Trust-Based Service Composition and Binding With Multiple Objective Optimization in Service-Oriented Mobile Ad Hoc Networks
Trust-Based Service Composition and Binding With Multiple Objective Optimization in Service-Oriented Mobile Ad Hoc Networks
Trust-Based Service Composition and Binding With Multiple Objective Optimization in Service-Oriented Mobile Ad Hoc Networks
Abstract— With the proliferation of fairly powerful mobile devices and ubiquitous wireless technology, we
see a transformation from traditional mobile ad hoc networks (MANETs) into a new era of service-oriented
MANETs wherein a node can provide and receive services. Requested services must be decomposed into more
abstract services and then bound; we formulate this as a multi-objective optimization (MOO) problem to
minimize the service cost, while maximizing the quality of service and quality of information in the service a
user receives. The MOO problem is an SP-to-service assignment problem. We propose a multidimensional trust
based algorithm to solve the problem. We carry out an extensive suite of simulations to test the relative
performance of the proposed trust-based algorithm against a non-trust-based counterpart and an existing single-
trust-based beta reputation scheme. Our proposed algorithm effectively filters out malicious nodes exhibiting
various attack behaviors by penalizing them with loss of reputation, which ultimately leads to high user
satisfaction. Further, our proposed algorithm is efficient with linear runtime complexity while achieving a
close-to-optimal solution.
Index Terms— service-oriented ad hoc networks, service composition, trust management, multi-objective
optimization.
—————————— ——————————
I. INTRODUCTION service request in hand, an SR has to first formulate a
service composition plan based on the available SPs, and
A service-oriented mobile ad hoc network (MANET) is
then determine the best node-to-service assignment for
populated with service providers (SPs) and service
achieving multi-objective optimization (MOO). Dynamic
requesters (SRs). A realization of service-oriented
service composition and binding is especially complicated
MANETs is a peer-to-peer service system with SPs
in MANETs because of the space-time complexity of
providing web services and SRs requesting services, each
mobile devices (space is related to mobility and time is
requiring dynamic service composition and binding [26].
related to dynamic status change), and no existence of a
Unlike a traditional web service system in which nodes are
trusted third party for centralized control. This issue is
connected to the Internet, nodes in service-oriented
further compounded by the fact that nodes may exhibit
MANETs are mobile and an SR will need to request
malicious behavior (explained later in Section III.C) and the
services from available SPs it encounters and with which it
information received is often erroneous, uncertain and
interacts dynamically. One can view a service-oriented
incomplete in MANET environments [12].
MANET as an instance of Internet of Things (IoT) systems
Our approach is to use trust [4], [5], [9], [10], [12], [13],
with a wide range of mobile applications including smart
[16], [24], [25] for decision making of service composition
city, smart tourism, smart car, smart environmental
and binding. We demonstrate the resiliency and
monitoring, and healthcare [6]. It is particularly suitable to
convergence properties of our trust protocol design for
military MANET applications where nodes are mobile with
service-oriented MANETs in the presence of malicious
multi-hop communication.
nodes showing various attack behaviors (discussed in detail
In this paper, we are concerned with satisfying user
in Section III.C).
service requests with multiple objectives including
The unique contributions of the paper are as follows:
maximizing quality-of-service (QoS) and quality-of-
1. Our work is the first to propose a dynamic trust-based
information (QoI) while minimizing the service cost with
service composition and binding algorithm for MOO in
user satisfaction (US) ultimately measuring success. With a
service-oriented MANETs. Our proposed scheme has
———————————————— only linear runtime complexity for solution search but
†Yating Wang and Ing-Ray Chen are with the Department of approaches the ideal performance obtainable by the
Computer Science, Virginia Tech, Falls Church, VA 22043. E-mail:
{yatingw, irchen}@vt.edu.
Integer Linear Programming (ILP) solution which has
*Jin-Hee Cho, Ananthram Swami, and Kevin S. Chan are with exponential runtime complexity, and is thus applicable
Computational and Information Sciences Directorate, U.S. Army only to small-sized problems.
Research Laboratory, Powder Mill Rd. Adelphi, MD 20783. E-mail:
{jinhee.cho, ananthram.swami, kevin.s.chan}@us.army.mil
Digital Object Identifier no. 10.1109/TSC.2015.2491285
1939-1374 ß 2015 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.
2. We are the first to conduct a comparative performance including price, response time, and reliability by
analysis of non-trust vs. single-trust vs. multi-trust approximating Pareto-optimal solutions. Yu and Lin [50]
protocols for peer-to-peer trust evaluation in service- studied MOO with end-to-end QoS objectives, including
oriented MANETs. Trust-based service composition response time, service cost, availability and reliability.
and binding has been studied in the web services Alrifai and Risse [2] considered end-to-end QoS objectives
domain [3], [15], [47], but only a single trust score on during the runtime service binding process. Both [2] and
service quality was considered, although the single trust [50] used a multi-choice multidimensional knapsack
score may derive from multiple service quality metrics problem to formulate the MOO problem.
such as response time, throughput, availability, etc. This Weighted-sum is a common approach used in service
largely ignores the multidimensional concept of trust. composition with MOO. Yu et al. [51] addressed a service
Identifying proper trust components and forming the selection problem by aggregating multiple QoS objectives
overall trust out of multiple trust components is critical into a weighted utility function to be maximized subject to
to maximize application performance. We consider two QoS resource needs with each weight representing the
key trust dimensions in service request execution, importance of each QoS attribute. Zeng et al. [52]
namely, competence and integrity, as the building considered five objectives, namely, price, duration,
blocks of a composite trust metric. reliability, availability and reputation and formulated the
3. We use trust to effectively prevent malicious nodes MOO problem as a single objective problem using
from disrupting the operation of service-oriented weighted sum. Similar to [51], [52], we adopt weighted
MANETs. We conduct a detailed performance analysis sum to formulate our MOO problem for its simplicity and
and demonstrate that our trust-based algorithm can proven effectiveness.
effectively filter out malicious nodes, which ultimately The above cited work had a common drawback.
leads to high user satisfaction. Namely, their solutions have exponential time complexity
The rest of this paper is organized as follows. Section II because the MOO problem to be solved is NP-hard [17].
surveys related work and contrasts our approach with Our work remedies this problem by devising trust-based
existing work. We also explain the new contributions of heuristic solutions that incur only linear runtime
this work compared to our published preliminary work [48]. complexity, and verifying that the performance of our trust-
Section III describes our system model, including the based solution approaches the ideal performance obtainable
network model and the threat model. Section IV describes by ILP solution.
service composition and binding. Section V defines the Service composition in MANETs is still in its infancy.
