AntTrust: An Ant-Inspired Trust Management System for Peer-to-Peer Networks

In P2P networks, self-organizing anonymous peers share different resources without a central entity controlling their interactions. Peers can join and leave the network at any time, which opens the door to malicious attacks that can damage the network. Therefore, trust management systems that can ensure trustworthy interactions between peers are gaining prominence. This paper proposes AntTrust, a trust management system inspired by the ant colony. Unlike other ant-inspired algorithms, which usually adopt a problem-independent approach, AntTrust follows a problem-dependent (problem-specific) heuristic to find a trustworthy peer in a reasonable time. It locates a trustworthy file provider based on four consecutive trust factors: current trust, recommendation, feedback, and collective trust. Three rival trust management paradigms, namely, EigenTrust, Trust Network Analysis with Subjective Logic (TNA-SL), and Trust Ant Colony System (TACS), were tested to benchmark the performance of AntTrust. The experimental results demonstrate that AntTrust is capable of providing a higher and more stable success rate at a low running time regardless of the percentage of malicious peers in the network.


Introduction
Computer networks, especially newly emerging forms such as wireless sensor networks (WSNs) and Internet of Things (IoT), are susceptible to failure [1][2][3]. Network failures can be attributed to a range of issues, of which security breaches are among the most common and dangerous. This is because, in these networks, a central component (e.g., gateway/router) is usually essential to the connection to the cloud or to the nearest network, which makes them more vulnerable, as a compromised central component can result in cascading failures. Therefore, many new application domains adopt the peer-to-peer (P2P) structure [4] or device-to-device cooperative (D2D) scheme [5], in which network nodes interact directly with each other, eliminating the need for the central component.
A P2P network is an open and dynamic distributed system, where nodes can directly communicate with each other without the need for a centralized server. In these networks, services are provided by peers; however, peers are characterized by their anonymity and freedom, so trust is essential to establishing communication among them [6]. Therefore, it is important to build a trust management system to encourage resource sharing among peers in such networks [7].
Many emerging studies have focused on trust management systems in P2P networks [8][9][10][11][12]. On the other hand, only a few studies have considered bioinspired approaches [13], although they might be of great benefit in such a context. Furthermore, to the best of our knowledge, all of the proposed bioinspired trust management algorithms are based on metaheuristics, also known as problem-independent heuristics, such as ant colony optimization (ACO) and artificial bee colony (ABC), rather than problem-specific • A novel trust management system, AntTrust, is proposed using a problem-specific heuristic to increase the success rate of good peers and reduce execution time. • A reward formula is suggested to recompense peers that provide valid contents and honest recommendations. • A new formula is introduced for the trust calculation between any two peers in the network based on four parameters: local trust value, recommendation, feedback, and friends' trust values. • A well-controlled evaluation framework is presented for evaluating the proposed approach. • Validation of the proposed system is carried out against well-established trust management paradigms.
The paper is organized as follows: Section 2 reviews the main trust and reputation models related to this paper. Section 3 introduces the AntTrust algorithm, while Section 4 explains the evaluation methodology. The experimental results are presented and discussed in Section 5. Lastly, Section 6 summarizes the conclusions and suggests possible future directions of this research.

