Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI
<p>Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to reduce potential vulnerabilities during devel...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | , , , |
| Published: |
2024
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1864513544606711808 |
|---|---|
| author | Janaka Senanayake (21749174) |
| author2 | Harsha Kalutarage (17541414) Andrei Petrovski (6262691) Luca Piras (7007807) Omar Al Kadri (21152969) |
| author2_role | author author author author |
| author_facet | Janaka Senanayake (21749174) Harsha Kalutarage (17541414) Andrei Petrovski (6262691) Luca Piras (7007807) Omar Al Kadri (21152969) |
| author_role | author |
| dc.creator.none.fl_str_mv | Janaka Senanayake (21749174) Harsha Kalutarage (17541414) Andrei Petrovski (6262691) Luca Piras (7007807) Omar Al Kadri (21152969) |
| dc.date.none.fl_str_mv | 2024-03-05T03:00:00Z |
| dc.identifier.none.fl_str_mv | 10.1016/j.jisa.2024.103741 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/journal_contribution/Defendroid_Real-time_Android_code_vulnerability_detection_via_blockchain_federated_neural_network_with_XAI/29605475 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Information and computing sciences Artificial intelligence Cybersecurity and privacy Data management and data science Distributed computing and systems software Information systems Machine learning Software engineering Android application protection Code vulnerability Neural network Federated learning Source code privacy Explainable AI Blockchain |
| dc.title.none.fl_str_mv | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| dc.type.none.fl_str_mv | Text Journal contribution info:eu-repo/semantics/publishedVersion text contribution to journal |
| description | <p>Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to reduce potential vulnerabilities during development, their effectiveness in detecting vulnerabilities may fall short. To address this, “Defendroid”, a blockchain-based federated neural network enhanced with Explainable Artificial Intelligence (XAI) is introduced in this work. Trained on the LVDAndro dataset, the vanilla neural network model achieves a 96% accuracy and 0.96 F1-Score in binary classification for vulnerability detection. Additionally, in multi-class classification, the model accurately identifies Common Weakness Enumeration (CWE) categories with a 93% accuracy and 0.91 F1-Score. In a move to foster collaboration and model improvement, the model has been deployed within a blockchain-based federated environment. This environment enables community-driven collaborative training and enhancements in partnership with other clients. The extended model demonstrates improved accuracy of 96% and F1-Score of 0.96 in both binary and multi-class classifications. The use of XAI plays a pivotal role in presenting vulnerability detection results to developers, offering prediction probabilities for each word within the code. This model has been integrated into an Application Programming Interface (API) as the backend and further incorporated into Android Studio as a plugin, facilitating real-time vulnerability detection. Notably, Defendroid exhibits high efficiency, delivering prediction probabilities for a single code line in an average processing time of a mere 300 ms. The weight-sharing transparency in the blockchain-driven federated model enhances trust and traceability, fostering community engagement while preserving source code privacy and contributing to accuracy improvement.</p><h2>Other Information</h2> <p> Published in: Journal of Information Security and Applications<br> License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.jisa.2024.103741" target="_blank">https://dx.doi.org/10.1016/j.jisa.2024.103741</a></p> |
| eu_rights_str_mv | openAccess |
| id | Manara2_cbaa9fb44fc1e30d2bfd7bca31f3eb7c |
| identifier_str_mv | 10.1016/j.jisa.2024.103741 |
| network_acronym_str | Manara2 |
| network_name_str | Manara2 |
| oai_identifier_str | oai:figshare.com:article/29605475 |
| publishDate | 2024 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAIJanaka Senanayake (21749174)Harsha Kalutarage (17541414)Andrei Petrovski (6262691)Luca Piras (7007807)Omar Al Kadri (21152969)Information and computing sciencesArtificial intelligenceCybersecurity and privacyData management and data scienceDistributed computing and systems softwareInformation systemsMachine learningSoftware engineeringAndroid application protectionCode vulnerabilityNeural networkFederated learningSource code privacyExplainable AIBlockchain<p>Ensuring strict adherence to security during the phases of Android app development is essential, primarily due to the prevalent issue of apps being released without adequate security measures in place. While a few automated tools are employed to reduce potential vulnerabilities during development, their effectiveness in detecting vulnerabilities may fall short. To address this, “Defendroid”, a blockchain-based federated neural network enhanced with Explainable Artificial Intelligence (XAI) is introduced in this work. Trained on the LVDAndro dataset, the vanilla neural network model achieves a 96% accuracy and 0.96 F1-Score in binary classification for vulnerability detection. Additionally, in multi-class classification, the model accurately identifies Common Weakness Enumeration (CWE) categories with a 93% accuracy and 0.91 F1-Score. In a move to foster collaboration and model improvement, the model has been deployed within a blockchain-based federated environment. This environment enables community-driven collaborative training and enhancements in partnership with other clients. The extended model demonstrates improved accuracy of 96% and F1-Score of 0.96 in both binary and multi-class classifications. The use of XAI plays a pivotal role in presenting vulnerability detection results to developers, offering prediction probabilities for each word within the code. This model has been integrated into an Application Programming Interface (API) as the backend and further incorporated into Android Studio as a plugin, facilitating real-time vulnerability detection. Notably, Defendroid exhibits high efficiency, delivering prediction probabilities for a single code line in an average processing time of a mere 300 ms. The weight-sharing transparency in the blockchain-driven federated model enhances trust and traceability, fostering community engagement while preserving source code privacy and contributing to accuracy improvement.</p><h2>Other Information</h2> <p> Published in: Journal of Information Security and Applications<br> License: <a href="http://creativecommons.org/licenses/by/4.0/" target="_blank">http://creativecommons.org/licenses/by/4.0/</a><br>See article on publisher's website: <a href="https://dx.doi.org/10.1016/j.jisa.2024.103741" target="_blank">https://dx.doi.org/10.1016/j.jisa.2024.103741</a></p>2024-03-05T03:00:00ZTextJournal contributioninfo:eu-repo/semantics/publishedVersiontextcontribution to journal10.1016/j.jisa.2024.103741https://figshare.com/articles/journal_contribution/Defendroid_Real-time_Android_code_vulnerability_detection_via_blockchain_federated_neural_network_with_XAI/29605475CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/296054752024-03-05T03:00:00Z |
| spellingShingle | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI Janaka Senanayake (21749174) Information and computing sciences Artificial intelligence Cybersecurity and privacy Data management and data science Distributed computing and systems software Information systems Machine learning Software engineering Android application protection Code vulnerability Neural network Federated learning Source code privacy Explainable AI Blockchain |
| status_str | publishedVersion |
| title | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| title_full | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| title_fullStr | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| title_full_unstemmed | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| title_short | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| title_sort | Defendroid: Real-time Android code vulnerability detection via blockchain federated neural network with XAI |
| topic | Information and computing sciences Artificial intelligence Cybersecurity and privacy Data management and data science Distributed computing and systems software Information systems Machine learning Software engineering Android application protection Code vulnerability Neural network Federated learning Source code privacy Explainable AI Blockchain |