The speedy release and update of Android applications are driven by constantly evolving user demands and changing needs. As a result of the fast-paced development cycles, developers may prioritize the functionality of the apps over their security and the possibility of source code vulnerabilities. This can be attributed to the lack of automated tools that can assist developers in identifying and addressing such vulnerabilities.
FedREVAN is a plugin that can be integrated with Android Studio to aid developers in mitigating source code vulnerabilities in real-time. The plugin displays the vulnerability status of the source code line being worked on, using thevhighly accurate and efficient federated artificial neural network model that runs in the background. The model has a 96% accuracy rate in detecting source code vulnerabilities and a 95% accuracy rate in identifying their CWE categories. Furthermore, Explainable AI techniques are utilized to provide the likelihood of each word being a predictor of source code vulnerabilities.
If you are using this plugin or model in your research work, please cite as: Senanayake, J., Kalutarage, H., Petrovski, A., Al-Kadri, M.O., Piras, L. (2024). FedREVAN: Real-time DEtection of Vulnerable Android Source Code Through Federated Neural Network with XAI. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14399. Springer, Cham. https://doi.org/10.1007/978-3-031-54129-2_25