Android source code vulnerability detection: a systematic literature review.

Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, Mhd Omar; Petrovski, Andrei; Piras, Luca

doi:10.1145/3556974

Integrating large language models for automated vulnerability scanning and reporting in network hosts. (2025)
Presentation / Conference Contribution
SANDARUWAN, M.T., WIJAYANAYAKE, J. and SENANAYAKE, J. 2025. Integrating large language models for automated vulnerability scanning and reporting in network hosts. In Proceedings of the 8th International research conference on Smart computing and systems Engineering 2025 (SCSE 2025), 3 April 2025, Colombo, Sri Lanka. Piscataway: IEEE [online], pages 1-7. Available from: https://doi.org/10.1109/SCSE65633.2025.11031059

This research explores integrating Large Language Models (LLMs) like GPT-4 and Claude 3.5 into cybersecurity vulnerability scanning to enhance automation and effectiveness. Current tools' reliance on manual updates and human expertise is highlighted.... Read More about Integrating large language models for automated vulnerability scanning and reporting in network hosts..

Advanced DDoS attack detection and mitigation in software-defined networking (SDN) environments: an integrated machine learning approach. (2025)
Presentation / Conference Contribution
GAYANTHA, N., RAJAPAKSE, C. and SENANAYAKE, J. 2025. Advanced DDoS attack detection and mitigation in software-defined networking (SDN) evironments: an integrated machine learning approach. In Proceedings of the 8th International research conference on Smart computing and systems Engineering 2025 (SCSE 2025), 3 April 2025, Colombo, Sri Lanka. Piscataway: IEEE [online], pages 1-6. Available from: https://doi.org/10.1109/SCSE65633.2025.11030982

The increasing sophistication of Distributed Denial of Service (DDoS) attacks poses critical challenges to network security, necessitating advanced detection and mitigation strategies. This research presents a machine learning-based framework that ef... Read More about Advanced DDoS attack detection and mitigation in software-defined networking (SDN) environments: an integrated machine learning approach..

DroidKey: a practical framework and analysis tool for API key security in Android applications. (2025)
Presentation / Conference Contribution
PIYUMANTHA, K., SENANAYAKE, J. and WIJAYASIRIWARDHNE, K. 2025. DroidKey: a practical framework and analysis tool for API key security in android applications. In Proceedings of the 8th International research conference on Smart computing and systems Engineering 2025 (SCSE 2025), 3 April 2025, Colombo, Sri Lanka. Piscataway: IEEE [online], pages 1-6. Available from: https://doi.org/10.1109/SCSE65633.2025.11030956

The reliance on mobile applications has amplified concerns about Application Programming Interface (API) key security in Android platforms. Serving as essential authentication mechanisms, API keys ensure secure communication with external services. H... Read More about DroidKey: a practical framework and analysis tool for API key security in Android applications..

Assessing security vulnerabilities in Sri Lankan banking mobile applications: challenges and solutions. (2025)
Presentation / Conference Contribution
RAVICHANDRAN, L., PIYUMANTHA, K., WICKRAMASINGHE, W.S., WEERASINGHE, M. and SENANAYAKE, J. 2025. Assessing security vulnerabilities in Sri Lankan banking mobile applications: challenges and solutions. In Proceedings of the 8th International research conference on Smart computing and systems Engineering 2025 (SCSE 2025), 3 April 2025, Colombo, Sri Lanka. Piscataway: IEEE [online], pages 1-6. Available from: https://doi.org/10.1109/SCSE65633.2025.11031031

Mobile banking plays a crucial role in Sri Lanka's financial sector, offering convenience through self-service technologies. Despite its rapid adoption, concerns about security continue to affect customer trust, underscoring the critical need for enh... Read More about Assessing security vulnerabilities in Sri Lankan banking mobile applications: challenges and solutions..

