DeepTective
Rishi Rabheru, Hazim Hanif, Sergio Maffeis
Abstract
This paper presents DeepTective, a deep learning-based approach to detect vulnerabilities in PHP source code. DeepTective implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. Experimental results show that our model outperformed related solutions on both synthetic and realistic datasets, and was able to discover 4 novel vulnerabilities in established WordPress plugins.
Topics & Concepts
Computer sciencePlug-inCross-site scriptingSource codeGraphCode (set theory)Artificial intelligenceConvolutional neural networkProgramming languageInformation retrievalWorld Wide WebTheoretical computer scienceWeb serviceSet (abstract data type)Web developmentWeb application securityWeb Application Security VulnerabilitiesSoftware Engineering ResearchAdvanced Malware Detection Techniques