Papers
Topics
Authors
Recent
Search
2000 character limit reached

Who Audits the Auditor? Tamper-Proof Fraud Detection with Blockchain-Anchored Explainable ML

Published 23 Apr 2026 in cs.CR, cs.LG, and cs.SE | (2604.22096v1)

Abstract: In enterprise fraud detection, model accuracy alone is insufficient when insiders can tamper with audit logs or bypass approval workflows. Real-world incidents show that fraud often persists not because detection algorithms fail, but because the audit trail itself is controllable by privileged operators. This exposes a fundamental trust gap: who audits the auditor? We present a tamper-evident fraud detection system that anchors both ML predictions and workflow execution to an immutable blockchain ledger. Rather than using blockchain as passive storage, we enforce the entire approval process through smart contracts, ensuring that every transaction, prediction, and explanation is atomically recorded and cannot be retroactively modified. Our detection module achieves competitive accuracy (F1 = 0.895, PR-AUC = 0.974) while providing cryptographically verifiable decision trails that support regulatory auditability requirements (e.g., GDPR Article 22). System evaluation shows sub-25 ms inference latency and economically viable deployment on Layer-2 networks at under \$0.01 per transaction (validated against PolygonScan data), supporting enterprise-scale workloads of 10,000+ monthly payments.

Authors (1)

Summary

  • The paper proposes a blockchain-anchored system integrating explainable ML with tamper-proof smart contracts to secure fraud detection workflows against insider attacks.
  • It achieves high performance with a 0.895 F1 score and 0.974 PR-AUC, demonstrating competitive fraud detection efficacy in enterprise settings.
  • The paper details economic and operational assessments, ensuring low transaction costs and end-to-end transparency for compliance and auditability.

Tamper-Proof Fraud Detection through Blockchain-Anchored Explainable ML

Introduction and Motivation

Existing enterprise fraud detection systems often fail not due to deficient model accuracy but because privileged insiders can manipulate audit logs and circumvent established approval workflows. Traditional designs inherently trust those responsible for maintaining system integrity, creating fundamental vulnerabilities, particularly concerning log tampering and ML bypass in adversarial settings. This work proposes a comprehensive architectural solution—anchoring ML-driven approval workflows and their interpretability artifacts to an immutable blockchain ledger enforced by smart contracts. The approach directly addresses the persistent question of “who audits the auditor?”, implementing decision provenance that remains robust even against highly privileged adversaries.

System Architecture and Security Guarantees

The proposed system is characterized by the following key architectural principles:

  • End-to-End Tamper-Evidence: All critical events, including payment requests, ML fraud predictions, and SHAP-based explanations, are atomically committed to a blockchain ledger. The architecture ensures that no phase of the decision workflow is off the record or subject to post hoc alteration.
  • Smart Contract-Enforced Workflow: The entire decision pipeline, from transaction submission to final approval, is encoded as a sequence of state transitions managed by on-chain smart contracts. These contracts strictly enforce that every approval is traceable and every state change is final and cryptographically verifiable.
  • Off-chain ML, On-chain Anchoring: While ML inference operates off-chain due to the computational constraints of blockchain VMs, all prediction outputs, feature attributions, and workflow steps are committed on-chain, minimizing the trusted computing base.

The overall architecture establishes explicit trust boundaries, placing all mutable, attack-surface components off-chain and vesting final authority for approval, record immutability, and auditability in the blockchain contracts. Figure 1

Figure 2: System architecture delineates off-chain ML components from on-chain immutable smart contract workflows, ensuring atomic and tamper-evident logging of all decisions.

Detection Efficacy and Explainable ML

The detection component uses a LightGBM-based classifier, empirically benchmarked on the canonical Kaggle Credit Card Fraud dataset and a synthetic enterprise payment dataset reflecting complex, real-world fraud taxonomies. The model achieves:

  • F1 Score: 0.895
  • PR-AUC: 0.974

These results are competitive with, and in certain cases exceed, state-of-the-art baselines such as LSTM-Attention networks and graph neural models, as established in recent literature. Tree-based models are explicitly chosen for their superior performance on tabular data, low inference latency (1.2ms per prediction), and analytical SHAP explanations, critical for regulatory compliance and practical forensic investigation requirements.

