Digital forensic framework for smart contract vulnerabilities using ensemble models

Forensic identification of vulnerabilities in Ethereum based smart contract has received significant interest among security agencies and researchers because it normally manages a lot of cryptocurrencies worth billions of dollars. Recalling the fact that smart contracts, a small set of instruction or programmes especially designed towards user verification, authentication and access control in Blockchain, can have the different vulnerabilities including Denial of Services (DoS), access control, Arithmetic integer overflow, arithmetic bad-randomness, re-entrancy, unchecked low-level calls, etc. In this paper a novel methodology using natural language processing and machine learning based vulnerability detection system is developed. The overall proposed model was designed towards Ethereum based Smart Contracts, where the standard benchmark data with the different vulnerability types has been taken into consideration. Though, classical methods apply SolMatrix tool to extract the features from Ethereum Solidarity vulnerability matrix however, they are confined to address feature variations, data imbalance which eventually impacts overall (vulnerability) classification performance. Considering this fact, in this research the overall methodology was defined in such manner that it assesses a Ethereum Solidity Smart Contract towards the probability of any (aforesaid) vulnerability types.To examine the performance of the proposed vulnerability detection model, we obtained results in terms of Accuracy, F-Measure, and Area and ROC Curve (AUC). The extensive performance analysis in terms of intra-model comparison, the average accuracy with SMOTE sampled data resulted near 90% of accuracy using Random Forest Algorithm. AUC performance too was found near 0.7, confirming acceptability of the proposed model. With Random Forest algorithm the average F-Measure was found to be near 0.86.