Proactive detection of anomalous behavior in Ethereum accounts using XAI-enabled ensemble stacking with Bayesian optimization

Introduction

Blockchain technology, valued for its decentralized, secure, and unalterable nature, has become pivotal in strengthening security across sectors such as governance, healthcare, financial systems, and urban development (Ramaiah et al., 2022; Padma & Ramaiah, 2024a). Ethereum stands out as a leading blockchain platform, utilizing smart contracts and its native cryptocurrency for network operations. Ethereum relies on distinct account identifiers to facilitate transactions, including externally owned accounts (EOAs) secured by private keys and contract accounts governed by code. To maintain data integrity, it utilizes features such as the nonce, contract code hash, and storage root, with the Keccak-256 hashing algorithm ensuring the authenticity of smart contracts (Siddique & Fatima, 2022). The Ethereum storage root, based on the Merkle Patricia Trie, serves as a unique account identifier, ensuring efficient data encoding and verification (Wang et al., 2021) and (Chen et al., 2020a).

As of August 2024, Ethereum has processed over 2.4 billion transactions (Etherscan, 2024), making its decentralized ledger a target for cyber threats. The anonymity within Ethereum enables malicious activities such as money laundering and illicit goods sales. Vulnerabilities within the Ethereum network, including P2P limitations and smart contract exploits, expose it to attacks like phishing (Chen et al., 2020c; Kabla et al., 2022), Ponzi schemes (Chen et al., 2019), the DAO attack, and 51% attack (Scicchitano et al., 2020), as well as the exploitation of malicious contracts (Wen et al., 2021), accounts (Kumar et al., 2020), eclipse attacks (Xu et al., 2020), and abnormal smart contracts (Liu et al., 2022).

Ethereum’s blockchain technology is renowned for its transparency, resistance to tampering, and immutable nature, offering robust security capabilities.Despite these strengths, malicious actors have successfully identified and exploited vulnerabilities within elements such as smart contracts (Kushwaha et al., 2022; Padma & Mangayarkarasi, 2022), the Solidity programming language (Kaleem, Mavridou & Laszka, 2020) and the Ethereum architecture (Chen et al., 2020b). However, a range of techniques and tools (Ramaiah et al., 2022) has emerged to actively monitor and identify malicious activities within Ethereum networks. Ongoing efforts focus on developing solutions to enhance the resilience of the Ethereum ecosystem against potential threats. Despite the existence of vulnerabilities within the Ethereum blockchain (Farrugia, Ellul & Azzopardi, 2020), continuous advancements aim to strengthen security measures and minimize the occurrences of fraudulent activities.

Researchers are actively engaged in addressing security concerns within Ethereum’s system while ensuring optimal performance. The application of artificial intelligence (AI) technology has tremendous potential for early identification of security vulnerabilities (Padma & Ramaiah, 2024b). As highlighted by Kumar et al. (2020), machine learning (ML) models were employed to distinguish between malicious and legitimate Ethereum addresses, with a focus on externally owned accounts (EOAs) and smart contract accounts. By extracting key transaction features, models like eXtreme Gradient Boosting (XGBoost), Random Forest (RF), and K-nearest neighbors (KNN) demonstrated strong performance in enhancing Ethereum security, particularly for smart contract accounts. Also, Ponzi schemes represent significant financial threats, particularly in vulnerable communities like Nigeria. A study by Onu et al. (2023) applies AI with ML models, including RF, NN, and KNN, to detect these schemes on Ethereum by analyzing transaction patterns. AI-driven models offer a promising approach to minimizing security breaches effectively. The convergence of Ethereum and AI technologies aims to improve the platform’s capabilities, bolster its security measures, and enhance the overall user experience, delivering advantages to both individual users and businesses relying on the Ethereum network. Aziz et al. (2023) explores strategies to optimize Ethereum transactions and successfully addresses deviations. Despite notable strides in AI-driven detection of malicious activities within the Ethereum platform, substantial enhancements remain necessary. Challenges ahead of AI enabled malicious activities detection system are suitable feature engineering (Rahamathulla & Ramaiah, 2024) enough samples (Ramaiah et al., 2024) and suitable hyperparameter (Zhao et al., 2023) searching technique.

