A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities
This work provides a more effective tool for developers and security researchers to identify common vulnerabilities in PHP applications, potentially improving software security.
This paper introduces DeepTective, a deep learning method for detecting SQLi, XSS, and OSCI vulnerabilities in PHP code. It achieves near-perfect classification on a synthetic dataset and an F1 score of 88.12% on a realistic dataset, outperforming existing methods.
This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective achieves near perfect classification on the synthetic dataset, and an F1 score of 88.12% on the realistic dataset, outperforming related approaches. We validate DeepTective in the wild by discovering 4 novel vulnerabilities in established WordPress plugins.