffusion process, andthen study the influence maximization problem, e.g.,[22], [12]. However, viral marketing in OSNs also opens adoor for malicious behaviors as dishonest recommenders

3

can easily inject misleading recommendations into thesystem so to misguide normal users’ purchases.

In the aspect of maintaining system security, somework like [34] considers to exploit the framework of truststructure [11], [23], [36]. The rough idea is to computea trust value for every pair of nodes in distributed sys-tems. This framework is suitable for building delegationsystems and reputation systems, while it still faces alot of challenges to address the problem of identifyingdishonest users in OSNs studied in this work. First,OSNs usually contain millions of users and billions oflinks, the cost on computing the trust values for everypair of users must be extremely high. Second, even if thetrust values for every pair of users have been computed,it still requires a mapping from the trust value to a tagindicating whether a user is dishonest or not, which isalso a challenging task, especially when users have nopriori information about the number of dishonest users.

With respect to malicious behavior detection, it waswidely studied in wireless networks (e.g., [21], [35], [28]),P2P networks (e.g., [30], [27]), general recommender sys-tems [8] (e.g., [13], [14], [24]), and online rating systems(e.g., [31], [17], [32]). Unlike previous works, in thispaper we address the problem of malicious behaviordetection in a different application scenario, online socialnetworks. In particular, we focus on the identificationof dishonest recommenders in OSNs, which is a verydifferent problem and also brings different challengeseven comparing to the problems of shill attack detectionin recommender systems and review spam detectionin online rating systems, both of which are consideredto be more similar to the problem we considered inthis paper. For example, every user in an OSN maygive recommendations to her friends, while this is to-tally different from the case of recommender systemwhere recommendations are made only by the systemand are given to users in a centralized way. Second,users’ ratings, i.e., the recommendations, may propa-gate through the network for OSNs, while there is norecommendation propagation in recommender systems.And this forwarding behavior makes normal users inOSNs also have the chance of doing malicious activi-ties, e.g., forwarding neighbors’ misleading recommen-dations without awareness. Last but not the least, anOSN usually has an extremely large number of nodesand links and also evolves dynamically, so a distributeddetection algorithm becomes necessary with the consid-eration of the computation cost. However, this increasesthe difficulty of the detection because the detector onlyhas the local information including her own purchasingexperience and the recommendations received from herneighbors, but not the global information of the wholenetwork as in recommender systems. In terms of thedetection methodology, related work studying reviewspam detection usually uses machine leaning techniques,while our detection framework is based on suspicious setshrinkage with distributed iterative algorithms.

3 PROBLEM FORMULATIONIn this section, we first present the model of OSNsand give the formal definitions on different types ofrecommendations, then we formalize the behaviors ofusers in OSNs on how to provide recommendations.In particular, considering that the objective of dishonestusers is to promote their target products and decrease thechance of being detected, we formalize the behaviors ofdishonest users into a probabilistic strategy.

3.1 Modeling on Online Social NetworksWe model an OSN as an undirected graph G = (V,E),where V is the set of nodes in the graph and E is theset of undirected edges. Each node i ∈ V represents oneuser in an OSN, and each link (i, j) ∈ E indicates thefriendship between user i and user j, i.e., user i is aneighbor or friend of user j and vice versa. That is, useri and user j can interact with each other via the link(i, j), e.g., give recommendations to each other. Usually,OSNs are scale-free [39], [29] and the degrees of nodesfollow power law distribution [9]. Precisely, p(k) ∝ k−γ ,where p(k) is the probability of a randomly chosen nodein G having degree k and γ is a constant with a typicalvalue 2 < γ < 3. We denote Ni = {j|(i, j) ∈ E} as theneighboring set of user i and assume that |Ni| = N .

3.2 Products and RecommendationsWe first formalize products, and then give the definitionsof different types of recommendations. We consider aset of “substitutable” products P1, P2, · · · , PM that areproduced by firms F1, F2, · · · , FM , respectively, andthese firms compete in the same market. Two productsare substitutable if they are compatible, e.g., polo shirtsfrom brand X and brand Y are substitutable goodsfrom the customers’ points of view. We characterizeeach product Pj with two properties: (1) its sale priceand (2) users’ valuations. We assume that each productPj has a unique price which is denoted as pj . Withrespect to users’ valuations, since different users mayhave different ratings on a product because of theirsubjectivity, we denote vij as the valuation of user i onproduct Pj .

We categorize a product into two types according toits sale price and users’ valuations. In particular, if useri thinks that a product Pj is sold at the price that trulyreveals its quality, then she considers this product as atrustworthy product. That is, product Pj is classified as atrustworthy product by user i only when pj = vij . Herethe equal sign means that the product is sold at a fairprice from the point of view of user i. Conversely, ifuser i thinks that the price of product Pj does not revealits quality, or formally, pj ̸= vij , then she classifies it asan untrustworthy product. Similarly, here the inequalitysign just means that user i thinks that Pj is pricedunfair, maybe much larger than its value. For example,maybe this product is of low quality or even bogus, but

4

it is produced by speculative and dishonest companieswho always seek to maximize their profit by cheatingcustomers. Formally, we use Ti(Pj) to denote the typeof product Pj classified by user i, and we have

Ti(Pj)=

!

1, if user i considers Pj to be trustworthy,0, if user i considers Pj to be untrustworthy.

Since products are categorized into two types, we as-sume that there are two types of recommendations: pos-itive recommendations and negative recommendations,which are denoted by RP (Pj) and RN(Pj), respectively.

Definition 1: A positive recommendation on product Pj

(RP (Pj)) always claims that Pj is a trustworthy productregardless of its type, while a negative recommendation onPj (RN (Pj)) always claims that Pj is an untrustworthyproduct regardless of its type. Formally, we have

RP (Pj) ! “Pj is a trustworthy product”,

RN (Pj) ! “Pj is an untrustworthy product”.

Note that a recommendation, either RP (Pj) or RN (Pj),does not reveal the type of product Pj classified by users,so one may make positive (or negative) recommenda-tions even if she takes the product as an untrustwor-thy (or a trustworthy) product. To have the notion ofcorrectness, we further classify recommendations intocorrect recommendations and wrong recommendationsby integrating users’ valuations.Definition 2: A recommendation on product Pj is cor-rect for user i, which is denoted as RC

i (Pj), only when itreveals the type of Pj classified by user i, i.e., Ti(Pj),while a wrong recommendation on product Pj for useri (RW

i (Pj)) reveals the opposite type of product Pj

classified by user i. Formally, we have

RCi (Pj)!

!

RP (Pj), if Ti(Pj)=1,RN (Pj), if Ti(Pj)=0.

RWi (Pj)!

!

RP (Pj), if Ti(Pj)=0,RN (Pj), if Ti(Pj)=1.

3.3 Behaviors of Users in OSNsIn this subsection, we formalize the behaviors of usersin an OSN. We assume that for any user, if she buys aproduct, then she can valuate the product based on herusage experience, and then categorizes it into either atrustworthy product or an untrustworthy product fromher point of view.

Behaviors of honest users. We define honest users asthe ones who will not intentionally give wrong recom-mendations. That is, if an honest user buys a product,since she can valuate the product and determine itstype, she always gives correct recommendations on theproduct to her neighbors. Precisely, she gives positiverecommendations if the product is considered to betrustworthy and negative recommendations otherwise.

On the other hand, if an honest user did not buya product, she may also give recommendations to her

neighbors by simply forwarding the received recom-mendations from other ones. This type of forwardingbehavior is quite common in OSNs. For example, inTaobao and Weibo, many users forward their friends’posts, including their purchasing experiences and ratingson products. In a study of online social networks [4], itwas found that 25% of users had forwarded an adver-tisement to other users in the network. Moreover, dueto the anonymity of users’ identities (e.g., users usuallyuse pseudo names to register their Weibo account), itis extremely difficult to trace the information spreadingprocess in OSNs, and so users may simply forward anyform of information without confirming its truthfulness.In particular, a user may forward a positive (nega-tive) recommendation given by her neighbors withoutvalidating the quality of the product. Because of thisforwarding behavior, it is possible that honest users maygive wrong recommendations to their neighbors. Thus,a user who gives wrong recommendations is not strictlydishonest, but only potentially dishonest. In other words,if the detector considers a product to be trustworthy andreceives negative recommendations from a neighbor, shestill can not be certain that this neighbor is dishonest,mainly because it is possible that this neighbor does notintend to cheat, but is just misled by her neighbors.