Related Work
Trust and reputation models can be classified into traditional systems and bioinspired systems. Traditional systems constitute any trust management system with a basis that does not stem from a biological system, e.g., EigenTrust [9] and TNA-SL [16]. In EigenTrust, each peer in the network is assigned a global trust value that can be calculated using the eigenvector. EigenTrust depends heavily on pre-trusted peers in trust calculations, making them the focal point of failures if overloaded or misled by malicious peers. To overcome this problem, HonestPeer [17] was introduced, where honest peers shoulder the load with pre-trusted peers. PeerTrust [11] considers several factors in trust calculations, such as feedback about a specific peer by other peers in the community, the number of transactions, the credibility of the feedback provider and transaction, and community context factors, weighted by the level of trust in the feedback provider. FuzzyTrust [18] is another way to handle trust. FuzzyTrust uses fuzzy inference to calculate local trust values and then aggregates these local values to produce a global reputation. PowerTrust [19] is a reputation system that utilizes a trust overlay network (TON). The system uses a regular random walk for the initial reputation value and a lookahead random walk for updating the reputation values from the power nodes. In [16], the Trust Network Analysis with Subjective Logic (TNA-SL) was proposed as a method based on subjective logic to evaluate the trust between peers in a P2P network. Trust is represented by the opinion of a peer about another peer. The opinion is a relationship between two peers and consists of four components: belief, disbelief, uncertainty, and base rate. TCR [20] classifies nodes with similar research topics into local subnetworks. The trust score calculation considers different weights: the node's weight according to its contribution score, the node's weight according to its cooperation times, and the weight of the distance of the research field between two nodes. Misbehaving nodes are punished based on the distance between misbehaving and requesting nodes. TrueTrust [21] calculates the service responder's credibility as a function of all collected feedback on a service responder without using any feedback filtering mechanisms. However, the main factor in this calculation is the service requester's feedback on a service responder, which reflects the concept of retributive justice. In [22], a system was presented that collects statistics of the participating peers' activity in the network and defines two factors (local contribution and trustworthiness) based on the collected statistics. According to the trustworthiness factor, each peer is assigned a rank, which is then propagated to all participating peers in the network. In [23], a system using the best linear unbiased estimator was proposed that takes into account the uncertainties in the input variables to define the trust estimation method. The calculation of the trust value is based on requested and actual transfer rates and other parameters. AbsoluteTrust [24] is an algorithm that aggregates local trust without normalization. The algorithm depends on the concept of weighted averaging and scaling of local trust, which is then used to calculate the global trust. AuthenticPeer++ [25] is a hybrid technique that combines peer-based and file-based reputation system approaches. To reduce the impact of collective malicious peers, AuthenticPeer++ utilizes the global trust value of a peer to weigh its opinion. In [26], the trust calculation approach is based on direct transactions and the reputation of a set of neighbors. Each peer has a trust vector for every other peer, which stores the outcomes of the past transactions. A time-sensitive and context-dependent reputation model was developed in [27] for mobile ad hoc networks. The reputation value is built upon direct trust and recommendations from other peers according to their trust value. The cyclic ranking method was utilized in [28] for a P2P sharing system, where each peer uses its direct observation as well as recommendations collected from reputable neighbors about effective exchanges known as provision cycles. In [29], a multiagent robotic system with decentralized control was presented, where robots-agents calculate levels of trust for each other to protect the system from hidden attacks of robots-saboteurs by considering their previous interactions. The trust level of the agent is increased when the agent executes functions for the target and provides correct feedback about other robots. Trust-X [30] is a comprehensive XML-based framework for trust negotiations in a peer-to-peer network. Trust tickets are issued by involved parties after successful completion of a negotiation and used to speed up the following negotiations for the same resource.
In contrast to the large number of trust management systems that follow traditional approaches, very few systems have considered nature as a source of inspiration to target the trust problem. Here, we shed some light on them. In [31], a trust management system for P2P networks based on a genetic algorithm was presented, where the algorithm detects abnormal behavior as a function of a comparison with the peer profile. The algorithm defines the trustworthiness of peers based on anomaly detection using the behaviors of good peers as historical data, where each peer maintains a separate profile of other peers' behaviors. The profile information is extracted from the direct interactions between peers in the network. TrustIs [32] is a trust model inspired by the human immune system (IS). It uses concepts from the body's defense against viral attacks. This model combines peer reputation and object reputation to prevent the distribution of polluted files and the  [10,12], TACS [8], and AntPS [33] are trust and reputation trust management systems for P2P networks that rely on the ACO to find the best (most trustworthy) node. The ACO algorithm was inspired by the behavior of ant colonies [34][35][36], where a pheromone value is used to select a trustworthy provider. In AntRep [10], ants are dispatched to collect evidence about a peer's reputation and forward it to the requester. In TACS [8], ants follow pheromone values in addition to some heuristic values to find a trustworthy provider. In AntPS [33], the selection of the trustworthy provider is based on two pheromone values: resource similarity and trust similarity. Another reputation model for P2P networks based on ACO was presented in [12], which uses pheromone values as recommendations about target peers. Table 1 shows a comparison between reviewed bioinspired trust models. However, all of the abovementioned ant-inspired trust models were based on metaheuristic approaches and, hence, suffer from high computation overheads and long running times due to their iterative nature. In contrast, AntTrust is designed as a problem-specific heuristic to overcome these limitations. It strives to make a "good" guess for the path leading to the most trustworthy provider from the first try rather than iteratively working on optimizing a random path. Additionally, a flaw found in all ant-inspired trust models mentioned earlier is that they do not offer a way to reward good providers. Moreover, some of the models do not consider punishing misbehaving malicious nodes, except for TACS [8], which evaporates pheromones along the path to the misbehaving provider. However, this method is unfair to good nodes located along the "punished" path. AntTrust applies explicit strategies to reward and punish peers based on their trustworthiness.

