| Blockchain is a new trustless computing paradigm employing multi-level network information technology to provide users with credible and untamperable multi-party distributed ledger records in unreliable networks.However,its system security faces many threats and challenges.Due to its inherent lack of structure,dynamic openness,and inconsistent network protocols,abnormal traffic in the blockchain layer has grown rapidly.Abnormal traffic in blockchain layer hinders the spread of legitimate network traffic,increases network delay,and seriously harms or paralyzes network nodes and miners.This affects the stability and balance of computing power and reduces the quality of service and reliability of the blockchain system,providing the prerequisites for multiple consensus collusion attacks.Detecting abnormal traffic by statistical analysis or data mining of network traffic data can promptly identify intrusions into the blockchain layer.This has become essential for improving blockchain stability and preventing attackers from bypassing computer security.Thus,identifying abnormal blockchain traffic efficiently and improving intrusion threat perception has become a focus of current research.An analysis of recent work shows a concentration on the behavior of different types of abnormal traffic in the blockchain network layer.This study concerns the following:1.The detection of redundant and rumor-based Distributed Denial of Service(DDo S)attack traffic is based on mixed protocol propagation in the blockchain network layer.The difficulties arising from the lack of characteristic differences of core attacks,and the complexity needed for robustness interfere with current techniques,causing low generalization,high false positives,and low efficiency.This dissertation proposes a Cross Multilayer Convolutional Neural Network CMCNN)model to detect DDo S attack traffic in the blockchain network layer.Firstly,the model convolves the preprocessing traffic of the blockchain by a cross-layer method based on L2regularization,which can enhance critical features and detect the details of attack traffic at multiple levels.The proposed model limits the variation of model weights by penalizing high-variance parameters.It also extracts the features of robust abstract attack traffic,improves model generalization,and reduces false positives.Then,a Stacked Sparse Auto-Encoder(SSAE)based on Kullback-Leibler divergence performs parameter reconstruction and encodes abstract features.By adjusting the sparseness of the model,the coupling between abstract features and redundant data is reduced so that encoded features can be successfully classified.Finally,an improved algorithm for Implementing Stochastic Gradient Descent(ISGD)supports global parameter optimization,effectively avoids training parameter oscillation,and accelerates model convergence.Experiments showed that the proposed method performs excellently in the binary and multiclass classification of mixed DDo S attack traffic in the blockchain network layer.2.Current methods have low sensitivity to abnormal events and detect Eclipse attack traffic poorly.The insufficient performance is due to the unbalanced distribution of examples in Eclipse attack traffic,limited perception of the spatio-temporal relationships of attack characteristics,and high similarity between attack and normal traffic.This dissertation proposes a method of Eclipse attack traffic detection based on custom combined features and deep feature learning.Firstly,the methods and features of Eclipse attacks are combined to define the three-level attributes of this type of attack traffic:(1)describe the downstream traffic characteristics of Eclipse attacks based on conventional traffic characteristics;(2)introduce theφ-entropy divergence algorithm to describe the frequency distribution characteristics of the Eclipse attack traffic;(3)the structural features of Eclipse attack traffic are mapped from the rate of change of traffic communication characteristics and load characteristics.Then,applying the ISMOTE upsampling algorithm improves detection accuracy by adjusting the sampling weight of minority examples by calculating the local cluster density.This supports automatic clustering and efficient upsampling and suppresses the interference caused by an imbalance of the attack traffic.Furthermore,a Convolutional Neural Network(CNN)and Bi-directional Long Short-Term Memory(Bi-LSTM)does feature mining of Eclipse attack traffic based on space and time-series distributions,a multi-head attention mechanism fully integrating the spatio-temporal features.The correlation and complementarity of the two feature distributions are used to improve the model’s ability to perceive Eclipse attack features.Finally,anomalies are detected via the generated attention fusion features.Experiments showed that the proposed method identifies Eclipse attacks in the blockchain network layer more effectively than current techniques.3.Because of the difficulty of detecting Erebus attacks on the blockchain network layer due to the one-sidedness of the detection object,this dissertation introduces a method that uses multi-modal deep feature learning,combining traffic behavior and routing status.This improves the comprehensive detection of Erebus attacks.Firstly,to describe the impact of Erebus attacks on the traffic propagation and routing forwarding of the blockchain network layer,the traffic and routing status features are defined for route penetration detection,traffic coverage,and transaction identity forgery during the attack;this improves the pertinence and sensitivity of anomaly detection.Then,a two-stage algorithm for feature selection,based on Relief and Weighted Maximum Relevance Minimum Redundancy(WMRMR),was designed to reduce