Research On Eclipse Attack Detection Technology In Ethereum P2P Networks

In recent years,blockchain technology has been widely applied in Internet finance and digital credit investigation.In 2019,the government also proposed to take blockchain as the core technology at the national strategic level,but blockchain technology also faces many security problems.Eclipse attack is a network blocking attack in which the attacker intercepts victim messages by controlling all incoming connections to ethereum nodes.Eclipse attack by an attacker,according to the Ethereum client after the restart,all of the connection is broken and the characteristics of adjacent nodes Table is empty,the malicious node sends a large number of connection requests into the victim by Ping request,on the one hand,make the victim nodes into the connection of binding to the attacker configuration of malicious nodes,on the other hand,the victim adjacent nodes Table,have a higher probability of malicious nodes selected to establish a connection,so that the victim completely eclipsed with the etheric fang normal network.Despite the latest version of the etheric fang client Go-Ethereum has proposed some patches,used to reduce the risk of eclipse attacks on nodes,but by 2019,there are still 2%-10% of the active node using the existence of a client isolation against security threats,and so far,no effective detection system can prompt the user node if the current eclipse attacks.In view of the above problems,we analyze the existing eclipse attack methods,and propose a state migration eclipse attack model,which modularly shows the traffic variation of the victim node in the eclipse attack state.A module for data collection and analysis of ethereum nodes is proposed to directionally collect UDP traffic of ethereum nodes and convert it into visual TXT file.Ethereum eclipse attack detection model was designed innovatively from the user side,which was used to classify and process the UDP data packets collected by the node and judge whether the node was in the state of eclipse attack.Specifically,through the collection and study of normal and attack packets analysis,we found that the attack packets of information including mark packets?size,access?frequency and access?time characteristics,can be used to distinguish between different state of flow,according to these data,we use random forest,KNN and Logistic Regression,such as machine learning algorithms,respectively eclipse attacks flow classification model of training the etheric fang,can effectively detect the eclipse of attack traffic.Our experiment can effectively detect malicious behavior and source IP.Through the design of customized traffic collection means,ETH?CAT,ethereum network node data capture plugin and ETHED,ethereum pcap packet analyzer,were used to extract eclipse attack traffic characteristics.We analyzed the variation characteristics of eclipse attack traffic in state-transfer RRSP.Finally the experimental results show that different machine learning model for separate attack traffic detection has higher classification,the precision,recall and f1-score of three indicators,and random forest algorithm has high detection performance in the eclipse attack detection.The work of this paper is the first detection method for ethereum eclipse attack by user side,which can effectively help users to prevent ethereum eclipse attack.