Developing Secured Android Applications by Mitigating Code Vulnerabilities with Machine Learning

Senanayake, Janaka; Kalutarage, Harsha; Al-Kadri, M. Omar; Petrovski, Andrei; Piras, Luca

doi:10.1145/3488932.3527290

Cited by 6 publications

(6 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…30 For continuous integer experimental data, Lin's CCC will be better for measuring the agreement of two objects. 31 Assuming two random variables x and y, the formula for CCC 𝜌 C is given in Equation (4).…”

Section: Evaluation Methodsmentioning

confidence: 99%

“…By statistics, Android holds 71.55% of the market share, about 2.5 times greater than IOS 3 . The high market share makes Android more vulnerable to attacks by external sources, and security risks from poor programming selections within the code will expose users, and the platform, to varying levels of risk 4 . In this context, code smell emerged as a research hit to identify potentially poor design 5 .…”

Section: Introductionmentioning

confidence: 99%

“…3 The high market share makes Android more vulnerable to attacks by external sources, and security risks from poor programming selections within the code will expose users, and the platform, to varying levels of risk. 4 In this context, code smell emerged as a research hit to identify potentially poor design. 5 Although many works revealed the specific issues related to code smell, research on the definition and identification of Android remains scarce.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Security‐based code smell definition, detection, and impact quantification in Android

Zhong,

Shi,

et al. 2023

Softw Pract Exp

View full text Add to dashboard Cite

Android's high market share and extensive functionality make its security a significant concern. Research reveals that many security issues are caused by insecure coding practices. As a poor design indicator, code smell threatens the safety and quality assurance of Android applications (apps). Although previous works revealed specific problems associated with code smells, the field still lacks research reflecting Android features. Moreover, the cost and time limit developers to repairing numerous smells timely. We conducted a study, including Definition, Detection, and Impact Quantification for Android code smell (DefDIQ): (1) define 15 novel code smells in Android from a security programming perspective and provide suggestions on how to eliminate or mitigate them; (2) implement DACS (Detect Android Code Smell) to automatically detect the custom code smells based on ASTs; (3) investigate the correlation between individual smells with DACS detection results, select suitable code smells to construct fault counting models, then quantify their impact on quality, and thereby generating code smell repair priorities. We conducted experiments on 4575 open‐source apps, and the findings are: (i) Lin's CCC between DACS and manual detection results reaches 0.9994, verifying the validity; (ii) the fault counting model constructed by zero‐inflated negative binomial is superior to negative binomial (AIC = 517.32, BIC = 522.12); some smells do indicate fault‐proneness, and we identify such avoidable poor designs; (iii) different code smells have different levels of importance and the repair priorities constructed provide a practical guideline for researchers and inexperienced developers.

show abstract

Section: Evaluation Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Security‐based code smell definition, detection, and impact quantification in Android

Zhong,

Shi,

et al. 2023

Softw Pract Exp

View full text Add to dashboard Cite

show abstract

“…It includes high-risk shell Manuscript submitted to ACM command vulnerabilities, security code smells, and dangerous permissions. An Android code vulnerability dataset was proposed in [128], named LVDAndro [129], which contains vulnerable and non-vulnerable source code with their CWE [34] details. The proof-of-concept of this work identified the applicability of the dataset to train ML models to detect Android code vulnerabilities.…”

Section: Static Analysis Industrialmentioning

confidence: 99%

Android Source Code Vulnerability Detection: A Systematic Literature Review

et al. 2023

Self Cite

View full text Add to dashboard Cite

The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions.

show abstract

“…By statistics, Android occupies 71.55% market share, about 2.5 times more than IOS 3 . The high market share makes Android more vulnerable to attacks by external sources, and security risks from poor programming selections within the code will expose users, and the platform, to varying levels of risk 4 . In this context, code smell emerged as a research hit to identify potentially poor design 5 .…”

Section: Introductionmentioning

confidence: 99%

Security-based code smell definition, detection, and impact quantification in Android

Shi

Zhong

et al. 2022

Preprint

View full text Add to dashboard Cite

Android occupies a high market share, and its broad functions make Android security matter. Research reveals that many security issues are caused by insecure coding practices. As a poor design indicator, code smell threatens the safety and quality assurance of Android applications (apps). Although previous works revealed specific problems associated with code smells, the field still lacks research reflecting Android features. Moreover, the cost and time limit developers to repairing numerous smells timely. We conducted a study, including definition, detection, and impact quantification for Android code smell (DefDIQ): (1) define 15 novel code smells in Android from a security programming perspective; meanwhile, we provide suggestions on how to eliminate or mitigate them; (2) implement DACS to automatically detect the custom code smells based on ASTs; (3) investigate the correlation between individual smells with DACS detection results, and select suitable code smells to construct fault counting models, then quantify their impact on quality, and thereby generating code smell repair priorities. We conducted experiments on 4,575 open-source apps, and the findings are: (i) Lin’s CCC between DACS and manual detection results reaches 0.9994, verifying the validity; (ii) the fault counting model constructed by ZINB is superior to NB (AIC = 517.32, BIC = 522.12); some smells do indicate fault-proneness, and we identify such avoidable poor designs; (iii) different code smells have different importance and the repair priorities constructed provide a practical guideline for researchers and inexperienced developers.

show abstract

Developing Secured Android Applications by Mitigating Code Vulnerabilities with Machine Learning

Abstract: This document was downloaded from https://openair.rgu.ac.ukDeveloping secured android applications by mitigating code vulnerabilities with machine learning.

Cited by 6 publications

References 6 publications

Security‐based code smell definition, detection, and impact quantification in Android

Security‐based code smell definition, detection, and impact quantification in Android

Android Source Code Vulnerability Detection: A Systematic Literature Review

Security-based code smell definition, detection, and impact quantification in Android

Contact Info

Product

Resources

About