Theses and Dissertations

Date of Award

12-2024

Document Type

Dissertation

Department

Computing

Committee Chair

Ryan G. Benton

Advisor(s)

Todd Andel, Jordan Shropshire, Mohamed Shaban

Abstract

An eclipse attack is a significant cyber threat targeting the network layer of blockchain platforms. Detecting eclipse attacks is challenging for several reasons. First, there are no available datasets for training and testing models. Second, comprehensive studies identifying features to detect eclipse attacks are lacking. Additionally, the amount of eclipse network traffic is much smaller than that of normal network traffic, which leads to imbalanced samples. Moreover, the characteristics of eclipse network traffic closely resemble those of normal traffic, causing overlapping samples, which makes it challenging for traditional classifiers to learn how to identify eclipse attacks. To address these challenges, this research explores useful features for detecting eclipse attacks and mitigates the impact of imbalanced and overlapping issues in datasets. The research then introduces two hybrid deep learning models, the Parallel Hybrid Deep Learning-Based Model (PHDLBM) and the Series Hybrid Deep Learning-Based Model (SHDLBM), for detecting eclipse attacks on Ethereum network layers. To obtain datasets, eclipse attacks are simulated on real Ethereum platforms, and network traffic is collected under three conditions: datasets with 10%, 20%, and 40% eclipse attacks. Thirty-one features are extracted from raw network traffic and grouped into five categories, including common network traffic, Entropy, φ-Entropy divergence, network packet characteristic statistics, and network packet communication statistics. The SMOTE and Tomek algorithms are combined to mitigate imbalanced and overlapping samples in the datasets. The performance of the extracted features is evaluated using four traditional classifiers (Decision Tree, Random Forest, k-nearest neighbors, and XGBoost) and two deep learning algorithms (CNN and Bi-LSTM). Additionally, two proposed models are implemented to classify eclipse attacks. PHDLBM processes input data in parallel, while SHDLBM processes it sequentially. The Multi-head attention is added to enhance the model performance. Experimental results indicate that our extracted features are effective in detecting eclipse attacks, with not all 31 features necessary for high performance. The SMOTE and Tomek algorithms provide a slight increase in model performance but significantly impact prediction time. At 10% eclipse attack datasets, traditional machine learning models achieve high accuracy but sometimes misclassify eclipse attacks as normal traffic or are too slow to classify attacks, with similar results from common deep learning models. While the PHDLBM achieves 95.86% accuracy, the SHDLBM reaches 96.28%, with PHDLM achieving a perfect Recall of 100%. SHDLBM offers the best balance of Precision, Recall, F1-Score, and Accuracy among the seven models. As attack instances increase to 20%, the accuracy of PHDLBM and SHDLBM rises to 98.49% and 98.55%, respectively, with improvements in Precision, Recall, and F1-Score. When implementing a 40% eclipse attack dataset, both models show slight increases in accuracy, with PHDLBM achieving the highest accuracy of 99.01% among the seven models. Both models demonstrate strong predictive capabilities.

Download

Share

COinS