The growing use of the web has led to a rise in cyber attacks exploiting software vulnerabilities, thereby causing significant damage to companies and individuals. Static analysis tools can assist programmers in ident...
详细信息
ISBN:
(纸本)9798350368567;9798350368550
The growing use of the web has led to a rise in cyber attacks exploiting software vulnerabilities, thereby causing significant damage to companies and individuals. Static analysis tools can assist programmers in identifying vulnerabilities within their code. However, these tools are prone to producing false positives and lack precision, which relegates them to a somewhat marginalised role in software development. This paper proposes a new and more effective static analysis approach for assessing and evaluating web applications against vulnerabilities by using a knowledge-based multi-agent system web vulnerability detector called KAVE. The multi-agent system performs static taint analysis over a specially designed multi-layer knowledge graph, whereas this graph aggregates diverse interconnected representations of the lexical and semantic features of the application's source code, their data and control flows, and function calls. Additionally, this graph integrates security properties associated with vulnerabilities. The evaluation results of KAVE and comparison with existing tools showed that KAVE employs an effective and efficient method to detect vulnerabilities in web applications, finding 235 vulnerabilities with a precision of 95.9% over 12 open-source PHP web applications.
暂无评论