Publicação
Detecting Web Vulnerabilities in an Intermediate Language by Resorting to Machine Learning Techniques
| Resumo: | The number of vulnerabilities has grown exponentially over the last years, with SQL Injection being especially troublesome for web applications. In parallel, novel research has shown the potential of Machine Learning to find vulnerabilities, which can aid experts to reduce the search space or even classify programs on its own. Previous work, however, rarely includes SQL Injection or considers popular serverside languages for web application development like PHP. In our work, we construct a Deep Learning model capable of classifying PHP excerpts as vulnerable (or not) to SQL Injection. We use an intermediate language to represent the excerpts and interpret them as text, resorting to well-studied Natural Language Processing techniques. This work can help back-end programmers discover SQL Injection in an early stage of the project, avoiding attacks that would eventually cost a lot to repair their damage. We also investigate which information should be fed to the model. Hence, we built four datasets (the Opcode Dataset, the Opcode+Operand Dataset, the Slice Dataset, and the Simplified Slice Dataset) from the bytecode dataset that represent each PHP excerpt differently. This approach is a simpler alternative to complex data structures previously used to represent code’s control flow. For each of those datasets, we performed several experiments to evaluate alternative configurations for the model. For all datasets, we managed to find a setting that leads to a score, on average, above 60% for the accuracy, precision, and recall. |
|---|---|
| Autores principais: | Fidalgo, Ana Maria Dias |
| Assunto: | Vulnerabilidades web Deteção de vulnerabilidades Segurança de software Processamento de linguagem natural Aprendizagem profunda Teses de mestrado - 2020 |
| Ano: | 2020 |
| País: | Portugal |
| Tipo de documento: | dissertação de mestrado |
| Tipo de acesso: | acesso aberto |
| Instituição associada: | Universidade de Lisboa |
| Idioma: | inglês |
| Origem: | Repositório da Universidade de Lisboa |
Registos relacionados
A Hybrid Machine Learning System for Vulnerability Detection in Web Applications
por: Oliveira, Miguel César de Albuquerque
Publicado em: (2024)
por: Oliveira, Miguel César de Albuquerque
Publicado em: (2024)
Code Privacy in Detection of Web Vulnerabilities
por: Martins, Jorge Mota
Publicado em: (2023)
por: Martins, Jorge Mota
Publicado em: (2023)
Development of a Website for Creation of Vulnerability Datasets
por: Ferreira, Miguel Pinto da Silva
Publicado em: (2024)
por: Ferreira, Miguel Pinto da Silva
Publicado em: (2024)
Protecting Web applications with secure code by identifying and removing vulnerabilities using similarity techniques
por: Prates, David António Cota
Publicado em: (2025)
por: Prates, David António Cota
Publicado em: (2025)
Attacking web applications for dynamic discovering of vulnerabilities
por: Caseirito, João Manuel da Silva
Publicado em: (2022)
por: Caseirito, João Manuel da Silva
Publicado em: (2022)
Vulnerabilities detection at runtime and continuous auditing
por: Lourenço, Bruno Octávio Horta
Publicado em: (2020)
por: Lourenço, Bruno Octávio Horta
Publicado em: (2020)
Protecting web applications through secure code recommendations by identifying and removing vulnerabilities
por: Martins, Pedro Lima
Publicado em: (2024)
por: Martins, Pedro Lima
Publicado em: (2024)
Monitoring web applications for vulnerability discovery and removal under attack
por: Antunes, Paulo David Ferreira
Publicado em: (2018)
por: Antunes, Paulo David Ferreira
Publicado em: (2018)
VulnFix: Correção de Vulnerabilidades através de Grandes Modelos de Linguagem
por: Morais, Rita Rodrigues
Publicado em: (2025)
por: Morais, Rita Rodrigues
Publicado em: (2025)
Detect Web Vulnerabilities Using Knowledge Graphs
por: Ramires, Rafael Francisco Rosa Mesquita
Publicado em: (2023)
por: Ramires, Rafael Francisco Rosa Mesquita
Publicado em: (2023)
Improving vulnerability detection of wap
por: Falé, Miguel Amorim
Publicado em: (2017)
por: Falé, Miguel Amorim
Publicado em: (2017)
SecRush – New Generation Vulnerability Management Framework
por: Santana, Miguel Tomás Cabrita
Publicado em: (2023)
por: Santana, Miguel Tomás Cabrita
Publicado em: (2023)
Realistic Vulnerability Injections in PHP Web Applications
por: Vieira, Francisco José Marques
Publicado em: (2011)
por: Vieira, Francisco José Marques
Publicado em: (2011)
Invalidating web applications attacks by employing the right secure code
por: Morgado, Ricardo Jorge Graça
Publicado em: (2019)
por: Morgado, Ricardo Jorge Graça
Publicado em: (2019)
Detecting SQL Injection Vulnerabilities Using FreeST
por: Silvestre, António Rebelo Mendes
Publicado em: (2024)
por: Silvestre, António Rebelo Mendes
Publicado em: (2024)
