English

A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities

Cryptography and Security 2023-06-21 v1 Machine Learning

Abstract

This paper presents DeepTective, a deep learning approach to detect vulnerabilities in PHP source code. Our approach implements a novel hybrid technique that combines Gated Recurrent Units and Graph Convolutional Networks to detect SQLi, XSS and OSCI vulnerabilities leveraging both syntactic and semantic information. We evaluate DeepTective and compare it to the state of the art on an established synthetic dataset and on a novel real-world dataset collected from GitHub. Experimental results show that DeepTective achieves near perfect classification on the synthetic dataset, and an F1 score of 88.12% on the realistic dataset, outperforming related approaches. We validate DeepTective in the wild by discovering 4 novel vulnerabilities in established WordPress plugins.

Keywords

Cite

@article{arxiv.2012.08835,
  title  = {A Hybrid Graph Neural Network Approach for Detecting PHP Vulnerabilities},
  author = {Rishi Rabheru and Hazim Hanif and Sergio Maffeis},
  journal= {arXiv preprint arXiv:2012.08835},
  year   = {2023}
}

Comments

A poster version of this paper appeared as https://doi.org/10.1145/3412841.3442132

R2 v1 2026-06-23T21:00:38.524Z