Labelled Vulnerability Dataset on Android Source Code (LVDAndro) to Develop AI-Based Code Vulnerability Detection Models

Janaka Senanayake; Janaka Senanayake; Harsha Kalutarage; Mhd Omar Al-Kadri; Luca Piras; Andrei Petrovski

doi:10.5220/0012060400003555

Labelled Vulnerability Dataset on Android Source Code (LVDAndro) to Develop AI-Based Code Vulnerability Detection Models

Janaka Senanayake, Janaka Senanayake, Harsha Kalutarage, Mhd Omar Al-Kadri, Luca Piras, Andrei Petrovski

2023

Abstract

Ensuring the security of Android applications is a vital and intricate aspect requiring careful consideration during development. Unfortunately, many apps are published without sufficient security measures, possibly due to a lack of early vulnerability identification. One possible solution is to employ machine learning models trained on a labelled dataset, but currently, available datasets are suboptimal. This study creates a sequence of datasets of Android source code vulnerabilities, named LVDAndro, labelled based on Common Weakness Enumeration (CWE). Three datasets were generated through app scanning by altering the number of apps and their sources. The LVDAndro, includes over 2,000,000 unique code samples, obtained by scanning over 15,000 apps. The AutoML technique was then applied to each dataset, as a proof of concept to evaluate the applicability of LVDAndro, in detecting vulnerable source code using machine learning. The AutoML model, trained on the dataset, achieved accuracy of 94% and F1-Score of 0.94 in binary classification, and accuracy of 94% and F1-Score of 0.93 in CWE-based multi-class classification. The LVDAndro dataset is publicly available, and continues to expand as more apps are scanned and added to the dataset regularly. The LVDAndro GitHub Repository also includes the source code for dataset generation, and model training.

Download

Paper Citation

in Harvard Style

Senanayake J., Kalutarage H., Al-Kadri M., Piras L. and Petrovski A. (2023). Labelled Vulnerability Dataset on Android Source Code (LVDAndro) to Develop AI-Based Code Vulnerability Detection Models. In Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-666-8, SciTePress, pages 659-666. DOI: 10.5220/0012060400003555

in Bibtex Style

@conference{secrypt23,
author={Janaka Senanayake and Harsha Kalutarage and Mhd Omar Al-Kadri and Luca Piras and Andrei Petrovski},
title={Labelled Vulnerability Dataset on Android Source Code (LVDAndro) to Develop AI-Based Code Vulnerability Detection Models},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2023},
pages={659-666},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012060400003555},
isbn={978-989-758-666-8},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Labelled Vulnerability Dataset on Android Source Code (LVDAndro) to Develop AI-Based Code Vulnerability Detection Models
SN - 978-989-758-666-8
AU - Senanayake J.
AU - Kalutarage H.
AU - Al-Kadri M.
AU - Piras L.
AU - Petrovski A.
PY - 2023
SP - 659
EP - 666
DO - 10.5220/0012060400003555
PB - SciTePress