Detection of Ethereum Eclipse Attack based on Hybrid Method and Dynamic Weighted Entropy

Abstract

An eclipse attack is a sort of cyberattack in which attackers aim to isolate a local node on blockchain network layers and eclipse its connections from neighbor nodes. Detection of eclipse attacks is challenging because there is no dataset that can be used as input features for machine learning algorithms to make predictions. In addition, most of the network traffic is normal, but very few network traffic is eclipse network traffic. This condition is an unequal distribution of classes, which is considered an imbalanced dataset. At the same time, the boundary of normal and eclipse network traffic cannot be considered independent, which is regarded as overlapping sample data. To cope with these challenges, this paper introduces a new approach to distinguish normal and eclipse network traffic on the Ethereum network layers. To obtain datasets, an eclipse attack environment is established and launched on the real Ethereum blockchain platforms. Network traffic is captured under three conditions; before the eclipse attacks are launched, while the eclipse codes are launched, and after the eclipse attacks are launched. The collected data considered imbalanced and overlapped data is used as input datasets for iForest algorithms to learn and construct the principal profile of the eclipse network traffic. At the same time, a Dynamic Weighted Entropy algorithm is deployed to measure and enhance the quality of the overlapping subset generated by the iForest algorithms from the original dataset. Finally, the overlapping subset is used as an input feature for the Random Forest algorithm to distinguish eclipse network traffic from normal network traffic. This paper lays the groundwork for implementing an efficient mechanism to detect eclipse attacks in Ethereum network layers.