Android code vulnerabilities early detection using AI-powered ACVED plugin
Conference paper
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. 2023. Android code vulnerabilities early detection using AI-powered ACVED plugin. Atluri, V. and Ferrara, A. (ed.) 37th Annual IFIP WG 11.3 Conference (DBSec 2023). Sophia-Antipolis, France 19 - 21 Jul 2023 Cham Springer. pp. 339–357 https://doi.org/10.1007/978-3-031-37586-6_20
Type | Conference paper |
---|---|
Title | Android code vulnerabilities early detection using AI-powered ACVED plugin |
Authors | Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. |
Abstract | During Android application development, ensuring adequate security is a crucial and intricate aspect. However, many applications are released without adequate security measures due to the lack of vulnerability identification and code verification at the initial development stages. To address this issue, machine learning models can be employed to automate the process of detecting vulnerabilities in the code. However, such models are inadequate for real-time Android code vulnerability mitigation. In this research, an open-source AI-powered plugin named Android Code Vulnerabilities Early Detection (ACVED) was developed using the LVDAndro dataset. Utilising Android source code vulnerabilities, the dataset is categorised based on Common Weakness Enumeration (CWE). The ACVED plugin, featuring an ensemble learning model, is implemented in the backend to accurately and efficiently detect both source code vulnerabilities and their respective CWE categories, with a 95% accuracy rate. The model also leverages explainable AI techniques to provide source code vulnerability prediction probabilities for each word. When integrated with Android Studio, the ACVED plugin can provide developers with the vulnerability status of their current source code line in real-time, assisting them in mitigating vulnerabilities. The plugin, model, and scripts can be found on GitHub, and it receives regular updates with new training data from the LVDAndro dataset, enabling the detection of novel vulnerabilities recently added to CWE. |
Keywords | Android application security; code vulnerability; labelled dataset; artificial intelligence; plugin |
Sustainable Development Goals | 9 Industry, innovation and infrastructure |
Middlesex University Theme | Creativity, Culture & Enterprise |
Research Group | Software Engineering, Theory & Algorithms (SETA) |
Conference | 37th Annual IFIP WG 11.3 Conference (DBSec 2023) |
Page range | 339–357 |
Proceedings Title | Data and Applications Security and Privacy XXXVII |
Series | Lecture Notes in Computer Science |
Editors | Atluri, V. and Ferrara, A. |
ISSN | 0302-9743 |
Electronic | 1611-3349 |
ISBN | 9783031375859 |
Electronic | 9783031375866 |
Publisher | Springer |
Place of publication | Cham |
Publication dates | |
Online | 12 Jul 2023 |
Publication process dates | |
Accepted | 24 May 2023 |
Deposited | 18 Jul 2023 |
Output status | Published |
Accepted author manuscript | |
Copyright Statement | This version of the contribution has been accepted for publication, after peer review but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/978-3-031-37586-6_20. Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-ma... |
Digital Object Identifier (DOI) | https://doi.org/10.1007/978-3-031-37586-6_20 |
Web address (URL) of conference proceedings | https://doi.org/10.1007/978-3-031-37586-6 |
Language | English |
https://repository.mdx.ac.uk/item/8q73x
Download files
114
total views15
total downloads0
views this month0
downloads this month