RECLAMO

Trust and reputation management is directly related to deciding in a distributed environment which entity is the most reliable to interact with, in terms of confidence and reputation. That is, having a system where different entities offer services or goods and others requesting them, the former will always look for the best self-profit, whereas the latter will demand the best services with respect to some quality characteristics, properties or attributes. Hence, requesters have to determine on their own which providers are the best ones according to certain criteria. Under these conditions, trust and reputation models are aimed to select the most trustworthy entity all over the system offering a certain service, considering reputation as a proxy for trust in behavior.

Many scenarios would benefit from the existence of some trust and reputation models, being the exchange of information between different Intrusion Detection Systems (IDS) a good example of it. In RECLAMO, the concept of trust and reputation is applied both to:

A trust and reputation management system is defined in RECLAMO so as to improve the overall detection coverage by dropping false or bogus alarms that arise from malicious or misbehaving nodes. This model allows a CIDN to detect malicious behaviors according to the trustworthiness of the alerts' issuers, calculated from previous interactions with the system; gradually isolating such IDSs as their behavior worsens throughout the time.

The trust and reputation model proposed in RECLAMO, called RepCIDN, provides higher accuracy in detecting distributed attacks, as it will be able to assess if any IDS exhibits a malicious behavior. The false alarms generated by malicious or compromised IDSs are directly dropped and they will not be published to the rest of the system components, by decreasing in turn the reputation score assigned to the issuers (IDSs) of such false alerts.

You can download from the below links the source code related to the trust and reputation model defined in RECLAMO, called RepCIDN. The first link corresponds to the Java code developed of RepCIDN, whereas the second one is the result obtained after launching RepCIDN once. Such results can be graphically displayed by using the gnuplot data plotting program.