costs and alleviate overfitting of the training data caused by redundant information and noise among heterogeneous features.Features strongly related to the classification label are selected then those with low information content are filtered.Finally,to decrease the false positives caused by heterogeneous data,a multi-modal deep learning model based on the Multi-Layer Perceptron(MLP)isolates the input and learns the deep features of the filtered routing status and traffic behavior.In addition,the accuracy is improved by a multi-modal network that provides robustness of fusion features.Experiments showed that the proposed method effectively detects Erebus attacks and identifies attack traffic by detecting the traffic and routing characteristics of key link nodes;its performance is reliable and effective.4.Current methods are often implemented by superimposing single-attack techniques that dynamically detect changing concurrent mixed-attack traffic,in which the blockchain layer tends to ignore the comprehensive generalization characteristics.Thus,the study developed a method for detecting abnormal traffic in the blockchain network layer based on a multiclass ensemble algorithm that comprehensively detects abnormal data with strong generalization.Firstly,to expand the difference in the degree of the input feature subsets of the base classifier,a Discernibility and Redundancy of Feature Subsets(D&RFS)feature selection algorithm is proposed.During the feature selection process,the output of high-discrimination subset items is promoted,while the generation of redundant information is suppressed.Then,in the integration process of the bagging algorithm,the Stochastic Variance Reduction Gradient(SVRG)algorithm adjusts the voting weights of each base model dynamically,improving the generalization for detecting mixed abnormal attack traffic,enhancing the robustness of the model output feature vector,and reducing the chances of the algorithm converging to local optima.Lastly,based on the LOF Based on Data Field(LBo DF)algorithm,the numerical vector output of the integrated algorithm is mapped to a high-dimensional space,and then the difference in the spatial density distribution for each example and the outlier degree of abnormal data points are amplified based on the potential value difference between data points.This improves the method’s ability to identify abnormal examples.Experiments showed that the recognition rate of the proposed method is significantly higher for the concurrent attack traffic of the blockchain network layer than the one-class classifier.The method’s detection performance is also better and faster than classical ensemble learning.5.This dissertation proposes an unsupervised method for detecting anomalous traffic with unknown behavior pattern in a blockchain network layer,based on graph-encoded association features and deep generative features.The method effectively extracts the structural information and local details of abnormal traffic with unknown behavior in the blockchain network layer,enhances the ability to perceive the timing correlation rules of abnormally distributed traffic,and improves the performance and speed of anomaly detection.Firstly,an undirected graph in the graph encoder channel models the time-series correlation of normal traffic features.A Graph Attention Encoder(GAE)translates graph-encoded features for highly representative deep aggregated graph association features in the original sample space.Second,a generative feature construction channel based on the Variational Auto Encoder(VAE)with a Wasserstein Generative Adversarial Network(WGAN)uses an inference network to map the original traffic sample features to latent variable features.Moreover,through the variational inference method in the generative network,the latent space features are fitted into reconstructed features that can adapt to the characteristics of multiclass traffic examples.The method uses the WGAN discriminator based on Lipschitz constraints to constrain the spatial distribution difference between the features fitted by the VAE and WGAN generators and the normal example features,reducing the loss of reconstruction information.Furthermore,the diverse reconstructed features with relatively complete local detail features and high similarity were fitted to the original sample features.This improves the stability of model training and the ability to resist overfitting.Finally,based on the joint reconstruction error of GAE and VAE/Multi-WGAN under the dual channel,an abnormal example scoring rule is constructed.The sliding-window algorithm is designed to perform real-time detection on traffic examples and update adaptively to improve performance on unknown traffic examples,which reduces the model parameter update delay and increases accuracy.Experiments showed that,compared with other machine-learning anomaly detection methods,the proposed method has improved precision and recall for mixed blockchain network layer traffic,including traffic with unknown behavior.This dissertation examines the dynamic,concealed,and time-varying abnormal traffic in the blockchain network layer in a complex network environment.It presents a method for detecting anomalies based on abnormal traffic characteristics and features,identifying traffic threats in the blockchain network layer quickly and effectively.The results provide a theoretical basis and method support for the active early warning and protection of blockchain network security by exposing multi-level abnormal traffic threats.This dissertation presents the formulation of effective measures for a scientific defense.The proposed approach promises to improve the management and control of the overall defense of blockchain systems. |
PDF Full Text Request