Summary: | Anomaly detection tools play a role of paramount importance in protecting networks and systems from unforeseen attacks, usually by automatically recognizing and filtering out anomalous activities. Over the years, different approaches have been designed, all focused on lowering the false positive rate. However, no proposal has addressed attacks specifically targeting blockchain-based systems. In this paper, we present BAD: Blockchain Anomaly Detection. This is the first solution, to the best of our knowledge, that is tailored to detect anomalies in blockchain-based systems. BAD is a complete framework, relying on several components leveraging, at its core, blockchain meta-data in order to collect potentially malicious activities. BAD enjoys some unique features: (i) it is distributed (thus avoiding any central point of failure); (ii) it is tamper-proof (making it impossible for a malicious software to remove or to alter its own traces); (iii) it is trusted (any behavioral data is collected and verified by the majority of the network); and, (iv) it is private (avoiding any third party to collect/analyze/store sensitive information). Our proposal is described in detail and validated via both experimental results and analysis, that highlight the quality and viability of our Blockchain Anomaly Detection solution.
|