Enhancing network intrusion detection with stacked deep and reinforcement learning models. (2025)
Presentation / Conference Contribution
KALPANI, N., RODRIGO, N., SENEVIRATNE, D., ARIYADASA, S. and SENANAYAKE, J. 2025. Enhancing network intrusion detection with stacked deep and reinforcement learning models. In Proceedings of the 8th International research conference on Smart computing and systems Engineering 2025 (SCSE 2025), 3 April 2025, Colombo, Sri Lanka. Piscataway: IEEE [online], pages 1-7. Available from: https://doi.org/10.1109/SCSE65633.2025.11031023

This study investigates the effectiveness of Ensemble Learning (EL) techniques by integrating reproducible Deep Learning (DL) and Reinforcement Learning (RL) models to enhance network intrusion detection. Through a systematic review of the literature... Read More about Enhancing network intrusion detection with stacked deep and reinforcement learning models..

Assuring privacy of AI-powered community driven Android code vulnerability detection. (2025)
Presentation / Conference Contribution
SENANAYAKE, J., KALUTARAGE, H., PIRAS, L., AL-KADRI, M.O. and PETROVSKI, A. 2025. Assuring privacy of AI-powered community driven Android code vulnerability detection. In Garcia-Alfaro, J., Kalutarage, H., Yanai, N. et al. (eds.) Computer security: ESORICS 2024 international workshops: revised selected papers from the proceedings of eleven international workshops held in conjunction with the 29th European Symposium on Research in Computer Security (ESORICS 2024), 16-20 September 2024, Bydgoszcz, Poland. Part II. Lecture notes in computer science, 15264. Cham: Springer [online], pages 457-476. Available from: https://doi.org/10.1007/978-3-031-82362-6_27

The challenge of training AI models is heightened by the limited availability of data, particularly when public datasets are insufficient. While obtaining data from private sources may seem like a viable solution, privacy concerns often prevent data... Read More about Assuring privacy of AI-powered community driven Android code vulnerability detection..

Cutting-edge approaches in intrusion detection systems: a systematic review of deep learning, reinforcement learning, and ensemble techniques. (2025)
Journal Article
KALPANI, N., RODRIGO, N., SENEVIRATNE, D., ARIYADASA, S. and SENANAYAKE, J. 2025. Cutting-edge approaches in intrusion detection systems: a systematic review of deep learning, reinforcement learning, and ensemble techniques. Iran journal of computer science [online], Online First. Available from: https://doi.org/10.1007/s42044-025-00246-8

The growing number of networked devices and complex network infrastructures necessitates robust network security measures. Network intrusion detection systems are crucial for identifying and mitigating malicious activities within network environments... Read More about Cutting-edge approaches in intrusion detection systems: a systematic review of deep learning, reinforcement learning, and ensemble techniques..

Customizable DDoS attack data generation in SDN environments for enhanced machine learning detection models. (2025)
Presentation / Conference Contribution
GAYANTHA, N., RAJAPAKSE, C. and SENANAYAKE, J. 2025. Customizable DDoS attack data generation in SDN environments for enhanced machine learning detection models. In Proceedings of the 5th International conference on advanced research in computing 2025 (ICARC 2025): converging horizons: uniting disciplines in computing research through AI innovation, 19-20 February 2025, Belihuloya, Sri Lanka. Piscataway: IEEE [online], pages 386-391. Available from: https://doi.org/10.1109/ICARC64760.2025.10963190

Distributed Denial of Service (DDoS) attacks are a critical threat to the security and reliability of Software-Defined Networking (SDN) environments. Existing datasets for training machine learning (ML) models, such as KDDCup '99 and CICIDS 2017, are... Read More about Customizable DDoS attack data generation in SDN environments for enhanced machine learning detection models..

DevSecOps implementation for continuous security in financial trading software application development. (2025)
Presentation / Conference Contribution
DASANAYAKE, S.D.L.V., SENANAYAKE, J. and WIJAYANAYAKE, W.M.J.I. 2025. DevSecOps implementation for continuous security in financial trading software application development. In Proceedings of the 25th International conference on advanced research in computing 2025 (ICARC 2025): converging horizons: uniting disciplines in computing research through AI innovation, 19-20 February 2025, Belihuloya, Sri Lanka. Piscataway: IEEE [online], pages 457-462. Available from: https://doi.org/10.1109/ICARC64760.2025.10963292

DevSecOps incorporates security into the DevOps workflow, ensuring robust protection throughout the software development lifecycle. This research addresses the security gaps in financial trading applications, where traditional methods often prioritiz... Read More about DevSecOps implementation for continuous security in financial trading software application development..

