Anomaly Detection based on Traffic Monitoring for Secure Blockchain Networking

【Author】 Kim, Jinoh; Nakashima, Makiya; Fan, Wenjun; Wuthier, Simeon; Zhou, Xiaobo; Kim, Ikkyun; Chang, Sang-Yoon

【Source】2021 IEEE INTERNATIONAL CONFERENCE ON BLOCKCHAIN AND CRYPTOCURRENCY (ICBC)

【Abstract】While the blockchain technology provides strong cryptographic protection on the ledger and the system operations, the underlying blockchain networking remains vulnerable due to potential threats such as denial of service (DoS), Eclipse, spoofing, and Sybil attacks. Effectively detecting such malicious events should thus be an essential task for securing blockchain networks and services. Due to its importance, several studies investigated anomaly detection in Bitcoin and blockchain networks, but their analyses mainly focused on the blockchain ledger in the application context (e.g., transactions) and targets specific types of attacks (e.g., double-spending, deanonymization, etc). In this study, we present a security mechanism based on the analysis of blockchain network traffic statistics (rather than ledger data) to detect malicious events, through the functions of data collection and anomaly detection. The data collection engine senses the underlying blockchain traffic and generates multi-dimensional data streams in a periodic manner. The anomaly detection engine then detects anomalies from the created data instances based on semi-supervised learning, which is capable of detecting previously unseen patterns, and we introduce our profiling-based detection engine implemented on top of AutoEncoder (AE). Our experimental results support the effectiveness of the presented security mechanism for accurate, online detection of malicious events from blockchain networking traffic data. We also show further reduction in time complexity (up to 66.8% for training and 85.7% for testing), without any performance degradation using feature prioritization compared to the utilization of the entire features.

【Keywords】Blockchain; Bitcoin; P2P networking; traffic analysis; anomaly detection; machine learning; semi-supervised learning; online detection

【标题】基于流量监控的安全区块链网络异常检测

【摘要】虽然区块链技术为分类帐和系统操作提供了强大的密码保护，但由于拒绝服务(DoS)、Eclipse、欺骗和西比尔攻击等潜在威胁，底层区块链网络仍然脆弱。因此，有效地检测此类恶意事件应该是保护区块链网络和服务的一项重要任务。由于其重要性，一些研究调查了比特币和区块链网络中的异常检测，但他们的分析主要集中在应用程序上下文中的区块链账本(例如，交易)，并针对特定类型的攻击(例如，双重支出、去匿名化等)。在本研究中，我们提出了一种基于区块链网络流量统计(而不是账本数据)分析的安全机制，通过数据收集和异常检测功能来检测恶意事件。数据收集引擎感知底层区块链流量，并定期生成多维数据流。然后，异常检测引擎基于半监督学习从创建的数据实例中检测异常，这能够检测之前看不到的模式，我们引入了基于profiling的检测引擎，它实现在AutoEncoder (AE)之上。我们的实验结果支持所提出的安全机制的有效性，可以准确、在线地从区块链网络流量数据中检测恶意事件。我们还展示了时间复杂度的进一步降低(培训高达66.8%，测试高达85.7%)，与使用整个特性相比，使用特性优先级没有任何性能下降。

【关键词】区块链;比特币;P2P网络;流量分析;异常检测;机器学习;半监督学习;在线检测

【发表时间】2021

【收录时间】2022-05-25

【文献类型】Proceedings Paper

【论文大主题】链上数据分析

【论文小主题】异常交易行为检测

【数据来源】无

【代码】无

【翻译者】王佳鑫