problem and presents our solution methodology. Section VI Existing work only focused on mechanisms for enabling
discusses trust protocol designs considered in this work service composition without considering MOO. Sheu et al.
including the proposed multi-trust based algorithm, and an [38] designed a tactical pervasive service collaboration
existing single-trust based algorithm [16], [24]. Section VII platform to enable service composition considering
describes the three algorithm designs considered in this dynamic task arrival, data synchronization, and task failure.
work. Section VIII reports the comparative performance Johnsen et al. [21], [22] suggested a semantic service
analysis results of the three algorithms, and performs discovery solution with a rich and expressive service
sensitivity analysis of the results with respect to key design description provided to facilitate service composition.
parameters and their impact on resiliency. Section IX Wright et al. [49] proposed the use of UML 2.0 Activity
concludes the paper and outlines future research areas. Diagrams as a workflow specification language for
describing service construction and composition. Suri [43]
II. RELATED WORK studied the deployment issues of service-oriented
architectures and developed a middleware to facilitate
Service composition has been widely studied in
dynamic service composition to cope with those issues.
Internet-based web services [8], [26], [27], [35], [36], [40],
Compared with the above cited work, our work is the first
[42], [44], [52]. Service composition and binding comes in
to propose a dynamic service composition and binding
two forms: (a) goal-oriented composition where a goal and
algorithm using multi-trust protocols for MOO in service-
a set of available services are given and the system
oriented MANETs.
completes the goal by planning and service binding; and (b)
Singh [39] indicated that trust is an important factor in
workflow-based composition where the workflow with
service-oriented computing where user experience is the
constraints is given as input [36]. Our work takes the latter
main factor for trust establishment. Bansal et al. [3] and Dai
approach, with service composition being formulated as a
et al. [15] proposed trust-based web service composition,
workflow problem (based on the user’s location and the
but only a single dimension of trust was considered.
availability of SPs an SR encounters), and service binding
Relative to the above work, we consider multi-trust,
being formulated as a node-to-service assignment problem.
recognizing multi-dimensional trust assessment is critical to
MOO has also been extensively studied in Internet-
decision making. We demonstrate that our multi-trust-based
based web services [41]. Wagner et al. [46] proposed a
planning assistant that achieves MOO for three objectives
algorithm outperforms its single-trust-based counterparts III. SYSTEM MODEL
such as BRS [16], [24]. A. Service Provider and Service Requester Model
Wahab et al. [47] provided an excellent review of trust We consider a service-oriented MANET in which a
and reputation models for Web services. Mehdi et al. [30], node has two roles: a service provider (SP) for abstract
[31], [32] considered multiple QoS metrics (e.g., response services it is capable of providing, and a service requestor
time, throughput, availability, etc.) for assessing the service (SR) for issuing service requests on behalf of its owner.
quality of a web service. A trust score is derived from Conceptually an SR is like a user in service-oriented
combining multiple QoS metrics to assess the MANETs. A user can issue a sequence of service requests
trustworthiness of a web service. This single trust score as it moves from one location to another. An example is a
considered in [30], [31], [32] in effect corresponds to the user in a smart city who first issues a service request “take
competence trust score considered in our work. In addition, me to a nice Thai restaurant nearby with drunken noodle on
we also consider the integrity trust score (the other metric its menu” with a service quality specified in terms of QoI,
of our multi-trust design) for measuring the degree to which QoS, and cost for the overall service request (e.g., the cost
a node complies with the prescribed service protocol. and duration of travel), as well as for individual abstract
Khosravifar et al. [28] considered multiple reputation services (e.g., cost of drunken noodle). Once she finishes
factors (user satisfaction and popularity) and analyzed their her meal, she issues another service request “take me to a
relationships. We do not consider popularity as a trust nice night club in town” again with a minimum service
metric. Instead, we consider integrity as a trust metric to quality specified in terms of QoI, QoS, and cost. Each of
cope with malicious attacks. Hang et al. [18], [20] modeled these service requests involves a service composition phase
a composite service as a statistical mixture, and showed that to compose a service plan out of the transportation services
their approach can dynamically punish or reward the (e.g., taxi, bus, subway, etc.) and Thai food/night club
constituents of composite services while making only services available to the user, followed by a service binding
partial observations. Hang et al. [19] later developed a phase to select the best SPs out of all SPs available to the
probabilistic trust model considering not only the trust user at the time the service request is issued. The overall
level, but also the amount of evidence supporting the trust goal of the user is to maximize the QoS and QoI, while
level. They showed that their trust model yields higher minimizing the cost for all requested services r.
prediction accuracy than traditional approaches suffering We consider a service-oriented MANET environment
from situations in which witnesses are unreachable or are with | | nodes moving according to the small world in
reachable only by untrustworthy referrals. In our work, we motion (SWIM) mobility model [29]. We select SWIM
consider confidence in the context of trust formation. That because it captures key properties of human mobility in
is, integrity trust is used as confidence to assess the validity social network settings. Mobility introduces dynamic
of competence trust based on the rationale that competence topology changes and affects the reliability of packet
trust ultimately ensures service success. This is discussed in routing over multiple hops from a source to a destination. In
more detail in Section VI.B. particular, it affects the success probability of
This work is substantially extended from our recommendation packet delivery which in turn affects trust
preliminary work [48] as follows: (a) we apply a scaling protocol performance. To conserve resources, we assume
technique to scale service quality metrics so that all service that only a single copy of the recommendation about a
quality metrics are normalized to the same scale and order, target node (node j) is transmitted from the recommender
and the MOO problem may be formulated as a node (node k) to the trustor (node i). Then, the
maximization problem; (b) we develop new single-trust and recommendation packet from node k is lost when there is
multi-trust protocols and examine their impact on no route to reach node i from any intermediate node
performance with respect to key design parameters; (c) we because of topology changes, when there is a channel error
add a new simulation study for small-sized to large-sized with probability , or when any intermediate node
MOO problems for simulation validation, and analyze the
maliciously performs packet dropping attacks.
effect of node and operation characteristics on performance;
(d) we analyze the effect of node and network dynamics on B. Service Quality Criteria
both trust-based and non-trust-based algorithms; (e) we Without loss of generality, we consider three service
devise heuristic-based solutions which yield linear runtime quality criteria: QoI, service delay (as a QoS attribute), and
complexity for solution efficiency without sacrificing cost. We denote them by Q, D, and C which may be
solution optimality compared with the optimal solution measured after service invocations are performed. While D
generated by ILP; and (f) we conduct extensive sensitivity and C are easily measureable physical quantities, Q is
analysis to identify conditions under which each of the specific to the application domain. For example, in
studied schemes perform best: the proposed multi-trust- environment monitoring service, Q is measured by the
based scheme, and the non-trust-based and single-trust- extent to which the output contributes to the ground truth
based counterparts. data [45]. In sensing service, Q is measured by the extent to
which the sensing data contributes to the ground truth trustworthiness via source authenticity, integrity, and non-
picture. repudiation. A malicious node may also perform denial of
We first scale our service quality metrics, Q, D and C, service (DoS) attacks to overwhelm an SP. Counter-DoS
to the range [0, 1] so that the higher the value, the better the mechanisms [1], [33] can be used to make DoS attacks
quality [52], as follows: largely ineffective to mitigate such attacks.
