A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

2022 IEEE Conference on Dependable and Secure Computing (DSC)(2022)

Cited 9|Views33
No score
We validate our approach in the wild by discovering 4 novel vulnerabilities in established WordPress plugins. This paper presents DeepTective, a deep learning-based approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective outperformed other solutions, including recent machine learning-based vulnerability detection approaches, on both datasets. The gap is noticeable on the synthetic dataset, where our approach achieves very high classification performance, but grows even wider on the realistic dataset, where most existing tools fail to transfer their detection ability, whereas DeepTective achieves an F1 score of 88.12%.
Translated text
Key words
Vulnerability detection,PHP vulnerabilities,Graph neural networks,Software security
AI Read Science
Must-Reading Tree
Generate MRT to find the research sequence of this paper
Chat Paper
Summary is being generated by the instructions you defined