SAMPATH RAJAPAKSHA R WASALA MUDIYANSELAGE POLWATTE GEDARA s.rajapaksha@rgu.ac.uk
Research Student
Enhancing security assurance in software development: AI-based vulnerable code detection with static analysis.
Rajapaksha, Sampath; Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, Mhd Omar
Authors
Mr Janaka Senanayake j.senanayake1@rgu.ac.uk
Lecturer
Dr Harsha Kalutarage h.kalutarage@rgu.ac.uk
Associate Professor
Mhd Omar Al-Kadri
Contributors
Sokratis Katsikas
Editor
Abstract
The presence of vulnerable source code in software applications is causing significant reliability and security issues, which can be mitigated by integrating and assuring software security principles during the early stages of the development lifecycle. One promising approach to identifying vulnerabilities in source code is the use of Artificial Intelligence (AI). This research proposes an AI-based method for detecting source code vulnerabilities and leverages Explainable AI to help developers identify and understand vulnerable source code tokens. To train the model, a web crawler was used to collect a real-world dataset of 600,000 source code samples, which were annotated using static analysers. Several ML classifiers were tested on a feature vector generated using Natural Language Processing techniques. The Random Forest and Extreme Gradient Boosting classifiers were found to perform well in binary and multi-class approaches, respectively. The proposed model achieved a 0.96 F1-Score in binary classification and a 0.85 F1-Score in multi-class classification based on Common Weakness Enumeration (CWE) IDs. The model, trained on a dataset of actual source codes, is highly generalisable and has been integrated into a live web portal to validate its performance on real-world code vulnerabilities.
Citation
RAJAPAKSHA, S., SENANAYAKE, J., KALUTARAGE, H. and AL-KADRI, M.O. 2024. Enhancing security assurance in software development: AI-based vulnerable code detection with static analysis. In Katsikas, S. et al. (eds.) Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), 25-29 September 2023, The Hague, Netherlands. Lecture notes in computer science, 14399. Cham: Springer [online], part II, pages 341-356. Available from: https://doi.org/10.1007/978-3-031-54129-2_20
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops) |
| Start Date | Sep 25, 2023 |
| End Date | Sep 29, 2023 |
| Acceptance Date | Aug 14, 2023 |
| Online Publication Date | Mar 12, 2024 |
| Publication Date | Dec 31, 2024 |
| Deposit Date | Apr 26, 2024 |
| Publicly Available Date | Mar 13, 2025 |
| Publisher | Springer |
| Peer Reviewed | Peer Reviewed |
| Pages | 341-356 |
| Series Title | Lecture notes in computer science |
| Series Number | 14399 |
| Series ISSN | 0302-9743; 1611-3349 |
| Book Title | Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), part II |
| ISBN | 9783031541285 |
| DOI | https://doi.org/10.1007/978-3-031-54129-2_20 |
| Keywords | Source code vulnerability; Artificial intelligence; Software security; Vulnerability scanners |
| Public URL | https://rgu-repository.worktribe.com/output/2271880 |
Files
This file is under embargo until Mar 13, 2025 due to copyright reasons.
Contact publications@rgu.ac.uk to request a copy for personal use.
You might also like
Beyond vanilla: improved autoencoder-based ensemble in-vehicle intrusion detection system.
(2023)
Journal Article
AI-based intrusion detection systems for in-vehicle networks: a survey.
(2023)
Journal Article
Keep the moving vehicle secure: context-aware intrusion detection system for in-vehicle CAN bus security.
(2022)
Presentation / Conference Contribution
AI-powered vulnerability detection for secure source code development.
(2023)
Presentation / Conference Contribution
CAN-MIRGU: a comprehensive CAN bus attack dataset from moving vehicles for intrusion detection system evaluation.
(2024)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search