AI models produce outcomes, but we need clearer insights into how they reach those conclusions. That’s where explainable artificial intelligence (XAI) comes into build trust in AI decisions by shedding light on their reasoning and holding them accountable. XAI pertains to the application of AI technology in a manner that allows human experts to comprehend the outcomes of the solution. This differs from the concept of a “black box” in machine learning, when even the developers are unable to explicate the reasoning behind a single AI choice. XAI serves as an embodiment of the social right to an explanation. The evolving field of XAI introduces various methods aimed at transforming the opaque nature of models based on ML or deep learning (DL), thereby generating explanations that are intelligible to humans. With the remarkable progress in ML and DL, researchers in the fields of AI and ML are increasingly prioritizing the development and application of XAI. Researchers have developed various tools to demystify black-box models, such as Local Interpretable Model-Agnostic Explanations (LIME), Shapley Additive Explanations (SHAP), Explain Like I am a 5-year old (ELI5), and InterpretML, among others (Buyuktepe et al., 2023).

Due to the enhanced merits, XAI finds application in healthcare (Hauser et al., 2022), cyber-attack detection (Kalutharage et al., 2023). These techniques are also used in various fields like fraud detection (Biswas et al., 2023; Zhou et al., 2023), cyber security (Rjoub et al., 2023), smart cities (Javed et al., 2023), Internet of Things (Kök et al., 2023), and intelligent connected vehicles (Nwakanma et al., 2023).

The growing adoption of Ethereum has also heightened its susceptibility to various cyber threats. While previous studies using ML models for anomaly detection have demonstrated promise, they often face challenges with interpretability and scalability when handling large transaction volumes. Moreover, current anomaly detection approaches face challenges in balancing precision and computational efficiency, frequently operating as “black-box” models that offer limited transparency.

Hence, the study presented in this article aims to develop comprehensive XAI-enabled models that integrate the strengths of three ML models—RF, XGBoost, and NN—into an ensemble stacking model. To improve prediction accuracy, a Bayesian optimization technique has been proposed to optimize the control parameters of these ML models. To address the sample imbalance issue, an appropriate oversampling technique has been applied. Above all, the experiment leverages the advantages of XAI tools, including SHAP, LIME, and ELI5, for feature interpretation. A well-designed ensemble ML model has been constructed effectively detect fraudulent transactions, aiming to strengthen the Ethereum network against possible security vulnerabilities. Through the examination of model transparency and feature influence, this research seeks to enhance fraud detection on Ethereum while improving the interpretability and trustworthiness of the proposed model. This aligns with the growing demand for explainable AI in cybersecurity applications.

Literature review

Using smart contracts, Ethereum is a blockchain-based platform that lets one create distributed apps and handle bitcoin transactions. The platform’s “pseudo-anonymous” structure allows users to maintain multiple accounts under distinct cryptographic identities, complicating the detection and attribution of fraudulent activity. High-profile incidents, such as the Ethereum DAO attack—where hackers exploited a smart contract vulnerability to steal cryptocurrency—underscore these challenges. Fraudulent activities across multiple identities are significant security risks, highlighting the need for effective monitoring to protect legitimate users. Kumar et al. (2020) tackles these challenges with training supervised ML models to identify malicious and legitimate addresses on the Ethereum network, focusing on EOAs and smart contract accounts. Malicious and validated non-malicious addresses were acquired from various sources, followed by extensive data preprocessing to differentiate and categorize EOAs and contract accounts. Important features were retrieved from transaction data to train models including RF, Decision Tree, XGBoost, and KNN for both account types. The approach XGBoost achieved high accuracy rates 96.82% for smart contract accounts, demonstrating the efficacy of ML in enhancing security within the Ethereum ecosystem.

In their study, Farrugia, Ellul & Azzopardi (2020) introduced an innovative approach using the XGBoost model to detect illicit accounts on the Ethereum. The researchers conducted an in-depth analysis of account details, such as addresses and transaction histories, to uncover key insights for detecting suspicious activities. By employing a careful feature selection process, they pinpointed the most influential factors affecting the model’s predictions. The study’s findings emphasized the significance of features like total ether balance, transaction duration, and minimum transaction value in enhancing the model’s performance. This novel approach has the potential to significantly reduce illegal activities on the Ethereum network, including phishing, bribery, and money laundering.

To optimize classification performance, Zhou, Yan & Zhang (2022) observed sample distribution using t-SNE and K-means clustering techniques.To detect the fraudulent transaction on Ethereum platform, a CatBoost based ML model upon the data distribution analysis by T-SNE and K-Means has been presented by following this analysis, they crafted a ML model based on CatBoost to mitigate the impact of fraudulent transactions within Ethereum accounts and used SHAP to find the feature importance.