Ant Inspiration
The primary idea of AntTrust is based on ant foraging behavior. Ants start their food-foraging journey from the nest, trying to find food sources randomly around the surrounding area, as shown in Figure 1a. If an ant finds a good food source, it then assesses its profitability before going back to the nest. During its return journey, the ant releases a chemical substance (pheromone) on the ground. The density of the pheromone released by the ant is in proportion to the profitability of the food source, thereby allowing other ants to identify the path to the most profitable food sources, as shown in Figure 1b. Other ants then follow the path that has the highest density of the pheromone, as shown in Figure 1c. The pheromone evaporates over time, which leads to fewer visited paths. In sum, this behavior is a well-known example of indirect communication and is usually referred to as stigmergy [34][35][36][37][38][39]. colony analogy) sends a file request (ant) to its neighboring peers (food sources). After receiving the file (reaching a food source), the requester peer gives a rating to the provider peer (pheromone deposition) based on the validity of the file received (the profitability of the food source). Furthermore, the trust value can be increased by a reward value or decreased by a punishment value depending on the validity of the received file, which mimics the idea of pheromone concentration and evaporation.  Other ants take the path that has the highest density of pheromone. The pheromone on the trails to less profitable sources evaporates gradually, while it becomes more concentrated on the path to the more profitable source. In the AntTrust system, a file requester (which corresponds to the nest in the ant colony analogy) sends a file request (ant) to its neighboring peers (food sources). After receiving the file (reaching a food source), the requester peer gives a rating to the provider peer (pheromone deposition) based on the validity of the file received (the profitability of the food source). Furthermore, the trust value can be increased by a reward value or decreased by a punishment value depending on the validity of the received file, which mimics the idea of pheromone concentration and evaporation.

AntTrust System Architecture
The underlying architecture, shown in Figure 2, is a centralized P2P network where a system registry keeps a dynamic list of all peers that joined the system at any time and a list of the files that they offer. However, the processing and calculations in the proposed trust management system are distributed where each node internally calculates the trust value based on its past communications with the other nodes. No single calculation or decision is made by a central entity. As stated earlier, the system registry serves only as a shared memory for the underlying P2P network to keep track of current available peers and resources. backs. The feedback list (FL) is used to record the received feedback from acquaintances in a list. The feedback handler is responsible for calculating the feedback using information that is received from the FL whenever necessary as a function of the total number of instances of positive feedback and negative feedback.

•
Recommendation manager: This component is responsible for retrieving recommendations about a specific file provider from a friend with current trust values above the best-friend threshold (δf), where δf is a positive real number.

Definitions
The AntTrust system defines the following terms in the trust context to ease the understanding of the relationship between peers in the network:  The main components of the AntTrust system are as follows: • Transaction manager: This component is responsible for selecting the most trustworthy file provider for the requester peer in each transaction by considering four trust parameters (current trust, feedback, recommendations, and collective trust). The Transaction manager receives the current trust located in the trust list (TL) and uses it to select the file provider peer. In the absence of current trust, the selection depends on the recommendation received from the Recommendation manager. In the latter case, feedback (the value received from the Feedback manager) is used to help select a provider peer. If all three of these values are unavailable, the Transaction manager uses collective trust to select a trustworthy file provider. After selecting a trustworthy file provider, the transaction takes place between the requester and the selected file provider. The requester peer then evaluates the received file and submits the file's validity to the Rating manager and the Feedback manager.

