18 research outputs found
Android source code vulnerability detection: a systematic literature review
The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques and potential improvements of those studies. Both Machine Learning (ML) based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods since many recent studies conducted experiments with ML. Therefore, this paper aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions
Towards Automated Android App Collusion Detection
Android OS supports multiple communication methods between apps. This opens
the possibility to carry out threats in a collaborative fashion, c.f. the
Soundcomber example from 2011. In this paper we provide a concise definition of
collusion and report on a number of automated detection approaches, developed
in co-operation with Intel Security
FedREVAN: real-time detection of vulnerable Android source code through federated neural network with XAI
Adhering to security best practices during the development of Android applications is of paramount importance due to the high prevalence of apps released without proper security measures. While automated tools can be employed to address vulnerabilities during development, they may prove to be inadequate in terms of detecting vulnerabilities. To address this issue, a federated neural network with XAI, named FedREVAN, has been proposed in this study. The initial model was trained on the LVDAndro dataset and can predict potential vulnerabilities with a 96% accuracy and 0.96 F1-Score for binary classification. Moreover, in case the code is vulnerable, FedREVAN can identify the associated CWE category with 93% accuracy and 0.91 F1-Score for multi-class classification. The initial neural network model was released in a federated environment to enable collaborative training and enhancement with other clients. Experimental results demonstrate that the federated neural network model improves accuracy by 2% and F1-Score by 0.04 in multi-class classification. XAI is utilised to present the vulnerability detection results to developers with prediction probabilities for each word in the code. The FedREVAN model has been integrated into an API and further incorporated into Android Studio to provide real-time vulnerability detection. The FedREVAN model is highly efficient, providing prediction probabilities for one code line in an average of 300 milliseconds
Android code vulnerabilities early detection using AI-powered ACVED plugin
During Android application development, ensuring adequate security is a crucial and intricate aspect. However, many applications are released without adequate security measures due to the lack of vulnerability identification and code verification at the initial development stages. To address this issue, machine learning models can be employed to automate the process of detecting vulnerabilities in the code. However, such models are inadequate for real-time Android code vulnerability mitigation. In this research, an open-source AI-powered plugin named Android Code Vulnerabilities Early Detection (ACVED) was developed using the LVDAndro dataset. Utilising Android source code vulnerabilities, the dataset is categorised based on Common Weakness Enumeration (CWE). The ACVED plugin, featuring an ensemble learning model, is implemented in the backend to accurately and efficiently detect both source code vulnerabilities and their respective CWE categories, with a 95% accuracy rate. The model also leverages explainable AI techniques to provide source code vulnerability prediction probabilities for each word. When integrated with Android Studio, the ACVED plugin can provide developers with the vulnerability status of their current source code line in real-time, assisting them in mitigating vulnerabilities. The plugin, model, and scripts can be found on GitHub, and it receives regular updates with new training data from the LVDAndro dataset, enabling the detection of novel vulnerabilities recently added to CWE
Labelled vulnerability dataset on Android source code (LVDAndro) to develop AI-based code vulnerability detection models
Ensuring the security of Android applications is a vital and intricate aspect requiring careful consideration during development. Unfortunately, many apps are published without sufficient security measures, possibly due to a lack of early vulnerability identification. One possible solution is to employ machine learning models trained on a labelled dataset, but currently, available datasets are suboptimal. This study creates a sequence of datasets of Android source code vulnerabilities, named LVDAndro, labelled based on Common Weakness Enumeration (CWE). Three datasets were generated through app scanning by altering the number of apps and their sources. The LVDAndro, includes over 2,000,000 unique code samples, obtained by scanning over 15,000 apps. The AutoML technique was then applied to each dataset, as a proof of concept to evaluate the applicability of LVDAndro, in detecting vulnerable source code using machine learning. The AutoML model, trained on the dataset, achieved accuracy of 94% and F1-Score of 0.94 in binary classification, and accuracy of 94% and F1-Score of 0.93 in CWE-based multi-class classification. The LVDAndro dataset is publicly available, and continues to expand as more apps are scanned and added to the dataset regularly. The LVDAndro GitHub Repository also includes the source code for dataset generation, and model training
