Digital forensic framework for smart contract vulnerabilities using ensemble models
Forensic identification of vulnerabilities in Ethereum based smart contract has received significant interest among security agencies and researchers because it normally manages a lot of cryptocurrencies worth billions of dollars. Recalling the fact that smart contracts, a small set of instruction o...
Gespeichert in:
| Veröffentlicht in: | Multimedia tools and applications 2024-05, Vol.83 (17), p.51469-51512 |
|---|---|
| Hauptverfasser: | , , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 51512 |
|---|---|
| container_issue | 17 |
| container_start_page | 51469 |
| container_title | Multimedia tools and applications |
| container_volume | 83 |
| creator | J J, Lohith Singh, Kunwar Chakravarthi, Bharatesh |
| description | Forensic identification of vulnerabilities in Ethereum based smart contract has received significant interest among security agencies and researchers because it normally manages a lot of cryptocurrencies worth billions of dollars. Recalling the fact that smart contracts, a small set of instruction or programmes especially designed towards user verification, authentication and access control in Blockchain, can have the different vulnerabilities including Denial of Services (DoS), access control, Arithmetic integer overflow, arithmetic bad-randomness, re-entrancy, unchecked low-level calls, etc. In this paper a novel methodology using natural language processing and machine learning based vulnerability detection system is developed. The overall proposed model was designed towards Ethereum based Smart Contracts, where the standard benchmark data with the different vulnerability types has been taken into consideration. Though, classical methods apply SolMatrix tool to extract the features from Ethereum Solidarity vulnerability matrix however, they are confined to address feature variations, data imbalance which eventually impacts overall (vulnerability) classification performance. Considering this fact, in this research the overall methodology was defined in such manner that it assesses a Ethereum Solidity Smart Contract towards the probability of any (aforesaid) vulnerability types.To examine the performance of the proposed vulnerability detection model, we obtained results in terms of Accuracy, F-Measure, and Area and ROC Curve (AUC). The extensive performance analysis in terms of intra-model comparison, the average accuracy with SMOTE sampled data resulted near 90% of accuracy using Random Forest Algorithm. AUC performance too was found near 0.7, confirming acceptability of the proposed model. With Random Forest algorithm the average F-Measure was found to be near 0.86. |
| doi_str_mv | 10.1007/s11042-023-17308-3 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_3055262296</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>3055262296</sourcerecordid><originalsourceid>FETCH-LOGICAL-c2706-d7d2c7a3d7e533b3f2c295da007c4daff0935bf839853da36b62411745dc2e463</originalsourceid><addsrcrecordid>eNp9kE9LxDAQxYMouK5-AU8Bz9Ek0zTbo6y6Cgse1HNI82fJ2jZr0ip-e7tW0JOnGYb33vB-CJ0zeskolVeZMVpwQjkQJoEuCBygGRMSiJScHf7Zj9FJzltKWSl4MUNPN2ETet1gH5PrcjDYJ926j5he9yecW516bGLXJ216_D40nUu6Dk3og8t4yKHb4NHo2rpxuI3WNfkUHXndZHf2M-fo5e72eXlP1o-rh-X1mhguaUmstNxIDVY6AVCD54ZXwuqxjyms9p5WIGq_gGohwGoo65IXjMlCWMNdUcIcXUy5uxTfBpd7tY1D6saXCqgQvOS82qv4pDIp5pycV7sUxlafilG1h6cmeGqEp77hKRhNMJnyKO42Lv1G_-P6AovpcqY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>3055262296</pqid></control><display><type>article</type><title>Digital forensic framework for smart contract vulnerabilities using ensemble models</title><source>Springer Journals</source><creator>J J, Lohith ; Singh, Kunwar ; Chakravarthi, Bharatesh</creator><creatorcontrib>J J, Lohith ; Singh, Kunwar ; Chakravarthi, Bharatesh</creatorcontrib><description>Forensic identification of vulnerabilities in Ethereum based smart contract has received significant interest among security agencies and researchers because it normally manages a lot of cryptocurrencies worth billions of dollars. Recalling the fact that smart contracts, a small set of instruction or programmes especially designed towards user verification, authentication and access control in Blockchain, can have the different vulnerabilities including Denial of Services (DoS), access control, Arithmetic integer overflow, arithmetic bad-randomness, re-entrancy, unchecked low-level calls, etc. In this paper a novel methodology using natural language processing and machine learning based vulnerability detection system is developed. The overall proposed model was designed towards Ethereum based Smart Contracts, where the standard benchmark data with the different vulnerability types has been taken into consideration. Though, classical methods apply SolMatrix tool to extract the features from Ethereum Solidarity vulnerability matrix however, they are confined to address feature variations, data imbalance which eventually impacts overall (vulnerability) classification performance. Considering this fact, in this research the overall methodology was defined in such manner that it assesses a Ethereum Solidity Smart Contract towards the probability of any (aforesaid) vulnerability types.To examine the performance of the proposed vulnerability detection model, we obtained results in terms of Accuracy, F-Measure, and Area and ROC Curve (AUC). The extensive performance analysis in terms of intra-model comparison, the average accuracy with SMOTE sampled data resulted near 90% of accuracy using Random Forest Algorithm. AUC performance too was found near 0.7, confirming acceptability of the proposed model. With Random Forest algorithm the average F-Measure was found to be near 0.86.