“DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities”
in Proceedings of the International Symposium on Software Testing and Analysis (ISSTA), Jul. 2016.
Abstract: The state of web security remains troubling as web applications continue to be favorite targets of hackers. Static analysis tools are important mechanisms for programmers to deal with this problem as they search for vulnerabilities automatically in the application source code, allowing programmers to remove them. However, developing these tools requires explicitly coding knowledge about how to discover each kind of vulnerability. This paper presents a new approach in which static analysis tools learn to detect vulnerabilities automatically using machine learning. The approach uses a sequence model to learn to characterize vulnerabilities based on a set of annotated source code slices. This model takes into consideration the order in which the code elements appear and are executed in the slices. The model created can then be used as a static analysis tool to discover and identify vulnerabilities in source code. The approach was implemented in the DEKANT tool and evaluated experimentally with a set of open source PHP applications and WordPress plugins, ﬁnding 16 zero-day vulnerabilities.
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)