Eclipse Attack Detection for Blockchain Network Layer Based on Deep Feature Extraction

Abstract

An eclipse attack is a common method used to attack the blockchain network layer; however, detecting eclipse attacks is challenging, and the performance of existing methods is inadequate due to uneven sample distribution, incomplete definition of discriminating features, and weak feature perception. Thus, this paper proposes an eclipse attack traffic detection method based in a custom combination of features and deep learning. To describe the behavior characteristics of attack traffic more accurately, traffic attribute features in there levels are defined in combination with the eclipse attack method. Here, the downstream traffic behavior feature of the eclipse attack is described from the conventional traffic feature, and the frequency distribution characteristics of eclipse attack traffic is by introducing the φ-entropy divergence algorithm. In addition, the structural characteristics of eclipse attack traffic are mapped from the rate of changes in traffic communication and load features. Then, the improved synthetic minority oversampling technique (ISMOTE) up-sampling algorithm is employed to eliminate interference caused by the uneven distribution of eclipse attack traffic samples on the detection results. In addition, the ISMOTE algorithm adjusts the sampling weight of minority class samples, supports automatic clustering and efficient up-sampling of samples, and improves the detection accuracy performance of eclipse attack samples by calculating the local cluster density. Then, deep feature mining is performed on the eclipse attack traffic from the distribution characteristics of space and time series using a CNN and Bi-LSTM. Simultaneously, mining features are fully integrated into mixed feature using the multihead attention mechanism such that the relevance and complementarity of the two feature distributions can be utilized to enhance the model’s ability to perceive the spatiotemporal relationship of the eclipse attack traffic. Finally, the generated multihead attention items are detected for binary classification, and the results are output. Experimental results demonstrate that the proposed method can comprehensively enhance detection performance and sufficiently detect and classify eclipse attack traffic in the blockchain network layer.