Skip to main content

Research Repository

Advanced Search

Android code vulnerabilities early detection using AI-powered ACVED plugin.

Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, Mhd Omar; Petrovski, Andrei; Piras, Luca

Authors

Mhd Omar Al-Kadri

Luca Piras



Contributors

Vijayalakshmi Atluri
Editor

Anna Lisa Ferrara
Editor

Abstract

During Android application development, ensuring adequate security is a crucial and intricate aspect. However, many applications are released without adequate security measures due to the lack of vulnerability identification and code verification at the initial development stages. To address this issue, machine learning models can be employed to automate the process of detecting vulnerabilities in the code. However, such models are inadequate for real-time Android code vulnerability mitigation. In this research, an open-source AI-powered plugin named Android Code Vulnerabilities Early Detection (ACVED) was developed using the LVDAndro dataset. Utilising Android source code vulnerabilities, the dataset is categorised based on Common Weakness Enumeration (CWE). The ACVED plugin, featuring an ensemble learning model, is implemented in the backend to accurately and efficiently detect both source code vulnerabilities and their respective CWE categories, with a 95% accuracy rate. The model also leverages explainable AI techniques to provide source code vulnerability prediction probabilities for each word. When integrated with Android Studio, the ACVED plugin can provide developers with the vulnerability status of their current source code line in real-time, assisting them in mitigating vulnerabilities. The plugin, model, and scripts can be found on GitHub, and it receives regular updates with new training data from the LVDAndro dataset, enabling the detection of novel vulnerabilities recently added to CWE.

Citation

SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and PIRAS, L. 2023. Android code vulnerabilities early detection using AI-powered ACVED plugin. In Atluri, V. and Ferrara, A.L. (eds.) Data and applications security and privacy XXXVII; proceedings of the 37th annual IFIP WG (International Federation for Information Processing Working Group) 11.3 Data and applications security and privacy 2023 (DBSec 2023), 19-21 July 2023, Sophia-Antipolis, France. Lecture notes in computer science (LNCS), 13942. Cham: Springer [online], pages 339-357. Available from: https://doi.org/10.1007/978-3-031-37586-6_20

Conference Name 37th annual IFIP WG (International Federation for Information Processing Working Group) 11.3 Data and applications security and privacy 2023 (DBSec 2023)
Conference Location Sophia-Antipolis, France
Start Date Jul 19, 2023
End Date Jul 21, 2023
Acceptance Date Apr 21, 2023
Online Publication Date Jul 12, 2023
Publication Date Dec 31, 2023
Deposit Date Sep 7, 2023
Publicly Available Date Jul 13, 2024
Publisher Springer
Pages 339-357
Series Title Lecture notes in computer science
Series Number 13942
Series ISSN 0302-9743; 1611-3349
Book Title Data and applications security and privacy XXXVII; proceedings of the 37th annual IFIP WG (International Federation for Information Processing Working Group) 11.3 Data and applications security and privacy 2023 (DBSec 2023), 19-21 July 2023, Sophia-Antip
ISBN 9783031375859; 9783031375866
DOI https://doi.org/10.1007/978-3-031-37586-6_20
Keywords Android application security; Code vulnerability; Labelled dataset; Artificial intelligence; Plugin
Public URL https://rgu-repository.worktribe.com/output/2010261