Q Q (1)
Q=
Q Q
; IV. SERVICE COMPOSITION AND BINDING
D D C C A. Service Advertisement
D= ; C= A node as an SP advertises its service availability when
D D C C
a peer node (i.e., an SR) shows interest [26], [27]. An SP
Here Q and Q , D and D , and C and responds with an advertisement message only if it is
C are the maximum and minimum possible values of Q, capable of providing the requested services. Specifically, it
D, and C, respectively,. They are known a priori. With this responds with an advertisement message Ad comprising
normalization we transform MOO into multi-objective four-tuple records, one for each abstract service S it can
maximization, i.e., from maximizing Q and minimizing D provide, as follows:
and C, into maximizing Q , D and C. From a pragmatic
perspective, scaling facilitates a fair quantitative Ad : [k, Q , D , C ] for S (2)
comparison of different service quality criteria, as each Here k indicates the index of the service Sk; Q the level
service quality criterion is in the range of [0, 1] with a of QoI the SP can provide; D the level of service delay (for
higher value representing a higher service quality. QoS); and C the service cost.
C. Threat Model B. Dynamic Service Composition
Just like Internet-based web services, in a service- For convenience, we use m to index service requests, k
oriented MANET there are malicious SPs acting for their to index services, and i, j, or r to index nodes. We also use
own gain. The common goal of malicious nodes is to the notation O to refer to service request m, and the
increase their chance of being selected during a service notation SRm to refer to the SR who issues m. A service
binding phase. Malicious nodes can collude to achieve this request (e.g., take me to a nice Thai restaurant nearby with
common goal. We assume that a malicious node exhibits drunken noodle on its menu) requires a number of abstract
the following behaviors: services S s (e.g., transportation service, food service, etc.).
1. Self-promotion: it can promote its importance by For each service request in hand, the SR broadcasts the set
reporting false service quality information in QoI, QoS, of abstract services needed to which all qualified SPs
and cost (i.e., Q, D, and C) so as to increase its chance respond with the 4-tuple records in (2). Based on the
to be selected as the SP, but then provide opportunistic responses received, the SR then constructs a service
service. composition specification (SCS) to specify the service plan
2. Opportunistic service: it can provide “just enough” for satisfying the service request. An example SCS is:
service to meet the minimum quality service
requirement and user satisfaction expectation to SCS = [S ], [S , S ], [S ], [S ][S , S ], [S ] (3)
improve the chance of the service request being where [S , S ] specifies that S2 and S4 are to be executed
completed successfully for it to gain good reputation. concurrently; [S ], [S ] specifies that S3 and S7 are to be
3. Bad-mouthing attack (BMA): it can collude with other executed sequentially. The user also specifies a minimum
malicious nodes to ruin the reputation of a good node by service quality requirement at the service request level and
providing bad recommendations so as to decrease the at the abstract service level as follows:
chance of this good node being selected to provide
services. SCS = Q ,D ,C (4)
4. Ballot stuffing attack (BSA): it can collude with other S = Q ,D ,C
malicious nodes to boost the reputation of a bad node by
providing good recommendations for the bad node so as The SR then decides the best SPs among all responders
to increase the chance of it being selected to provide to execute SCS , while meeting the minimum service
services. quality levels at both the service request level and the
5. Packet dropping: it may drop packets passing through it abstract service level. If the minimum service quality
during packet routing if the source node is a good node constraint is not satisfied, then it means that there are not
so as to launch a bad reputation attack against the source enough qualified SPs available to provide service and O is
node. considered a failure.
A malicious node may also perform data modification C. Service Binding
attacks to ruin the reputation of a good node. PKI with An SP capable of providing multiple abstract services
assured digital signing [14] can be used to ensure data can be selected to execute multiple abstract services in a
service request. However, to avoid schedule conflicts (6)
Q , =Q , +Q , ;
among concurrent service requests (issued by multiple SRs)
D , =D , +D , ;
and to avoid degrading an SP’s service quality due to heavy
C , =C , +C , .
workloads, the SP can only commit to one service request.
That is, the SP can only participate in one service request at When combining scaled Q, D, or C scores of two
a time to ensure its availability and commitment to a single sequential substructures, we use the addition operator
service request. because the two substructures will be sequentially
executed and each score (which we want to maximize
V. PROBLEM DEFINITION AND METRICS through node selection) must be separately accounted
A. Problem Definition for. The combined score as a result of using the addition
Given that multiple SPs may meet the service threshold operator is no longer scaled in [0, 1].
criteria in (4), an SR must choose SPs so as to maximize the Here we note that at the bottom level of an SCS, a
aggregate Q, D and C. An SCS for serving a service request substructure is only an abstract service. If node j is selected
to bind to this abstract service then Q , = Q , , D , = D ,
is essentially a flow structure consisting of series or parallel
and C , = C , . The top level, on the other hand, is either a
substructures. For the SCS in (3), there is one series
structure consisting of 6 substructures, series substructure or a parallel subVWUXFWXUH /HW ș be the
[S ], [S , S ], [S ], [S ], [S , S ], and [S ], at the top level, top level substructure of this SCS for O . Then, the overall
and there are two parallel substructures, [S , S ] and service quality score of O (after service binding) is given
[S , S ], at the bottom level. Let Q , D and C be the by:
scaled Q, D, and C scores of Om, and Q , , D , and C , Q =Q , ;D =D , ;C =C , (7)
be the scaled Q, D, and C scores of substructure S. The
service quality of O measured by Q , D and C (the B. MOO Problem Formulation
larger the better) after service binding can be computed We use the weighted sum form [37] allowing a user to
recursively as follows: express its preferences regarding service quality criteria.
