Litcius/Paper detail

DeepTective

Rishi Rabheru, Hazim Hanif, Sergio Maffeis

202115 citationsDOI

Abstract

This paper presents DeepTective, a deep learning-based approach to detect vulnerabilities in PHP source code. DeepTective implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. Experimental results show that our model outperformed related solutions on both synthetic and realistic datasets, and was able to discover 4 novel vulnerabilities in established WordPress plugins.

Topics & Concepts

Computer sciencePlug-inCross-site scriptingSource codeGraphCode (set theory)Artificial intelligenceConvolutional neural networkProgramming languageInformation retrievalWorld Wide WebTheoretical computer scienceWeb serviceSet (abstract data type)Web developmentWeb application securityWeb Application Security VulnerabilitiesSoftware Engineering ResearchAdvanced Malware Detection Techniques