Accepted · IEEE ICICDS 2026 · Paper ID ICICDS-690

Stopping Sybil attacks without identity friction

SybilShield-Core is an open-source, modular framework that detects and isolates Sybil identities in permissionless peer-to-peer blockchain networks. A Composite Trust Score fuses behavioral telemetry, peer-graph topology, and economic commitment, no Proof-of-Work tax, no centralized identity authority, just observable evidence governing each peer's influence on consensus.

94%+
steady-state detection rate up to 40% adversary density
<2.1%
false-positive rate on honest peers
≤4.1%
consensus latency overhead at 2,000 nodes

Why this matters

Sybil resistance is not a niche blockchain concern, it is the structural assumption that "one peer, one vote" depends on. The same identity-spoofing pattern underwrites attacks on decentralized federated learning, oracle price feeds, and any system that trusts the apparent diversity of its participants. A framework that closes this gap without reintroducing a central authority strengthens the integrity of decentralized infrastructure that increasingly underpins finance, identity, and shared AI training.

How it works

Three independently maintained sub-scores combine into one Composite Trust Score (CTS) per peer, which then governs quorum weight, connection acceptance, and (optionally) federated learning aggregation weight.

Behavioral score

Continuously updated from block relay timing, mempool propagation, and voting deviations. Decays toward neutral with a 24-hour half-life, so static whitelisting is impossible: inactive peers must keep demonstrating good behavior.

Graph score

Derived from local clustering coefficient, SybilRank propagation from high-stake seed nodes, and subnet diversity. Penalizes the tight-cluster topology characteristic of Sybil subgraphs without requiring a certified honest seed set.

Economic score

Captures stake age and capital lockup. Used as a contributing signal rather than the primary defense, since well-capitalized adversaries can offset pure economic penalties through identity rotation.

Mitigation pipeline

A sigmoid mapping turns the composite score into quorum weight. Four response tiers, monitoring, throttling, peer-list removal, and full quarantine, apply escalating but reversible pressure as the score drops.

Attack coverage

Evaluated across four adversarial scenarios on synthetic P2P networks of 50 to 2,000 nodes, with adversary fractions from 10% to 45%.

Attack classSybilShield-Core defense
Consensus maskingBehavioral + graph score drift triggers quorum weight reduction before false views can dominate a target's local chain
Eclipse partitioningIsolationGuard subnet-diversity and per-subnet connection limits reject monopolizing connection attempts independent of the CTS
DFL gradient poisoningCTS-weighted FedAvg attenuates the aggregation weight of peers whose gradients deviate statistically from honest submissions
Mempool / bandwidth exhaustionBehavioral score penalizes flooding and GETDATA cycling, escalating to connection throttling and quarantine

Quick start

Python 3.10+ is the only prerequisite.

git clone https://github.com/sunilgentyala/SybilShield-Core.git
cd SybilShield-Core
pip install -e ".[dev]"

# Run a Sybil simulation (50-node network, 30% adversary ratio)
python scripts/run_simulation.py --nodes 50 --sybil-ratio 0.30 --scenario eclipse

# Run unit tests
pytest tests/unit/ -v

Citation

Gentyala, S., Sanjeevaiah, K., & Darisi, S. K. (2026). SybilShield-Core: A Composite Trust Scoring Framework for Sybil Attack Mitigation in Permissionless Blockchain Networks. Accepted, IEEE ICICDS 2026 (Paper ID ICICDS-690).
icicds.com/2026

Reference implementation: github.com/sunilgentyala/SybilShield-Core