Behaviors of dishonest users. We define dishonestusers as the ones who may give wrong recommendationsintentionally, e.g., give positive recommendations on anuntrustworthy product. Note that dishonest users mayalso behave differently as they may aim for promotingdifferent products, e.g., users who are hired by firmFi aim for promoting product Pi, while users who arehired by firm Fj aim for promoting Pj . Without lossof generality, we assume that there are m types ofdishonest users who are hired by firms F1, F2, · · · , Fm,and they promote products P1, P2, · · · , Pm, respectively.Furthermore, we assume that the products promotedby dishonest users (i.e., products P1, P2, · · · , Pm) areuntrustworthy for all users. The intuition is that theseproducts are of low quality (or even bogus) so that theycan be easily identified by people. The main reason tomake this assumption is that in this case dishonest usershave incentives to promote these products for a largerprofit, meanwhile, honest users also have incentives todetect such dishonest users so as to avoid purchasinguntrustworthy products. To further illustrate this, notethat when users in an OSN are attracted to buy aproduct promoted by dishonest users, if the product isa trustworthy one, then there is no difference for thesebuyers to purchase other trustworthy products insteadof the one promoted by dishonest users, and so honestusers have no incentive to identify the dishonest userswho promote trustworthy products. In other words,promoting trustworthy products can be regarded asnormal behaviors, so we only focus on the case wherethe promoted products are untrustworthy in this paper.However, we would like to point out that when wemodel the behaviors of dishonest users in the following,

5

we allow dishonest users to behave as honest ones andgive correct recommendations.

Recall that the goal of dishonest users is to attract asmany users as possible to purchase the product theypromote, one simple and intuitive strategy to achievethis goal is to give positive recommendations on theproduct they promote and negative recommendations onall other products. On the other hand, besides attractingas many users as possible to buy their promoted product,dishonest users also hope to avoid being detected sothat they can perform malicious activities for a longtime. Therefore, dishonest users may also adopt a moreintelligent strategy so to confuse the detector and de-crease the chance of being detected. For instance, insteadof always bad-mouthing other products by giving neg-ative recommendations, they may probabilistically givecorrect recommendations and behave like honest userssometimes. The benefit of this probabilistic strategy isto make the detection more difficult so that dishonestusers may hide in a longer time. In this paper, we allowdishonest users to adopt this intelligent strategy and useSlj to denote the one adopted by a type-l (1 ≤ l ≤ m)

dishonest user j. Moreover, we allow dishonest users tobe more powerful by assuming that they know honestusers’ valuation on each product so that they can misleadas many users as possible. The intelligent strategy Sl

j canbe formally expressed as follows.

Slj!RP (Pl)∧

"

∧Mn=1,n̸=l

#

δRCj (Pn) ∨ (1−δ)RN(Pn)

$

%

, (1)

where δ denotes the probability of giving correct rec-ommendations. Recall that the goal of type-l dishonestusers is to attract as many users as possible to purchaseproduct Pl, while giving positive recommendations onother products (say Pn, n ̸= l) goes against their objec-tive, so we assume that dishonest users only give correctrecommendations on Pn with a small probability, i.e., δis small. In particular, δ = 0 implies that dishonest usersalways bad-mouth other products.

Note that there is a possibility that dishonest users donot adopt the probabilistic strategy as in Equation (1),while choose to promote trustworthy products over along time just to create a good reputation, and thenbehave maliciously by giving misleading recommenda-tions on a product. However, as long as the dishonestusers start performing malicious activities, our detectionframework still provides us with the opportunity ofdetecting them as we can keep executing the detectionalgorithm continuously. On the other hand, even if ourframework may fail to detect the dishonest users if theyonly perform malicious activities in a very limited num-ber of rounds, the effect of misleading recommendationsgiven by dishonest users is also very limited, and so thecorresponding miss detection error should be very small.

Another possibility we would like to point out isthat multiple dishonest users may collude and a singledishonest user may also create multiple Sybil accountsto consistently promote a low-quality product. This type

of collaborated malicious attack is still detectable underour framework, this is because our detection frameworkis fully distributed and when the detector determineswhether a neighbor is dishonest or not, she only relieson her own valuation on a product and the recommen-dation given by this neighbor. Therefore, the possibilityof a dishonest user being detected only depends onthe amount of malicious activities she performs, andit is irrelevant to other users’ behaviors. However, forthe cooperative detection algorithm that is developedfor speeding up the detection, dishonest users mayevade the detection if they collude as the detector maydetermine the type of a neighbor by exploiting otherneighbors’ detection information, while the possibilityof evading the detection depends on the parameterscontrolled by the detector. Hence, there is a tradeoffbetween detection accuracy and detection efficiency, andwe will further illustrate this in Section 5.

3.4 ProblemIn this paper, we develop distributed algorithms that canbe run at any user in an OSN to identify her dishonestneighbors. Specifically, we first develop a randomizedbaseline algorithm which only exploits the informationof the detector, see Section 4 for details. We also quantifythe performance of the algorithm via theoretical analysis.Then we propose a cooperative algorithm which furthertakes advantage of the detection results of the detector’sneighbors so as to speed up the detection, see Section 5for details. After that, we further extend the algorithmto deal with network dynamics of OSNs, i.e., user churn,in Section 6.

4 BASELINE DETECTION ALGORITHMIn this section, we first illustrate the rough idea of thedetection framework, and then present the detection al-gorithm in detail. We also quantify various performancemeasures of the algorithm.

4.1 General Detection FrameworkOur detection algorithm is fully distributed, and so userscan independently execute it to identify dishonest usersamong their neighbors. Without loss of generality, weonly focus on one particular user, say user i, and callher the detector. That is, we present the algorithm fromthe perspective of user i and discuss how to detect herdishonest neighbors. For ease of presentation, we sim-ply call a product as a trustworthy (or untrustworthy)product if the detector considers it to be trustworthy (oruntrustworthy).

Note that even if users’ subjectivity creates differentpreferences on different products, we assume that the de-tector and her neighbors have a consistent valuation onmost products. This assumption is reasonable, especiallyfor the cases where the quality of products can be easilyidentified, and its rationality can be further justified as

6

follows. First, users in an OSN prefer to have friendswith others who share similar interests and tastes. Henceusers in an OSN are similar to their neighbors [15] andso they have a consistent valuation with their neighborson many products. Secondly, “wisdom of the crowd” isconsidered to be the basis of online rating systems likeAmazon and Epinions, and it is also widely used bypeople in their daily lives, so it is reasonable to assumethat most products have intrinsic quality so that thedetector and her neighbors will have a consistent rating.

Note that the above assumption allows users who arenot friends with each other to have very different valua-tions on the same product, and it also allows the detectorand her neighbors to have different valuations on someproducts. In fact, if an honest neighbor has a differentrating on a product, then from the detector’s point ofview, it is just equivalent to the case where this honestneighbor is misled by dishonest users and so gives awrong recommendation. Another issue we would liketo point out is that even if the above assumption doesnot hold, e.g., if the detector and her neighbors havedifferent ratings on all products, our detection frame-work still provides a significant step toward identifyingdishonest behavior in OSNs’ advertisement. This is becauseif a neighbor has different valuations on all productsfrom the detector, then our detection framework willtake this neighbor as “misleading” no matter she intendsto cheat or not. This is acceptable as users always preferneighbors to have the similar taste (or preference) withthem so that they can purchase a product they really likeif they take their neighbors’ recommendations.

We model the purchase experience of detector i as adiscrete time process. Particularly, we take the durationbetween two continuous purchases made by detector ias one round, and time proceeds in rounds t = 1, 2, · · · .That is, round t is defined as the duration from thetime right before the tth purchase instance to the timeright before the (t+1)th purchase instance. Based on thisdefinition, detector i purchases only one product at eachround, while she may receive various recommendationson the product from her neighbors, e.g., some neighborsmay give her positive recommendations and others maygive her negative recommendations.

The general idea of our detection framework can beillustrated as in Figure 1. Initially, detector i is conserva-tive and considers all her neighbors as potentially dishon-est users. We use Si(t) to denote the set of potentiallydishonest neighbors of detector i until round t, whichis termed as the suspicious set, and we have Si(0) = Ni.As time proceeds, detector i differentiates her neighborsbased on their behaviors in each round, and shrinks thesuspicious set by removing her trusted neighbors whichare classified as honest users. After sufficient numberof rounds, one can expect that all honest neighbors areremoved from the suspicious set and only dishonestneighbors left. Therefore, after t rounds, detector i takes aneighbor as dishonest if and only if this neighbor belongsto the suspicious set Si(t).

t

...

0 1 2

dishonest userhonest user

Si(0) = Ni

Si(1)Si(2)

Fig. 1: General detection process via suspicious setshrinkage.

4.2 Operations in One RoundIn this subsection, we describe the detailed operationsof shrinking the suspicious set in only one round, sayround t. Note that detector i buys a product at round t,which we denote as Pjt (jt ∈ {1, 2, · · · ,M}), so she canvaluate the product and determine its type Ti(Pjt) fromher point of view. Moreover, she can further categorizethe received recommendations (that are either positiveor negative) into correct recommendations and wrongrecommendations based on her valuation on the product,and so she can differentiate her neighbors accordingto their recommendations. Specifically, we define NC

i (t)as the set of neighbors whose recommendations givenat round t are classified as correct by detector i. Ac-cordingly, we denote NW

i (t) and NNi (t) as the set of

neighbors who give detector i wrong recommendationsand no recommendation at round t, respectively. Wehave Ni = NC

i (t) ∪NWi (t) ∪NN

i (t).Recall that a product is either trustworthy or untrust-

worthy, so detector i faces two cases at round t: (1)the purchased product Pjt is an untrustworthy product,i.e., Ti(Pjt) = 0, and (2) the purchased product Pjt is atrustworthy product, i.e., Ti(Pjt) = 1. In the following,we illustrate on how to shrink the suspicious set in theabove two cases.

