Skip to main content

Research Repository

Advanced Search

Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI.

Senanayake, Janaka; Kalutarage, Harsha; Petrovski, Andrei; Piras, Luca; Al-Kadri, Mhd Omar


Luca Piras

Mhd Omar Al-Kadri


Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to reduce potential vulnerabilities during development, their effectiveness in detecting vulnerabilities may fall short. To address this, "Defendroid", a blockchain-based federated neural network enhanced with Explainable Artificial Intelligence (XAI) is introduced in this work. Trained on the LVDAndro dataset, the vanilla neural network model achieves a 96% accuracy and 0.96 F1-Score in binary classification for vulnerability detection. Additionally, in multi-class classification, the model accurately identifies Common Weakness Enumeration (CWE) categories with a 93% accuracy and 0.91 F1-Score. In a move to foster collaboration and model improvement, the model has been deployed within a blockchain-based federated environment. This environment enables community-driven collaborative training and enhancements in partnership with other clients. The extended model demonstrates improved accuracy of 96% and F1-Score of 0.96 in both binary and multi-class classifications. The use of XAI plays a pivotal role in presenting vulnerability detection results to developers, offering prediction probabilities for each word within the code. This model has been integrated into an Application Programming Interface (API) as the backend and further incorporated into Android Studio as a plugin, facilitating real-time vulnerability detection. Notably, Defendroid exhibits high efficiency, delivering prediction probabilities for a single code line in an average processing time of a mere 300 ms. The weight-sharing transparency in the blockchain-driven federated model enhances trust and traceability, fostering community engagement while preserving source code privacy and contributing to accuracy improvement.


SENANAYAKE, J., KALUTARAGE, H., PETROVSKI, A., PIRAS, L. and AL-KADRI, M.O. 2024. Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI. Journal of information security and applications [online], 82, article number 103741. Available from:

Journal Article Type Article
Acceptance Date Mar 1, 2024
Online Publication Date Mar 5, 2024
Publication Date May 31, 2024
Deposit Date Mar 6, 2024
Publicly Available Date Mar 6, 2024
Journal Journal of Information Security and Applications
Electronic ISSN 2214-2126
Publisher Elsevier
Peer Reviewed Peer Reviewed
Volume 82
Article Number 103741
Keywords Cybersecurity; Systems security; Android devices; Android applications; Code vulnerability; Neural networks; Federated learning; Source code privacy; Explainable artificial intelligence; Artificial intelligence; Blockchain
Public URL


You might also like

Downloadable Citations