An Explainable AI Model for the Detecting Malicious Smart Contracts Based on EVM Opcode Based Features

TL;DR

This paper presents an explainable machine learning model that detects malicious Ethereum smart contracts by analyzing EVM opcode features, achieving high accuracy and providing interpretability through LIME explanations.

Contribution

It introduces a novel approach combining opcode analysis, data balancing, entropy-based binning, and explainability for malicious smart contract detection.

Findings

Detects 99% of malicious contracts

False positive rate of 0.01

Uses LIME for model interpretability

Abstract

Hackers may create malicious solidity programs and deploy it in the Ethereum block chain. These malicious smart contracts try to attack legitimate programs by exploiting its vulnerabilities such as reentrancy, tx.origin attack, bad randomness, deligatecall and so on. This may lead to drain of the funds, denial of service and so on . Hence, it is necessary to identify and prevent the malicious smart contract before deploying it into the blockchain. In this paper, we propose an ML based malicious smart contract detection mechanism by analyzing the EVM opcodes. After balancing the opcode frequency dataset with SMOTE algorithm, we transformed opcode frequencies to the binary values (0,1) using an entropy based supervised binning method. Then, an explainable AI model is trained with the proposed binary opcode based features. From the implementations, we found that the proposed mechanism can detect 99% of malicious smart contracts with a false positive rate of only 0.01. Finally, we incorporated LIME algorithm in our classifier to justify its predictions. We found that, LIME algorithm can explain why a particular smart contract app is declared as malicious by our ML classifier based on the binary value of EVM opcodes.