A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities
Rishi Rabheru, Hazim Hanif, Sergio Maffeis
TL;DR
This paper introduces DeepTective, a hybrid deep learning model combining Gated Recurrent Units and Graph Convolutional Networks to effectively detect PHP code vulnerabilities like SQLi, XSS, and OSCI, outperforming existing methods.
Contribution
The paper proposes a novel hybrid deep learning approach that leverages syntactic and semantic features for PHP vulnerability detection, validated on synthetic and real-world datasets.
Findings
Achieves near-perfect classification on synthetic data
Attains an F1 score of 88.12% on real-world data
Discovers 4 new vulnerabilities in WordPress plugins
Abstract
This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective achieves near perfect classification on the synthetic dataset, and an F1 score of 88.12% on the realistic dataset, outperforming related approaches. We validate DeepTective in the wild by discovering 4 novel vulnerabilities in established WordPress plugins.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsGraph Convolutional Networks