An Explainable AI Model for the Detecting Malicious Smart Contracts Based on EVM Opcode Based Features
Roopak Surendran
TL;DR
This work targets the detection of malicious Ethereum smart contracts by analyzing EVM opcode-based features, addressing extreme class imbalance with SMOTE and converting opcode frequencies into binary features via entropy-based binning. An ML classifier is trained on these binary features, and predictions are explained with LIME to provide justification for decisions. The approach achieves about 99% recall with false positives below 1%, outperforming a Forta-based baseline, and identifies key opcodes driving the decisions. The study emphasizes explainability and outlines future work on adversarial resistance and semantic analysis to handle evolving contracts.
Abstract
Hackers may create malicious solidity programs and deploy it in the Ethereum block chain. These malicious smart contracts try to attack legitimate programs by exploiting its vulnerabilities such as reentrancy, tx.origin attack, bad randomness, deligatecall and so on. This may lead to drain of the funds, denial of service and so on . Hence, it is necessary to identify and prevent the malicious smart contract before deploying it into the blockchain. In this paper, we propose an ML based malicious smart contract detection mechanism by analyzing the EVM opcodes. After balancing the opcode frequency dataset with SMOTE algorithm, we transformed opcode frequencies to the binary values (0,1) using an entropy based supervised binning method. Then, an explainable AI model is trained with the proposed binary opcode based features. From the implementations, we found that the proposed mechanism can detect 99% of malicious smart contracts with a false positive rate of only 0.01. Finally, we incorporated LIME algorithm in our classifier to justify its predictions. We found that, LIME algorithm can explain why a particular smart contract app is declared as malicious by our ML classifier based on the binary value of EVM opcodes.