Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI
Article
Senanayake, L., Kalutarage, H., Petrovski, A., Piras, L. and Al-Kadri, M. 2024. Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI. Journal of Information Security and Applications. 82. https://doi.org/10.1016/j.jisa.2024.103741
Type | Article |
---|---|
Title | Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI |
Authors | Senanayake, L., Kalutarage, H., Petrovski, A., Piras, L. and Al-Kadri, M. |
Abstract | Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to reduce potential vulnerabilities during development, their effectiveness in detecting vulnerabilities may fall short. To address this, “Defendroid”, a blockchain-based federated neural network enhanced with Explainable Artificial Intelligence (XAI) is introduced in this work. Trained on the LVDAndro dataset, the vanilla neural network model achieves a 96% accuracy and 0.96 F1-Score in binary classification for vulnerability detection. Additionally, in multi-class classification, the model accurately identifies Common Weakness Enumeration (CWE) categories with a 93% accuracy and 0.91 F1-Score. In a move to foster collaboration and model improvement, the model has been deployed within a blockchain-based federated environment. This environment enables community-driven collaborative training and enhancements in partnership with other clients. The extended model demonstrates improved accuracy of 96% and F1-Score of 0.96 in both binary and multi-class classifications. The use of XAI plays a pivotal role in presenting vulnerability detection results to developers, offering prediction probabilities for each word within the code. This model has been integrated into an Application Programming Interface (API) as the backend and further incorporated into Android Studio as a plugin, facilitating real-time vulnerability detection. Notably, Defendroid exhibits high efficiency, delivering prediction probabilities for a single code line in an average processing time of a mere 300 ms. The weight-sharing transparency in the blockchain-driven federated model enhances trust and traceability, fostering community engagement while preserving source code privacy and contributing to accuracy improvement. |
Keywords | Android application protection; Code vulnerability; Neural network; Federated learning; Source code privacy; Explainable AI; Blockchain |
Sustainable Development Goals | 9 Industry, innovation and infrastructure |
Middlesex University Theme | Creativity, Culture & Enterprise |
Research Group | MDX Software Engineering, Theory and Algorithms (SETA) Research Group |
Publisher | Elsevier |
Journal | Journal of Information Security and Applications |
ISSN | |
Electronic | 2214-2126 |
Publication dates | |
Online | 05 Mar 2024 |
May 2024 | |
Publication process dates | |
Accepted | 01 Mar 2024 |
Deposited | 23 May 2024 |
Output status | Published |
Publisher's version | License File Access Level Open |
Digital Object Identifier (DOI) | https://doi.org/10.1016/j.jisa.2024.103741 |
Web of Science identifier | WOS:001205557000001 |
Language | English |
https://repository.mdx.ac.uk/item/141418
Download files
39
total views29
total downloads0
views this month1
downloads this month