a) For a parallel structure S consisting of two concurrent
Let , , , and , be the weights associated with
substructures [S , S ], the maximum Q and D scores are Q , D and C for O issued by the user, with , +
limited by the minimum service quality score (which we , + , = 1. Another compelling justification of using
want to avoid through node selection), and the weighted sum is that expressing the optimization criterion
maximum C score is bounded by the sum of C scores of a multi-objective problem by means of a weighted sum
(since cost is additive), i.e., corresponds to a Lagrangian formulation [7] with multiple
(5) Lagrange multipliers, thereby effectively sweeping the
Q , = min Q , , Q , ; lower convex envelope of the objective surface. With this
D , = min D , , D , ; simple additive weighting technique, we formulate our
C , =C , +C , . MOO problem at the service-request level as:
When combining scaled Q or D scores of two Maximize MOO = , Q + , D + , C (8)
concurrent substructures using the min operator, the
minimum of scaled Q scores turns out to be the scaled subject to the service request level constraint SCS and
minimum of the unscaled Q scores. That is, the abstract service level constraint S specified in (4)
, , by the user. As there may be multiple SRs issuing service
min Q , ,Q , = min( , ) =
requests and performing service composition and binding
( , , , )
. The combined scaled Q score concurrently, we formulate our MOO problem at the system
level as:
stays in the range of [0, 1], if each substructure is a
single abstract service at the bottom level of an SCS. Maximize MOO = ( , Q + , D + , C ) (9)
When combining scaled C scores of two concurrent
substructures, we use the addition operator because each
where is the set of concurrent service requests issued by
substructure will unavoidably incur a separate service
multiple SRs who are competing for the use of SPs
cost which must be accounted for. The combined C
available to them. It is noteworthy that (8) and (9) solve the
score as a result of using the addition operator is no
service binding problem, given a service composition
longer scaled in [0, 1].
specification (SCS) formulated as in (3).
b) For a series structure S consisting of two sequential
substructures [S ], [ S ], the maximum score is limited C. MOO Value and User Satisfaction as Performance
by the sum of service quality scores, i.e., Metrics
While the final MOO value defined in (9) above can be
used to measure MOO performance, user satisfaction
ultimately determines if a service request is a success or a
failure. The user satisfaction level of the SR toward SPs A. Single-trust Baseline Protocol Design
selected for executing O ,denoted as US , can be measured The baseline BRS protocol is based on Bayesian
by the ratio of the actual service quality received to the best inference with the trust value modeled as a random variable
service quality available among SPs for executing O . We in the range of [0, 1] following the %HWDĮȕGLVWULEXWLRQ;
allow a user to specify a minimum user satisfaction the numbers of positive and negative experiences are
threshold, denoted as UST , which specifies the minimum modeled as binomial random variables. Since the beta-
service quality the user can accept. This is to be compared binomial is a conjugate pair, this leads to a posterior beta
against US to decide if the service experience of the user distribution with updated parameters. Here ĮĮȕ LV WKH
toward SPs selected for executing O is positive or estimated mean of “direct” trust evidence of an S3ZKHUHĮ
negative. If O fails because of failing to satisfy the service is the number of positive interactions DQGȕLVWKHQXPEHURI
request level constraint SCS , then US is zero. If the negative interactions. A positive evidence is observed when
service experience is negative, culprit SPs are identified and SR is satisfied. More specifically, when USm exceeds
penalized with reputation loss. Conversely, if the service USTm, it is counted as positive evidence and all constituting
experience is positive, all constituent SPs are rewarded with SPs in O are rewarded. In the case of positive evidence,
reputation gain based on US obtained. For notational is incremented by 1 for all SPs in O . On the other hand,
convenience, let SQ = , Q + , D + , C when USm is less than USTm, SR identifies the culprits
denoting the actual service quality received after service with low performance (i.e., the actual service quality is
binding and execution of O , SQ = , Q + lower than the advertised service quality) and considers it
, D + , C denoting the best service quality that as negative evidence against these culprits. In this case, is
can ever be achieved, and SQ = , Q + increased by 1 for all identified culprits. SPs with expected
, D + , C denoting the minimum service performance (i.e., the actual service quality is about the
quality that must be obtained in order to satisfy the service same as the advertised service quality) are identified as
request level constraint SCS . Then, with score scaling, benign and will not be penalized. After a service request is
US can be computed as: completed, the SR propagates its updated trust of the SPs
involved in the service request to other nodes in the system.
SQ SQ (10)
if SQ SQ See Appendix A of the supplemental file for details of trust
US = SQ SQ propagation and aggregation in the single-trust baseline
0 otherwise protocol design, allowing a node receiving a trust update to
Here SQ , SQ and SQ are the received, maximum, XSGDWHLWVĮȕSDLUWRZDUGDQ63
and minimum service quality scores, respectively, for
B. Multi-trust Protocol Design
executing O , calculated based on Q , D and C in (7).
Our trust management protocol design centers on the
The second condition in (10) is for the case in which the
concept of multi-trust. Multi-trust refers to the use of
received service quality is less than the required minimum
multiple dimensions of trust for more accurately describing
service quality. Again we note that because of scaling, the
multiple and often distinct factors contributing to successful
large the Q, D and C values, the better the service quality.
service execution. For service composition and binding, we
Also note that SQ = , Q + , D + , C , so
choose two unique trust properties: competence and
maximizing MOO in (8) is equivalent to maximizing US in integrity. We chose these two dimensions because the
(10). Therefore, the MOO problem to solve is in effect a capability for service provision (i.e., competence) and the
user satisfaction maximization problem. compliance to the prescribed service protocol (i.e.,
integrity) are the key criteria of quality service provision for
VI. TRUST MANAGEMENT PROTOCOL high user satisfaction. The two trust dimensions are:
In this section, we first discuss a well-known trust x Competence: This refers to an SP’s capability to
management scheme based on the single-trust beta satisfactorily serve the received request. This is largely
reputation system (BRS) [16], [24], as the baseline scheme determined by the intrinsic service capability of the SP,
against which our multi-trust protocol will be compared. as modeled by the SP’s “true” Q, D, and C scores.
We choose BRS because of its sound statistical basis x Integrity: This refers to the degree to which a node
compared to other schemes using intuitive and ad-hoc complies with the prescribed protocol, including the
methods for measuring trust. In addition, it enables a trustor service contract and the trust protocol. A node may
to ensure tractability of trust evidence over time. We note violate its service contract when it performs self-
that a trust model based on Dirichlet distribution [23], [31], promotion attacks. That is, a node lies about Q, D, and
which is a generalization of BRS, can also be used as the C scores of its own capability so as to increase its
single-trust baseline scheme for performance comparison. chance to be included in executing service requests but
However, since a user can specify a minimum user then it fails to honor the service contract or just
satisfaction threshold to decide if a service experience is performs opportunistic service once it is selected for
positive or negative (a binary classification), BRS suffices. service request execution.
We then describe our trust protocol with multi-trust design.