In the first case, a neighbor who gives correct recom-mendations can not be certainly identified as honest,mainly because a dishonest neighbor may also givecorrect recommendations. For example, a type-l (l ̸= jt)dishonest user may give negative recommendations onproduct Pjt based on the intelligent strategy, and thisrecommendation will be classified as correct as the de-tector valuates product Pjt as an untrustworthy product.Therefore, detector i is not able to differentiate honestneighbors from dishonest ones if Ti(Pjt) = 0. We adopta conservative policy by keeping the suspicious setunchanged, i.e., Si(t) = Si(t− 1).

In the second case, since detector i valuates productPjt as a trustworthy product, Pjt cannot be a prod-uct promoted by dishonest users, and we have Pjt ∈{Pm+1, ..., PM}. In this case, even if a dishonest user maygive correct recommendations on product Pjt based onthe intelligent strategy, the corresponding probability δis considered to be small, and so a dishonest user shouldbelong to the set NW

i (t) with high probability. Note thatit is also possible that dishonest users do not make anyrecommendation at round t, so dishonest users can be in

7

either NWi (t) or NN

i (t). We use D(t) to denote the unionof the two sets, i.e., D(t) = NW

i (t) ∪ NNi (t), which de-

notes the set to which dishonest users belong with highprobability at round t. To balance the tradeoff betweendetection accuracy and detection rate, we employ a ran-domized policy that only shrinks the suspicious set withprobability p. Precisely, we let Si(t) = Si(t−1)∩D(t) onlywith probability p. Here p is a tunable parameter chosenby detector i, and it reflects the degree of conservatismof the detector. The detailed algorithm which is referredas the randomized detection algorithm at round t is statedin Algorithm 1.

Algorithm 1 Randomized Detection Algorithm at Roundt for Detector i

1: Estimate the type of the purchased product Pjt ;2: Differentiate neighbors by determining NC

i (t),NW

i (t), and NNi (t);

3: Let D(t)← NWi (t) ∩NN

i (t);4: if Ti(Pjt) = 1 then5: with probability p: Si(t)← Si(t− 1) ∩D(t);6: with probability 1− p: Si(t)← Si(t− 1);7: else8: Si(t)← Si(t− 1);9: end if

To further illustrate the detection process in Algo-rithm 1, we consider Figure 2 as an example to showthe operations at round t. User i have seven neighborsthat are labeled from a to g. Assume that two of themare dishonest (i.e., user a and b). Suppose that neighborsa, b, c and e are still in the suspicious set before round t,i.e., Si(t−1) = {a, b, c, e}. We use dashed cycles to denotesuspicious users in Figure 2. If user i buys a trustworthyproduct at round t, and only neighbors e and f giveher correct recommendations, then user i can be certainthat neighbor e is honest with a high probability andit can be removed from the suspicious set. Therefore,according to Algorithm 1, the suspicious set shrinks withprobability p, and if this probabilistic even happens, thenwe have Si(t) = {a, b, c} as shown on the right hand sideof Figure 2.

i

b

c

d

g

f

e

a

i

b

c

d

g

f

e

a

Si(t− 1) = {a, b, c, e} Si(t)← Si(t−1)∩(NWi (t)∪NN

i (t)) = {a, b, c}

NWi (t) = {b, c, d}

NNi (t) = {a, g}

NCi (t) = {e, f}

dishonest user honest user suspicious user

with probability p

Fig. 2: An example illustrating Algorithm 1.

Note that Algorithm 1 is fully distributed in the sensethat it can be executed by any user to identify her dis-honest neighbors. The benefit of the distributed nature is

twofold. First, the size of an OSN is usually very large,e.g., it may contain millions of nodes and billions oflinks, so a distributed algorithm becomes necessary so asto make the computation feasible. Second, an OSN itselfis fully distributed, in particular, a user in an OSN onlyreceives information, e.g., recommendations on prod-ucts, from her direct neighbors, and so she only needs tocare about the honesty of her neighbors so as to make thereceived recommendations more accurate. Therefore, afully distributed detection algorithm is indeed necessaryfor the application we consider.

In terms of the implementation of Algorithm 1, itcan be deployed as a third-party application just likeothers that are deployed in OSNs. In particular, whenthis application has been deployed in an OSN, each userhas a choice to install it or not. If a user chooses to installit, then she needs to submit some necessary informationto the social network provider continuously, e.g., herratings on products and the recommendations that shewould like to make, and the provider will aggregateand store the information for each user. Finally, thecomputation can be done by either the server of thesocial network provider or the client computer of eachuser.

4.3 Performance EvaluationTo characterize the performance of the detection algo-rithm, we define three performance measures: (1) prob-ability of false negative which is denoted as Pfn(t), (2)probability of false positive which is denoted as Pfp(t), and(3) the number of rounds needed to shrink the suspicious setuntil it only contains dishonest users, which is denoted by arandom variable R. Specifically, Pfn(t) characterizes theprobability that a dishonest user is wrongly regarded asan honest one after t rounds, and Pfp(t) characterizesthe error that an honest user is wrongly regarded as adishonest one after t rounds. Recall that detector i takes aneighbor j ∈ Ni as dishonest if and only if this neighborbelongs to the suspicious set (i.e., j ∈ Si(t)), so we definePfn(t) as the probability that a dishonest neighbor ofdetector i is not in Si(t) after t rounds. Formally, wehave

Pfn(t) =# of dishonest neighbors of i that are not in Si(t)

total # of dishonest neighbors of detector i.

(2)On the other hand, since all neighbors of detector i areinitially included in the suspicious set (i.e., Si(0) = Ni),an honest user is wrongly regarded as a dishonest oneonly if she still remains in the suspicious set after trounds. Thus, we define Pfp(t) as the probability of anhonest user not being removed from the suspicious setafter t rounds. Formally, we have

Pfp(t) =# of honest neighbors of i that are in Si(t)

total # of honest neighbors of detector i.

(3)To derive the above three performance measures for

Algorithm 1, note that the suspicious set shrinks at

8

round t only when detector i valuates her purchasedproduct as a trustworthy product and this round isfurther used for detection with probability p. We callsuch a round a detectable round and use a 0-1 randomvariable d(t) as an indicator, where d(t) = 1 means thatround t is detectable and 0 otherwise. In addition tothe indicator d(t), detector i also obtains the set D(t) towhich dishonest users may belong at round t. Therefore,we use a tuple (d(t),D(t)) to denote the information thatdetector i obtains at round t, and the set of all tuples untilround t constitute the detection history, which we denoteas H(t). Formally, we have

H(t) = {(d(1),D(1)), (d(2),D(2)), ..., (d(t),D(t))}.

Based on the detection history H(t), the performancemeasures of Pfn(t), Pfp(t) and the distribution of R forAlgorithm 1 can be derived as in Theorem 1.Theorem 1: After running Algorithm 1 for t rounds, prob-ability of false negative and probability of false positive arederived in Equation (4) and Equation (5), respectively.

Pfn(t) = 1− (1− δ)!t

τ=1d(τ) , (4)

Pfp(t) ≈t&

τ=1,d(τ)=1

|D(τ − 1) ∩D(τ)|

|D(τ − 1)|, (5)

where D(0) = Ni and D(τ) is set as D(τ − 1) if d(τ) = 0.The number of rounds needed for detection until the suspiciousset only contains dishonest users follows the distribution of

P (R=r)=r

'

d=1

(

r − 1

d− 1

)

(pd)d(1−pd)

r−d ×

#

[1−(1−phc)d]N−k−[1−(1−phc)

d−1]N−k$

,(6)

where phc is the average probability of an honest user givingcorrect recommendations at each round and pd is the proba-bility of a round being detectable, which can be estimated byEquation (9) and Equation (10) in the Appendix, respectively.

Proof: Please refer to the Appendix.Since probability of false positive Pfp(t) is critical to

design the complete detection algorithm (see Section 4.4),we use an example to further illustrate its derivation.Note that a user in an OSN usually has a large numberof friends, so we let detector i have 100 neighbors labeledfrom 1 to 100. Among these 100 neighbors, we assumethat the last two are dishonest, whose labels are 99 and100. Before starting the detection algorithm, we initializeD(0) as Ni and let Pfp(0) = 1.

In the first detection round, suppose that user ibuys a trustworthy product and further takes thisround as detectable. Besides, suppose that only neighbor1 and neighbor 2 give her correct recommendations,i.e., D(1) = {3, 4, · · · , 100}, then we have Si(1) ={3, 4, · · · , 100}. Based on Equation (5), the probability offalse positive can be derived as

Pfp(1) = Pfp(0) ∗|D(0) ∩D(1)|

|D(0)|= 0.98.

