Deep Learning-Based Framework for Automated Vulnerability Detection in Android Applications

Identifying vulnerabilities is essential for safeguarding software systems against cyber attacks. It becomes particularly crucial to pinpoint the specific vulnerable functions within the source code to facilitate their remediation. Nonetheless, this process is both challenging and time-consuming, demanding specialized security expertise. Also, the publicly available vulnerability datasets are relatively scarce. To address the issue we propose a systematic, language-independent framework for automated vulnerability detection in applications. We have curated a large dataset of open-source binaries containing both vulnerable and non-vulnerable samples. This dataset is labelled using relevant findings from hybrid analyzer that highlight potential exploit indicators, aiming to enhance existing labeled vulnerability datasets which is publicly available. Deep learning methodology is applied to detect potential vulnerabilities by treating source code extracted from large number of binaries as natural language text. We employ the word tokenizer with CNN and BERT tokenizer with CNN models to detect function-level vulnerabilities in real source code. Our experimental results demonstrate the effectiveness of the proposed framework in accurately identifying vulnerabilities in source code, thereby enhancing the protection of applications against cyber attacks.