Mr Janaka Senanayake j.senanayake1@rgu.ac.uk
Lecturer
Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI.
Senanayake, Janaka; Kalutarage, Harsha; Petrovski, Andrei; Piras, Luca; Al-Kadri, Mhd Omar
Authors
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Senior Lecturer
Dr Andrei Petrovski a.petrovski@rgu.ac.uk
Associate Professor
Luca Piras
Mhd Omar Al-Kadri
Abstract
Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to reduce potential vulnerabilities during development, their effectiveness in detecting vulnerabilities may fall short. To address this, "Defendroid", a blockchain-based federated neural network enhanced with Explainable Artificial Intelligence (XAI) is introduced in this work. Trained on the LVDAndro dataset, the vanilla neural network model achieves a 96% accuracy and 0.96 F1-Score in binary classification for vulnerability detection. Additionally, in multi-class classification, the model accurately identifies Common Weakness Enumeration (CWE) categories with a 93% accuracy and 0.91 F1-Score. In a move to foster collaboration and model improvement, the model has been deployed within a blockchain-based federated environment. This environment enables community-driven collaborative training and enhancements in partnership with other clients. The extended model demonstrates improved accuracy of 96% and F1-Score of 0.96 in both binary and multi-class classifications. The use of XAI plays a pivotal role in presenting vulnerability detection results to developers, offering prediction probabilities for each word within the code. This model has been integrated into an Application Programming Interface (API) as the backend and further incorporated into Android Studio as a plugin, facilitating real-time vulnerability detection. Notably, Defendroid exhibits high efficiency, delivering prediction probabilities for a single code line in an average processing time of a mere 300 ms. The weight-sharing transparency in the blockchain-driven federated model enhances trust and traceability, fostering community engagement while preserving source code privacy and contributing to accuracy improvement.
Citation
SENANAYAKE, J., KALUTARAGE, H., PETROVSKI, A., PIRAS, L. and AL-KADRI, M.O. 2024. Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI. Journal of information security and applications [online], 82, article number 103741. Available from: https://doi.org/10.1016/j.jisa.2024.103741
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Mar 1, 2024 |
| Online Publication Date | Mar 5, 2024 |
| Publication Date | May 31, 2024 |
| Deposit Date | Mar 6, 2024 |
| Publicly Available Date | Mar 6, 2024 |
| Journal | Journal of Information Security and Applications |
| Electronic ISSN | 2214-2126 |
| Publisher | Elsevier |
| Peer Reviewed | Peer Reviewed |
| Volume | 82 |
| Article Number | 103741 |
| DOI | https://doi.org/10.1016/j.jisa.2024.103741 |
| Keywords | Cybersecurity; Systems security; Android devices; Android applications; Code vulnerability; Neural networks; Federated learning; Source code privacy; Explainable artificial intelligence; Artificial intelligence; Blockchain |
| Public URL | https://rgu-repository.worktribe.com/output/2261890 |
Files
SENANAYAKE 2024 Defendroid
(4 Mb)
PDF
Publisher Licence URL
https://creativecommons.org/licenses/by/4.0/
You might also like
Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system.
(2023)
Journal Article
AI-based intrusion detection systems for in-vehicle networks: a survey.
(2023)
Journal Article
RRP: a reliable reinforcement learning based routing protocol for wireless medical sensor networks.
(2023)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search