Note that according to the definition in Equation (3),the accurate value of probability of false positive is9698 , which is a little bit smaller than the result derivedby Theorem 1. In fact, Theorem 1 provides a goodapproximation when the number of neighbors is largeand the number of dishonest users among them is small,which is the common case for OSNs as users often tendto have a lot of friends and a company can only controla small number of users to promote its product.

Now let us consider the second detection round.Suppose that the event with probability p does nothappen. That is, this round is not detectable. So we setD(2) = D(1), and the suspicious set remains the same,i.e., Si(2) = Si(1) = {3, 4, · · · , 100}. The probability offalse positive is still

Pfp(2) = 0.98.

We further examine one more round. Suppose that thethird round is detectable and neighbor 1 to neighbor4 give user i correct recommendations, i.e., D(3) ={5, · · · , 100}. Based on Algorithm 1, we have Si(3) =Si(2) ∩ D(3) = {5, · · · , 100}. The probability of falsepositive can be derived as

Pfp(3) = Pfp(2) ∗|D(2) ∩D(3)|

|D(2)|= 0.96.

Note that according to the definition in Equation (3), theaccurate value after round t is 94

98 = 0.959.Based on Theorem 1, we see that Pfp(t) → 0, and

this implies that all honest users will be removed fromthe suspicious set eventually. However, Pfn(t) does notconverge to zero, which implies that dishonest users mayevade the detection. Fortunately, as long as Pfn(t) is nottoo large when Pfp(t) converges to zero, one can stilleffectively identify all dishonest users (as we will showin Section 7) by executing the detection process multipletimes. On the other hand, the expectation of R quantifiesthe efficiency of the detection algorithm, in particular,it indicates how long a detector needs to identify herdishonest neighbors on average. Note that the detectionalgorithm itself does not rely on the derivation of thisperformance measure, and it is just used for studyingthe detection efficiency of the algorithm.

4.4 Complete Detection Algorithm

In Section 4.2, we present a partial detection algorithmwhich describes the operations in a particular round t. Inthis subsection, we present the corresponding completealgorithm which describes how to shrink the suspiciousset until dishonest users can be identified. To achievethis, we have to determine the termination conditionwhen repeating the partial algorithm round by round.Observe that after executing the detection algorithm fort rounds, only users in the suspicious set Si(t) are takenas dishonest ones. Intuitively, to avoid a big detectionerror, the detection process can only be terminated whenusers in Si(t) are really dishonest with high probability.

9

Based on the definition of probability of false positivePfp(t), it is sufficient to terminate the algorithm whenPfp(t) is lower than a predefined small threshold P ∗

fp.In other words, as long as probability of false positiveis small enough, we can guarantee that all users in thesuspicious set are really dishonest with high probability.Based on the above illustration, the complete detectionalgorithm can be stated as follows.

Algorithm 2 Complete Detection Algorithm

1: t← 0;2: Si(0)← Ni;3: repeat4: t← t+ 1;5: Derive the suspicious set Si(t) at round t by exe-

cuting Algorithm 1;6: Update probability of false positive Pfp(t);7: until Pfp(t) ≤ P ∗

fp

8: Take users in Si(t) as dishonest and blacklist them;

5 COOPERATIVE ALGORITHM TO SPEED UPTHE DETECTIONIn the last section, we propose a distributed and ran-domized algorithm that only exploits the detector’s localinformation. By running this algorithm, honest users candetect their dishonest neighbors simultaneously and in-dependently. That is, each user in an OSN maintains herown suspicious set containing her potentially dishonestneighbors. Since users in an OSN interact with each otherfrequently, they can also share their detection results,e.g., their suspicious sets. By doing this, a detector canfurther exploit her neighbors’ detection history to speedup her own detection, and we term this scenario ascooperative detection.

We still focus on a particular detector, say user i, anduse Si(t) to denote her suspicious set. At round t, user imay shrink her suspicious set based on her purchasingexperience and her received recommendations, and shemay also request the detection results of her neighbors.In particular, we assume that detector i can obtain twosets from each neighbor j at round t: the neighboring setand the suspicious set of neighbor j, which we denoteas Nj and Sj(t), respectively.

To exploit neighbors’ detection results, at round t,detector i first shrinks her own suspicious set accordingto Algorithm 1, and we call this step as the independentdetection step. After that, detector i further shrinks hersuspicious set by exploiting the information receivedfrom her neighbors (i.e., {(Nj ,Sj(t)), j ∈ Ni}), andwe term this step as the cooperative detection step. Sincedetector i may have different degrees of trust on herneighbors, we use wij(t) (0 ≤ wij(t) ≤ 1) to denotethe weight of trust of user i on neighbor j at roundt. That is, user i only exploits the detection results ofneighbor j with probability wij(t) at round t. Intuitively,

wij(t) = 1 implies that user i fully trusts neighbor j,while wij(t) = 0 means that user i does not trust j at all.The cooperative detection algorithm for user i at roundt is stated in Algorithm 3.

Algorithm 3 Cooperative Detection Algorithm at Roundt for Detector i

1: Derive the suspicious set Si(t) based on local infor-mation (i.e., using Algorithm 1);

2: Exchange detection results with neighbors;3: for each neighbor j ∈ Ni do4: with probability wij(t): Si(t)← Si(t)\(Nj\Sj(t));5: with probability 1− wij(t): Si(t)← Si(t);6: end for

We take Figure 3 as an example to further illustrate theoperations at the cooperative detection step (i.e., Line 3-6in Algorithm 3). Since user i first shrinks her suspiciousset by using Algorithm 1, we still use the setting inFigure 2 where Si(t) shrinks to {a, b, c} after the firststep. Now to further exploit neighbors’ detection resultsto shrink Si(t), suppose that only user c is a neighborof user d, and it has already been removed from userd’s suspicious set. That is, c ∈ Nd and c /∈ Sd. If user ifully trusts neighbor d (i.e., wid(t) = 1), then user i canbe certain that neighbor c is honest as c is identified ashonest by neighbor d. Thus, user i can further shrink hersuspicious set, and we have Si(t) = {a, b} as shown onthe right hand side of Figure 3.

i

b

c

d

g

f

e

a

Si(t)← Si(t−1)∩(NWi (t)∪NN

i (t)) = {a, b, c}

dishonest user honest user suspicious user

i

b

c

d

g

f

e

a

Si(t)← Si(t)\(Nd\Sd) = {a, b}

Cooperative detection step

c ∈ Nd

c /∈ Sd

Fig. 3: An example illustrating Algorithm 3.

To implement Algorithm 3, we need to set the weightsof trust on different neighbors, i.e., wij(t). One simplestrategy is only trusting the neighbors that are not inthe suspicious set as users in the suspicious set arepotentially dishonest. Mathematically, we can expressthis strategy as follows.

wij(t) =

!

0, if j ∈ Si(t),1, otherwise.

(7)

Note that wij(t) is a tunable parameter for detector i,and it affects the shrinking rate of the suspicious setof detector i. On the other hand, since detector i mayfurther shrink her suspicious set by exploiting her neigh-bors’ detection results, dishonest users may evade thedetection if they collude, while the possibility also de-pends on the parameter wij(t). In fact, there is a tradeoff

10

between detection accuracy and efficiency when choos-ing this parameter. Specifically, larger wij(t)’s imply thatdetector i is more aggressive to further exploit her neigh-bors’ detection results, and so the detection rate shouldbe larger, while the risk of dishonest users evading thedetection also becomes larger.

Again, Algorithm 3 is only a partial algorithm thatdescribes the operation at round t. To develop the com-plete version of the cooperative detection algorithm, wecan still use the idea in Section 4.4 to set the terminationcondition. That is, we keep running Algorithm 3 untilprobability of false positive is less than a predefinedthreshold P ∗

fp. To achieve this, we have to derive theprobability of false positive Pfp(t) for Algorithm 3, andthe result is stated in Theorem 2.Theorem 2: After running Algorithm 3 for t rounds, prob-ability of false positive can be derived as follows.

Pfp(t) ≈Pfp(t− 1) |D(t−1)∩D(t)|

|D(t−1)| N − |C(t)|

N,

where Pfp(0) = 1 and C(t) denotes the set of neighborsthat are removed from the suspicious set in the cooper-ative detection step at round t.Proof: Please refer to the Appendix.

6 ALGORITHM DEALING WITH USER CHURNIn previous sections, we proposed a randomized detec-tion algorithm and also discussed about how to speedup the detection. These algorithms are designed basedon the assumption that the underlying network is static,i.e., the friendships between users are fixed and do notchange during the detection. However, an online socialnetwork usually evolves dynamically, in particular, newusers may join in the network and existing users maychange their friendships or even leave the network bydeleting their profiles [18], [26], [40]. Taking the thenetwork dynamics into consideration, for detector i, newusers may become her friends and existing friends mayalso disconnect with her at some time. We call thesebehaviors as user churn. Note that even if users mayleave the network and rejoin it after some time, whilethey may not be able to recover the past friendshipsas establishing links or friendships usually requires theconfirmation of other users in OSNs. In this section, weextend our detection algorithm to address the problemof user churn in OSNs.