Ethereum, as a digital currency, faces growing fraudulent activities like money laundering and phishing, threatening transaction security. This research advocates the application of the light gradient boosting machine (LGBM) algorithm for the identification of fraudulent Ethereum transactions, juxtaposing it with RF and multi-layer perceptron (MLP) models. A comparison of bagging models shows that LGBM and XGBoost achieve the highest accuracies, with LGBM slightly outperforming XGBoost at 98.60%. By tuning LGBM’s hyperparameters, an accuracy of 99.03% is achieved (Aziz et al., 2022). Ibrahim, Elian & Ababneh (2021) proposed a fraud detection model for Ethereum using decision tree, RF, and KNN algorithms. They selected six key features from a Kaggle dataset, and RF outperformed the others in processing time and F-measure. This highlights RF effectiveness in detecting Ethereum fraud.

Feichtner & Gruber (2020) introduced an XAI-enabled CNN model to connect app descriptions with requested permissions, using LIME heatmaps to visualize word significance. Hsupeng et al. (2022) developed an explainable flow-data categorization system to detect malware attacks, utilizing SHAP for explainability. Hernandes et al. (2021) applied XAI methods like LIME and explainable boosting machines for phishing detection. Karn et al. (2020) advanced Cryptomining detection by combining SHAP, LIME, and an LSTM auto-encoding approach for interpretability. Kalutharage et al. (2023) proposed an XAI-based DDoS detection system, improving accuracy and attack certainty. Morichetta, Casas & Mellia (2019) applied LIME to analyze encrypted YouTube traffic, providing clear explanations of data clusters. An efficient deep neural network based models for detecting the intruders in networks has been presented along with merits of XAI in Mane & Rao (2021). XAI algorithms like the contrastive explanations method (CEM), SHAP, LIME, ProtoDash and Boolean Decision Rules via Column Generation (BRCG) shed light on the “black box” of the NN, revealing which features trigger attack flags and to what extent. By applying these tools to the NSL-KDD dataset, the researchers demonstrate how XAI empowers security professionals to understand and trust the IDS’s reasoning, boosting confidence in its defenses.

Zebin, Rezvy & Luo (2022) focused on analyzing encrypted traffic with the goal of accurately detecting DoH (DNS over HTTPS) attacks. A balanced stacked RF classifier was proposed as an effective solution for identifying such attacks. The research prioritized achieving high accuracy while ensuring transparency in the model’s decision-making process. Performance improvements were largely attributed to the data split strategy and the parallel development of sub-models, which led to a threefold reduction in training time. Moreover, an explainable artificial intelligence (XAI) model using SHAP was included to show each feature contributions to the classification decisions of the model.Building a bridge between performance and interpretability in ML, Rabah, Le Grand & Pinheiro (2021) proposed a novel framework. This framework boosts performance by addressing noisy, scattered, incomplete, and unbalanced data through the preprocessing phase. Notably, the Synthetic Minority Oversampling Technique (SMOTE) technique tackles data imbalance. To enhance interpretability, the framework leverages LIME for local explanations and permutation feature importance for global insights. Trust is further built by employing XAI techniques to reveal the features influencing individual predictions. Most of the security breaches. Targeting the transaction are carried out by the account holder in Ethereum platform. Hence, the monitoring the activities of account holder may greatly prevents the possible security breaches.

Table 1 reports various AI-enabled models with and without integrating XAI, alongside other essential components such as resampling techniques and hyperparameter optimization (HPO), all of which influence the mitigation of malicious activities and the prevention of cyber-attacks on networks. This table also highlights significant works by Farrugia, Ellul & Azzopardi (2020), and Zhou, Yan & Zhang (2022), who used XAI and HPO tools to mitigate malicious activities in Ethereum-based applications. Aziz et al. (2022) alone applied an oversampling technique to address the data sample imbalance. The remaining works presented in Table 1 leverage the merits of XAI, with some also incorporating data sampling techniques and HPO tools, though not all studies include these components. According to the analysis in Table 1, few studies have focused on designing interpretable ML models for detecting suspicious activities on permissionless Ethereum platform. Additionally, Table 1 presents details on the number of samples considered in the studies, the features used, and the different machine learning models employed. Upon analyzing the AI-enabled methods reported in various studies, the key takeaways are as follows: A comprehensive AI model should integrate essential components, such as feature interpretability tools, data resampling methods, and feature engineering techniques. Hence, this study addresses this gap by applying Explainable AI tools, oversampling technique and a simple hyperparameter optimization technique for designing the ensemble stacking model, balancing both performance and transparency, and setting a new direction for fraud detection research in blockchain security.