</description><identifier>ISSN: 1573-7721</identifier><identifier>ISSN: 1380-7501</identifier><identifier>EISSN: 1573-7721</identifier><identifier>DOI: 10.1007/s11042-023-17308-3</identifier><language>eng</language><publisher>New York: Springer US</publisher><subject>Access control ; Accuracy ; Algorithms ; Arithmetic ; Computer Communication Networks ; Computer Science ; Contracts ; Cryptography ; Data Structures and Information Theory ; Digital currencies ; Machine learning ; Multimedia Information Systems ; Natural language processing ; Special Purpose and Application-Based Systems</subject><ispartof>Multimedia tools and applications, 2024-05, Vol.83 (17), p.51469-51512</ispartof><rights>The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c2706-d7d2c7a3d7e533b3f2c295da007c4daff0935bf839853da36b62411745dc2e463</citedby><cites>FETCH-LOGICAL-c2706-d7d2c7a3d7e533b3f2c295da007c4daff0935bf839853da36b62411745dc2e463</cites><orcidid>0000-0002-4978-434X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s11042-023-17308-3$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s11042-023-17308-3$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>J J, Lohith</creatorcontrib><creatorcontrib>Singh, Kunwar</creatorcontrib><creatorcontrib>Chakravarthi, Bharatesh</creatorcontrib><title>Digital forensic framework for smart contract vulnerabilities using ensemble models</title><title>Multimedia tools and applications</title><addtitle>Multimed Tools Appl</addtitle><description>Forensic identification of vulnerabilities in Ethereum based smart contract has received significant interest among security agencies and researchers because it normally manages a lot of cryptocurrencies worth billions of dollars. Recalling the fact that smart contracts, a small set of instruction or programmes especially designed towards user verification, authentication and access control in Blockchain, can have the different vulnerabilities including Denial of Services (DoS), access control, Arithmetic integer overflow, arithmetic bad-randomness, re-entrancy, unchecked low-level calls, etc. In this paper a novel methodology using natural language processing and machine learning based vulnerability detection system is developed. The overall proposed model was designed towards Ethereum based Smart Contracts, where the standard benchmark data with the different vulnerability types has been taken into consideration. Though, classical methods apply SolMatrix tool to extract the features from Ethereum Solidarity vulnerability matrix however, they are confined to address feature variations, data imbalance which eventually impacts overall (vulnerability) classification performance. Considering this fact, in this research the overall methodology was defined in such manner that it assesses a Ethereum Solidity Smart Contract towards the probability of any (aforesaid) vulnerability types.To examine the performance of the proposed vulnerability detection model, we obtained results in terms of Accuracy, F-Measure, and Area and ROC Curve (AUC). The extensive performance analysis in terms of intra-model comparison, the average accuracy with SMOTE sampled data resulted near 90% of accuracy using Random Forest Algorithm. AUC performance too was found near 0.7, confirming acceptability of the proposed model. With Random Forest algorithm the average F-Measure was found to be near 0.86.</description><subject>Access control</subject><subject>Accuracy</subject><subject>Algorithms</subject><subject>Arithmetic</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Contracts</subject><subject>Cryptography</subject><subject>Data Structures and Information Theory</subject><subject>Digital currencies</subject><subject>Machine learning</subject><subject>Multimedia Information Systems</subject><subject>Natural language processing</subject><subject>Special Purpose and Application-Based Systems</subject><issn>1573-7721</issn><issn>1380-7501</issn><issn>1573-7721</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><recordid>eNp9kE9LxDAQxYMouK5-AU8Bz9Ek0zTbo6y6Cgse1HNI82fJ2jZr0ip-e7tW0JOnGYb33vB-CJ0zeskolVeZMVpwQjkQJoEuCBygGRMSiJScHf7Zj9FJzltKWSl4MUNPN2ETet1gH5PrcjDYJ926j5he9yecW516bGLXJ216_D40nUu6Dk3og8t4yKHb4NHo2rpxuI3WNfkUHXndZHf2M-fo5e72eXlP1o-rh-X1mhguaUmstNxIDVY6AVCD54ZXwuqxjyms9p5WIGq_gGohwGoo65IXjMlCWMNdUcIcXUy5uxTfBpd7tY1D6saXCqgQvOS82qv4pDIp5pycV7sUxlafilG1h6cmeGqEp77hKRhNMJnyKO42Lv1G_-P6AovpcqY</recordid><startdate>20240501</startdate><enddate>20240501</enddate><creator>J J, Lohith</creator><creator>Singh, Kunwar</creator><creator>Chakravarthi, Bharatesh</creator><general>Springer