Definitions
The AntTrust system defines the following terms in the trust context to ease the understanding of the relationship between peers in the network: • Requester (P q ): A peer that requests a file in a transaction. • Provider (P v ): A peer that has the requested file in a transaction. • Friend: A peer P j is a friend of peer P i if P i has previously received a file or recommendation from P j . The friendship relationship is transitive for a friend of a friend (FoF) and a friend of a friend of a friend (FoFoF). For simplicity, we assume a maximum friend chain length of three. • Best friend: A peer P j is a best friend of peer P i if the current trust of P i by P j is above δ f . • Acquaintance: A peer P j is an cquaintance of peer P i if P i has previously sent a file to P j . • Unknown peer: A peer P j is unknown to peer P i if P i has not previously received a file, recommendation, or feedback from P j (it is neither a friend nor an acquaintance). • Current trust: This is the last saved trust value in the trust list (TL). During system initialization, all current trust values are set to zero.

How AntTrust Works
This section explains the two algorithms used in the AntTrust system in detail: the main AntTrust algorithm and the sub-algorithm named File provider selection algorithm.

AntTrust Algorithm
The AntTrust algorithm, as shown in Algorithm 1, has three main parts: file provider selection, file validation, and file provider recommendation, as described below.
(a) File provider selection: Initially, when all peers P in the network have no experience, P q selects P v randomly. However, after some transactions have been processed, a list of friends and their current trust values can be generated, and the provider selection process is then based on the file provider selection algorithm presented in Section 3.4.2. (b) File validation: After P q receives a file from P v , P q rates the transaction based on the validity of the received file based on Equation (1).
(c) File provider recommendation: Consequently, P q evaluates P v according to the validity of the received file or the received recommendations. If the file and recommendations are valid, a reward is calculated according to Equation (2) for P v and all recommender friends F i , if any, between P q and P v .
where N t is the total number of positive and negative transactions in which P v provided a file to P q , and N t = 1. TP is the total number of positive transactions in which P v provided a file to P q , and µ is the mean of all ratings of P v by P q or F i . The proposed reward formula focuses on the normalized ratio of the positive ratings and total ratings of the provider that are given by the requester and its friends. Based on this reward value and the current trust value, a new trust value is calculated according to Equation (3): Afterward, CurrentTrust is updated by the NewTrust value, and P v is added to the P q trust list.
Conversely, if the file or recommendation is invalid, punishment and a new trust value are calculated according to Equations (4) and (5), respectively, for P v and the recommender.
where PunishmentRate is an experimentally set variable. A higher value results in a more aggressive system toward invalid transactions, even by good peers.
Then, CurrentTrust is updated by the NewTrust value.

File Provider Selection Algorithm
The file provider selection algorithm, as shown in Algorithm 2, locates a trustworthy file provider P v based on four consecutive trust factors: current trust, recommendation, feedback, and collective trust. For each factor, there are three scenarios: when more than one provider satisfies the factor, when only one provider satisfies the factor, and when no provider satisfies the factor. Below, an explanation of the algorithm is presented in detail.

•
Step 1: Based on Current Trust When P q requests a file and more than one P v is available, P q checks its trust list first and selects a P v with a current trust value above the minimum trust threshold (δ t ); otherwise, P q sends a recommendation to its friends, as described in Step 2.
When only one direct P v exists, P q should select that P v only if its current value is above δ t ; otherwise, the transaction should be rejected. When no P v exist, P q sends a recommendation request to its friends.

•
Step 2: Based on Recommendation The recommendation request from P q is propagated through the friend chain until it reaches a friend F i that has direct experience with P v . However, only recommendations from best friends are considered. Recommendations are calculated according to Equation (6).
where N c is the number of friends in the friend chain between P q and P v with a CurrentTrust value greater than δ f . CurrentTrust PqF1 is the current trust of requester peer P q for the first friend F 1 in the friend chain between P q and P v , and CurrentTrust F Nc p v is the current trust of P c , i.e., the last friend in the friend chain between P q and P v , for the provider peer P v . After calculating the recommendations, when more than one recommendation exists, P q checks the calculated recommendations and selects a P v with a recommendation above δ t ; otherwise, feedback is calculated, as described in Step 3. When only one recommendation exists, P q should select P v if its recommendation is above δ t ; otherwise, the transaction should be rejected. When no recommendations exist, feedback is calculated.

