JANAKA SENANAYAKE j.senanayake@rgu.ac.uk
Research Student
Developing secured android applications by mitigating code vulnerabilities with machine learning.
Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, Mhd Omar; Petrovski, Andrei; Piras, Luca
Authors
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Lecturer
Mhd Omar Al-Kadri
Andrei Petrovski
Luca Piras
Abstract
Mobile application developers sometimes might not be serious about source code security and publish apps to the marketplaces. Therefore, it is essential to have a fully automated security solutions generator to integrate security-by-design into the development practices, especially for the Android platform. This research proposes a Machine Learning (ML) based highly accurate method to detect Android source code vulnerabilities. A new labelled dataset containing Android source code vulnerability samples was generated initially. The dataset was used to train binary and multi-class classification based ML models, to identify code issues by following a static analysis approach. The proposed model can detect code vulnerabilities with a 0.90 F1-Score and vulnerability categories (CWE) with a 0.96 F1-Score. By integrating this with the Android development environment, app developers can analyse source code and identify security vulnerabilities in real-time. The proposed framework can be extended to suggest suitable patches to overcome the source code issues by providing real-time fixes in future.
Citation
SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and PIRAS, L. 2022. Developing secured android applications by mitigating code vulnerabilities with machine learning. In ASIA CCS '22: proceedings of the 17th ACM (Association for Computing Machinery) Asia conference on computer and communications security 2022 (ASIA CCS 2022), 30 May - 3 June 2022, Nagasaki, Japan. New York: ACM [online], pages 1255-1257. Available from: https://doi.org/10.1145/3488932.3527290
| Conference Name | 17th Asia Conference on computer and communications security 2022 (ASIA CCS 2022) |
|---|---|
| Conference Location | Nagasaki, Japan |
| Start Date | May 30, 2022 |
| End Date | Jun 2, 2022 |
| Acceptance Date | Feb 7, 2022 |
| Online Publication Date | May 30, 2022 |
| Publication Date | May 30, 2022 |
| Deposit Date | Jul 29, 2022 |
| Publicly Available Date | Jul 29, 2022 |
| Publisher | ACM Association for Computing Machinery |
| Pages | 1255-1257 |
| Book Title | ASIA CCS '22: proceedings of the 17th Asia Conference on computer and communications security 2022 (ASIA CCS 2022) |
| ISBN | 9781450391405 |
| DOI | https://doi.org/10.1145/3488932.3527290 |
| Keywords | Android; Code vulnerability detection; Static analysis; Vulnerability dataset; Machine learning; Secure mobile apps |
| Public URL | https://rgu-repository.worktribe.com/output/1713062 |
Files
SENANAYAKE 2022 Developing secured android
(1.3 Mb)
PDF
Copyright Statement
You might also like
Android mobile malware detection using machine learning: a systematic review.
(2021)
Journal Article
Android source code vulnerability detection: a systematic literature review.
(2023)
Journal Article
Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.
(2022)
Conference Proceeding
Robust, effective and resource efficient deep neural network for intrusion detection in IoT networks.
(2022)
Conference Proceeding
Improving intrusion detection through training data augmentation.
(2021)
Conference Proceeding