MADONNA: browser-based malicious domain detection using optimized neural network by leveraging AI and feature analysis. (2025)
Journal Article
SENANAYAKE, J., RAJAPAKSHA, S., YANAI, N., KALUTARAGE, H. and KOMIYA, C. 2025. MADONNA: browser-based malicious domain detection using optimized neural network by leveraging AI and feature analysis. Computers and security [online], 152, article number 104371. Available from: https://doi.org/10.1016/j.cose.2025.104371

Detecting malicious domains is a critical aspect of cybersecurity, with recent advancements leveraging Artificial Intelligence (AI) to enhance accuracy and speed. However, existing browser-based solutions often struggle to achieve both high accuracy... Read More about MADONNA: browser-based malicious domain detection using optimized neural network by leveraging AI and feature analysis..

Devsecops for continuous security in trading software application development: a systematic literature review. (2024)
Journal Article
DASANAYAKE, S.D.L.V., SENANAYAKE, J. and WIJAYANAYAKE, W.M.J.I. 2024. Devsecops for continuous security in trading software application development: a systematic literature review. Journal of desk research review and analysis [online], 2(2), pages 215-232. Available from: https://doi.org/10.4038/jdrra.v2i2.52

This systematic literature review examined the implementation of DevSecOps for continuous security in financial trading software application development. This review identifies key strategies and security frameworks, analyses cybersecurity threats sp... Read More about Devsecops for continuous security in trading software application development: a systematic literature review..

Enhancing Android application security through source code vulnerability mitigation using artificial intelligence: a privacy-preserved, community-driven, federated-learning-based approach. (2024)
Thesis
SENANAYAKE, J.M.D. 2024. Enhancing Android application security through source code vulnerability mitigation using artificial intelligence: a privacy-preserved, community-driven, federated-learning-based approach. Robert Gordon University, PhD thesis. Hosted on OpenAIR [online]. Available from: https://doi.org/10.48526/rgu-wt-2801183

As technology advances, Android devices and apps are rapidly increasing. It is crucial to adhere to security protocols during app development, especially as many apps lack sufficient safeguards. Despite the use of automated tools for risk mitigation,... Read More about Enhancing Android application security through source code vulnerability mitigation using artificial intelligence: a privacy-preserved, community-driven, federated-learning-based approach..

MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis. (2024)
Presentation / Conference Contribution
SENANAYAKE, J., RAJAPAKSHA, S., YANAI, N., KOMIYA, C. and KALUTARAGE, H. 2024. MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis. In Meyer, N. and Grocholewska-Czuryło, A. (eds.) Revised selected papers from the proceedings of the 38th International conference on ICT systems security and privacy protection (IFIP SEC 2023), 14-16 June 2023, Poznan, Poland. IFIP advances in information and communication technology, 679. Cham: Springer [online], pages 279-292. Available from: https://doi.org/10.1007/978-3-031-56326-3_20

The detection of malicious domains often relies on machine learning (ML), and proposals for browser-based detection of malicious domains with high throughput have been put forward in recent years. However, existing methods suffer from limited accurac... Read More about MADONNA: browser-based malicious domain detection through optimized neural network with feature analysis..

Enhancing security assurance in software development: AI-based vulnerable code detection with static analysis. (2024)
Presentation / Conference Contribution
RAJAPAKSHA, S., SENANAYAKE, J., KALUTARAGE, H. and AL-KADRI, M.O. 2024. Enhancing security assurance in software development: AI-based vulnerable code detection with static analysis. In Katsikas, S. et al. (eds.) Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), 25-29 September 2023, The Hague, Netherlands. Lecture notes in computer science, 14399. Cham: Springer [online], part II, pages 341-356. Available from: https://doi.org/10.1007/978-3-031-54129-2_20

The presence of vulnerable source code in software applications is causing significant reliability and security issues, which can be mitigated by integrating and assuring software security principles during the early stages of the development lifecyc... Read More about Enhancing security assurance in software development: AI-based vulnerable code detection with static analysis..