We denote node i’s trust toward node j in X (i.e., C for (13)
T,
competence, and I for integrity) as T , . We adopt BRS [16], T , = min 1, T , ×
[24] to assess node i’s mean direct trust toward node j in T ,,
trust property X as , /( , + , ) where , is the number of VII. ALGORITHM DESCRIPTION
positive and , is the number of negative experiences in
In this section, we describe the three trust-based service
trust property X, which are accumulated upon trust update. composition and binding algorithms (based on BRS, TRM,
To update ( , , , ) for competence trust, node i (acting as and SRM), and the non-trust-based counterpart. After an
the SR) compares USTm with USm as described in the SR formulates an SCS (e.g., (3)) based on available SPs for
baseline BRS scheme. To update ( , , , ) for integrity trust, executing O , multiple solutions may exist to meet the
node i considers it positive evidence if it sees node j’s service requirements and constraints. The SR then chooses
observed Q, D and C scores are close to node j’s advertised a solution among all candidate solutions to maximize
scaled Q, D, and C scores. Node i (as SRm) assesses node MOO in (8). The four algorithms are:
j’s compliance degree (CDm,j) as: x Non-trust-based: While there is no trust in place, each
, , , (11) SR keeps a blacklist of SPs with which it has negative
CD , = min( , , ) interaction experience, i.e., CD , < CDT . When
, , ,
mobility model as described in Section III.A with = The number of recommenders n is set to 3 so node i will
0.5%. We consider a scenario with 15 service requests only allow 3 nodes with the highest T , values as the
(| |=15) divided into 9 sequential chunks, i.e., {1, 2}, {3}, recommenders during trust update. When a bad node is
{4, 5}, {6, 7, 8}, {9}, {10}, {11, 12}, {13}, and {14, 15}, mistakenly chosen as a recommender, it can perform a bad-
where a chunk is defined as a set of concurrent service mouthing attack (BMA) on a good trustee node. This is
requests overlapping in execution time. The performance GRQHE\SURYLGLQJDYHU\ORZĮ DQGDYHU\KLJKȕHJĮ
outcome is about the same when the number of chunks is ȕ ZLWKĮUHSUHVHQWLQJWKHQXPEHURISRVLWLYHDQG
more than 9 or when the number of service requests is ȕWKHQXPEHURIQHJDWLYHH[SHULHQFHVWRUXLQWKHUHSXWDWLRQ
longer (30 and 60), so these scenarios are not presented of the good trustee node. A bad node serving as a
here. For simplicity, each service request has only one SCS recommender can also perform a ballot-stuffing attack
(a) Small Sized Problem - ILP.
%6$ RQ D EDG WUXVWHH QRGH E\ SURYLGLQJ D YHU\ KLJK Į simulation results for the small sized problem in Fig. 1(b)
DQG D YHU\ ORZ ȕ HJ Į ȕ WR ERRVW WKH are to be compared against the ILP analytical results in Fig.
reputation of the bad trustee node. 2(a) to reveal the tradeoff between solution efficiency
gained (because of linear runtime complexity) vs. solution
B. Comparative Performance Analysis
optimality sacrificed (because of the use of heuristics). The
In this section, we compare MOO performance of trust-
ILP solution for generating the analytical results is listed in
based and non-trust-based algorithms via MATLAB
Appendix B of the supplemental file. Here we note that
simulation. Specifically, we simulate non-trust-based and
medium to large sized problems (| |=120 and 240) can
trust-based algorithms (both have linear runtime
only be evaluated by simulation since ILP is not able to
complexity) under the same environment setting defined in
generate a solution due to the high computational
Table I with | |=60, 120 and 240, and correspondingly
complexity. We observe that for the small-sized problem,
| | = 4, 8 and 16 for small, medium and large sized
the simulation results based on heuristic designs are
problems, respectively.
remarkably similar to the ideal performance results both in
Fig. 1(a) shows the ILP results for the small model.
shape and value. This demonstrates that the heuristic design
Figs. 1(b)-(d) show the simulation results for the small,
can achieve solution efficiency without sacrificing solution
medium and large sized problems, respectively. The
optimality too much.
The leftmost two graphs in each row of Fig. 1 examine enough information about the reputation of SPs bidding for
the negative impact of increasing Pbad and Prisk on MOO services. Consequently, the SR must select SPs for service
performance in (9). Compared with the non-trust-based request execution based on their advertised scores. This is a
algorithm, trust-based algorithms show high resilience serious problem for the non-trust-based algorithm because
against increased attack intensity with more malicious SRs do not share experiences through recommendations. As
entities (Pbad) or higher self-promotion attack behavior a result, we see that the non-trust-based algorithm has the
(Prisk). TRM has the best MOO performance among all most severe zigzag pattern of US among all. In particular,
because the drop-to-zero trust based on trust threshold can the zigzag pattern is most pronounced for service requests
effectively filter out bad nodes. 5, 9, 11, 13 and 15 at which the responsible SRs have never
The 3rd graph of each row in Fig. 1 examines the impact issued a service request before.
of USTm on MOO performance. Recall that USTm is to be As we go from small to large sized problems, we
compared with USm to determine if a service experience is observe a remarkable similarity with TRM outperforming
positive or negative for trust assessment for BRS and for SRM and BRS. This demonstrates the scalability of our
competence trust assessment for SRM and TRM. We trust algorithm design. That is, our trust-based algorithm
observe that as USTm increases, MOO performance especially with TRM as the underlying trust protocol can
increases (and levels off). The reason is that a high USTm find near optimal solutions with linear runtime complexity
has the effect of penalizing bad nodes with low trust and as the problem size increases from small (| |=60 and
can effectively remove bad nodes from participating in | | =4), to medium (| |=120 and | | =8) and large
future service requests. Another noteworthy observation is (| |=240 and | |=16).
that unlike BRS and SRM, TRM is relatively insensitive to
TABLE II: Minimum Service Quality Constraints.