We still focus on a particular detector, say user i. Ateach round, we first employ previous algorithms, e.g.,Algorithm 1 or Algorithm 3, to shrink the suspiciousset. After that, we do the following checks: (1) whetherthere are new users becoming the neighbors of detectori, and (2) whether some existing neighbors of detector idisconnect with her. In particular, if new neighbors comein, we add them into the neighboring set Ni and thesuspicious set Si(t). In other words, we are conservativeto take new users as potentially dishonest. For ease of

presentation, we use NU(t) to denote the set of new usersthat become the neighbors of detector i at round t. On theother hand, if some existing neighbors disconnect withdetector i at round t, we simply remove them from boththe neighboring set Ni and the suspicious set Si(t). Weuse L(t) to denote the set of neighbors that leave detectori at round t, and use LS(t) to denote the set of usersthat are in the suspicious set Si(t) and leave detector iat round t, i.e., LS(t) = Si(t)∩L(t). Now we present thedetailed detection algorithm at round t in Algorithm 4.Note that if Algorithm 3 is used to shrink the suspiciousset in Algorithm 4, then cooperative detection is used tospeed up the detection.

Algorithm 4 Dealing with User Churn at Round t

1: Derive the suspicious set Si(t) (by executing Algo-rithm 1 or Algorithm 3);

2: Derive the set NU(t) and L(t);3: Si(t)← (Si(t) ∪NU(t))\L(t);4: Ni ← (Ni ∪NU(t))\L(t);

Let us use an example to illustrate the operationsin Algorithm 4 and it is shown in Figure 4. Since thesuspicious set first shrinks by using Algorithm 1 orAlgorithm 3, which has been illustrated before. Here weonly show the step dealing with user churn (i.e., Line 2-4). Suppose that at round t, user i disconnects withneighbor b (i.e., L(t) = {b}), and initiates a connectionwith a new user that is labeled as h (i.e., NU(t) = {h}),then user i can safely remove b from the suspicious setas she does not care user b any more, while she has nopriori information about the type of the new user h, soshe is conservative and add user h into the suspiciousset. Thus, we have Si(t) = {a, h} as shown in Figure 4.

dishonest user honest user suspicious user

i

c

d

g

f

e

a

Si(t)← Si(t) ∪NU(t)\L(t) = {a, h}

Step handling user churni

b

c

d

g

f

e

a

Si(t)← Si(t)\(Nd\Sd) = {a, b}

h h

Ni ← Ni ∪ {h}\{b}

Fig. 4: An example illustrating Algorithm 4.

The complete algorithm can also be developed bykeeping running the detection process until probabilityof false positive is smaller than a predefined thresholdP ∗fp. Thus, we have to derive the probability of false

positive Pfp(t) for Algorithm 4, and the result is statedin Theorem 3.Theorem 3: After running Algorithm 4 for t rounds, prob-ability of false positive can be derived as follows.

Pfp(t)≈Pfp(t−1)

|D(t−1)∩D(t)||D(t−1)| N(t−1)−|C(t)|+|NU (t)|−|LS(t)|

N(t),

11

where Pfp(0) = 1 and N(t) denotes the number ofneighbors after round t.Proof: Please refer to the Appendix.

7 SIMULATION AND MODEL VALIDATIONOur model aims to detect dishonest users who intention-ally give wrong recommendations in OSNs. Since eachuser in an OSN performs her own activities continuously,e.g., purchasing a product, giving recommendations toher neighbors, and making decisions on which productto purchase, the network evolves dynamically. There-fore, we first synthesize a dynamically evolving socialnetwork to emulate users’ behaviors, then we showthe impact of misleading recommendations and validatethe analysis of our detection algorithm based on thesynthetic network. We also validate the effectiveness ofour detection algorithm using a real dataset drawn froman online rating network.

7.1 Synthesizing A Dynamically Evolving OSNIn this subsection, we synthesize a dynamic OSN tosimulate the behaviors of users in the network. Toachieve this, we make assumptions on (1) how usersmake recommendations to their neighbors, (2) how usersmake decisions on purchasing which product, and (3)how fast the recommendations spread.

First, there are two types of users in the network:honest users and dishonest users. Dishonest users adoptthe intelligent strategy to make recommendations. Foran honest user, if she buys a product, she gives correctrecommendations to her friends based on her valuationon the product. On the other hand, even if an honest userdoes not buy a product, she still gives recommendationsbased on her received recommendations. We adopt themajority rule in this case. That is, if more than half of herneighbors give positive (negative) recommendations toher, then she gives positive (negative) recommendationsto others. Otherwise, she does not give any recommen-dation. In the simulation, we let all honest users havethe same valuation on each product, and so we randomlychoose an honest user as the detector in each simulation.

Second, to simulate the behaviors of users on decidingto purchase which product, we assume that an honestuser buys the product with the maximum number ofeffective recommendations that is defined as the numberof positive recommendations subtracting the numberof negative recommendations. The rationale is that onebuys a product that receives high ratings as many aspossible and low ratings as few as possible.

Last, we assume that the spreading rate of recom-mendations is much higher than the purchasing rate.In other words, when one gives a positive (negative)recommendation on a particular product to her neigh-bors, her neighbors update their states accordingly, i.e.,update the number of received positive (negative) rec-ommendations. If the corresponding numbers satisfy themajority rule, then they further make recommendations

on this product, and this process continues until no onein the system can make a recommendation according tothe majority rule. Moreover, the whole process finishesbefore the next purchase instance made by any user inthe network.

To model the evolution of the network, we assumethat it starts from the “uniform” state in which all prod-ucts have the same market share. During one detectionround, 10%|V | purchase instances happen, where |V | isthe total number of users in the network, i.e., betweentwo successive purchases of detector i, 10%|V | purchasesare made by other users in the network. Note that theassumptions we make in this subsection are only for thesimulation purpose, and our detection algorithms do notrequire these assumptions.

7.2 Impact of Misleading RecommendationsIn this subsection, we show the impact of misleadingrecommendations using the synthetic network. We em-ploy the GLP model proposed in [10] that is basedon preferential attachment [9] to generate a scale-freegraph with power law degree distribution and highclustering coefficient. We generate a graph with around8,000 nodes and 70,000 edges, whose clustering coeffi-cient is around 0.3. We assume that initially no producthas been purchased, and consider 10,000 purchase in-stances in the simulation. For each purchase instance,one user purchases and she buys the product with themaximum number of effective recommendations. Afterthat, she gives a recommendation on the product toher friends. The recommendation will spread throughoutthe network until no one can make a recommendationaccording to the majority rule. We assume that thereare five products, P1, · · · , P5, and dishonest users aim topromote product P1 which is an untrustworthy product,while the rest are trustworthy products. Our objectiveis to measure the fraction of purchases of each productout of the total 10,000 purchases. We run the simulationmultiple times and take the average value.

1 2 3 4 50

0.1

0.2

0.3

0.4

0.5

0.6

product ID

purc

hasi

ng p

roba

bilit

y

5% dishonest users no dishonest users

Fig. 5: Impact of misleading recommendations on themarket share distribution: dishonest users aim to pro-mote an untrustworthy product P1.

12

The simulation results are shown in Figure 5. First, wecan see that if no dishonest user exists in the networkto give misleading recommendations, the untrustworthyproduct P1 is purchased with only a small probability.The reason why the probability is non-zero is that if auser does not receive any recommendation, she simplymakes a random choice over the five products to makea purchase. However, if we randomly set 5% of usersas dishonest and let them adopt the intelligent strategyto promote P1 by setting δ = 0, then even if P1 isan untrustworthy product, it is still purchased withprobability around 0.15. In other words, many users inthe network are misled by these dishonest users to pur-chase P1. In summary, the existence of dishonest userswho intentionally give misleading recommendations canseverely distort the market share distribution.

7.3 Analysis Validation via A Synthetical OSNIn this subsection, we synthesize a dynamically evolvingnetwork based on the description in Section 7.1, and thenvalidate our analysis on the performance of the detectionalgorithms. In the simulation, we randomly select 5%of users as dishonest users, and let them adopt theintelligent strategy. We also randomly choose an honestuser who has dishonest neighbors and take her as thedetector. We carry out the simulation many times andtake the average value as the simulation results.

2 4 6 8 10 12 14 160

0.2

0.4

0.6

0.8

1

number of rounds: t

Prob

abili

ty

simtheo

Pfp(t)

Pfn(t)

Fig. 6: Probability of false negative and probability offalse positive of the randomized detection algorithm(Algorithm 1) where δ = 0.1 and p = 0.8.

