A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

12/16/2020
by   Rishi Rabheru, et al.
67

This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective achieves near perfect classification on the synthetic dataset, and an F1 score of 88.12 the realistic dataset, outperforming related approaches. We validate DeepTective in the wild by discovering 4 novel vulnerabilities in established WordPress plugins.

READ FULL TEXT
research
11/15/2022

A Hierarchical Deep Neural Network for Detecting Lines of Codes with Vulnerabilities

Software vulnerabilities, caused by unintentional flaws in source codes,...
research
03/05/2022

MVD: Memory-Related Vulnerability Detection Based on Flow-Sensitive Graph Neural Networks

Memory-related vulnerabilities constitute severe threats to the security...
research
06/15/2020

Learning to map source code to software vulnerability using code-as-a-graph

We explore the applicability of Graph Neural Networks in learning the nu...
research
02/05/2022

GraphEye: A Novel Solution for Detecting Vulnerable Functions Based on Graph Attention Network

With the continuous extension of the Industrial Internet, cyber incident...
research
02/20/2021

Spotting Silent Buffer Overflows in Execution Trace through Graph Neural Network Assisted Data Flow Analysis

A software vulnerability could be exploited without any visible symptoms...
research
09/15/2023

Silent Vulnerability-fixing Commit Identification Based on Graph Neural Networks

The growing dependence of software projects on external libraries has ge...
research
12/20/2021

VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements

Automatically locating vulnerable statements in source code is crucial t...

Please sign up or login with your details

Forgot password? Click here to reset