Theoretical and Applied Cybersecurity (TACS)

Постійне посилання на фонд

https://ela.kpi.ua/handle/123456789/76944

Переглянути

Перегляд Theoretical and Applied Cybersecurity (TACS) за Ключові слова "attack"

Зараз показуємо 1 - 1 з 1
  • Ескіз
    ДокументВідкритий доступ
    EVM Mempool Monitoring for Attack Detection: Leveraging Transaction-Layer Visibility for Early Identification of Threats
    (НН ФТІ, КПІ ім. Ігоря Сікорського, 2025) Kozyriatskyi, G.
    The Ethereum Virtual Machine (EVM) and its associated transaction mempool represent the critical pre-consensus layer of the Ethereum blockchain. While extensive research has focused on post-block analysis for security and anomaly detection, this paper explores the scientific novelty and practical implications of leveraging real-time EVM mempool monitoring for the early detection of blockchain-level attacks. We argue that many systemic threats, including consensus manipulation attempts, transaction reordering schemes (e.g., MEV-related attacks like front-running and sandwich attacks), and denial-ofservice through transaction spam, exhibit discernible signatures within the mempool before block inclusion. This preconfirmation visibility offers a crucial window for preemptive detection that is unavailable through traditional post-block analysis. This research proposes an analytical model characterizing attack signatures within mempool data based on features such as nonce gaps, gas price anomalies, transaction fee spikes, and transaction dependencies. We outline a monitoring framework incorporating real-time data aggregation, statistical, heuristic, and machine learning-based anomaly detection algorithms, and criteria for attack flagging. The paper details an experimental design for evaluating the proposed framework against simulated attack scenarios, assessing performance using metrics like precision, recall, and detection latency. Our key contributions include formalizing the concept of mempool-based attack detection as a distinct security layer, providing a typology of detectable attacks, and outlining a practical framework for implementation. This research highlights the potential of mempool monitoring as a vital, proactive tool for enhancing the security and resilience of decentralized infrastructures, offering significant advantages over purely reactive post-block methods.