Realistic vulnerability injections in PHP web applications
por: Vieira, Francisco José Marques
Publicado em: (2011)
por: Vieira, Francisco José Marques
Publicado em: (2011)
Detection of vulnerabilities and automatic protection for web applications
por: Medeiros, Ibéria
Publicado em: (2016)
por: Medeiros, Ibéria
Publicado em: (2016)
Software weaknesses detection using static-code analysis and machine learning techniques
por: Conté, Sana
Publicado em: (2023)
por: Conté, Sana
Publicado em: (2023)
Protecting Web Applications by Obfuscating Code using Text Steganography
por: Ferreira, Sérgio Filipe Almeida
Publicado em: (2024)
por: Ferreira, Sérgio Filipe Almeida
Publicado em: (2024)
Diversity of network traffic processing to discover attacks and vulnerabilities in Web applications
por: Branco, Rodrigo Pereira
Publicado em: (2024)
por: Branco, Rodrigo Pereira
Publicado em: (2024)
Imposição de Segurança em Aplicações Web a partir de Linguagem Intermédia
por: Moreira, Miguel Carvalho Fernandes e Simões
Publicado em: (2021)
por: Moreira, Miguel Carvalho Fernandes e Simões
Publicado em: (2021)
A Study of Commonsense Reasoning with Language Models
por: Branco, Ruben Miguel Rosa
Publicado em: (2021)
por: Branco, Ruben Miguel Rosa
Publicado em: (2021)
Fast scan, an improved approach using machine learning for vulnerability identification
por: Baptista, Tiago João Fernandes
Publicado em: (2022)
por: Baptista, Tiago João Fernandes
Publicado em: (2022)
Estudo de vulnerabilidades da plataforma re:dy
por: Garrido, André Filipe Sobreira
Publicado em: (2017)
por: Garrido, André Filipe Sobreira
Publicado em: (2017)
Vulnerability analysis and correction in the Faculdade de Ciências da Universidade de Lisboa's technological infrastructure
por: Rodrigues, Sergio Ferreira
Publicado em: (2023)
por: Rodrigues, Sergio Ferreira
Publicado em: (2023)
“Victim identification: emotional and vulnerability perception in the psychopath.”
por: Andrade, Catarina Fernandes
Publicado em: (2014)
por: Andrade, Catarina Fernandes
Publicado em: (2014)
Cyberthreat discovery in open source intelligence using deep learning techniques
por: Branco, Eunice Picareta
Publicado em: (2017)
por: Branco, Eunice Picareta
Publicado em: (2017)
Deteção e Correção Automática de Vulnerabilidades Recorrendo a Large Language Models
por: Santos, Duarte José Oliveira
Publicado em: (2024)
por: Santos, Duarte José Oliveira
Publicado em: (2024)
CSVMS - Cyber Security Vulnerability Management System
por: Miranda, João Rafael Xisto
Publicado em: (2020)
por: Miranda, João Rafael Xisto
Publicado em: (2020)
Aquiles2: Sistema Automático de Gestão de Vulnerabilidades para Cibersegurança v2
por: Fernandes, Miguel José Rodrigues Saldanha
Publicado em: (2023)
por: Fernandes, Miguel José Rodrigues Saldanha
Publicado em: (2023)
Sistema de Análise e Gestão de Vulnerabilidades: Implementação numa Instituição Bancária
por: Almeida, José Miguel Coutinho Marques de
Publicado em: (2019)
por: Almeida, José Miguel Coutinho Marques de
Publicado em: (2019)
Emotion detection in school failure prevention
por: Magalhães, Renata Sofia Vieira
Publicado em: (2024)
por: Magalhães, Renata Sofia Vieira
Publicado em: (2024)
Unsupervised neural machine translation between the Portuguese language and the Chinese and Korean languages
por: Ferreira, Catarina Francisca Nunes da Cruz
Publicado em: (2023)
por: Ferreira, Catarina Francisca Nunes da Cruz
Publicado em: (2023)
Desenvolvimento de um processo automático de gestão de vulnerabilidades de ciber segurança em ambientes de grande dimensão
por: Fernandes, Fábio Guimarães
Publicado em: (2019)
por: Fernandes, Fábio Guimarães
Publicado em: (2019)
Generating software tests to check for flaws and functionalities
por: Araújo, Francisco João Guimarães de Almeida
Publicado em: (2019)
por: Araújo, Francisco João Guimarães de Almeida
Publicado em: (2019)
Prioritization of Software and System Requirements through Natural Language Processing for Testing Software
por: Leitão, Vasco Mascarenhas Paula Bastos
Publicado em: (2021)
por: Leitão, Vasco Mascarenhas Paula Bastos
Publicado em: (2021)
Exploration of machine learning techniques for automatic optical inspection
por: Pessoa, Vanessa Catarina Costa
Publicado em: (2018)
por: Pessoa, Vanessa Catarina Costa
Publicado em: (2018)
Live2Work Project: increasing the chances for successful integration of people in situations of professional vulnerability - output1 presentation
por: Pinto, Joana Carneiro
Publicado em: (2019)
por: Pinto, Joana Carneiro
Publicado em: (2019)
Currículo, educação básica, ensino e formação humana em contexto de vulnerabilidades e desafios
por: Viana, Isabel Carvalho
Publicado em: (2018)
por: Viana, Isabel Carvalho
Publicado em: (2018)
Development of a web clinical management application
por: Cerqueira, Rúben Correia
Publicado em: (2023)
por: Cerqueira, Rúben Correia
Publicado em: (2023)