US</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-4978-434X</orcidid></search><sort><creationdate>20240501</creationdate><title>Digital forensic framework for smart contract vulnerabilities using ensemble models</title><author>J J, Lohith ; Singh, Kunwar ; Chakravarthi, Bharatesh</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c2706-d7d2c7a3d7e533b3f2c295da007c4daff0935bf839853da36b62411745dc2e463</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Access control</topic><topic>Accuracy</topic><topic>Algorithms</topic><topic>Arithmetic</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Contracts</topic><topic>Cryptography</topic><topic>Data Structures and Information Theory</topic><topic>Digital currencies</topic><topic>Machine learning</topic><topic>Multimedia Information Systems</topic><topic>Natural language processing</topic><topic>Special Purpose and Application-Based Systems</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>J J, Lohith</creatorcontrib><creatorcontrib>Singh, Kunwar</creatorcontrib><creatorcontrib>Chakravarthi, Bharatesh</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Multimedia tools and applications</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>J J, Lohith</au><au>Singh, Kunwar</au><au>Chakravarthi, Bharatesh</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Digital forensic framework for smart contract vulnerabilities using ensemble models</atitle><jtitle>Multimedia tools and applications</jtitle><stitle>Multimed Tools Appl</stitle><date>2024-05-01</date><risdate>2024</risdate><volume>83</volume><issue>17</issue><spage>51469</spage><epage>51512</epage><pages>51469-51512</pages><issn>1573-7721</issn><issn>1380-7501</issn><eissn>1573-7721</eissn><abstract>Forensic identification of vulnerabilities in Ethereum based smart contract has received significant interest among security agencies and researchers because it normally manages a lot of cryptocurrencies worth billions of dollars. Recalling the fact that smart contracts, a small set of instruction or programmes especially designed towards user verification, authentication and access control in Blockchain, can have the different vulnerabilities including Denial of Services (DoS), access control, Arithmetic integer overflow, arithmetic bad-randomness, re-entrancy, unchecked low-level calls, etc. In this paper a novel methodology using natural language processing and machine learning based vulnerability detection system is developed. The overall proposed model was designed towards Ethereum based Smart Contracts, where the standard benchmark data with the different vulnerability types has been taken into consideration. Though, classical methods apply SolMatrix tool to extract the features from Ethereum Solidarity vulnerability matrix however, they are confined to address feature variations, data imbalance which eventually impacts overall (vulnerability) classification performance. Considering this fact, in this research the overall methodology was defined in such manner that it assesses a Ethereum Solidity Smart Contract towards the probability of any (aforesaid) vulnerability types.To examine the performance of the proposed vulnerability detection model, we obtained results in terms of Accuracy, F-Measure, and Area and ROC Curve (AUC). The extensive performance analysis in terms of intra-model comparison, the average accuracy with SMOTE sampled data resulted near 90% of accuracy using Random Forest Algorithm. AUC performance too was found near 0.7, confirming acceptability of the proposed model. With Random Forest algorithm the average F-Measure was found to be near 0.86.</abstract><cop>New York</cop><pub>Springer US</pub><doi>10.1007/s11042-023-17308-3</doi><tpages>44</tpages><orcidid>https://orcid.org/0000-0002-4978-434X</orcidid></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 1573-7721 |
| ispartof | Multimedia tools and applications, 2024-05, Vol.83 (17), p.51469-51512 |
| issn | 1573-7721 1380-7501 1573-7721 |
| language | eng |
| recordid | cdi_proquest_journals_3055262296 |
| source | Springer Journals |
| subjects | Access control Accuracy Algorithms Arithmetic Computer Communication Networks Computer Science Contracts Cryptography Data Structures and Information Theory Digital currencies Machine learning Multimedia Information Systems Natural language processing Special Purpose and Application-Based Systems |
| title | Digital forensic framework for smart contract vulnerabilities using ensemble models |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-11T16%3A27%3A03IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Digital%20forensic%20framework%20for%20smart%20contract%20vulnerabilities%20using%20ensemble%20models&rft.jtitle=Multimedia%20tools%20and%20applications&rft.au=J%20J,%20Lohith&rft.date=2024-05-01&rft.volume=83&rft.issue=17&rft.spage=51469&rft.epage=51512&rft.pages=51469-51512&rft.issn=1573-7721&rft.eissn=1573-7721&rft_id=info:doi/10.1007/s11042-023-17308-3&rft_dat=%3Cproquest_cross%3E3055262296%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=3055262296&rft_id=info:pmid/&rfr_iscdi=true |