Let us first focus on the performance measures ofPfn(t) and Pfp(t) for Algorithm 1. The theoretic resultsand simulation results are shown in Figure 6. First, wecan see that the theoretic results match well with thesimulation results. Second, one only needs to run thedetection algorithm for a small number of rounds toremove all honest users from the suspicious set, whichshows the effectiveness and efficiency of the detectionalgorithm. However, probability of false negative isnot zero as dishonest users may act as honest onessometimes with the hope of evading the detection. Thisimplies that only a part of dishonest users are detectedin one execution of the algorithm. Fortunately, when

probability of false positive goes to zero, probabilityof false negative is still not close to one. Therefore, todetect all dishonest users, one can run the algorithmmultiple times. At each time, a subset of dishonest usersare detected and then removed. Eventually, all dishonestusers can be identified. For example, in Figure 6, after tenrounds, probability of false positive is close to zero, andprobability of false negative is just around 0.6, whichindicates that at least 40% of dishonest users can bedetected in one execution of the algorithm.

Now we focus on the cooperative detection algorithm,i.e., Algorithm 3. Figure 7 compares the probability offalse positive for the randomized detection algorithm(Algorithm 1) with its corresponding cooperative version(Algorithm 3). Results show that our theoretic analysisprovides a good approximation of probability of falsepositive, which validates the effectiveness of the termi-nation condition used in the complete detection algo-rithm. Moreover, comparing the two groups of curves,we can see that probability of false positive of thecooperative algorithm is always smaller than that ofthe non-cooperative algorithm, which implies that thecooperative scheme effectively speeds up the detection.

2 4 6 8 10 12 14 160

0.2

0.4

0.6

0.8

1

number of rounds: t

P fp(t)

simtheonon−cooperative

detection

cooperativedetection

Fig. 7: The improvement of probability of false positivefor the cooperative algorithm (Algorithm 3) where δ =0.1 and p = 0.8.

Now we focus on the detection algorithm dealing withuser churn, i.e., Algorithm 4, and the results are shown inFigure 8. In the figure, one group of curves correspondsto the case where cooperative algorithm is employed, i.e.,using Algorithm 3 to derive the suspicious set in the firststep of Algorithm 4, the other group corresponds to thecase where cooperative detection is not used, i.e., usingAlgorithm 1 to derive the suspicious set in the first step.To simulate user churn, we add a new neighbor to thedetector with probability 0.3 in each round. Simulationresults show that probability of false positive goes tozero eventually, which implies that users in the suspi-cious set must be dishonest with high probability aftersufficient number of rounds. At last, we also observe thespeedup of the detection for the cooperative algorithm.

Let us look at the distribution of number of detectionrounds for the randomized detection algorithm, i.e., Al-gorithm 1. Results are shown in Figure 9. The horizontal

13

2 4 6 8 10 12 14 160

0.2

0.4

0.6

0.8

1

number of rounds: t

P fp(t)

simtheo

cooperativedetection

non−cooperativedetection

Fig. 8: Probability of false positive of the algorithmdealing with user churn (Algorithm 4) where δ = 0.1and p = 0.8.

axis is the number of rounds needed for the detection,and the vertical axis is the probability mass function. Wecan see that even if the probability mass function is notaccurately quantified, the expected number of rounds,E[R], is still well approximated. The deviation of theprobability mass function can be explained as follows.First, the probability of an honest user giving correctrecommendations is not a constant at each round, e.g., asmore users purchase a product, the probability of givingcorrect recommendations also increases since more userscan have their own valuations. Therefore, there mustbe an approximation error when we use a constantparameter, say phc, to approximate it. Second, since theperformance measure is quantified in a probabilistic way,it is required to run the simulation many times so as tomatch with the theoretic results. However, running thesimulation too many times takes a lot of time because ofthe large graph size. To balance the tradeoff, we only runthe simulation 1000 times, and the inadequate number ofsimulation times also contributes to the approximationerror. However, since the detection algorithm does notrequire the accurate quantification of the distribution ofR, it is still effective to employ the algorithm to identifydishonest users even if an approximation error exists.

0 5 10 15 200

0.05

0.1

0.15

0.2

0.25

0.3

number of rounds: r

P(R=

r)

sim: E[R] = 9theo: E[R] = 7

Fig. 9: Probability mass function of R when the random-ized detection algorithm is used and δ = 0.1 and p = 0.8.

7.4 Evaluation on Real Data

As we stated in Section 1, the problem we considered inthis paper is an abstraction of viral marketing problemsin OSNs, and so there is no publicly available datasetthat is drawn from an OSN specialized for viral market-ing. Therefore, to further validate the effectiveness of ourdetection algorithm, we consider a real dataset from asocial rating network, where users share their ratings onmovies and also establish friendships with others. In thefollowing, we first describe the dataset, then illustrate onhow to implement our detection algorithm, and finallyshow the results.

Dataset: We use the Flixster dataset which is drawnfrom a social network where users share their ratingson movies with their friends [20]. The underlying socialnetwork contains around 1M users and 26.7M socialrelations. Users can give ratings in the range [0.5, 5] withstep size 0.5, and there are 8.2M ratings in this dataset.Since we classify products into two types in this work,i.e., trustworthy products and untrustworthy products,to drive evaluations using the Flixster dataset, we mapeach rating to a binary value (i.e., either 0 or 1) bysplitting from the middle of the range (i.e., 2.5). Thatis, we take the ratings that are greater than 2.5 as highratings, and consider others as low ratings. By analyzingthis dataset, we find that for around 90% of movies, morethan 75% of users have a consistent valuation. This alsoconfirms the assumptions we make in our framework.

Algorithm Implementation: Since our detection algo-rithm is fully distributed and can be executed by anyuser. To select a detector, we randomly choose a userwho has a large number of friends and also gives alot of ratings. In particular, the detector chosen in thisevaluation has around 900 friends and gives around 200ratings. Among the 900 friends, around 700 of themhave only one rating or even no rating on all of themovies the detector rated, so we ignore them in theevaluation. Since all users in this dataset are honest, toemulate malicious activities, we randomly set 10% ofthe detector’s neighbors as dishonest users and let thempromote one particular movie. In particular, we modifythe ratings given by these dishonest users based on theintelligent strategy formalized in Equation (1). We runthe randomized detection algorithm (i.e., Algorithm 1)at the detector, and measure the probability of falsenegative and the probability of false positive based onthe definitions in Equations (2)-(3) so as to validate theeffectiveness of the detection algorithm.

Detection Results: The results of probability of falsepositive Pfp(t) and probability of false negative Pfn(t)are shown in Figure 10. We can see that probabilityof false positive continues to decrease as the algorithmexecutes for more and more rounds, and finally fallsbelow a small probability. This implies that most honestusers can be successfully removed from the suspiciousset. On the other hand, probability of false negativealso increases, which indicates the possibility of miss

14

detection. However, we can see that when probabilityof false positive drops below 0.1, probability of falsenegative only increases to 0.3. This shows the effective-ness of the detection algorithm. In particular, more than70% of dishonest users can be accurately identified inone execution of the algorithm, and so we can keepexecuting the algorithm for multiple times so to identifyall dishonest users. Another important point we like tostress is that the number of detection rounds in thisevaluation is not small, e.g., probability of false positiveonly decreases to 0.3 after 50 rounds. The main reasonis that in this dataset, most users only give very fewratings, and so many neighbors do not give any rating inmost of the detection rounds, which makes them remainin the suspicious set for a long time.

0 50 100 150 200 2500

0.2

0.4

0.6

0.8

1

Number of rounds: t

Prob

abili

ty

Pfp(t)

Pfn(t)

Fig. 10: Probability of false positive and probability offalse negative of the randomized detection algorithm onreal dataset.

8 CONCLUSIONIn this paper, we develop a set of fully distributedand randomized detection algorithms based on the ideaof shrinking suspicious set so to identify dishonestusers in OSNs. We formalize the behaviors of dishonestusers wherein they can probabilistically bad-mouth otherproducts while give positive recommendations on theproduct they aim to promote. Our detection algorithmsallow users to independently perform the detection so asto discover their dishonest neighbors. We provide math-ematical analysis on quantifying the effectiveness andefficiency of the detection algorithms. We also proposea cooperative scheme to speed up the detection, as wellas an algorithm to handle network dynamics, i.e., “userchurn” in OSNs. Via simulations, we first show that themarket share distribution may be severely distorted bymisleading recommendations given by a small fractionof dishonest users, and then validate the effectivenessand efficiency of our detection algorithms. The detectionframework in this paper can be viewed as a valuable toolto maintain the viability of viral marketing in OSNs.

APPENDIXPROOF OF THEOREM 1 IN SECTION 4.3We first focus on probability of false negative Pfn(t).Note that Si(t) only shrinks in detectable rounds, so we

have

Pfn(t)=P{a dishonest user j is considered to be honest}

=1−P{j is not removed from the suspicious set

in all detectable rounds}

=1−t&

τ=1,d(τ)=1

P{j ∈ D(τ)}.

To compute the probability that a dishonest user stays inD(τ) in a detectable round τ , observe that the productdetector i purchases at this round must be a trustworthyproduct which is not promoted by any dishonest user.We assume that dishonest users give recommendationsat every round so as to attract as many buyers aspossible. Based on the intelligent strategy, a dishonestuser gives correct recommendations on this product withprobability δ, and this recommendation is also correctfor detector i as we assume that dishonest users havethe same valuation with majority users, so we haveP{j ∈ D(τ)} = 1− δ, and probability of false negative is

Pfn(t)=1−t&

τ=1,d(τ)=1

(1− δ) = 1−*

1− δ+

!tτ=1

d(τ).

