ADvISE: Anomaly Detection tool for blockchaIn SystEms

Anomaly detection tools play a role of paramount importance in protecting networks and systems from unforeseen attacks, usually by automatically recognizing and filtering out anomalous activities. Over the years, different approaches have been designed, all focused on lowering the false positive rate. However, no proposal has addressed attacks targeting blockchain-based systems. In this paper we present ADvISE: the first Anomaly Detection tool for blockchaIn SystEms which leverages blockchain meta-data, named forks, in order to collect potentially malicious requests in the network/system while being resilient to eclipse attacks. Indeed, while forks can naturally appear in the blockchain life cycle due to the network delay, they can also be artificially forged by attackers and used to spread malicious activities within the chain. ADvISE collects and analyzes malicious forks in order to build a threat database that enable detection and prevention of future attack occurrences. Our proposal is validated via experimental results and theoretical complexity analysis which highlight the quality and viability of our approach.