A distinctive system feature is the on-chain commitment of the top-5 SHAP attributions for every prediction event. This design decision, despite nontrivial gas costs, guarantees that the rationale for each automated decision is permanently and immutably preserved, fully supporting compliance with GDPR Article 22 and audit requirements from external regulators.

Blockchain Integration, Performance, and Economic Analysis

Enterprise-scale adoption of blockchain-enhanced fraud detection pivots on system throughput, latency, and transaction cost. The implementation achieves:

  • End-to-End Transaction Latency: 3–5 seconds (Polygon Layer-2, post-Giugliano fork)
  • Maximum Throughput: ~200 transactions per minute end-to-end, sufficient for most mid- and large-scale enterprises
  • Cost Efficiency: Median transaction cost on Polygon (April 2026) is $0.002–$0.008; 92% of transactions fall under $0.01.

During peak network congestion (e.g., gas price spikes), transaction costs remain under $0.10, and economic viability is robust for workflows with up to several hundred thousand monthly approvals. For organizations concerned with severe audit threats, deployment on a consortium chain with external validators and explicit Byzantine Fault Tolerance (BFT) configurations offers an optimal trust model.

The system's confirmation guarantees are tightly coupled to blockchain finality and sequencer architectures; for particularly sensitive deployments, L1 fallback and multi-chain redundancy may be considered to mitigate censorship and liveness risks.

Threat Model, Assumptions, and Mitigations

The adversary is assumed to have extensive internal access, including administrative privileges, database control, and potential collusion among internal actors. The only infeasible attack vector is compromising blockchain consensus. Explicit mitigations for off-chain ML trust include:

  • Model Attestation: On-chain commitments of model binary hashes and server signing keys.
  • Trusted Execution Environments (TEEs): Hardware-backed attestation of ML inference code and data.
  • Inference Committees: Multi-agent cross-verification of model outputs before on-chain anchoring.

These mechanisms provide robust defense-in-depth, though ultimate off-chain ML integrity cannot be cryptographically enforced absent full on-chain inference.

Case Study: Insider Attack and Audit Trail Integrity

Simulated real-world attacks demonstrate the practical irreversibility of blockchain-anchored evidence: privileged insiders cannot expunge or retroactively edit fraud alerts, predictions, or approval records, even given complete administrative control of traditional IT infrastructure. Auditors and regulators can independently verify all historic states and explanations directly from the blockchain, ensuring an incontrovertible audit trail.

Practical Limitations, Comparisons, and Deployment Considerations

Compared to prior blockchain auditing systems, which are strictly post-facto or focus on rule-based validations, this system integrates ML-based decisioning directly into the consensus-governed workflow. Append-only log alternatives (e.g., Trillian) are inherently weaker, as they depend on operator honesty prior to log entry, a property not guaranteed by consensus-driven blockchains.

However, the approach adds operational complexity—key management, chain maintenance, and explanation generation overhead—and is primarily applicable to regulated, high-value, or highly distributed organizations. Adversarial robustness and data drift, which affect any ML-based system, are acknowledged as ongoing operational risks, requiring regular model retraining and validation.

Implications and Future Directions

By fundamentally restructuring the payment approval workflow as an atomic, cryptographically-verifiable contract state machine, with explainable ML embedded at each decision point, the architecture sets a standard for insider-resistant enterprise workflow integrity. Practically, this positions organizations to satisfy even the most stringent audit and regulatory requirements, with clear forensics in the event of investigation or dispute.

Theoretically, the approach bridges gaps between systems security, explainable AI, and distributed consensus, and may serve as a foundation for similar applications in compliance-critical verticals such as healthcare, public procurement, and digital identity.

Potential future research includes on-chain ML inference as blockchain VM capabilities evolve, optimization of SHAP explanation cost, adaptive trust rebalancing between off-chain and on-chain components, and generalization to other explainability frameworks.

Conclusion

The work provides a robust architectural paradigm for tamper-evident, ML-driven enterprise workflows, where audit integrity is rigorously maintained irrespective of internal trust assumptions. Through atomic on-chain enforcement and interpretability anchoring, it achieves cryptographically-verifiable transaction provenance, supporting both operational risk mitigation and regulatory compliance. The approach is tailored for high-assurance contexts and concretely advances trust infrastructure in enterprise security.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.