To derive probability of false positive Pfp(t), based onthe definition in Equation (3), it can be rewritten as

Pfp(t) = P{j ∈ Si(t)|H(t)}

= P{j ∈ Si(t− 1)|H(t)}×

P{j ∈ Si(t)|j ∈ Si(t− 1)&H(t)}

= Pfp(t− 1)× P{j is not removed

at round t|j ∈ Si(t− 1)&H(t)}, (8)

where j is an honest friend of detector i. To computethe probability that j is not removed at round t, wefirst consider the case where round t is detectable.Considering that a user in an OSN usually has a largenumber of neighbors and dishonest users only accountfor a small fraction, so we approximate the probability ofan honest user in the suspicious set not being removedat round t as |D(t−1)∩D(t)|

|D(t−1)| . On the other hand, if roundt is not detectable, then the corresponding probabilityis simply one. For ease of presentation, we always letD(t) = D(t − 1) if round t is not detectable, so theprobability can still be expressed as |D(t−1)∩D(t)|

|D(t−1)| . Bysubstituting it in Equation (8), we have

Pfp(t) ≈t&

τ=1,d(τ)=1

|D(τ − 1) ∩D(τ)|

|D(τ − 1)|,

where D(0) is initialized as Ni and D(τ) is set as D(τ−1)if d(τ) = 0.

Now we focus on the third performance measure R,which denotes the number of rounds needed to shrinkthe suspicious set until it only contains dishonest users.Note that the suspicious set can shrink at round t onlywhen this round is detectable, i.e., d(t) = 1. Therefore,

15

we first derive the distribution of number of detectablerounds, and denote it by a random variable D. Formally,we have

P (D ≤ d)=P{after d detectable rounds, all users

in the suspicious set are dishonest}

=P{all honest users are removed from the

suspicious set after d detectable rounds}

=(1− (1− phc)d)N−k,

where k is the number of dishonest neighbors of detectori and phc denotes the average probability of an honestuser being removed from the suspicious set at eachround, i.e., the average probability of an honest usergiving correct recommendations at each round.

Based on the distribution of D, we can derive the dis-tribution of R. Specifically, the conditional distributionP (R = r|D = d) is a negative binomial distribution, sowe have

P (R=r)='r

d=1P (D = d)P (R = r|D = d)

='r

d=1

(

r − 1

d− 1

)

(pd)d(1− pd)

r−dP (D = d),

where pd denotes the probability of a round being de-tectable. Based on the distribution of R, the expectednumber of rounds E[R] can be easily derived.

For probabilities phc and pd, we can estimate thembased on the detection history of detector i. Specifically,to measure phc, for each honest neighbor j of detectori, we first count the number of rounds where user jgives correct recommendations to detector i, then usethe fraction of rounds where user j gives correct recom-mendations as an approximation of the correspondingaverage probability. Finally, we can approximate phc bytaking an average over all honest neighbors of detectori. Mathematically, we have

phc ≈1

N − k

'

honest j∈Ni

# of rounds where j gives correct rec.

total # of rounds,

(9)where k denotes the number of dishonest neighbors ofdetector i. With respect to pd, note that pd equals tothe probability that detector i valuates her purchasedproduct as a trustworthy product in a round and thisround is further used for detection. To estimate it, weuse a 0-1 random variable 1{Ti(Pjt) = 1} to indicatewhether product Pjt that is purchased by detector i atround t is a trustworthy product or not, and we have

pd = p · limn→∞

,nt=1 1{Ti(Pjt) = 1}

n. (10)

PROOF OF THEOREM 2 IN SECTION 5Note that the detection at round t is divided into twosteps, the independent detection step and the coopera-tive detection step. In the independent detection step,detector i shrinks her suspicious set based on her localinformation, i.e., via Algorithm 1. In the cooperative

detection step, detector i further shrinks her suspiciousset based on her neighbors’ detection results. We useC(t) to denote the set of neighbors which are removedfrom the suspicious set in the cooperative detection stepat round t. Based on Equation (8), probability of falsepositive can be expressed as follows.

Pfp(t) = Pfp(t− 1)× P{j is not removed

at round t|j ∈ Si(t− 1)&H(t)}

= Pfp(t− 1)PIS(t)PCS(t),

where j an honest friend of detector i, PIS(t) and PCS(t)denote the probabilities that an honest user in the sus-picious set is not removed in the independent detectionstep and the cooperative detection step, respectively.

To derive PIS(t), since the suspicious set shrinks basedon Algorithm 1 in the independent detection step, wecan directly use the result in Theorem 1. We have

PIS(t) ≈|D(t− 1) ∩D(t)|

|D(t− 1)|,

where D(t) is set as D(t− 1) if round t is not detectable(i.e., when d(t) = 0).

To compute PCS(t) that is the probability that anhonest user in the suspicious set is not removed in thecooperative detection step, we first compute the prob-ability of false positive before the cooperative detectionstep at round t, and denote it by P IS

fp (t). Mathematically,

P ISfp (t) ≈ Pfp(t− 1)

|D(t− 1) ∩D(t)|

|D(t − 1)|.

Thus, there are P ISfp (t)(N − k) honest users in the suspi-

cious set if the detector has k dishonest neighbors. Since|C(t)| users are removed from the suspicious set in thecooperative detection step, we have

PCS(t) =P ISfp (t)(N − k)− |C(t)|

P ISfp (t)(N − k)

.

Now probability of false positive after t rounds can bederived as follows.

Pfp(t) ≈Pfp(t−1)

|D(t−1)∩D(t)||D(t−1)| (N − k)− |C(t)|

N − k. (11)

If k ≪ N , then probability of false positive Pfp(t) aftert rounds can be approximated as

Pfp(t) ≈Pfp(t− 1) |D(t−1)∩D(t)|

|D(t−1)| N − |C(t)|

N. (12)

Note that if k ≪ N does not hold, then probability offalse positive in Equation (12) is just an overestimationof Equation (11), so it is still feasible to be used in thetermination condition of the complete algorithm.

16

PROOF OF THEOREM 3 IN SECTION 6Inspired from the previous analysis, we divide the de-tection at round t into three steps: (1) the independentdetection step, (2) the cooperative detection step, and(3) the detection step dealing with user churn. More-over, probability of false positive after the cooperativedetection step at round t can be derived by Equation(11), and we denote it as PCS

fp (t). Since users in NU(t)connect with detector i and users in L(t) leave detectori at round t, suppose that dishonest users only accountfor a small fraction of the population, there are aroundN(t − 1) − k + |NU(t)| − |L(t)| honest users in theneighboring set after round t, where N(t − 1) denotesthe number of neighbors of detector i after round t− 1and N(t) = N(t − 1) + |NU(t)| − |L(t)|. Moreover, thenumber of honest users in the suspicious set after roundt is PCS

fp (t)∗(N(t−1)−k)+|NU(t)|−|LS(t)|, so probabilityof false positive after t rounds can be computed via

Pfp(t) ≈PCS

fp (t)∗(N(t−1)−k)+|NU(t)|−|LS(t)|N(t)−k

. If k ≪ N(t−1)

and we substitute PCSfp (t) with the result in Equation

(11), we have

Pfp(t)≈Pfp(t−1)

|D(t−1)∩D(t)||D(t−1)| N(t−1)−|C(t)|+|NU (t)|−|LS(t)|

N(t).

Again, if k ≪ N(t) for all t does not hold, probabilityof false positive computed via the above equation is justoverestimated, and it is still effective to use it to designthe termination condition of the complete algorithm.

ACKNOWLEDGMENTSThe work of Yongkun Li was supported in part byNational Nature Science Foundation of China underGrant No. 61303048, and the Fundamental ResearchFunds for the Central Universities under Grant No.WK0110000040.

REFERENCES[1] http://www.taobao.com.[2] http://weibo.com.[3] Alibaba Released Weibo for Taobao with Sina. http://www.

chinainternetwatch.com/2767/.[4] Microsoft Digital Advertising Solutions (2007). “Word of the

web guidelines for advertisers: understanding trends andmonetising social networks”. http://advertising.microsoft.com/uk/wwdocs/user/en-uk/advertise/partner%20properties/piczo/Word%20of%20the%20Web%20Social%20Networking%20Report%20Ad5.pdf.

[5] The Chinese e-Maket Overview. http://businessinchinasaos.wordpress.com/2013/06/06/the-chinese-e-maket-overview/.

[6] The Unexpected Leaders of Asian E-commerce.http://news.alibaba.com/article/detail/news/100922371-1-unexpected-leaders-asian-e-commerce.html.

[7] Weibo Trending Topic Attracted Massive User Dis-cussion. http://www.chinainternetwatch.com/7132/weibo-trending-topic-attracted-massive-user-discussion/.

