Browsing by Author "Senanayake, J."

Filter results by typing the first few letters
Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Android Source Code Vulnerability Detection: A Systematic Literature Review
    (ACM Computing Surveys, 2022) Senanayake, J.; Kalutarage, H. K.; Al-Kadri, M. O.; Petrovski, A.; Piras, L.
    The use of mobile devices is rising daily in this technological era. A continuous and increasing number of mobile applications are constantly offered on mobile marketplaces to fulfil the needs of smartphone users. Many Android applications do not address the security aspects appropriately. This is often due to a lack of automated mechanisms to identify, test, and fix source code vulnerabilities at the early stages of design and development. Therefore, the need to fix such issues at the initial stages rather than providing updates and patches to the published applications is widely recognized. Researchers have proposed several methods to improve the security of applications by detecting source code vulnerabilities and malicious codes. This Systematic Literature Review (SLR) focuses on Android application analysis and source code vulnerability detection methods and tools by critically evaluating 118 carefully selected technical studies published between 2016 and 2022. It highlights the advantages, disadvantages, applicability of the proposed techniques, and potential improvements of those studies. Both Machine Learning (ML)-based methods and conventional methods related to vulnerability detection are discussed while focusing more on ML-based methods, since many recent studies conducted experiments with ML. Therefore, this article aims to enable researchers to acquire in-depth knowledge in secure mobile application development while minimizing the vulnerabilities by applying ML methods. Furthermore, researchers can use the discussions and findings of this SLR to identify potential future research and development directions.
  • Thumbnail Image
    Item
    FedREVAN: Real-time DEtection of Vulnerable Android Source Code Through Federated Neural Network with XAI
    (Springer, Cham, 2024) Senanayake, J.; Kalutarage, H.; Petrovski, A.; Al-Kadri, M.O.; Piras, L.
    Adhering to security best practices during the development of Android applications is of paramount importance due to the high prevalence of apps released without proper security measures. While automated tools can be employed to address vulnerabilities during development, they may prove to be inadequate in terms of detecting vulnerabilities. To address this issue, a federated neural network with XAI, named FedREVAN, has been proposed in this study. The initial model was trained on the LVDAndro dataset and can predict potential vulnerabilities with a 96% accuracy and 0.96 F1-Score for binary classification. Moreover, in case the code is vulnerable, FedREVAN can identify the associated CWE category with 93% accuracy and 0.91 F1-Score for multi-class classification. The initial neural network model was released in a federated environment to enable collaborative training and enhancement with other clients. Experimental results demonstrate that the federated neural network model improves accuracy by 2% and F1-Score by 0.04 in multi-class classification. XAI is utilised to present the vulnerability detection results to developers with prediction probabilities for each word in the code. The FedREVAN model has been integrated into an API and further incorporated into Android Studio to provide real-time vulnerability detection. The FedREVAN model is highly efficient, providing prediction probabilities for one code line in an average of 300 ms.
  • No Thumbnail Available
    Item
    LEVERAGING LARGE LANGUAGE MODELS IN CYBERSECURITY: A SYSTEMATIC REVIEW OF EMERGING METHODS AND TECHNIQUES
    (The Library, University of Kelaniya, Sri Lanka., 2024) Sandaruwan, T.; Wijayanayake, J.; Senanayake, J.
    This systematic literature review examined how Large Language Models (LLMs) can be incorporated with vulnerability scanning and other cybersecurity tools and explored and assessed ways to improve cybersecurity practices. The PRISMA model was used, and the search was conducted using specific search terms in the leading databases such as the ACM Digital Library, IEEE Xplore Digital Library, and ScienceDirect from 2018 to July 2024. Initially, 313 records were gathered and reduced the count was reduced to 48 articles after applying the inclusion criteria. The findings were structured to answer the research questions regarding the approaches applied to incorporate LLMs with cybersecurity tools and the strengths and limitations of these tools based on the identified methodologies. The methods were reviewed and classified into Training and Adaptation Methods, Integration and Deployment Methods, and Inference and Utilization Techniques. After that, the accuracies of these methods were presented. The results show that fine-tuning and domain adaptation improves LLMs’ performance in cybersecurity tasks. In addition, fine-tuning, prompt engineering, and few-shot learning enhance models for specific tasks, making them more efficient in practical applications.