A Machine Learning Approach to Anomaly Detection Based on Traffic Monitoring for Secure Blockchain Networking

【Author】 Kim, Jinoh; Nakashima, Makiya; Fan, Wenjun; Wuthier, Simeon; Zhou, Xiaobo; Kim, Ikkyun; Chang, Sang-Yoon

【Source】IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT

【影响因子】4.758

【Abstract】While blockchain technology provides strong cryptographic protection on the ledger and the system operations, the underlying blockchain networking remains vulnerable due to potential threats such as denial of service (DoS), Eclipse, spoofing, and Sybil attacks. Effectively detecting such malicious events should thus be an essential task for securing blockchain networks and services. Due to its importance, several studies investigated anomaly detection in Bitcoin and blockchain networks, but their analyses mainly focused on the blockchain ledger in the application context (e.g., transactions) and targets specific types of attacks (e.g., double-spending, deanonymization, etc). In this study, we present a security mechanism based on the analysis of blockchain network traffic statistics (rather than ledger data) to detect malicious events, through the functions of data collection and anomaly detection. The data collection engine senses the underlying blockchain traffic and generates multi-dimensional data streams in a periodic, real-time manner. The anomaly detection engine then detects anomalies from the created data instances based on semi-supervised learning, which is capable of detecting previously unseen patterns, and we introduce our profiling-based detection engine implemented on top of AutoEncoder (AE). Our experimental results evaluated with real and simulated traffic data support the effectiveness of our security mechanism and design choices based on the AE structure, with the approximate detection performance to the supervised learning methods only through the profiling of normal instances. The measured time complexity is sufficiently cheap to perform real-time analysis, with less than 1.4 msec for per-instance testing on a single core setting.

【Keywords】Blockchains; Anomaly detection; Bitcoin; Peer-to-peer computing; Security; Data collection; Engines; Blockchain; Bitcoin; P2P networking; traffic analysis; anomaly detection; machine learning; semi-supervised learning; online detection

【发表时间】2022 SEP

【收录时间】2022-11-01

【文献类型】理论模型

【主题类别】

区块链治理-技术治理-区块链安全