Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Eclipse Attack Detection on a Blockchain Network as a Non-Parametric Change Detection Problem

Anurag Gupta, Vikram Krishnamurthy, Brian M. Sadler

TL;DR

This work addresses eclipse attacks in blockchain networks by formulating detection as a non-parametric change-detection problem on evolving networks represented by adjacency matrices. It leverages Fréchet mean/variance in graph space, a Frobenius-based distance, and Johnson-Lindenstrauss projection to build a statistic whose scaled process converges to a Brownian bridge under no-attack, enabling explicit false-alarm control; it also provides onset-estimation results under attack. The approach does not require training data, offers theoretical weak-convergence guarantees, and demonstrates superior detection and onset-estimation performance compared with a random-forest detector, with practical applicability via smart-contract deployment. The methodology promises robust, tamper-proof eclipse-attack monitoring for blockchain networks and suggests extensions to time-varying dynamics and noise-robust settings.

Abstract

This paper introduces a novel non-parametric change detection algorithm to identify eclipse attacks on a blockchain network; the non-parametric algorithm relies only on the empirical mean and variance of the dataset, making it highly adaptable. An eclipse attack occurs when malicious actors isolate blockchain users, disrupting their ability to reach consensus with the broader network, thereby distorting their local copy of the ledger. To detect an eclipse attack, we monitor changes in the Fréchet mean and variance of the evolving blockchain communication network connecting blockchain users. First, we leverage the Johnson-Lindenstrauss lemma to project large-dimensional networks into a lower-dimensional space, preserving essential statistical properties. Subsequently, we employ a non-parametric change detection procedure, leading to a test statistic that converges weakly to a Brownian bridge process in the absence of an eclipse attack. This enables us to quantify the false alarm rate of the detector. Our detector can be implemented as a smart contract on the blockchain, offering a tamper-proof and reliable solution. Finally, we use numerical examples to compare the proposed eclipse attack detector with a detector based on the random forest model.

Eclipse Attack Detection on a Blockchain Network as a Non-Parametric Change Detection Problem

TL;DR

This work addresses eclipse attacks in blockchain networks by formulating detection as a non-parametric change-detection problem on evolving networks represented by adjacency matrices. It leverages Fréchet mean/variance in graph space, a Frobenius-based distance, and Johnson-Lindenstrauss projection to build a statistic whose scaled process converges to a Brownian bridge under no-attack, enabling explicit false-alarm control; it also provides onset-estimation results under attack. The approach does not require training data, offers theoretical weak-convergence guarantees, and demonstrates superior detection and onset-estimation performance compared with a random-forest detector, with practical applicability via smart-contract deployment. The methodology promises robust, tamper-proof eclipse-attack monitoring for blockchain networks and suggests extensions to time-varying dynamics and noise-robust settings.

Abstract

This paper introduces a novel non-parametric change detection algorithm to identify eclipse attacks on a blockchain network; the non-parametric algorithm relies only on the empirical mean and variance of the dataset, making it highly adaptable. An eclipse attack occurs when malicious actors isolate blockchain users, disrupting their ability to reach consensus with the broader network, thereby distorting their local copy of the ledger. To detect an eclipse attack, we monitor changes in the Fréchet mean and variance of the evolving blockchain communication network connecting blockchain users. First, we leverage the Johnson-Lindenstrauss lemma to project large-dimensional networks into a lower-dimensional space, preserving essential statistical properties. Subsequently, we employ a non-parametric change detection procedure, leading to a test statistic that converges weakly to a Brownian bridge process in the absence of an eclipse attack. This enables us to quantify the false alarm rate of the detector. Our detector can be implemented as a smart contract on the blockchain, offering a tamper-proof and reliable solution. Finally, we use numerical examples to compare the proposed eclipse attack detector with a detector based on the random forest model.
Paper Structure (22 sections, 4 theorems, 27 equations, 4 figures, 2 tables, 1 algorithm)

This paper contains 22 sections, 4 theorems, 27 equations, 4 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Detecting Eclipse Attack on a Blockchain Network
  3. Model for Eclipse Attack
  4. Eclipse Attack Detection Problem
  5. Test Statistic for Detecting Eclipse Attack
  6. Dimensionality Reduction of the Adjacency Matrices
  7. Algorithm for Detecting Eclipse Attack
  8. Weak Convergence Analysis of Eclipse Attack Detector
  9. Weak Convergence of Test Statistic
  10. Effect of the Processed Adjacency Matrices on the Test Statistic
  11. Numerical Examples
  12. Simulation Setup
  13. Numerical Examples for the Proposed Eclipse Attack Detector
  14. ROC Curves for the Proposed Eclipse Attack Detector
  15. Comparison of the Test Statistic Computed using Original and Projected Adjacency Matrices
  16. ...and 7 more sections

Key Result

Lemma 1

Given any $\epsilon \in (0, 1)$ and an integer $N$, let $k$ be a positive integer satisfying $k \geq \frac{24}{3 \epsilon^2 - 2 \epsilon^3} \log N$. For any set $A$ containing $N$ points in $\mathbb{R}^m$, there exists a mapping $f: \mathbb{R}^m \rightarrow \mathbb{R}^k$ such that for all $x, y \in

Figures (4)

  • Figure 1: Scaled test statistic $T_N( t)$\ref{['eq:scaled-test-stat']} vs. $t$ in the absence/presence of an eclipse attack on the blockchain network (100 simulations). We used the projected adjacency matrices \ref{['eq:processed-adjacency-matrix']} of dimension 100 to compute $T_N( t)$. When there's an eclipse attack, the peak of the scaled test statistic is well above the $0.95$ quantile of the distribution $\mathcal{B}^2(t)=q_{0.95}=9.05$ (Theorem \ref{['thm:null-hypothesis-results']}). Moreover, the peak of the scaled test statistic gives the onset of the eclipse attack. Therefore, using the processed adjacency matrices decreases the computational cost of the detector while preserving the test statistic (See Sec.\ref{['sec:comparison-test-statistic']} of the supplementary material for a numerical example comparing the test statistics computed using the original and projected adjacency matrices).
  • Figure 2: ROC curve of the proposed eclipse attack detector for various SNR values \ref{['eq:snr']}. As observed, the detector performs well with noisy datasets.
  • Figure 3: Comparison of the scaled test statistic $T_N(t)$ computed using original and projected adjacency matrices. The scaled test statistic is averaged over 100 simulations. As in Sec.\ref{['sec:numerical-proposed-detector']}, we use the first four rows of the adjacency matrices. Therefore, the number of elements in the original adjacency matrix is 400. We used the JL lemma to obtain the projected adjacency matrices of dimension 100. As observed, the computing the scaled test statistic using the projected adjacency matrices leads to higher false positive and false negative alarm rate.
  • Figure 4: ROC curve of the proposed eclipse attack detector and the RFM based for a dataset with SNR=$\infty$\ref{['eq:snr']}. The proposed detector outperforms the RFM based detector when the false positive rate is high. Note that the RFM based detector requires a training dataset and is sensitive to a training dataset (See Appendix \ref{['sec:numerical-rfc-sensitivity']} for a study on sensitivity of the RFM based detector to a training dataset). In contrast, the proposed detector did not require a training dataset.

Theorems & Definitions (15)

  • Definition 1
  • Definition 2: Eclipse attack
  • Definition 3: Eclipse attack detection problem
  • Definition 4
  • Definition 5: Test statistic for detecting an eclipse attack
  • Lemma 1: Johnson-Lindenstrauss (JL) lemma
  • Definition 6: Projected adjacency matrices
  • Theorem 1
  • proof
  • Theorem 2
  • ...and 5 more