Am I eclipsed? a smart detector of eclipse attacks for Ethereum

Guangquan Xu, Bingjiang Guo, Chunhua Su, Xi Zheng, Kaitai Liang*, Duncan S. Wong, Hao Wang

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

57 Citations (Scopus)

Abstract

Blockchain security has been drawing a tremendous attention from industry and academic due to its prevalence on real-world applications in these years, such as distributed blockchain-based storage systems. Since being deployed in distributed and decentralized network, blockchain applications may be vulnerable to various types of network attacks. This paper deals with “eclipse attacks” enabling a malicious actor to isolate a system user by taking control of all outgoing connections. Although being known from practical blockchain applications, eclipse attacks, so far, are hard to be detected. To solve this problem, this paper designs an eclipse-attack detection model for Ethereum platform, ETH-EDS, based on random forest classification algorithm. Specifically, via the collection and investigation over the normal and attack data packets (across the network), we find out that the information in the attack packets includes the tags packets_size, access_frequencies and access_time, which may help us effectively detect the attack. After training the data packets which we collect from the network, our ETH-EDS is able to detect malicious actor with high probability. Our experimental analysis presents evidence to show that the detection of malicious network node (i.e., the malicious actor) is with high accuracy.

Original languageEnglish
Article number101604
Pages (from-to)1-10
Number of pages10
JournalComputers and Security
Volume88
DOIs
Publication statusPublished - Jan 2020

Keywords

  • Blockchain security
  • Detection
  • Eclipse attacks
  • Malicious actor
  • Random forest classification

Fingerprint

Dive into the research topics of 'Am I eclipsed? a smart detector of eclipse attacks for Ethereum'. Together they form a unique fingerprint.

Cite this