Knowledge Graph Based Semi-automatic Code Auditing System

Autor:	Chen Wei, Yin Hongji
Rok vydání:	2019
Předmět:	Computer science business.industry Audit computer.software_genre Global variable Data flow diagram Taint checking Knowledge graph Graph (abstract data type) Web application Data mining business Abstract syntax tree computer
Zdroj:	Science of Cyber Security ISBN: 9783030346362 SciSec
DOI:	10.1007/978-3-030-34637-9_17
Popis:	Aiming at detecting various vulnerabilities in Web application system based on PHP language, a semi-automatic code auditing system based on knowledge graph is proposed. Firstly, the abstract syntax tree of each file in the Web application system is constructed to extract the taint variables and function information from the abstract syntax tree and construct the global variable information. Secondly, the data flow information of each taint variable is analyzed accurately. Finally, the knowledge graph and code auditing technology are combined to construct and display the vulnerability information of the Web application system in the form of graph. Experiments and analysis results show that this detection method can well construct and display the data flow information of each taint variable and help auditors find common vulnerabilities in Web application systems more quickly.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::b3a23c160ee1cea7943a8807cbfd14a9 https://doi.org/10.1007/978-3-030-34637-9_17 Zobrazit plný text záznamu