Towards Detection of Selfish Mining Using Machine Learning

Abstract

Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. The selfish miners continue to mine on their private chain while the honest miners waste resources mining on a shorter chain. According to the blockchain protocol, a longer chain takes precedent and shorter chains are discarded which allows the selfish miners to gain an advantage by keeping their chain secret. This attack can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from cryptocurrency exchanges. Several of these attacks were launched in 2018 and 2019 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but the effectiveness of the fixes is currently unknown. Although this attack is possible against both Proof-of-Work and Proof-of-Stake blockchains, this research concentrates on detection in Proof-of-Work blockchains. As is difficult to evaluate security advances in the real-time blockchain, it is imperative to focus on simulation to evaluate blockchain security properties. To this end, we extend a blockchain simulator and add the ability to simulate selfish mining attacks. Several existing simulators are examined before choosing SimBlock for this research. Our goal is to identify the factors that identify selfish mining. Using existing research, we choose several factors that could identify an attack in an unlaunched state, an active state, or historically. We plan to use simulated data to train a machine learning model to detect selfish mining. Using the modified simulator, we generate training and test data for unlaunched and active attacks. For historical attacks, we will use historical data from known selfish mining attacks. While some existing research has examined the detection of selfish mining, it only examines active attacks. In this paper, we seek to lay the groundwork for future research into detecting attacks that are unlaunched, active, or historical.