{"title":"基于混合图神经网络的PHP漏洞检测方法","authors":"Rishi Rabheru, Hazim Hanif, S. Maffeis","doi":"10.1109/DSC54232.2022.9888816","DOIUrl":null,"url":null,"abstract":"We validate our approach in the wild by discovering 4 novel vulnerabilities in established WordPress plugins. This paper presents DeepTective, a deep learning-based approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective outperformed other solutions, including recent machine learning-based vulnerability detection approaches, on both datasets. The gap is noticeable on the synthetic dataset, where our approach achieves very high classification performance, but grows even wider on the realistic dataset, where most existing tools fail to transfer their detection ability, whereas DeepTective achieves an F1 score of 88.12%.","PeriodicalId":368903,"journal":{"name":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-12-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities\",\"authors\":\"Rishi Rabheru, Hazim Hanif, S. Maffeis\",\"doi\":\"10.1109/DSC54232.2022.9888816\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We validate our approach in the wild by discovering 4 novel vulnerabilities in established WordPress plugins. This paper presents DeepTective, a deep learning-based approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective outperformed other solutions, including recent machine learning-based vulnerability detection approaches, on both datasets. The gap is noticeable on the synthetic dataset, where our approach achieves very high classification performance, but grows even wider on the realistic dataset, where most existing tools fail to transfer their detection ability, whereas DeepTective achieves an F1 score of 88.12%.\",\"PeriodicalId\":368903,\"journal\":{\"name\":\"2022 IEEE Conference on Dependable and Secure Computing (DSC)\",\"volume\":\"68 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-12-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE Conference on Dependable and Secure Computing (DSC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSC54232.2022.9888816\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE Conference on Dependable and Secure Computing (DSC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSC54232.2022.9888816","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities
We validate our approach in the wild by discovering 4 novel vulnerabilities in established WordPress plugins. This paper presents DeepTective, a deep learning-based approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective outperformed other solutions, including recent machine learning-based vulnerability detection approaches, on both datasets. The gap is noticeable on the synthetic dataset, where our approach achieves very high classification performance, but grows even wider on the realistic dataset, where most existing tools fail to transfer their detection ability, whereas DeepTective achieves an F1 score of 88.12%.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