Materials and Methods

The creation of a cyber-attack detection model requires a systematic approach to guarantee its efficacy and dependability. This section outlines the process involved in building the proposed model. The architecture view as mentioned in Fig. 1, outlines the proposed XAI-enabled ensemble stacking-based cyber-attack detection framework intended to find security breaches on the Ethereum platform. ML models hyper-parameters are improvised through Bayesian optimization after the pre-processing. The ensemble stacking model is built upon leveraging the merits of RF, XGBoost, and NN. Since the ML models are worked on using a black box approach, to interpret their decisions in order to influence the prediction, the XAI tool has been included. And the feature importance derived through diverse XAI enabled stacking model has been used to train the proposed model.

Hyperparameter tuning with Bayesian optimization

The ML model’s behavior and performance are significantly influenced by the external configuration settings referred to as hyperparameters. Bayesian optimization is a technique used in hyperparameter tuning for ML models. This iterative approach seeks to identify the best set of hyperparameters by effectively balancing the exploration and exploitation of the hyperparameter space (Demircioğlu & Bakır, 2023; Paudel, Montoya & Mandal, 2023). Exploration involves searching the hyperparameter space widely to discover new regions that may contain better-performing hyperparameter configurations. Exploitation involves focusing on areas of the hyperparameter space that are currently believed to be more likely to contain optimal or high-performing hyperparameter configurations (Demir & Sahin, 2023; Albahli, 2023). The process of selecting the hyperparameters using the Bayesian optimization as follows and shown in the below Fig. 2.

• 1)

  Initial sampling: Bayesian optimization starts with an initial set of hyperparameter configurations, often chosen randomly or using a simple heuristic.

• 2)

  Modeling the objective function: Bayesian optimization leverages a surrogate model, often a Gaussian process, to represent the objective function—such as validation accuracy or loss—based on hyperparameters. This surrogate model offers predictions of the objective function and its associated uncertainty.

  The Gaussian process (GP) regression model is commonly used as a surrogate model in Bayesian optimization. Given a set of observed data points (x_i, y_i) where x_i are hyperparameter configurations and y_i are corresponding objective function values, the GP model predicts the objective function f(x) at point x newly as a Gaussian distribution: (1)

  $$F(x)=\mathrm{N}(\mu (x),{\sigma }^2(x))$$where:

  µ(x) is the GP mean function, representing predicted objective function value at x.

  σ²(x) is variance function of the GP, representing the uncertainty or confidence in the prediction at x.

• 3)

  Acquisition function: Using the surrogate model, an acquisition function such as Expected Improvement or Upper Confidence Bound is employed to select the next set of hyperparameters for evaluation. This function manages the trade-off between exploring new configurations and exploiting the most promising ones. Commonly used acquisition functions include:

  (a). Expected improvement (EI): (2)

  $$EI\left(x\right)=\mathrm{E}\left[\mathrm{m}\mathrm{a}\mathrm{x}\left(0,f_{min}-f\left(x\right)\right)\right]=\left(\mu \left(x\right)-f_{min}\right)\mathrm{\Phi }\left(z\right)+\sigma \left(x\right)\varphi \left(z\right)$$where, $f_{min}$ is the minimum observed objective function value. $\mathrm{\Phi }\left(z\right)$ is the cumulative distribution function of the standard normal distribution. $\varphi \left(z\right)$ is the probability density function of the standard normal distribution. $z={\displaystyle \frac{\mu \left(x\right)-f_{min}}{\sigma \left(x\right)}}$ is the standardization of the predicted improvement.

  (b). Upper confidence bound (UCB):

  (3)

  $$UCB\left(x\right)=\mu \left(x\right)+\beta \sigma \left(x\right)$$where, $\beta$ is a tunable parameter that balances exploration (higher values of $\beta$) and exploitation (lower values of $\beta$).

  (c). Probability of improvement (PI):

  (4)

  $$PI\left(x\right)=\mathrm{\Phi }\left({\displaystyle \frac{\mu \left(x\right)-f_{min}-\xi }{\sigma \left(x\right)}}\right)$$where, $\xi$ is a parameter that controls the trade-off between exploitation and exploration.

• 4)

  Evaluation: The selected hyperparameter configuration is evaluated using the actual objective function (e.g., training on a subset of data and validating on a separate validation set).

