Browse wiki

From Navigators

Jump to: navigation, search
Publication:TR 22
Abstract Web applications continue to be a favourit Web applications continue to be a favourite target for hackers due to a combination of wide adoption and rapid deployment cycles, which often lead to the introduction of high-impact vulnerabilities. Static analysis tools are important to search for vulnerabilities automatically in the program source code, supporting developers in their removal. However, building these tools requires programming the knowledge on how to discover the vulnerabilities. This paper presents an alternative approach in which tools learn to detect flaws automatically by resorting to artificial intelligence concepts, more concretely to natural language processing. The approach employs a sequence model to learn to characterize vulnerabilities based on an annotated corpus. Afterwards, the model is utilized to discover and identify vulnerabilities in the source code. It was implemented in the DEKANT tool and evaluated experimentally with a large set of PHP applications and WordPress plugins. Overall, we found several thousand vulnerabilities belonging to 15 classes of input validation vulnerabilities, where 4143 of them were zero-day. ilities, where 4143 of them were zero-day.
Author Ibéria Medeiros + , Nuno Neves + , Miguel Correia +
Journal IEEE Transactions on Reliability  +
Key TR 22  +
Month jan  +
NumPubDate 2,022.01  +
Project Project:SEAL +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Statically Detecting Vulnerabilities by Processing Programming Languages as Natural Language  +
Type article  +
Year 2022  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 24 August 2022 17:00:26  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.
Personal tools
Navigators toolbox