Scribd
Upload
24 views13 pages

A Hybrid / Novel Approach To Analyse Vulnerabilities in Software Applications Using Deep Learning Methods

The document discusses using deep learning methods to analyze software vulnerabilities. It reviews previous approaches and their limitations. The proposed method is to use deep neural networks and hybrid classification to automatically predict vulnerabilities over time by feeding both static and dynamic artifacts together during training.

Uploaded by

afrin.anjum2020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as KEY, PDF, TXT or read online on Scribd
24 views13 pages

A Hybrid / Novel Approach To Analyse Vulnerabilities in Software Applications Using Deep Learning Methods

The document discusses using deep learning methods to analyze software vulnerabilities. It reviews previous approaches and their limitations. The proposed method is to use deep neural networks and hybrid classification to automatically predict vulnerabilities over time by feeding both static and dynamic artifacts together during training.

Uploaded by

afrin.anjum2020
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as KEY, PDF, TXT or read online on Scribd
You are on page 1/ 13

A Hybrid / Novel approach to analyse vulnerabilities in

software applications using Deep Learning Methods


Afrin Anjum N Dr. Anil Kumar
20PHD0024 Associate Professor
SCOPE,VIT. SCOPE, VIT
Table Of Contents
Abstract
Android Platforms have been challenging these days because of the security
threats and risks. The number of security attacks have increased drastically
which causes more damage to the platform. It is important to defend the
systems from the various threats and attacks by developing a strong security
system. Though there are numerous researches in the area of android security
there is a gap in the field of study and research. Android Security have been
the core element which needs constant enhancements. The hybrid approach
using deep learning is proposed to overcome the limitations in the current
approaches.
Literature review
Year Title Proposed Methology Limitations

The proposed method is to


limit the app privileges.
DelDroid is tool implemented
to restrict the privileges in They cannot analyze
application without losing the obfuscated code nor ICC
Identifying vulnerabilities of SSL/TLS
functionality. It uses static calls made by native
2019 certificate verification in Android apps with
analysis method to analyse and binaries within an
static and dynamic analysis.
draw the privileges of every Android app leading to
module. Multiple-Domain- possible false positives
Matrix is used to detect
security privileges
spontaneously.

A detection method for


A detection method for android application It is only used to
android application security
2020 security based on TF-IDF and machine determine permission
based on TF-IDF and machine
learning. based security issues
learning.
Cont.
Year Title Proposed Methology Limitations

Vulvet is used to detect


vulnerable apps using byte
code instrumentation. It used
F-measure to reduce the false
Vulvet: Vetting of vulnerabilities in Higher number of false
2020 positive alarms using the
Android apps to thwart exploitation. positives rate
control flow trap method
which controls the statements
of code and validates it to
improve the accuracy
Metropolis algorithm is
proposed in this research
journal to analyse identify the
Security analysis of permission re-
2018 permissions of malicious
delegation vulnerabilities in Android apps
applications using machine
learning method of feature
classification.
Cont.
Year Title Proposed Methology Limitations

Static analysis the basic


information of metadata and
further transmission of data in
A novel hybrid method to analyze security an application through data It is limited to few
2020
vulnerabilities in android applications. analysis. To Eliminate false attacks.
positives in Dynamic analysis
it uses APIhook technique by
executing the scripts.
proposed approaches are based
on techniques of feature
extraction inspired by previous The used data are
applications of DL such as generated from a large
Deep Learning for Software Vulnerabilities automatic language processing.
2020 base of c/c++ open
Detection Using Code Metrics Code metrics were widely used source codes are not for
as features to build AVP models other software types.
based on classic machine
learning.
Cont.
Year Title Proposed Methology Limitations

The paper proposes a method


An Android Application Vulnerability of Android application
Mining Method Based On Static and High rate of false
2020 vulnerability mining based on
Dynamic Analysis positives
dynamic and static
combination.

This paper proposes an


integrated data mining
framework to automatically
A vulnerability analysis and describe how vulnerabilities Limited to predict
2020
prediction framework develop over time and detect the known vulnerabilities.
evolution of a specific
vulnerability.
Cont.
Year Title Proposed Methology Limitations

This paper uses API-calls and


system calls to train deep
Hybrid Analysis of Android Apps for learning models for security Works Limited to the
vetting of Android apps. In
2020
Security Vetting using Deep Learning particular, as the deep learning quality of data.
technology is experimented
with LSTM and its variants
Proposed Method

The Automatic vulnerability prediction method using deep neural


network can be implemented to analyse the evolving vulnerabilities
over time.

Regression Algorithms ,experiment with other approaches to hybrid


classification such as feeding both static and dynamic artifacts together
(with back-propagation) to train the model.
Hardware & Software Requirements
Plan of Action
Completion of required courses

Review article to SCI Indexed Journal

Detailed Literature Survey

Implementation

Analysing the results


References
Garg, S. and Baliyan, N., 2020. Android Security Assessment: A Review, Taxonomy and Research Gap Study. Computers & Security, p.102087.

Altuwaijri, H. and Ghouzali, S., 2020. Android data storage security: A review. Journal of King Saud University-Computer and Information Sciences, 32(5), pp.543-552.

Yuan, H., Tang, Y., Sun, W. and Liu, L., 2020. A detection method for android application security based on TF-IDF and machine learning. Plos one, 15(9), p.e0238694.

Yang, L., Zhi, Y., Wei, T., Yu, S. and Ma, J., 2019. Inference attack in Android Activity based on program fingerprint. Journal of Network and Computer Applications, 127, pp.92-
106.

Almomani, I.M. and Al Khayer, A., 2020. A Comprehensive Analysis of the Android Permissions System. IEEE Access, 8, pp.216671-216688.

Liu, Y., Liu, L., Liu, H., Gao, S. and Song, G., 2020. Recommending Security Requirements for the Development of Android Applications Based on Sensitive APIs. IEEE Access, 8,
pp.101591-101606.

Wang, Y., Xu, G., Liu, X., Mao, W., Si, C., Pedrycz, W. and Wang, W., 2020. Identifying vulnerabilities of SSL/TLS certificate verification in Android apps with static and dynamic
analysis. Journal of Systems and Software, 167, p.110609.

Hammad, M., Bagheri, H. and Malek, S., 2019. DelDroid: an automated approach for determination and enforcement of least-privilege architecture in android. Journal of Systems
and Software, 149, pp.83-100.

Mayrhofer, R., Stoep, J.V., Brubaker, C. and Kralevich, N., 2021. The android platform security model. ACM Transactions on Privacy and Security (TOPS), 24(3), pp.1-35.

Wu, T., Tang, L., Zhang, R., Wen, S., Paris, C., Nepal, S., Grobler, M. and Xiang, Y., 2019. Catering to your concerns: Automatic generation of personalised security-centric
descriptions for android apps. ACM Transactions on Cyber-Physical Systems, 3(4), pp.1-21.

Tang, J., Li, R., Wang, K., Gu, X. and Xu, Z., 2020. A novel hybrid method to analyze security vulnerabilities in android applications. Tsinghua Science and Technology, 25(5),
pp.589-603.
Thank You

You might also like