A machine learning approach to vulnerability detection combining software metrics and topic modelling: Evidence from smart contracts

Giacomo Ibba, Rumyana Neykova, Marco Ortu, Roberto Tonelli, Steve Counsell, Giuseppe Destefanis,
A machine learning approach to vulnerability detection combining software metrics and topic modelling: Evidence from smart contracts,
Machine Learning with Applications,
Volume 22,
2025,
100759,
ISSN 2666-8270,
https://doi.org/10.1016/j.mlwa.2025.100759.
(https://www.sciencedirect.com/science/article/pii/S2666827025001422)
Abstract: This paper introduces a methodology for software vulnerability detection that combines structural and semantic analysis through software metrics and topic modelling. We evaluate the approach using smart contracts as a case study, focusing on their structural properties and the presence of known security vulnerabilities. We identify the most relevant metrics for vulnerability detection, evaluate multiple machine learning classifiers for both binary and multi-label classification, and improve classification performance by integrating topic modelling techniques. Our analysis shows that metrics such as cyclomatic complexity, nesting depth, and function calls are strongly associated with vulnerability presence. Using these metrics, the Random Forest classifier achieved strong performance in binary classification (AUC: 0.982, accuracy: 0.977, F1-score: 0.808) and multi-label classification (AUC: 0.951, accuracy: 0.729, F1-score: 0.839). The addition of topic modelling using Non-Negative Matrix Factorisation further improved results, increasing the F1-score to 0.881. The evaluation is conducted on Ethereum smart contracts written in Solidity.
Keywords: Vulnerability detection; Software metrics; Topic modelling; Machine learning; Source code analysis; Smart contracts