- The paper proposes a blockchain-anchored system integrating explainable ML with tamper-proof smart contracts to secure fraud detection workflows against insider attacks.
- It achieves high performance with a 0.895 F1 score and 0.974 PR-AUC, demonstrating competitive fraud detection efficacy in enterprise settings.
- The paper details economic and operational assessments, ensuring low transaction costs and end-to-end transparency for compliance and auditability.
Tamper-Proof Fraud Detection through Blockchain-Anchored Explainable ML
Introduction and Motivation
Existing enterprise fraud detection systems often fail not due to deficient model accuracy but because privileged insiders can manipulate audit logs and circumvent established approval workflows. Traditional designs inherently trust those responsible for maintaining system integrity, creating fundamental vulnerabilities, particularly concerning log tampering and ML bypass in adversarial settings. This work proposes a comprehensive architectural solution—anchoring ML-driven approval workflows and their interpretability artifacts to an immutable blockchain ledger enforced by smart contracts. The approach directly addresses the persistent question of “who audits the auditor?”, implementing decision provenance that remains robust even against highly privileged adversaries.
System Architecture and Security Guarantees
The proposed system is characterized by the following key architectural principles:
- End-to-End Tamper-Evidence: All critical events, including payment requests, ML fraud predictions, and SHAP-based explanations, are atomically committed to a blockchain ledger. The architecture ensures that no phase of the decision workflow is off the record or subject to post hoc alteration.
- Smart Contract-Enforced Workflow: The entire decision pipeline, from transaction submission to final approval, is encoded as a sequence of state transitions managed by on-chain smart contracts. These contracts strictly enforce that every approval is traceable and every state change is final and cryptographically verifiable.
- Off-chain ML, On-chain Anchoring: While ML inference operates off-chain due to the computational constraints of blockchain VMs, all prediction outputs, feature attributions, and workflow steps are committed on-chain, minimizing the trusted computing base.
The overall architecture establishes explicit trust boundaries, placing all mutable, attack-surface components off-chain and vesting final authority for approval, record immutability, and auditability in the blockchain contracts.
Figure 2: System architecture delineates off-chain ML components from on-chain immutable smart contract workflows, ensuring atomic and tamper-evident logging of all decisions.
Detection Efficacy and Explainable ML
The detection component uses a LightGBM-based classifier, empirically benchmarked on the canonical Kaggle Credit Card Fraud dataset and a synthetic enterprise payment dataset reflecting complex, real-world fraud taxonomies. The model achieves:
- F1 Score: 0.895
- PR-AUC: 0.974
These results are competitive with, and in certain cases exceed, state-of-the-art baselines such as LSTM-Attention networks and graph neural models, as established in recent literature. Tree-based models are explicitly chosen for their superior performance on tabular data, low inference latency (1.2ms per prediction), and analytical SHAP explanations, critical for regulatory compliance and practical forensic investigation requirements.
A distinctive system feature is the on-chain commitment of the top-5 SHAP attributions for every prediction event. This design decision, despite nontrivial gas costs, guarantees that the rationale for each automated decision is permanently and immutably preserved, fully supporting compliance with GDPR Article 22 and audit requirements from external regulators.
Enterprise-scale adoption of blockchain-enhanced fraud detection pivots on system throughput, latency, and transaction cost. The implementation achieves:
- End-to-End Transaction Latency: 3–5 seconds (Polygon Layer-2, post-Giugliano fork)
- Maximum Throughput: ~200 transactions per minute end-to-end, sufficient for most mid- and large-scale enterprises
- Cost Efficiency: Median transaction cost on Polygon (April 2026) is $0.002–$0.008; 92% of transactions fall under $0.01.
During peak network congestion (e.g., gas price spikes), transaction costs remain under $0.10, and economic viability is robust for workflows with up to several hundred thousand monthly approvals. For organizations concerned with severe audit threats, deployment on a consortium chain with external validators and explicit Byzantine Fault Tolerance (BFT) configurations offers an optimal trust model.
The system's confirmation guarantees are tightly coupled to blockchain finality and sequencer architectures; for particularly sensitive deployments, L1 fallback and multi-chain redundancy may be considered to mitigate censorship and liveness risks.
Threat Model, Assumptions, and Mitigations
The adversary is assumed to have extensive internal access, including administrative privileges, database control, and potential collusion among internal actors. The only infeasible attack vector is compromising blockchain consensus. Explicit mitigations for off-chain ML trust include:
- Model Attestation: On-chain commitments of model binary hashes and server signing keys.
- Trusted Execution Environments (TEEs): Hardware-backed attestation of ML inference code and data.
- Inference Committees: Multi-agent cross-verification of model outputs before on-chain anchoring.
These mechanisms provide robust defense-in-depth, though ultimate off-chain ML integrity cannot be cryptographically enforced absent full on-chain inference.
Case Study: Insider Attack and Audit Trail Integrity
Simulated real-world attacks demonstrate the practical irreversibility of blockchain-anchored evidence: privileged insiders cannot expunge or retroactively edit fraud alerts, predictions, or approval records, even given complete administrative control of traditional IT infrastructure. Auditors and regulators can independently verify all historic states and explanations directly from the blockchain, ensuring an incontrovertible audit trail.
Practical Limitations, Comparisons, and Deployment Considerations
Compared to prior blockchain auditing systems, which are strictly post-facto or focus on rule-based validations, this system integrates ML-based decisioning directly into the consensus-governed workflow. Append-only log alternatives (e.g., Trillian) are inherently weaker, as they depend on operator honesty prior to log entry, a property not guaranteed by consensus-driven blockchains.
However, the approach adds operational complexity—key management, chain maintenance, and explanation generation overhead—and is primarily applicable to regulated, high-value, or highly distributed organizations. Adversarial robustness and data drift, which affect any ML-based system, are acknowledged as ongoing operational risks, requiring regular model retraining and validation.
Implications and Future Directions
By fundamentally restructuring the payment approval workflow as an atomic, cryptographically-verifiable contract state machine, with explainable ML embedded at each decision point, the architecture sets a standard for insider-resistant enterprise workflow integrity. Practically, this positions organizations to satisfy even the most stringent audit and regulatory requirements, with clear forensics in the event of investigation or dispute.
Theoretically, the approach bridges gaps between systems security, explainable AI, and distributed consensus, and may serve as a foundation for similar applications in compliance-critical verticals such as healthcare, public procurement, and digital identity.
Potential future research includes on-chain ML inference as blockchain VM capabilities evolve, optimization of SHAP explanation cost, adaptive trust rebalancing between off-chain and on-chain components, and generalization to other explainability frameworks.
Conclusion
The work provides a robust architectural paradigm for tamper-evident, ML-driven enterprise workflows, where audit integrity is rigorously maintained irrespective of internal trust assumptions. Through atomic on-chain enforcement and interpretability anchoring, it achieves cryptographically-verifiable transaction provenance, supporting both operational risk mitigation and regulatory compliance. The approach is tailored for high-assurance contexts and concretely advances trust infrastructure in enterprise security.