HGS-RF: A Heuristic-Guided Selective Random Forest for Multi-Label Vulnerability Detection in Smart Contracts

Smart contracts execute the transactions in the blockchain network. Smart contracts are prone to various types of security vulnerabilities, which may lead to huge financial losses. The detection of smart contract vulnerabilities is mainly focused on binary classification, where smart contracts are classified as either vulnerable or non-vulnerable. The detection of smart contract vulnerabilities is also focused on multi-class classification, where each smart contract is classified into different types of vulnerabilities. Smart contracts in the real world have various types of vulnerabilities; hence, multi-label detection of smart contract vulnerabilities is required. There are a limited number of studies that have addressed the topic of multi-label classification. In order to overcome the above-mentioned limitation, a new hybrid framework, namely Heuristic Guided Selective Random Forest (HGS-RF), for the detection of multi-label smart contract vulnerabilities has been proposed in the present research work. To achieve the above-mentioned objective, the present research proposes a new framework that integrates the transformer-based feature extraction method with the RoBERTA architecture and the multi-stage-based method for the detection of smart contract vulnerabilities. The framework that is being proposed utilizes a few-shot learning module based on 'Prototypical Networks' for binary vulnerability detection. This utilizes a Multilayer Perceptron (MLP) to map the contract embeddings into a metric space, where the 'vulnerable' and 'healthy' class prototypes are computed based on the support samples, and the contracts are classified based on their Euclidean distance from these computed prototypes, with final predictions refined using k-nearest neighbors (KNN). Second, the proposed HGS-RF architecture utilizes an inferential filtering mechanism that mimics the principle of passive selection of the human immune system. This inferential filtering mechanism can be considered a layer that filters out weak decision trees generated during the initial detection phase. Thus, the inferential filtering mechanism filters out weak decision trees and retains high-performing trees capable of accurately identifying malicious samples from smart contracts. This selective filtering process enables the model to focus on informative vulnerability patterns, thereby improving classification reliability and reducing false positives in multi-label vulnerability detection. Experimental evaluation of the proposed framework, with up to 37 types of vulnerability included, proves its efficiency. F1 scores of up to 0.99 were obtained for the binary classification stage, and the HGS-RF model achieved an accuracy of up to 0.97 in detecting multi-label vulnerability . These results demonstrate that the proposed approach improves vulnerability detection accuracy while enabling more comprehensive security analysis of smart contracts.