•
Step 3: Based on Feedback When no recommendation is available, P q calculates feedback about P v based on the ratings received by P i from all acquaintances of P q . Feedback is calculated according to Equation (7).
where N f = 1, and it represents the total number of instances of positive and negative feedback provided for P v from all acquaintances of P q , FP is the total number of instances of positive feedback provided for P v from all acquaintances of P q , µ is the mean of all received feedback for P v from P i , and CurrentTrust PqPv is the current trust of P q for P v. After calculating the feedback, when more than one feedback is available, P q checks the calculated feedback and selects a P v with a feedback value above δ t ; otherwise, a collective trust is calculated, as described in Step 4. However, when only one feedback exists, P q should select P v only if its feedback value is above δ t ; otherwise, the transaction should be rejected. If no feedback exists, a collective trust is calculated.

•
Step 4: Based on Collective Trust The last factor is collective trust, which is the summation of the current trust values collected from all F i in the friend chain between P q and P v , calculated according to Equation (8).
After calculating the collective trust value, when more than one collective trust value exists, P q checks the calculated collective trust values and selects a P v with a collective trust value above δ t ; otherwise, P v is selected randomly.
However, when only one collective trust value exists, P q should select P v only if its collective trust value is above δ t ; otherwise, the transaction should be rejected. When no collective trust values exist, P v is selected randomly.
A close inspection of Algorithms 1 and 2 reveals that neither algorithm includes any nested loops or recursive calls; hence, they have a linear running time. Accordingly, the time complexity of AntTrust is O(n), which indicates high scalability and is well aligned with the experimental results presented in Section 5. On the other hand, the time complexities of EigenTrust, TACS, and TNA-SL are O(n 2 ) [40], O(n 3 ) [8], and O(2n) [16], respectively.

Evaluation Framework
We implemented the proposed algorithm using the simulation tool QTM using an approach similar to [17,32,41], as QTM was developed specifically for evaluating trust management systems in P2P networks. We controlled the experiments by varying the percentage of the malicious file providers, the number of transactions, and the size of the network. AntTrust considers two malicious strategies: naïve and collective. The size of the network varied in the range [132...512]. We considered two different network loads: 2500 and 5000 transactions. For each number of transactions, the percentage of malicious providers varied in the range [20%...60%]. The value of PunishmentRate was constant at 0.15. The considered threshold values were δ t = 0 and δ f = 0.5. Values of both thresholds were determined empirically over several runs. The benchmarks considered in the evaluation were TACS [8], EigenTrust [9], and TNA-SL [16].
All experiments were run on a SANAM cluster computer [42,43]. Each simulation scenario was executed 10 times for AntTrust and EigenTrust [9], whereas for TACS [8] and TNA-SL [16], the simulation was run once because of the overhead demanded to run such algorithms.
In a similar approach to [8], the TACS parameters used in the experiments were as follows: alpha and beta = 1, initial pheromone = 0.4928, number of iterations = 3, number of ants = 4, punishment threshold = 0.6806, path length factor = 0.5651, and transition threshold = 0.4972.
Two performance metrics were used to test the effectiveness of the developed algorithm: the success rate and execution time. The success rate is important for testing the effectiveness of the delivered algorithm in terms of providing the selection of a good provider. The equation divides the valid files received by good peers by the total number of transactions made by good peers according to Equation (9).
Success rate = # of valid files received by good peers # of transactions completed by good peers .
The execution time (running time) represents the time taken to execute the algorithm and should be minimized. Given the importance of this measure, we aimed to show how fast AntTrust is. This measure distinguishes the AntTrust algorithm (problem-specific heuristic) from metaheuristic algorithms because it generates an efficient solution in terms of time.

Results and Discussions
As mentioned before, only a few studies have focused on reputation and trust management systems in P2P networks by employing bioinspired heuristics. To the best of our knowledge, all of the proposed bioinspired trust and management algorithms were based on metaheuristics rather than problem-specific heuristics. We compared AntTrust with EigenTrust [9], TACS [8], and TNA-SL [16]. A no-trust system (None), where the selection of a file provider was random, was used as the baseline case.