FedREVAN: real-time detection of vulnerable android source code through federated neural network with XAI. (2024)
Presentation / Conference Contribution
SENANAYAKE, J., KALUTARAGE, H., PETROVSKI, A., AL-KADRI, M.O. and PIRAS, L. 2024. FedREVAN: real-time detection of vulnerable android source code through federated neural network with XAI. In Katsikas, S. et al. (eds.) Computer security: revised selected papers from the proceedings of the International workshops of the 28th European symposium on research in computer security (ESORICS 2023 International Workshops), 25-29 September 2023, The Hague, Netherlands. Lecture notes in computer science, 14399. Cham: Springer [online], part II, pages 426-441. Available from: https://doi.org/10.1007/978-3-031-54129-2_25

Adhering to security best practices during the development of Android applications is of paramount importance due to the high prevalence of apps released without proper security measures. While automated tools can be employed to address vulnerabiliti... Read More about FedREVAN: real-time detection of vulnerable android source code through federated neural network with XAI..

Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI. (2024)
Journal Article
SENANAYAKE, J., KALUTARAGE, H., PETROVSKI, A., PIRAS, L. and AL-KADRI, M.O. 2024. Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI. Journal of information security and applications [online], 82, article number 103741. Available from: https://doi.org/10.1016/j.jisa.2024.103741

Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to redu... Read More about Defendroid: real-time Android code vulnerability detection via blockchain federated neural network with XAI..

Labelled Vulnerability Dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models. (2023)
Presentation / Conference Contribution
SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PIRAS, L. and PETROVSKI, A. 2023. Labelled Vulnerability Dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models. In De Capitani di Vimercati, S. and Samarati, P. (eds.) Proceedings of the 20th International conference on security and cryptography, 10-12 July 2023, Rome, Italy, volume 1. Setúbal: SciTePress [online], pages 659-666. Available from: https://doi.org/10.5220/0012060400003555

Ensuring the security of Android applications is a vital and intricate aspect requiring careful consideration during development. Unfortunately, many apps are published without sufficient security measures, possibly due to a lack of early vulnerabili... Read More about Labelled Vulnerability Dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models..

Android code vulnerabilities early detection using AI-powered ACVED plugin. (2023)
Presentation / Conference Contribution
SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and PIRAS, L. 2023. Android code vulnerabilities early detection using AI-powered ACVED plugin. In Atluri, V. and Ferrara, A.L. (eds.) Data and applications security and privacy XXXVII; proceedings of the 37th annual IFIP WG (International Federation for Information Processing Working Group) 11.3 Data and applications security and privacy 2023 (DBSec 2023), 19-21 July 2023, Sophia-Antipolis, France. Lecture notes in computer science (LNCS), 13942. Cham: Springer [online], pages 339-357. Available from: https://doi.org/10.1007/978-3-031-37586-6_20

During Android application development, ensuring adequate security is a crucial and intricate aspect. However, many applications are released without adequate security measures due to the lack of vulnerability identification and code verification at... Read More about Android code vulnerabilities early detection using AI-powered ACVED plugin..

AI-powered vulnerability detection for secure source code development. (2023)
Presentation / Conference Contribution
RAJAPAKSHA, S., SENANAYAKE, J., KALUTARAGE, H. and AL-KADRI, M.O. 2023. AI-powered vulnerability detection for secure source code development. In Bella, G., Doinea, M. and Janicke, H. (eds.) Innovative security solutions for information technology and communications: revised selected papers of the 15th International conference on Security for information technology and communications 2022 (SecITC 2022), 8-9 December 2022, [virtual conference]. Lecture notes in computer sciences, 13809. Cham: Springer [online], pages 275-288. Available from: https://doi.org/10.1007/978-3-031-32636-3_16

Vulnerable source code in software applications is causing paramount reliability and security issues. Software security principles should be integrated to reduce these issues at the early stages of the development lifecycle. Artificial Intelligence (... Read More about AI-powered vulnerability detection for secure source code development..

Android source code vulnerability detection: a systematic literature review. (2023)
Journal Article
SENANAYAKE, J., KALUTARAGE, H., AL-KADRI, M.O., PETROVSKI, A. and PIRAS, L. 2023. Android source code vulnerability detection: a systematic literature review. ACM computing surveys [online], 55(9), article 187, pages 1-37. Available from: https://doi.org/10.1145/3556974

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not add... Read More about Android source code vulnerability detection: a systematic literature review..

All Outputs (23)