What Is the Sybil Attack?

A Sybil attack is a computer hacker attack on a peer-to-peer (P2P) network. It is named after the novel Sybil, which recounts the medical treatment of a woman with extreme dissociative identity disorder. The attack targets the reputation system of the P2P program and allows the hacker to have an unfair advantage in influencing the reputation and score of files stored on the P2P network. Several factors determine how bad a Sybil attack can be, such as whether all entities can equally affect the reputation system, how easy it is to make an entity, and whether the program accepts non-trusted entities and their input. Validating accounts is the best way for administrators to prevent these attacks, but this sacrifices the anonymity of users.

In a P2P network, there is a component known as a reputation system. This system accounts for the ratings, opinions and scores for files, service providers and anything else the P2P network stores. It allows other users to know whether the entity is worthwhile or should be passed over. By inflating the score, dangerous or worthless entities will appear worthwhile and may cause visitors to be duped into downloading or using the entity. A hacker initiates a Sybil attack to achieve this end.

The Sybil attack itself involves a hacker making a massive number of entities or accounts. This allows the hacker to inflate the reputation of an entity by voting on it hundreds or thousands — or more — of times, until other members trust the entity. In this scenario, the hacker will be able to control the influence of nearly all entities on the P2P network by voting it up or down, and it may allow the hacker to get other entities thrown out of the P2P network.

How much of an effect a Sybil attack will have depends on the settings of the P2P network. If all entities, regardless of their reputation, can affect other entities equally, this allows the hacker to be more effective. When accounts are easy to make and require little information, the hacker is able to quickly amass a large number of accounts. If someone is new or is found to be a non-trusted entity but his or her input is still regarded by the reputation system, then the attacker can continue to influence the system unless the accounts are removed from the system.

The most effective way of dealing with a Sybil attack is for the administrator to initiate validation techniques, ensuring people only own one entity or account. This will cause new users to submit sensitive information or force them to reveal information about themselves that some users may find to be an invasion of privacy. This lack of anonymity may make some users not want to join the P2P network, but a Sybil attack will be avoided.