Success Rate
The success rate is calculated as the total number of valid files received by good peers divided by the total number of files received by good peers.
In Tables 2 and 3, the success rate is presented against the percentage of malicious peers (naïve and collective) as the number of transactions increased from 2500 to 5000, respectively, for AntTrust and the benchmark algorithms, TACS, EigenTrust, and TNA-SL, and the baseline scenario, None. When the number of transactions was 2500 and the number of peers was 132, and the percentage of collective malicious providers increased to 60%, the success rates of TACS, EigenTrust, TNL-SL, and None dropped significantly; TNL-SL converged with EigenTrust, attaining a success rate of around 70%, while it reached 60% in TACS. On the other hand, the success rate of AntTrust remained stable (≥91%) in both naïve and collective strategies, and regardless of the number of providers. As expected, the no-trust system produced the lowest success rate and was significantly impacted by the increasing percentage of malicious peers. The variations in the success rate of AntTrust and the benchmark algorithms were more evident as the number of transactions was increased to 5000. AntTrust exhibited a high success rate (≥90%) in all experiments. However, the success rate of other algorithms decreased gradually to 60% in TNA-SL and approximately 70% in EigenTrust when the percentage of naive malicious peers was 60% and the number of providers was 512. For heavy scenarios of a large number of peers or transactions, we were unable to calculate the success rates of TNA-SL and TACS algorithms, as their running times exceeded 24 h.
Overall, we can observe that AntTrust outperformed the other algorithms in all scenarios. In AntTrust, with an increasing number of transactions, the requester gains more experience and more friends, which helps the algorithm in identifying the best (most trustworthy) provider. AntTrust is based on four trust components instead of selecting the provider based on aggregated trust values, as in EigenTrust, or based on a trust value (pheromone), as in TACS.

Execution Time
In Tables 4 and 5, the running time is presented against the percentage of malicious peers (naïve and collective) as the number of transactions increased from 2500 to 5000, respectively, for AntTrust and the benchmark algorithms, TACS, EigenTrust, and TNA-SL, and the baseline scenario, None. The None system took the least time to execute in both strategies, which is reasonable because it randomly selects the provider. Next were AntTrust and EigenTrust, while TACS took the longest time to execute due to its nature.
As the number of transactions increased to 5000, EigenTrust exhibited slightly better performance than AntTrust when using the naïve strategy. However, this was not the case with the collective strategy, where AntTrust outperformed EigenTrust. TNA-SL with collective pure malicious peers and TACS algorithms presented a significantly high running time exceeding 24 h.
The empirical running time results align with the asymptotic complexity analyses of AntTrust and EigenTrust. However, although the asymptotic complexity analysis suggests that TNA-SL is the most complex among the studied algorithms, when implemented, TACS was the worst. This might be related to the fact that TNA-SL displays an extended running time only for lengthy FoF chains, as complex matrix chain multiplications are needed, which is not a very common scenario.

Conclusions
This paper presents a trust management system named AntTrust that is based on a problem-specific heuristic inspired by ant colonies. The goal of our system is to increase the success rate of good peers and reduce the execution running time by adopting a new algorithm that measures trust between peers in P2P networks. The main AntTrust algorithm rates the transaction on the basis of the validity of the received file and applies explicit strategies to reward and punish peers as a function of their trustworthiness. Another subalgorithm, named the file provider selection algorithm, locates a trustworthy file provider on the basis of four consecutive trust factors (current trust, recommendation, feedback, and collective trust). Evaluation of our system through a comprehensive framework showed that AntTrust has a strong positive effect in terms of providing a more trustful environment by increasing the success rate of good peers. Regarding the tested malicious strategies, AntTrust showed considerable ability, compared to the other algorithms, to distinguish the collective strategy from the naïve strategy due to its multiplicity of trust parameters and the punishment process for misbehaving malicious nodes. Additionally, AntTrust showed a low running time, which can be attributed to its proactivity in immediately calculating trust rather than waiting for a new transaction.
The results presented herein open a path toward research on various interesting issues. Future studies should assess whether trustworthiness on some nodes converges and stabilizes after some rounds. It is also important to consider a strategy to reward or punish an acquaintance based on the honesty of its provided feedback. In addition, the system can be tested against other malicious models, such as strategic deception. Furthermore, a special strategy can be adopted to handle the problem of multiple responses arising from the same remote friend via multiple possible chains of friends, which might occur as a result of trust propagation through a network. Lastly, future research should look at extending the application domain to other platforms, such as cloud computing, grid computing, and WSNs.