• 5)

  Update surrogate model: The surrogate model is refined using the newly acquired data point, which includes the hyperparameter configuration and its corresponding objective function value.

• 6)

  Iterate: Steps 3–5 are continuously executed until a predefined convergence criterion is satisfied, such as reaching a specific number of iterations.

Ensemble stacking model

Stacking stands out as a potent ensemble learning method that amalgamates the predictions generated by several individual models, culminating in a final prediction that is not only more resilient but also more accurate (Chen et al., 2020a; Nayyer et al., 2023). Training ensemble model includes two levels. Firstly, base learners are the individual models trained on the original data. In this case, we consider three different models XGBoost, NN, and RF. The main element of ensemble stacking is meta-learner. Upon the completion of training for the base learners, their predictions are employed as input to facilitate the training of a meta-learner. The meta-learner is trained to integrate predictions from the base learners to produce a final output. Elastic Net (ELNet) is used in this with meta-learner. ELNet regularization is a technique utilized for both regression and classification that integrates L1 and L2 regularization methods. The combination of these two techniques often results in improved performance compared to using each one individually. ELNet regularization helps minimize the variance of the final model, enhancing its robustness to noise and outliers. Additionally, ELNet models provide coefficients that reflect the relative importance of each feature, making them more interpretable compared to other ensemble models such as RF.

XAI techniques is an efficient as well as reliable tool in order to interpret the decisions made by ML models. In particular, feature importance derived through the XAI tool offers better insights to detect the anomalous activities (Capuano et al., 2022). For the candidate framework, merits of the XAI tools, SHAP, Lime, and ELI5 have been included to enhance the interpretability of the presented ensemble stacking model. SHAP’s unique approach guarantees fairness in attributing responsibility for the model’s fraud detection to individual features (Mane & Rao, 2021; Zebin, Rezvy & Luo, 2022). LIME fits an interpretable model around a given instance to produce locally faithful explanations for model predictions. Work presented by Morichetta, Casas & Mellia (2019), Mane & Rao (2021), Rabah, Le Grand & Pinheiro (2021) leverages the merits of LIME to generate local explanations for its intended tasks. ELI5 is model-agnostic, allowing it to be utilized with a variety of machine learning models. Utilizing ELI5 allows for the visualization and interpretation of the significance of various features within a dataset, contributing to the identification of the anomalous entity. Incorporating XAI tools—SHAP, LIME, and ELI5—into the candidate model allowed for a deeper analysis of feature importance and model transparency. SHAP values provided a global perspective on feature impacts across the dataset, showing how transaction frequency and account existence contribute to fraud detection. LIME further enabled local explanations by fitting interpretable models around individual predictions, illustrating how features like Ether volume and timing of transactions affect specific accounts. ELI5 helps to visualize and validate the significance of various features within the dataset, thereby enhancing the model’s interpretability and accountability. In contrast, the presented experiment integrates the features produced by all three libraries. The XAI libraries like SHAP, LIME, and ELI5 consistently identified features F2, F3, F4, F8, F12, and F16 as significant. Additionally, SHAP highlighted features F5, F7, F10, and F11 were included due to their valuable insights into both global and local feature importance, as well as their ability to effectively handle feature interactions as described in Table 2. Hence, the demonstrated influential features upon the Feature importance derived through the various XAI tools, SHAP, LIME, and ELI5, is displayed in Figs. 3A–3C.

Introducing an ElasticNet meta-learner within the ensemble stacking framework effectively balances complexity, especially with high-dimensional data, by reducing computational overhead. Bayesian optimization further enhances this framework by fine-tuning hyperparameters, achieving an optimal trade-off between exploration and exploitation. XAI tools validate the contributions of base models, mitigating overfitting while ensuring computational efficiency. This integration enables the meta-learner to combine predictions efficiently, capitalizing on the strengths of each base model and mitigating their weaknesses, ultimately producing a robust and efficient model. Key features influencing fraudulent transaction detection include ERC20 total ether received and ERC20 unique received token names, with higher values strongly indicating fraud. Features like time difference between first and last transaction and average minutes between received transactions also significantly impact predictions, with context-dependent effects. Metrics such as average value received and total ether sent further aid in identifying suspicious activities. The ranking of features highlights ERC20 unique received token names as the most influential, followed by time difference between first and last transaction, emphasizing their critical roles in determining transaction legitimacy. The hyperparameters of ML, ensemble stacking classifier, and XAI control parameters are depicted in Table 3.