Low-Temperature Atomic Layer Deposition of Copper Films Using Borane Dimethylamine as the Reducing Co-reagent
The
atomic layer deposition (ALD) of Cu metal films was carried
out by a two-step process with CuÂ(OCHMeCH<sub>2</sub>NMe<sub>2</sub>)<sub>2</sub> and BH<sub>3</sub>(NHMe<sub>2</sub>) on Ru substrates
and by a three-step process employing CuÂ(OCHMeCH<sub>2</sub>NMe<sub>2</sub>)<sub>2</sub>, formic acid, and BH<sub>3</sub>(NHMe<sub>2</sub>) on Pd and Pt substrates. The two-step process demonstrated self-limited
ALD growth at 150 °C with CuÂ(OCHMeCH<sub>2</sub>NMe<sub>2</sub>)<sub>2</sub> and BH<sub>3</sub>(NHMe<sub>2</sub>) pulse lengths
of ≥3.0 and ≥1.0 s, respectively. An ALD window was
observed between 130 and 160 °C, with a growth rate of about
0.13 Ã…/cycle. Atomic force microscopy (AFM) and scanning electron
microscopy (SEM) revealed rough Cu films that likely originate from
the Cu nanoparticle seed layer. The Cu films exhibited poor electrical
conductivity because of their nanoparticulate natures. The three-step
process showed self-limited ALD growth on Pd and Pt at 150 °C
with CuÂ(OCHMeCH<sub>2</sub>NMe<sub>2</sub>)<sub>2</sub>, formic acid,
and BH<sub>3</sub>(NHMe<sub>2</sub>) pulse lengths of ≥3.0,
≥ 0.3, and ≥1.0 s, respectively. ALD windows were observed
between 135 and 165 °C on both Pd and Pt, with growth rates of
0.20 Ã…/cycle on both substrates. Plots of film thickness versus
number of cycles showed linear growth behavior on Pd with a growth
rate of 0.20 Ã…/cycle up to 2000 cycles. By contrast, a similar
plot for growth on Pt revealed nonlinear growth behavior, with a growth
rate of about 0.4 Ã…/cycle up to 500 cycles, and then a growth
rate of about 0.03 Ã…/cycle between 500 and 2000 cycles. The large
difference in growth behavior between Pd and Pt substrates is proposed
to occur by formation of a Cu/Pd alloy film and continuous catalytic
decomposition of the BH<sub>3</sub>(NHMe<sub>2</sub>) by the surface
Pd sites. By contrast, there is much less surface Pt in the growing
Cu film, and catalytic decomposition of BH<sub>3</sub>(NHMe<sub>2</sub>) by the diminishing surface Pt as the Cu film grows leads to a decreased
growth rate beyond 500 cycles. X-ray photoelectron spectroscopy reveals
the formation of high purity Cu metal for all depositions, with low
levels of C, N, O, and B. The Cu films on Pd and Pt showed smooth,
continuous films at all thicknesses and had low electrical resistivities
Volatile and Thermally Stable Mid to Late Transition Metal Complexes Containing α‑Imino Alkoxide Ligands, a New Strongly Reducing Coreagent, and Thermal Atomic Layer Deposition of Ni, Co, Fe, and Cr Metal Films
Treatment
of MCl<sub>2</sub> (M = Cu, Ni, Co, Fe, Mn, Cr) with
2 equiv of α-imino alkoxide salts KÂ(RR′COCNtBu) (R =
Me, tBu; R′ = iPr, tBu) afforded MÂ(RR′COCNtBu)<sub>2</sub> or [MnÂ(RR′COCNtBu)<sub>2</sub>]<sub>2</sub> in 9–75%
yields. These complexes combine volatility and high thermal stability
and have useful atomic layer deposition (ALD) precursor properties.
Solution reactions between Ni, Co, and Mn complexes showed that BH<sub>3</sub>(NHMe<sub>2</sub>) can reduce all to metal powders. ALD growth
of Ni, Co, Fe, and Cr films is demonstrated. Mn film growth may be
possible, but the films oxidize completely upon exposure to air
Volatile and Thermally Stable Mid to Late Transition Metal Complexes Containing α‑Imino Alkoxide Ligands, a New Strongly Reducing Coreagent, and Thermal Atomic Layer Deposition of Ni, Co, Fe, and Cr Metal Films
Treatment
of MCl<sub>2</sub> (M = Cu, Ni, Co, Fe, Mn, Cr) with
2 equiv of α-imino alkoxide salts KÂ(RR′COCNtBu) (R =
Me, tBu; R′ = iPr, tBu) afforded MÂ(RR′COCNtBu)<sub>2</sub> or [MnÂ(RR′COCNtBu)<sub>2</sub>]<sub>2</sub> in 9–75%
yields. These complexes combine volatility and high thermal stability
and have useful atomic layer deposition (ALD) precursor properties.
Solution reactions between Ni, Co, and Mn complexes showed that BH<sub>3</sub>(NHMe<sub>2</sub>) can reduce all to metal powders. ALD growth
of Ni, Co, Fe, and Cr films is demonstrated. Mn film growth may be
possible, but the films oxidize completely upon exposure to air