Skip to main content

Research Repository

Advanced Search

Developing secured android applications by mitigating code vulnerabilities with machine learning.

Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, Mhd Omar; Petrovski, Andrei; Piras, Luca

Authors

Mhd Omar Al-Kadri

Luca Piras



Abstract

Mobile application developers sometimes might not be serious about source code security and publish apps to the marketplaces. Therefore, it is essential to have a fully automated security solutions generator to integrate security-by-design into the development practices, especially for the Android platform. This research proposes a Machine Learning (ML) based highly accurate method to detect Android source code vulnerabilities. A new labelled dataset containing Android source code vulnerability samples was generated initially. The dataset was used to train binary and multi-class classification based ML models, to identify code issues by following a static analysis approach. The proposed model can detect code vulnerabilities with a 0.90 F1-Score and vulnerability categories (CWE) with a 0.96 F1-Score. By integrating this with the Android development environment, app developers can analyse source code and identify security vulnerabilities in real-time. The proposed framework can be extended to suggest suitable patches to overcome the source code issues by providing real-time fixes in future.

Citation

SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and PIRAS, L. 2022. Developing secured android applications by mitigating code vulnerabilities with machine learning. In ASIA CCS '22: proceedings of the 17th ACM (Association for Computing Machinery) Asia conference on computer and communications security 2022 (ASIA CCS 2022), 30 May - 3 June 2022, Nagasaki, Japan. New York: ACM [online], pages 1255-1257. Available from: https://doi.org/10.1145/3488932.3527290

Conference Name 17th Asia Conference on computer and communications security 2022 (ASIA CCS 2022)
Conference Location Nagasaki, Japan
Start Date May 30, 2022
End Date Jun 2, 2022
Acceptance Date Feb 7, 2022
Online Publication Date May 30, 2022
Publication Date May 30, 2022
Deposit Date Jul 29, 2022
Publicly Available Date Jul 29, 2022
Publisher ACM Association for Computing Machinery
Pages 1255-1257
Book Title ASIA CCS '22: proceedings of the 17th Asia Conference on computer and communications security 2022 (ASIA CCS 2022)
ISBN 9781450391405
DOI https://doi.org/10.1145/3488932.3527290
Keywords Android; Code vulnerability detection; Static analysis; Vulnerability dataset; Machine learning; Secure mobile apps
Public URL https://rgu-repository.worktribe.com/output/1713062

Files





You might also like



Downloadable Citations