FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI
Conference paper
Senanayake, J., Kalutarage, H., Petrovski, A., Al-Kadri, M.O. and Piras, L. 2024. FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI. ESORICS Workshop on Attacks and Software Protection (WASP). The Hague, The Netherlands 25 - 29 Sep 2023 Springer. pp. 426-441 https://doi.org/10.1007/978-3-031-54129-2_25
Type | Conference paper |
---|---|
Title | FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI |
Authors | Senanayake, J., Kalutarage, H., Petrovski, A., Al-Kadri, M.O. and Piras, L. |
Abstract | Adhering to security best practices during the development of Android applications is of paramount importance due to the high prevalence of apps released without proper security measures. While automated tools can be employed to address vulnerabilities during development, they may prove to be inadequate in terms of detecting vulnerabilities. To address this issue, a federated neural network with XAI, named FedREVAN, has been proposed in this study. The initial model was trained on the LVDAndro dataset and can predict potential vulnerabilities with a 96% accuracy and 0.96 F1-Score for binary classification. Moreover, in case the code is vulnerable, FedREVAN can identify the associated CWE category with 93% accuracy and 0.91 F1-Score for multi-class classification. The initial neural network model was released in a federated environment to enable collaborative training and enhancement with other clients. Experimental results demonstrate that the federated neural network model improves accuracy by 2% and F1-Score by 0.04 in multi-class classification. XAI is utilised to present the vulnerability detection results to developers with prediction probabilities for each word in the code. The FedREVAN model has been integrated into an API and further incorporated into Android Studio to provide real-time vulnerability detection. The FedREVAN model is highly efficient, providing prediction probabilities for one code line in an average of 300 milliseconds. |
Keywords | android application security; code vulnerability; neural network; federated learning; XAI |
Sustainable Development Goals | 9 Industry, innovation and infrastructure |
Middlesex University Theme | Creativity, Culture & Enterprise |
Conference | ESORICS Workshop on Attacks and Software Protection (WASP) |
Page range | 426-441 |
Proceedings Title | Computer Security. ESORICS 2023 International Workshops: CPS4CIP, ADIoT, SecAssure, WASP, TAURIN, PriST-AI, and SECAI, The Hague, The Netherlands, September 25–29, 2023, Revised Selected Papers, Part II |
ISSN | 0302-9743 |
Electronic | 1611-3349 |
ISBN | |
Paperback | 9783031541285 |
Electronic | 9783031541292 |
Publisher | Springer |
Publication dates | |
Online | 12 Mar 2024 |
12 Mar 2024 | |
Publication process dates | |
Accepted | 15 Aug 2023 |
Deposited | 10 Nov 2023 |
Output status | Published |
Accepted author manuscript | File Access Level Open |
Copyright Statement | This version of the contribution has been accepted for publication, after peer review (when applicable) but is not the Version of Record and does not reflect post-acceptance improvements, or any corrections. The Version of Record is available online at: http://dx.doi.org/10.1007/978-3-031-54129-2_25 . Use of this Accepted Version is subject to the publisher’s Accepted Manuscript terms of use https://www.springernature.com/gp/open-research/policies/accepted-ma... |
Digital Object Identifier (DOI) | https://doi.org/10.1007/978-3-031-54129-2_25 |
Web of Science identifier | WOS:001212380000040 |
Web address (URL) of conference proceedings | https://doi.org/10.1007/978-3-031-54129-2 |
Language | English |
https://repository.mdx.ac.uk/item/wqxx6
Restricted files
Accepted author manuscript
134
total views1
total downloads4
views this month0
downloads this month