Android code vulnerabilities early detection using AI-powered ACVED plugin

Conference paper


Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. 2023. Android code vulnerabilities early detection using AI-powered ACVED plugin. Atluri, V. and Ferrara, A. (ed.) 37th Annual IFIP WG 11.3 Conference (DBSec 2023). Sophia-Antipolis, France 19 - 21 Jul 2023 Cham Springer. pp. 339–357 https://doi.org/10.1007/978-3-031-37586-6_20
TypeConference paper
TitleAndroid code vulnerabilities early detection using AI-powered ACVED plugin
AuthorsSenanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L.
Abstract

During Android application development, ensuring adequate security is a crucial and intricate aspect. However, many applications are released without adequate security measures due to the lack of vulnerability identification and code verification at the initial development stages. To address this issue, machine learning models can be employed to automate the process of detecting vulnerabilities in the code. However, such models are inadequate for real-time Android code vulnerability mitigation. In this research, an open-source AI-powered plugin named Android Code Vulnerabilities Early Detection (ACVED) was developed using the LVDAndro dataset. Utilising Android source code vulnerabilities, the dataset is categorised based on Common Weakness Enumeration (CWE). The ACVED plugin, featuring an ensemble learning model, is implemented in the backend to accurately and efficiently detect both source code vulnerabilities and their respective CWE categories, with a 95% accuracy rate. The model also leverages explainable AI techniques to provide source code vulnerability prediction probabilities for each word. When integrated with Android Studio, the ACVED plugin can provide developers with the vulnerability status of their current source code line in real-time, assisting them in mitigating vulnerabilities. The plugin, model, and scripts can be found on GitHub, and it receives regular updates with new training data from the LVDAndro dataset, enabling the detection of novel vulnerabilities recently added to CWE.

KeywordsAndroid application security; code vulnerability; labelled dataset; artificial intelligence; plugin
Sustainable Development Goals9 Industry, innovation and infrastructure
Middlesex University ThemeCreativity, Culture & Enterprise
Research GroupSoftware Engineering, Theory & Algorithms (SETA)
LanguageEnglish
Conference37th Annual IFIP WG 11.3 Conference (DBSec 2023)
Page range339–357
Proceedings TitleData and Applications Security and Privacy XXXVII
SeriesLecture Notes in Computer Science
EditorsAtluri, V. and Ferrara, A.
ISSN0302-9743
Electronic1611-3349
ISBN9783031375859
Electronic9783031375866
PublisherSpringer
Place of publicationCham
Publication dates
Online12 Jul 2023
Publication process dates
Accepted24 May 2023
Deposited18 Jul 2023
Output statusPublished
Copyright Statement

This version of the contribution has been accepted for publication, after peer review but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/978-3-031-37586-6_20. Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-ma...

Digital Object Identifier (DOI)https://doi.org/10.1007/978-3-031-37586-6_20
Web address (URL) of conference proceedingshttps://doi.org/10.1007/978-3-031-37586-6
Permalink -

https://repository.mdx.ac.uk/item/8q73x

Restricted files

Accepted author manuscript

  • 83
    total views
  • 9
    total downloads
  • 4
    views this month
  • 0
    downloads this month

Export as

Related outputs

FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI
Senanayake, J., Kalutarage, H., Petrovski, A., Al-Kadri, M.O. and Piras, L. 2023. FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI. ESORICS Workshop on Attacks and Software Protection (WASP). The Hague, The Netherlands 25 - 29 Sep 2023 Springer.
Labelled vulnerability dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Piras, L. and Petrovski, A. 2023. Labelled vulnerability dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models. International Conference on Security and Cryptography (SECRYPT) 2023. Rome, Italy 10 - 12 Jul 2023 Rome (IT) SciTePress. pp. 659-666 https://doi.org/10.5220/0012060400003555
Goal-modeling privacy-by-design patterns for supporting GDPR compliance
Al-Obeidallah, M., Piras, L., Iloanugo, O., Mouratidis, H., Alkubaisy, D and Dellagiacoma, D. 2023. Goal-modeling privacy-by-design patterns for supporting GDPR compliance. International Conference on Software Technologies (ICSOFT). Rome (Italy) 10 - 12 Jul 2023 Rome (IT) SciTePress. https://doi.org/10.5220/0012080700003538
Android source code vulnerability detection: a systematic literature review
Senanayake, J., Kalutarage, H., Al-Kadri, M.O., Petrovski, A. and Piras, L. 2023. Android source code vulnerability detection: a systematic literature review. ACM Computing Surveys. 55 (9). https://doi.org/10.1145/3556974
Supporting the individuation, analysis and gamification of software components for acceptance requirements fulfilment
Calabrese, F., Piras, L. and Giorgini, P. 2022. Supporting the individuation, analysis and gamification of software components for acceptance requirements fulfilment. Barn, B. and Sandkuhl, K (ed.) IFIP Working Conference on The Practice of Enterprise Modeling. London 23 - 25 Nov 2022 Springer. pp. 33-48 https://doi.org/10.1007/978-3-031-21488-2_3
Goal models for acceptance requirements analysis and gamification design
Piras, L., Paja, E., Giorgini, P. and Mylopoulos, J. 2017. Goal models for acceptance requirements analysis and gamification design. Mayr, H.C., Guizzardi, G., Ma, H. and Pastor, O. (ed.) 36th International Conference on Conceptual Modeling. Valencia 2017 Cham Springer. pp. 223-230 https://doi.org/10.1007/978-3-319-69904-2_18
Using gamification to incentivize sustainable urban mobility
Kazhamiakin, Raman, Marconi, Annapaola, Perillo, Mirko, Pistore, Marco, Valetto, Giuseppe, Piras, Luca, Avesani, Francesco and Perri, Nicola 2015. Using gamification to incentivize sustainable urban mobility. IEEE International Smart Cities Conference. IEEE. https://doi.org/10.1109/ISC2.2015.7366196