[8] G. Adomavicius and A. Tuzhilin. Toward the Next Generationof Recommender Systems: A Survey of the State-of-the-Art andPossible Extensions. IEEE Transactions on Knowledge and DataEngineering, 17(6):734–749, June 2005.

[9] A.-L. Barabasi and R. Albert. Emergence of Scaling in RandomNetworks. Science, 1999.

[10] T. Bu and D. Towsley. On Distinguishing between Internet PowerLaw Topology Generators. Proceedings of IEEE INFOCOM, 2002.

[11] M. Carbone, M. Nielsen, and V. Sassone. A Formal Model forTrust in Dynamic Networks. In Proceedings from First InternationalConference on Software Engineering and Formal Methods, pages 54–61, sep. 2003.

[12] W. Chen, C. Wang, and Y. Wang. Scalable Influence Maximizationfor Prevalent Viral Marketing in Large-scale Social Networks. InProceedings of the 16th ACM SIGKDD International Conference onKnowledge Discovery and Data Mining, KDD ’10, 2010.

[13] P.-A. Chirita, W. Nejdl, and C. Zamfir. Preventing ShillingAttacks in Online Recommender Systems. In Proceedings of the7th annual ACM international workshop on web information and datamanagement, WIDM ’05, pages 67–74. ACM, 2005.

[14] D. Cosley, S. K. Lam, I. Albert, J. A. Konstan, and J. Riedl. Is SeeingBelieving? How Recommender Interfaces Affect Users’ Opinions.CHI Letters, 5:585–592, 2003.

[15] D. Crandall, D. Cosley, D. Huttenlocher, J. Kleinberg, and S. Suri.Feedback Effects Between Similarity and Social Influence in On-line Communities. In Proceedings of the 14th ACM SIGKDDInternational Conference on Knowledge Discovery and Data Mining,KDD ’08, 2008.

[16] P. Domingos and M. Richardson. Mining the Network Value ofCustomers. In ACM SIGKDD, pages 57–66, New York, NY, USA,2001. ACM.

[17] G. Fei, A. Mukherjee, B. Liu, M. Hsu, M. Castellanos, andR. Ghosh. Exploiting Burstiness in Reviews for Review SpammerDetection. In Proceedings of The International AAAI Conference onWeblogs and Social Media (ICWSM-2013), 2013.

[18] J. Golbeck. The Dynamics of Web-based Social Networks: Mem-bership, Relationships, and Change. First Monday, 12(11), Novem-ber 2007.

[19] G. J. Talk of the Network: A Complex Systems Look at theUnderlying Process of Word-of-Mouth. Marketing Letters, 12:211–223(13), 2001.

[20] M. Jamali and M. Ester. A Matrix Factorization Technique withTrust Propagation for Recommendation in Social Networks. InProceedings of the Fourth ACM Conference on Recommender Systems,RecSys ’10, pages 135–142. ACM, 2010.

[21] E. Kehdi and B. Li. Null Keys: Limiting Malicious Attacks ViaNull Space Properties of Network Coding. In Proceedings of IEEEINFOCOM 2009, 2009.

[22] D. Kempe, J. Kleinberg, and E. Tardos. Maximizing the Spreadof Influence Through a Social Network. In ACM SIGKDD, pages137–146, New York, NY, USA, 2003. ACM.

[23] K. Krukow and M. Nielsen. Trust Structures. International Journalof Information Security, 6:153–181, 2007.

[24] S. K. Lam and J. Riedl. Shilling Recommender Systems for Funand Profit. In WWW ’04: Proceedings of the 13th internationalconference on World Wide Web, pages 393–402, New York, NY, USA,2004. ACM.

[25] J. Leskovec, L. A. Adamic, and B. A. Huberman. The Dynamics ofViral Marketing. In EC ’06: Proceedings of the 7th ACM Conferenceon Electronic Commerce, pages 228–237, New York, NY, USA, 2006.

[26] J. Leskovec, L. Backstrom, R. Kumar, and A. Tomkins. MicroscopicEvolution of Social Networks. In Proceedings of the 14th ACMSIGKDD International Conference on Knowledge Discovery and DataMining, KDD ’08, pages 462–470. ACM, 2008.

[27] Y. Li and J. C. S. Lui. Stochastic Analysis of a RandomizedDetection Algorithm for Pollution Attack in P2P Live StreamingSystems. Performance Evaluation, 67(11):1273 – 1288, 2010.

[28] Y. Li and J. C. S. Lui. Epidemic Attacks in Network-Coding-Enabled Wireless Mesh Networks: Detection, Identification, andEvaluation. Mobile Computing, IEEE Transactions on, 12(11):2219–2232, 2013.

[29] Y. Li, B. Q. Zhao, and J. C. Lui. On Modeling Product Ad-vertisement in Large-Scale Online Social Networks. IEEE/ACMTransactions on Networking, 20(5):1412–1425, Oct. 2012.

[30] J. Liang, R. Kumar, Y. Xi, and K. Ross. Pollution in P2P FileSharing Systems. In Proceedings of IEEE INFOCOM 2005, 2005.

[31] A. Mukherjee, A. Kumar, B. Liu, J. Wang, M. Hsu, M. Castellanos,and R. Ghosh. Spotting Opinion Spammers Using BehavioralFootprints. In ACM SIGKDD, 2013.

[32] M. Rahman, B. Carbunar, J. Ballesteros, G. Burri, and D. H. P.Chau. Turning the Tide: Curbing Deceptive Yelp Behaviors. In InProceedings of SIAM Data Mining Conference (SDM), 2014.

[33] M. Richardson and P. Domingos. Mining Knowledge-sharing Sitesfor Viral Marketing. In ACM SIGKDD, pages 61–70, NY, USA,2002.

17

[34] M. Spear, J. Lang, X. Lu, N. Matloff, and S. Wu. Messagereaper:Using Social Behavior to Reduce Malicious Activity in Networks.Computer Science, UC Davis, Techincal Report. 2008.

[35] G. Theodorakopoulos and J. Baras. Malicious Users in Unstruc-tured Networks. In Proceedings of IEEE INFOCOM 2007, 2007.

[36] S. Weeks. Understanding Trust Management Systems. In Pro-ceedings of IEEE Symposium on Security and Privacy, pages 94–105,2001.

[37] D. Zhang, D. Zhang, H. Xiong, C.-H. Hsu, and A. V. Vasilakos.BASA: Building Mobile Ad-Hoc Social Networks on Top ofAndroid. Network, IEEE, 28(1):4–9, 2014.

[38] D. Zhang, D. Zhang, H. Xiong, L. T. Yang, and V. Gauither.NextCell: Predicting Location Using Social Interplay from CellPhone Traces. IEEE Transactions on Computers, 2013.

[39] B. Q. Zhao, Y. Li, J. C. Lui, and D. M. Chiu. Mathematical Mod-eling of Advertisement and Influence Spread in Social Networks.ACM NetEcon, 2009.

[40] X. Zhao, A. Sala, C. Wilson, X. Wang, S. Gaito, H. Zheng, and B. Y.Zhao. Multi-scale Dynamics in a Massive Online Social Network.In Proceedings of the 2012 ACM Conference on Internet MeasurementConference, IMC ’12, pages 171–184. ACM, 2012.

Yongkun Li is currently an associate researcherin School of Computer Science and Technology,University of Science and Technology of China.He received the B.Eng. degree in Computer Sci-ence from University of Science and Technologyof China in 2008, and the Ph.D. degree in Com-puter Science and Engineering from The Chi-nese University of Hong Kong in 2012. After that,he worked as a postdoctoral fellow in Instituteof Network Coding at The Chinese Universityof Hong Kong. His research mainly focuses on

performance evaluation of networking and storage systems.

John C. S. Lui is currently a professor in theDepartment of Computer Science & Engineeringat The Chinese University of Hong Kong. Hereceived his Ph.D. in Computer Science fromUCLA. When he was a Ph.D student at UCLA,he worked as a research intern in the IBM T. J.Watson Research Laboratory. After his gradua-tion, he joined the IBM Almaden Research Lab-oratory/San Jose Laboratory and participated invarious research and development projects onfile systems and parallel I/O architectures. He

later joined the Department of Computer Science and Engineering atThe Chinese University of Hong Kong. John serves as reviewer andpanel member for NSF, Canadian Research Council and the NationalNatural Science Foundation of China (NSFC). John served as the chair-man of the CSE Department from 2005-2011. He serves in the editorialboard of IEEE/ACM Transactions on Networking, IEEE Transactionson Computers, IEEE Transactions on Parallel and Distributed Systems,Journal of Performance Evaluation and International Journal of NetworkSecurity. He received various departmental teaching awards and theCUHK Vice-Chancellor’s Exemplary Teaching Award. He is also acorecipient of the IFIP WG 7.3 Performance 2005 and IEEE/IFIP NOMS2006 Best Student Paper Awards. He is an elected member of the IFIPWG 7.3, Fellow of ACM, Fellow of IEEE and Croucher Senior ResearchFellow. His current research interests are in communication networks,network/system security, network economics, network sciences, cloudcomputing, large scale distributed systems and performance evaluationtheory.