燕山大学学报2026,Vol.50Issue(3):220-230,11.DOI:10.3969/j.issn.1007-791X.2026.03.004
基于异构图神经网络的PHP污点型漏洞检测方法
PHP taint-style vulnerability detection method based on heterogeneous graph neural networks
摘要
Abstract
PHP's lack of built-in validation functions and user-interactive nature leads to widespread taint-style vulnerabilities.While graph neural networks improve detection accuracy,code property graphs often introduce redundancy,resulting in high false positives/negatives.For this purpose,a PHP taint-style vulnerability detection method named HG-VulD(Heterogeneous Graph-Vulnerability Detection)is proposed,which is based on sub-property graphs and heterogeneous graph neural networks.Sub-Property Graph(SPG)retains vulnerability-relevant semantics and structure by reverse traversal(sinks to sources),removing irrelevant nodes to reduce complexity.HG-VulD encodes code nodes via semantic and type features,using Heterogeneous Graph Neural Networks(HGNN)to independently learn syntax(Abstract Syntax Tree,AST),control flow(Control Flow Graph,CFG),and dependency information(Program Dependence Graph,PDG),with attention-based edge aggregation enhancing classification.Evaluations on a 260 k-file synthetic dataset show 96.05%F1,surpassing RIPS,WAP,and VulEye.Real-world tests achieve 73.82%(XSS)and 67.81%(SQLI)accuracy,demonstrating practical generalization.关键词
污点型漏洞检测/图神经网络/PHP/代码属性图Key words
taint-style vulnerability detection/graph neural network/PHP/code property graph分类
信息技术与安全科学引用本文复制引用
宋晓飞,刘帅,薛文琪,任蓉,张炳..基于异构图神经网络的PHP污点型漏洞检测方法[J].燕山大学学报,2026,50(3):220-230,11.基金项目
国家自然科学基金资助项目(62376240) (62376240)
河北省科技计划资助项目(226Z0701G,236Z0304G) (226Z0701G,236Z0304G)
河北省自然科学基金资助项目(F2022203026,F2022203089,F2023203026) (F2022203026,F2022203089,F2023203026)
燕山大学基础创新科研培育资助项目(2024LGZD004) (2024LGZD004)
