Skip to main content

Research Repository

Advanced Search

Assuring privacy of AI-powered community driven Android code vulnerability detection.

Senanayake, Janaka; Kalutarage, Harsha; Piras, Luca; Al-Kadri, Mhd Omar; Petrovski, Andrei

Authors

Luca Piras

Mhd Omar Al-Kadri

Andrei Petrovski



Contributors

Joaquin Garcia-Alfaro
Editor

Naoto Yanai
Editor

Abstract

The challenge of training AI models is heightened by the limited availability of data, particularly when public datasets are insufficient. While obtaining data from private sources may seem like a viable solution, privacy concerns often prevent data sharing. Therefore, it is essential to establish a system that effectively balances privacy concerns with the need for data. In our previous work, we introduced "Defendroid", which focuses on real-time Android code vulnerability detection using a blockchain federated neural network with explainable artificial intelligence. In this study, the Defendroid approach is enhanced by incorporating variable differential privacy techniques to ensure the privacy of the model training process. The proposed method significantly improves privacy, achieving a privacy budget between 1 and 1.5, while maintaining Defendroid's baseline accuracy of 96% and an F1-Score of 0.96. As a result, this research thoroughly addresses concerns about the privacy of source code, filling a critical gap. This advancement not only showcases the effectiveness of the new approach but also its capability to address the significant challenges of privacy and data scarcity in AI-driven, community-focused Android code vulnerability detection.

Citation

SENANAYAKE, J., KALUTARAGE, H., PIRAS, L., AL-KADRI, M.O. and PETROVSKI, A. 2025. Assuring privacy of AI-powered community driven Android code vulnerability detection. In Garcia-Alfaro, J., Kalutarage, H., Yanai, N. et al. (eds.) Computer security: ESORICS 2024 international workshops: revised selected papers from the proceedings of eleven international workshops held in conjunction with the 29th European Symposium on Research in Computer Security (ESORICS 2024), 16-20 September 2024, Bydgoszcz, Poland. Part II. Lecture notes in computer science, 15264. Cham: Springer [online], pages 457-476. Available from: https://doi.org/10.1007/978-3-031-82362-6_27

Presentation Conference Type Conference Paper (published)
Conference Name 29th European Symposium on Research in Computer Security (ESORICS 2024)
Start Date Sep 16, 2024
End Date Sep 20, 2024
Acceptance Date Jun 14, 2024
Online Publication Date Mar 31, 2025
Publication Date Apr 1, 2025
Deposit Date Apr 9, 2025
Publicly Available Date Apr 1, 2026
Publisher Springer
Peer Reviewed Peer Reviewed
Pages 457-476
Series Title Lecture notes in computer science
Series Number 15264
Series ISSN 0302-9743; 1611-3349
Book Title Computer security: ESORICS 2024 international workshops: revised selected papers from the proceedings of eleven international workshops held in conjunction with the 29th European Symposium on Research in Computer Security (ESORICS 2024), 16-20 September 2
ISBN 9783031823619
DOI https://doi.org/10.1007/978-3-031-82362-6_27
Keywords Cybersecurity; Android; Android code vulnerability; Federated learning; Differential privacy; Artificial intelligence
Public URL https://rgu-repository.worktribe.com/output/2782977

Files

This file is under embargo until Apr 1, 2026 due to copyright reasons.

Contact publications@rgu.ac.uk to request a copy for personal use.



You might also like



Downloadable Citations