Janaka Senanayake
Developing secured android applications by mitigating code vulnerabilities with machine learning.
Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, Mhd Omar; Petrovski, Andrei; Piras, Luca
Authors
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Senior Lecturer
Mhd Omar Al-Kadri
Dr Andrei Petrovski a.petrovski@rgu.ac.uk
Associate Professor
Luca Piras
Abstract
Mobile application developers sometimes might not be serious about source code security and publish apps to the marketplaces. Therefore, it is essential to have a fully automated security solutions generator to integrate security-by-design into the development practices, especially for the Android platform. This research proposes a Machine Learning (ML) based highly accurate method to detect Android source code vulnerabilities. A new labelled dataset containing Android source code vulnerability samples was generated initially. The dataset was used to train binary and multi-class classification based ML models, to identify code issues by following a static analysis approach. The proposed model can detect code vulnerabilities with a 0.90 F1-Score and vulnerability categories (CWE) with a 0.96 F1-Score. By integrating this with the Android development environment, app developers can analyse source code and identify security vulnerabilities in real-time. The proposed framework can be extended to suggest suitable patches to overcome the source code issues by providing real-time fixes in future.
Citation
SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and PIRAS, L. 2022. Developing secured android applications by mitigating code vulnerabilities with machine learning. In ASIA CCS '22: proceedings of the 17th ACM (Association for Computing Machinery) Asia conference on computer and communications security 2022 (ASIA CCS 2022), 30 May - 3 June 2022, Nagasaki, Japan. New York: ACM [online], pages 1255-1257. Available from: https://doi.org/10.1145/3488932.3527290
| Conference Name | 17th Asia Conference on computer and communications security 2022 (ASIA CCS 2022) |
|---|---|
| Conference Location | Nagasaki, Japan |
| Start Date | May 30, 2022 |
| End Date | Jun 2, 2022 |
| Acceptance Date | Feb 7, 2022 |
| Online Publication Date | May 30, 2022 |
| Publication Date | May 30, 2022 |
| Deposit Date | Jul 29, 2022 |
| Publicly Available Date | Jul 29, 2022 |
| Publisher | Association for Computing Machinery (ACM) |
| Pages | 1255-1257 |
| Book Title | ASIA CCS '22: proceedings of the 17th Asia Conference on computer and communications security 2022 (ASIA CCS 2022) |
| ISBN | 9781450391405 |
| DOI | https://doi.org/10.1145/3488932.3527290 |
| Keywords | Android; Code vulnerability detection; Static analysis; Vulnerability dataset; Machine learning; Secure mobile apps |
| Public URL | https://rgu-repository.worktribe.com/output/1713062 |
Files
SENANAYAKE 2022 Developing secured android
(1.3 Mb)
PDF
Copyright Statement
© 2022 Copyright held by the owner/author(s).
You might also like
Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system.
(2023)
Journal Article
AI-based intrusion detection systems for in-vehicle networks: a survey.
(2023)
Journal Article
RRP: a reliable reinforcement learning based routing protocol for wireless medical sensor networks.
(2023)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search