Feature Extraction of Network Traffic in Ethereum Blockchain Network Layer for Eclipse Attack Detection

Abstract

Eclipse attacks are considered dangerous potential vulnerabilities of peer-to-peer networks and can cause serious consequences. Detecting eclipse attacks has become a crucial challenge that still lacks comprehensive studies, especially significant characteristics that can efficiently be used to classify eclipse network traffic. To fulfill a research gap, this paper aims to generate new sets of network traffic features that can be efficiently used by machine learning models to detect eclipse attacks by systemically analyzing and synthesizing network traffic features in the Ethereum network layers. After thoroughly analyzing and synthesizing, the newly created features are organized into five categories based on the mechanisms used to manipulate them. The first group is the common network traffic features that can be directly extracted from the blockchain network layers. The second category is the Entropy value of network traffic features that are calculated using an information entropy mechanism to represent the average amount of events in networks. Since the essential characteristics of eclipse attacks are centralized distribution and high probability distribution, the φ-entropy divergence algorithm is deployed to deal with this challenge in the third category. The fourth group is the statistic of the communication of the data package, which implements statistical methods to calculate how packages and data are transmitted via the blockchain networks. The last one is the statistic of data package structures which uses statistical techniques to calculate the characteristics of data packages. Forty-nine characteristics of network traffic features are used to represent the network traffic features in a way that can be easily understood and processed by the learning algorithms in detecting eclipse attacks in the Ethereum blockchain.