A carregar...
Publicação
Detect Web Vulnerabilities Using Knowledge Graphs
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 1.03 MB | Adobe PDF |
Resumo(s)
The increasing reliance on the web for various applications has led to an increase in
the number of web-based attacks and vulnerabilities. When exploited, such vulnerabilities as Cross-site Scripting (XSS) and SQL injection (SQLi) can cause severe damage to
companies, such as theft of vast amounts of user credentials and access to undue data. One
of the most used methods to detect web vulnerabilities is static analysis, which analyzes
all application code without running it, which is beneficial so the code can be corrected
prior to execution, but at the same time a complex task.
This dissertation presents a novel approach for detecting vulnerabilities in PHP web
applications by developing a knowledge-based agent-system vulnerability detector (KAVe).
The system aims to improve upon existing vulnerability detection tools by incorporating knowledge graphs generated by combining the most important part of multiple code
property graphs to be then navigated by a multi-agent system that will perform taint analysis to efficiently identify potential security weaknesses. The study objectives include
code parsing and analysis, graph construction, knowledge graph creation, graph pruning,
multi-agent navigation, vulnerability detection, validation, and comparison with existing
tools.
The results demonstrate that KAVe provides a more effective and efficient method for
detecting vulnerabilities in PHP web applications, contributing to the web security field
and offering a valuable tool for developers and security professionals. The tool found 169
vulnerabilities over 12 open-source web applications, with a precision of 98.81%.
Descrição
Tese de mestrado, Engenharia Informática, 2023, Universidade de Lisboa, Faculdade de Ciências
Palavras-chave
vulnerabilidades em aplicações web análise estática grafos de propriedades de funções grafos de conhecimento sistemas multiagente Teses de mestrado - 2023