USTm. We attribute the insensitivity to TRM severely
punishing a bad node (i.e., dropping its trust to zero) once a Case Q ,D ,C (Q ,D ,C )
bad node’s integrity trust falls below the minimum Light (1, 5, 5) (4, 20, 20)
ignorance trust of 0.5. Medium (2, 4, 3) (8, 16, 12)
The rightmost graph of each row in Fig. 1 compares Tight (3, 3, 2) (12, 12, 8)
USm calculated from (10) as more service requests (labeled
as “Operation #” on the x coordinate) are executed over C. Effect of Service Quality Constraints and
time for the three trust-based algorithms against the non- Opportunistic Service Attacks
trust-based algorithm. We consider a combination of In this section, we perform a sensitivity analysis of the
Prisk=70% and Pbad=30% to reveal interesting trends. results with respect to the minimum service quality
Because of high Prisk, even trust-based algorithms are fooled constraints including the minimum service quality
into selecting bad nodes in the first few service requests. So requirement at the abstract service level S =
the first few service requests do not pass USTm. As a result, Q ,D ,C and the minimum service
bad nodes selected to provide services in the first few quality requirement at the service request level SCS =
service requests are penalized with trust decrease and likely (Q ,D ,C ) specified by the user as in (4).
to be filtered out from later service requests. This is Table II lists three conditions: light, moderate, and tight.
evidenced by the result that the last 8 service requests have Service quality constraints induce “opportunistic service”
high US values. In particular, for multi-trust TRM, US is attack behaviors in two ways.
above 90% for the last 8 service requests because mostly First, a bad node may want to lie about its service
only good nodes are being selected by the trust-based quality to at least pass the abstract service level Q, D, C
algorithm due to dynamic trust update. On the contrary, the constraints in order for it to have a chance to be selected for
non-trust-based algorithm consistently yields a low US service request execution. Second, once a bad node is
service request by service request because it has no selected for a service request, it is strongly motivated to
effective way of filtering out bad nodes. This trend supports contribute at least a minimum effort to satisfy the service
our claim that trust-based algorithms can effectively request level constraint; otherwise, the service request is
achieve high user satisfaction despite the presence of bad considered a failure from the user’s perspective and the
nodes performing self-promotion attacks, especially after malicious node will be penalized with a trust loss.
trust convergence occurs. In particular, we observe that Figs. 2(a)-(c) show the simulation results for the light,
US under TRM or SRM is consistently higher than that medium, and tight minimum service quality constraint
under BRS. We attribute this to the use of integrity trust as cases, respectively, for the small sized problem.
confidence for competence trust, thus providing a more For comparison, the light minimum service quality
accurate estimate of the trustworthy service quality of an constraint case shown in Fig. 2(a) corresponds to Fig. 1(b)
SP. Furthermore, TRM consistently outperforms SRM except that a bad node will perform opportunistic service
because of its ability to discern bad nodes from good nodes. attacks. Even with this opportunistic service attack
It is worth noting that one main reason for having a low behavior, we observe from Fig. 2 that the relative
US in a service request is that the SR does not have performance rank of TRM, SRM, BRS and non-trust-based
(a) Light Service Quality Constraints.
(b) Good Nodes and Bad Node have Equal Service Quality.
Fig. 3: Effect of Q, D, and C Score Distributions for Good and Bad Nodes on Performance.
On the other hand, TRM applies a rather strict trust service request execution. In effect, UST can be used as a
penalty to bad nodes, so it essentially excludes bad nodes design parameter to maximize the MOO value.
from selection and only good nodes with high service
quality are selected for service request execution. The IX. CONCLUSION
results exhibited in Fig. 3 reveal conditions (“good nodes We proposed a trust-based service composition and
have better service quality” vs. “equal”) under which our service binding algorithm with linear runtime complexity
trust-based algorithm design is effective compared with the for multi-objective optimization in service-oriented
non-trust-based algorithm design. More specifically, with MANETs characterized by space-time complexity of
the service quality about being equal for both good and bad mobile devices wherein nodes may be malicious and/or
nodes, TRM performs the best when there are more good information received is often erroneous, partly trusted,
nodes than bad nodes. This is so because of TRM’s unique uncertain and incomplete.
ability to discern bad nodes from good nodes and to select We investigated single-trust and multi-trust as the
only good nodes with high service quality. When there are building block for our trust-based algorithm design and
more bad nodes than good nodes, on the other hand, BRS demonstrated that our proposed algorithm outperforms the
performs the best especially when bad nodes do not need to non-trust-based and single-trust-based counterparts, and
lie about their service quality for them to be selected for approaches the ideal solution quality obtainable by the ILP
service request execution (i.e., when Prisk is low) because in solution. We also performed sensitivity analysis to identify
this case BRS, due to its inability to discern bad nodes from conditions under which trust-based service composition is
good nodes, tends to select high service quality nodes for most effective compared with non-trust-based service
service request execution even if they are bad nodes. composition. We discovered that our threshold based model
Another interesting result is that when bad nodes have (TRM) performs the best among all because TRM can best
about the same service quality as good nodes, there is an discern bad nodes from good nodes. Our analysis result
optimal UST level under which the performance of our backed by simulation reveals that in case good nodes have
trust-based algorithm is maximized. This is evident from higher service quality than bad nodes, multi-trust protocols
the MOO vs. UST graph (the 2nd rightmost graph) in Fig. and in particular TRM, which severely penalizes malicious
3(b). The reason is that if UST is too high (e.g., 100%), attack behavior, will perform the best. However, in case
US<UST is true and bad nodes with high service quality bad nodes have equal service quality as good nodes, TRM
originally selected for service request execution will be will perform the best only when there are more good nodes
identified as culprits and will be penalized with trust than bad nodes. Otherwise, single-trust protocols such as
degradation. This in effect will block bad nodes from the beta reputation system will perform the best, especially
participating in future service request executions. when bad nodes do not need to lie about their service
Consequently, the system will be forced to select only good quality for them to be selected for service request
nodes for servicing future service request. Since not all execution. In the latter case, there exists an optimal user
good nodes are of high service quality, inevitably the satisfaction threshold in service quality under which the
resulting MOO value is not as high as it would be if only protocol performance is maximized.
high service quality nodes (good or bad) are selected for
In the future, we plan to leverage game theory to Science and Engineering, 2009, pp. 641-650.
capture the dynamics between attacker/defense behaviors [14] W. Dai, T.P. Parker, H. Jin, and S. Xu, "Enhancing Data
[11], [34] and reason how a service requester can perform Trustworthiness via Assured Digital Signing," IEEE Trans.
Dependable and Secure Computing, vol. 9, no. 6, 2012.
counterattacks by choosing the best user satisfaction
[15] G. Dai and Y. Wang, "Trust-Aware Component Service Selection
threshold (UST) and integrity threshold (T ,, ) for Algorithm in Service Compositio," in Proc. 4th Int'l. Conf. Frontier
achieving multi-objective optimization of service quality. of Computer Science and Technology, 2009.
Another future direction is to seek real databases to validate [16] S. Ganeriwal, L.K. Balzano, and M.B. Srivastava, "Reputation-Based
Framework for High Integrity Sensor Networks," ACM Trans. Sensor
simulation results. Networks, vol. 4, no. 3, 2008.
[17] C. Glaßer, C. Reitwießner, H. Schmitz, and M. Witek,
ACKNOWLEDGEMENTS "Approximability and Hardness in Multi-Objective Optimization," in
Programs, Proofs, Processes.: Springer, 2010, pp. 180-189.
