Eclipse Attack Detection on a Blockchain Network

We introduce a novel non-parametric change detection algorithm to identify eclipse attacks on a blockchain network; the non-parametric algorithm relies only on the empirical mean and variance of the dataset, making it highly adaptable. An eclipse attack occurs when malicious actors isolate blockchain users, disrupting their ability to reach consensus with the broader network, thereby distorting their local copy of the ledger. To detect an eclipse attack, we monitor changes in the Fréchet mean and variance of the evolving blockchain communication network connecting blockchain users. First, we leverage the Johnson-Lindenstrauss lemma to project large-dimensional networks into a lower-dimensional space, preserving essential statistical properties. Subsequently, we employ a non-parametric change detection procedure, leading to a test statistic that converges weakly to a Brownian bridge process in the absence of an eclipse attack. This enables us to quantify the false alarm rate of the detector. Our detector can be implemented as a smart contract on the blockchain, offering a tamper-proof and reliable solution. Finally, we use numerical examples to compare the proposed eclipse attack detector with a detector based on the random forest model (RFM).

Results

Test statistic vs. time in the absence of an eclipse attack on the blockchain network (100 simulations)
Test statistic vs. time in the absence of an eclipse attack on the blockchain network (100 simulations)
Test statistic vs. time in the presence of an eclipse attack on the blockchain network (100 simulations)
Test statistic vs. time in the presence of an eclipse attack on the blockchain network (100 simulations)
ROC curve of the proposed eclipse attack detector for various SNR values (10). As observed, the detector performs well with noisy datasets.
ROC curve of the proposed eclipse attack detector for various SNR values (10). As observed, the detector performs well with noisy datasets.
Comparison of the test statistic computed using original and projected adjacency matrices in the presence of an eclipse attack.
Comparison of the test statistic computed using original and projected adjacency matrices in the presence of an eclipse attack.
Comparison of the test statistic computed using original and projected adjacency matrices in the presence of an eclipse attack.
Comparison of the test statistic computed using original and projected adjacency matrices in the presence of an eclipse attack.
ROC curve of the proposed eclipse attack detector and the RFM based for a dataset. The proposed detector outperforms the RFM based detector when the false positive rate is high. Note that the RFM based detector requires a training dataset and is sensitive to a training dataset (See Appendix IV-G for a study on sensitivity of the RFM based detector to a training dataset). In contrast, the proposed detector did not require a training dataset.
ROC curve of the proposed eclipse attack detector and the RFM based for a dataset. The proposed detector outperforms the RFM based detector when the false positive rate is high. Note that the RFM based detector requires a training dataset and is sensitive to a training dataset (See Appendix IV-G for a study on sensitivity of the RFM based detector to a training dataset). In contrast, the proposed detector did not require a training dataset.

Acknowledgement

I would like to thank Dr. Brian Sadler for providing valuable feedback during the summer internship.

Reference

Eclipse Attack Detection on a Blockchain Network as a Non-Parametric Change Detection Problem

Author

Anurag Gupta is an M.S. graduate in Electrical and Computer Engineering from Cornell University. He also holds an M.Tech degree in Systems and Control Engineering and a B.Tech degree in Electrical Engineering from the Indian Institute of Technology, Bombay.