Table 3:

Hyperparameters of machine learning and XAI.

Hyperparameters	Range	RF	XGBoost	NN	Ensemble stacking classifier
n_estimators	[80, 150]	123	131	–	–
max_depth	[3, 10]	10	10
max_features	[0.1, 1.0]	0.3139	–	–	–
min_samples_leaf	[2, 20]	1.7307	–	–	–
min_samples_split	[1, 10]	14.0528	–	–	–
colsample_bytree	[0.8, 1.0]	–	0.8	–	–
learning_rate	[0.01, 1.0]	–	1.0	–	–
min_child_weight	[1, 10]	–	1	–	–
subsample	[0.8, 1.0]	–	0.8	–	–
activation	[relu, sigmoid]	–	–	Relu	–
batch_size	[32, 64, 128]	–	–	32	–
epochs	[10, 20, 30]	–	–	30	–
num_hidden_layers	[1, 2, 3]	–	–	3	–
num_units	[32,64, 128]	–	–	64	–
optimizer	[adam, sgd]	–	–	adam	–
l1_ratio	[0, 1]	–	–	–	[0.5]
alphas	[0.0001, 10.0]	–	–	–	[0.1]
Cv	5	5	5	5	5
max_iter	[100, 5,000]	–	–	–	1,000
Tol	[1e−5, 1e−3]	–	–	–	0.0001
fit_intercept	[True, False]	–	–	–	True
selection	Cyclic, random	–	–	–	Cyclic
n_jobs	[1, −1]	–	–	–	−1

XAI control parameters
	Range	SHAP	LIME	XAI	–
Method	–	TreeExplainer	LimeTabularExplainer	explain_weights	–
model_output	[raw, probability, predict_proba, predict]	Raw		–	–
feature_perturbation	[random, interventional, none]	Interventional	–	–	–
kernel_width	[0.1, 1.0]	–	0.4	–	–
feature_selection	[auto, none]	–	auto	–	–
discretize_continuous	[true, false]	–	True	–	–
sample_around_instance	[true, false]	–	False	–	–
importance_type	[weight, shap, permutation, gain]	–	–	gain	–

DOI: 10.7717/peerj-cs.2630/table-3

Results and discussion

The effectiveness of the proposed ensemble learning model was assessed by benchmarking it against several well-known models using quantitative performance metrics, including precision (Pr), recall (Re), F1-score (F1), and accuracy (Ac). These metrics were derived from the counts of true positives (Tp), true negatives (Tn), false positives (Fp), and false negatives (Fn).The experiments were conducted using the dataset (Aliyev, 2020; Chithanuru, 2023) and implemented with the Keras and TensorFlow libraries in Python 3.3.4. The experimental setup consisted of a Windows 10 operating system, an Intel Core i5-8250U processor, and 32 GB of RAM.

Table 4 shows the performance of ML models (RF, XGB, NN, and Stacking) for detecting fraudulent accounts on Ethereum, comparing results before and after applying SMOTEENN. The models exhibit improved performance after resampling. A comparison of ML models with the ensemble stacking model shows an accuracy of 99.6%. The improved performance is attributed to efficient feature selection using XAI tools. Features like number of created contracts and ERC20 unique sent address help detect spam contracts, phishing, and money laundering. Transaction behavior features such as time difference between first and last transaction and average value received highlight suspicious activity patterns indicative of fraud. Figure 4 also provides snapshots of the confusion matrices, which is highly appreciated in the examination of the malicious Ethereum accounts.

Conclusion

This research focuses on proactively examining user behavior on the Ethereum platform, a permissionless blockchain, to reduce potential cyber threats like eclipse attacks, phishing, sybil attacks, Ponzi schemes, and DDoS attacks. The proposed framework tackles overfitting and underfitting issues using suitable data sampling techniques. Hyperparameters are critical variables that greatly affect the performance of machine learning models. Therefore, we utilize Bayesian optimization to optimize these hyperparameters. Furthermore, XAI tools are employed to identify key features that boost the reliability of predictions made by the ensemble stacking model. This model, enhanced by XAI-derived features, is trained and validated on an Ethereum dataset. The findings show that the proposed framework achieves an impressive 99.6% accuracy, surpassing other evaluated frameworks. To gain a deeper understanding of anomalous account behavior on the Ethereum platform, future research will include transaction data from 2021, 2022, and 2023. This extended dataset will enable us to explore the potential of deep learning techniques for even more effective anomaly detection.