This work was supported in part by the U. S. Army
[18] C.W. Hang and M.P. Singh, "Trustworthy Service Selection and
Research Laboratory and the U. S. Army Research Office Composition," ACM Trans. Autonomous and Adaptive Systems, vol.
under contract number W911NF-12-1-0445. This research 6, no. 1, 2011.
was also partially supported by the Department of Defense [19] C.W. Hang, Z. Zhang, and M.P.Singh, "Shin: Generalized Trust
(DoD) through the office of the Assistant Secretary of Propagation with Limited Evidence," IEEE Computer, vol. 46, no. 3,
Defense for Research and Engineering (ASD (R&E)). The pp. 78-85, 2013.
views and opinions of the authors do not reflect those of the [20] C.W. Huang, A.K. Kalia, and M.P. Singh, "Behind the Curtain:
Service Selection via Trust in Composite Services," in IEEE 19th Int'l
DoD or ASD (R&E). Conf. Web Services, 2012, pp. 9-16.
REFERENCES [21] F.T. Johnsen, J. Flathagen, and T. Hafsoe, "Pervasive Service
Discovery Across Heterogeneous Tactical Networks," in IEEE 2009
[1] I. Aad, J.-P. Hubaux, and E.W. Knightly, "Impact of Denail of Military Comm. Conf., 2009, pp. 1-8.
Service Attacks on Ad Hoc Networks," IEEE/ACM Trans. [22] F.T. Johnsen, M. Rustad, T. Hafsoe, A. Eggen, and T. Gagnes,
Networking, vol. 16, no. 4, 2008. "Semantic Service Discovery for Interoperability in Tactial Military
[2] M. Alrifai and T. Risse, "Combining Global Optimization with Local Networks," The Int'l C2 J., vol. 4, no. 1, 2010.
Selection for Efficient QoS-Aware Service Composition," in Proc. [23] A. Jøsang and J. Haller, "Dirichlet Reputation Systems," in Proc. 2nd
18th Int'l Conf. World Wide Web, 2009, pp. 881-990. Int’l. Conf. Availability, Reliability and Security, 2007, pp. 112-119.
[3] S.K. Bansal, A. Bansal, and M.B. Blake, "Trust-based dynamic web [24] A. Jøsang and R. Ismail, "The Beta Reputation System," in 15th Bled
service composition using social network analysis," in Proc. 2010 Electronic Commerce Conf., 2002, pp. 1-14.
IEEE Int'l Workshop Business Applications of Social Network
[25] A. Jøsang, R. Ismail, and C. Boyd, "A Survey of Trust and
Analysis, 2010.
Reputation Systems for Online Service Provision," Decision Support
[4] F. Bao, R. Chen, M. Chang, and J.H. Cho, "Hierarchical Trust Systems, vol. 43, no. 2, pp. 618-644, 2007.
Management for Wireless Sensor Networks and Its Application to
[26] S. Kalasapur, M. Kumar, and B.A. Shirazi, "Dynamic Service
Trust-Based Routing and Intrusion Detection," IEEE Trans. Network
Composition in Pervasive Computing," IEEE Trans. Parallel and
and Service Management, vol. 9, no. 2, pp. 169-183, 2012.
Distributed Systems, pp. 1997-2009, 2012.
[5] F. Bao, I.R. Chen, M. Chang, and J.H. Cho, "Trust-based Intrusion
[27] E. Karmouch and A. Nayak, "A Distributed Constraint Satisfaction
Detection in Wireless Sensor Networks," in IEEE International
Problem Approach to Virtual Device Composition," IEEE Trans.
Conference on Computer Communications, 2011, pp. 1-6.
Parallel and Distributed Systems, vol. 23, no. 11, pp. 1997-2009,
[6] E. Borgia, "The Internet of Things Vision: Key Features, 2012.
Applications and Open Issues," Computer Communications, vol. 54,
[28] B. Khosravifar, J. Bentahar, and A. Moazin, "Analyzing the Relations
pp. 1-31, December 2014.
between Some Parameters of Web Services Reputation," in IEEE
[7] S. Boyd and L. Vandenberghe, Convex Optimization, Cambridge 2010 Int'l Conf. Web Services, 2010, pp. 329-336.
university press, 2004.
[29] S. Kosta, A. Mei, and J. Stefa, "Small World in Motion (SWIM):
[8] D. Chakraborty, Y. Yesha, and A. Joshi, "A Distributed Service Modeling Communities in Ad-Hoc Mobile Networking," in 7th IEEE
Composition Protocol for Pervasive Environments," in IEEE Wireless Comm. Society Conf. Sensor, Mesh and Ad Hoc Communications and
Communications and Networking Conf., 2004, pp. 2575-2580. Networks, 2010.
[9] I.R. Chen, F. Bao, M. Chang, and J.H. Cho, "Dynamic Trust [30] M. Mehdi, N. Bougnuila, and J. Bentahar, "Correlated Multi-
Management for Delay Tolerant Networks and Its Application to Dimensional QoS Metrics for Trust Evaluation Within Web
Secure Routing," IEEE Trans. Parallel and Distributed Systems, Services," in AAMAS, 2014, pp. 1605-1606.
2014.
[31] M. Mehdi, N. Bouguila, and J. Bentabar, "Probabilistic Approach for
[10] I.R. Chen, F. Bao, M. Chang, and J.H. Cho, "Trust Management for QoS-Aware Recommender System for Trustworthy Web Service
Encounter-Based Routing in Delay Tolerant Networks," in Proc. Selection," Applied Intelligence, vol. 41, no. 2, pp. 503-524, 2014.
2010 IEEE Global Comm. Conf., 2010.
[32] M. Mehdi, N. Bouguila, and J. Bentahar, "QoS-Based Reputation
[11] J.H. Cho, I.R. Chen, and P.G. Feng, "Effect of Intrusion Detection on Feedback Fusion under Unknown Correlation," in Adaptive and
Reliability of Mission-Oriented Mobile Group Systems in Mobile Ad Intelligent Systems.: Springer, 2014, pp. 172-181.
Hoc Networks," IEEE Trans. Reliability, vol. 59, no. 1, pp. 231-241,
[33] R. Mitchell and I.R. Chen, "A Survey of Intrusion Detection in
2010.
Wireless Network Applications," Computer Communications, vol. 42,
[12] J.H. Cho, A. Swami, and I.R. Chen, "A Survey on Trust Management pp. 1-23, 2014.
for Mobile Ad Hoc Networks," IEEE Comm. Surveys and Tutorials,
[34] R. Mitchell and I.R. Chen, "Effect of Intrusion Detection and
vol. 13, no. 4, pp. 562-583, 2011.
Response on Reliability of Cyber Physical Systems," IEEE Trans.
