RecurScan: Detecting Recurring Vulnerabilities in PHP Web Applications
Keywords: clone detection; web vulnerability; program analysis
Abstract: Detecting recurring vulnerabilities has become a popular means of static vulnerability detection in recent years because they do not require labor-intensive vulnerability modeling.
Recently, a body of work, with HiddenCPG as a representative, has redefined the problem of statically identifying recurring vulnerabilities as the subgraph isomorphism problem.
More specifically, these approaches represent known vulnerable code as graph-based structures (e.g., PDG or CPG), and then identify subgraphs within target applications that match the vulnerable graphs.
However, since these methods are highly sensitive to changes in the code graph, they may miss a significant number of recurring vulnerabilities with slight code differences from known vulnerabilities.
In this paper, we propose a novel approach, namely RecurScan, which can accurately detect recurring vulnerabilities with resilience to code differences.
To achieve this goal, RecurScan works around security patches and symbolic tracking techniques, detecting recurring vulnerabilities by comparing symbolic expressions and selective constraints between the target applications and known vulnerabilities.
Benefiting from this design, RecurScan can tolerate the code differences arising from complex data or control flows within the applications.
We evaluated RecurScan on 200 popular PHP web applications using 184 known vulnerability patches. The results demonstrate that RecurScan discovered 232 previously unknown vulnerabilities, 89 of which were assigned CVE identifiers, outperforming state-of-the-art approach (i.e., HiddenCPG) by 25.98% in precision and 87.09% in recall.
Track: Security
Submission Guidelines Scope: Yes
Submission Guidelines Blind: Yes
Submission Guidelines Format: Yes
Submission Guidelines Limit: Yes
Submission Guidelines Authorship: Yes
Student Author: Yes
Submission Number: 1276
Loading