[13] J.H. Cho, A. Swami, and I.R. Chen, "Modeling and Analysis of Trust Reliability, vol. 62, no. 1, pp. 199-210, 2003.
Management for Cognitive Mission-Driven Group Communication
[35] J. Rao and X. Su, "A Survey of Automated Web Service Composition
Systems in Mobile Ad Hoc Networks," in Int’l. Conf. Computational
Methods," LNCS, vol. 3387, pp. 43-54, 2005.
[36] C. Sandionigi, D. Ardagna, G. Cugola, and C. Ghezzi, "Optimizing Virginia Tech.
Service Selection and Allocation in Situational Computing
Applications," IEEE Trans. Services Computing, vol. 6, no. 3, pp.
414-428, 2013. Ing-Ray Chen received the BS degree from the
[37] S. Sariel-Talay, T.R. Balch, and N. Erdogan, "A Generic Framework National Taiwan University, and the MS and PhD
for Distributed Multirobot Cooperation," J. of Intelligent and Robotic degrees in computer science from the University of
Systems, vol. 63, no. 2, pp. 323-358, 2011. Houston. He is a professor in the Department of
[38] R-Y. Sheu et al., "Real-time Multi-agent Adaptive Tactical Pervasive Computer Science at Virginia Tech. His research
Service-Oriented Collaborations (TAPS)," in ACM Int'l Conf.
Pervasive Services, 2010. interests include mobile computing, wireless systems,
[39] M.P. Singh, "Trustworthy Service Composition: Challenges and security, trust management, and reliability and
Research Questions," LNCS, vol. 2631, pp. 39-52, 2003. performance analysis. Dr. Chen currently serves as an editor for IEEE
[40] B. Srivastava and J. Koehler, "Web Service Composition - Current Communications Letters, IEEE Transactions on Network and Service
Solutions and Open Problems," in Proc. 13rd Int'l Conf. Automated Management, The Computer Journal, and Security and Network
Planning and Scheduling Workshop Planning for Web Service, 2003,
Communications.
pp. 28-35.
[41] A. Strunk, "QoS-Aware Service Composition: A Survey," in Proc.
8th European Conference on Web Services, 2010, pp. 67-74. Jin-Hee Cho received the BA from the Ewha
[42] P. Sun, "Service Composition and Optimal Selection with Trust Womans University, Seoul, Korea and the MS and
Constraints," in Proc. 2010 IEEE Asia-Pacific Services Computing PhD degrees in computer science from the Virginia
Conf., 2010, pp. 645-653. Tech. She is currently a computer scientist at the U.S.
[43] N. Suri, "Dynamic Service-Oriented Architectures for Tactical Edge Army Research Laboratory, Adelphi, Maryland. Her
Networks," in The 4th Workshop Emerging Web Service Technology,
2009, pp. 3-10. research interests include wireless mobile networks,
[44] F. Tao, "Resource Service Composition and Its Optimal Selection mobile ad hoc networks, sensor networks, secure group communications,
Based on Particle Swarm Optimization in Manufacturing Grid group key management, network security, intrusion detection, performance
System," IEEE Trans. Industrial Informatics, vol. 4, no. 4, pp. 311- analysis, trust management, cognitive networks, social networks, dynamic
327, 2008.
networks, and resource allocation. She is a senior member of the IEEE and
[45] D.J. Thornley, R. Young, and J. Richardson, "From Mission
a member of the ACM.
Specification to Quality of Information Measures Closing the Loop in
Military Sensor Networks," in Proc. Int'l Technology Allicance, 2008.
[46] F. Wagner, B. Kl, F. Ishikawa, and S. Honiden, "Towards Robust Ananthram Swami is with the U.S. Army Research
Service Compositions in The Context of Functionally Diverse Laboratory (ARL) as the Army’s ST (Senior Research
Services," in Proc. 21st Int'l Conf. World Wide Web, 2012, pp. 969- Scientist) for Network Science. He is an ARL Fellow
978.
and Fellow of the IEEE. He has held positions with
[47] O.A. Wahab, J. Bentahar, H. Otrok, and A. Mourad, "A Survey on
Trust and Reputation Models for Web Services: Single, Composite, Unocal Corporation, the University of Southern
and Communities," Decision Support Systems, vol. 74, pp. 121-134, California (USC), CS-3 and Malgudi Systems. He
2015. was a Statistical Consultant to the California Lottery, developed a
[48] Y. Wang, I.R. Chen, J.H. Cho, K.S. Chan, and A. Swami, "Trust- MATLAB-based toolbox for non-Gaussian signal processing, and has held
Based Service Composition and Binding for Tactical Networks with
visiting faculty positions at INP, Toulouse and Imperial College, London.
Multiple Objectives," in Proc. 32th IEEE Military Comm. Conf.,
2013. He received the B.Tech. degree from IIT-Bombay, the M.S. degree from
[49] J. Wright et al., "A Model-Driven Approach to The Construction, Rice University, and the Ph.D. degree from the University of Southern
Composition and Analysis of Services on Sensor Networks," in Proc. California (USC), all in Electrical Engineering. His research interests are
Annual Conf. Int'l Technology Alliance, 2010. in the broad area of network science.
[50] T. Yu and K.-J. Lin, "A Broker-Based Framework for QoS-aware
Web Service Composition," in Proc. IEEE Int'l Conf. e-Technology,
e-Commerce and e-Service, 2005, pp. 22-29. Kevin Chan is a research scientist with the
[51] T. Yu, Y. Zhang, and K.J. Lin, "Efficient Algorithms for Web Computational and Information Sciences Directorate at
Services Seslection with End-to-End QoS Constraints," ACM the U.S. Army Research Laboratory (Adelphi, MD).
Transactions on the Web, vol. 1, no. 1, May 2007. Previously, he was an ORAU postdoctoral research
[52] L. Zeng et al., "QoS-Aware Middleware for Web Services fellow at ARL. His research interests are in network
Composition," IEEE Trans. Software Engineering, vol. 30, no. 5, pp.
311-327, 2004. science, with past work in dynamic networks, trust and
distributed decision making and quality of information through ARL's
Network Science Collaborative Technology Alliance and Network and
AUTHOR BIOGRAPHIES Information Sciences International Technology Alliance. Prior to ARL, he
Yating Wang received her Bachelor degree from received a PhD in Electrical and Computer Engineering (ECE) and
Hubei University of Technology, Wuhan, China in MSECE from Georgia Institute of Technology (Atlanta, GA). He also
2007. Her research interests include security, received a BS in ECE/EPP from Carnegie Mellon University (Pittsburgh,
computer networks, wireless networks, mobile PA).
computing, trust management, and reliability and
performance analysis. Currently she is pursuing her
Ph.D. degree in the Computer Science Department at