DC Field | Value | Language |
---|---|---|
dc.contributor.author | Seongil Wi | ko |
dc.contributor.author | Woo, Sijae | ko |
dc.contributor.author | Whang, Joyce Jiyoung | ko |
dc.contributor.author | Son, Sooel | ko |
dc.date.accessioned | 2022-09-27T13:00:50Z | - |
dc.date.available | 2022-09-27T13:00:50Z | - |
dc.date.created | 2022-09-26 | - |
dc.date.created | 2022-09-26 | - |
dc.date.created | 2022-09-26 | - |
dc.date.created | 2022-09-26 | - |
dc.date.created | 2022-09-26 | - |
dc.date.created | 2022-09-26 | - |
dc.date.created | 2022-09-26 | - |
dc.date.issued | 2022-04-26 | - |
dc.identifier.citation | The 31st ACM World Wide Web Conference, pp.755 - 766 | - |
dc.identifier.uri | http://hdl.handle.net/10203/298734 | - |
dc.description.abstract | A code property graph (CPG) is a joint representation of syntax, control flows, and data flows of a target application. Recent studies have demonstrated the promising efficacy of leveraging CPGs for the identification of vulnerabilities. It recasts the problem of implementing a specific static analysis for a target vulnerability as a graph query composition problem. It requires devising coarse-grained graph queries that model vulnerable code patterns. Unfortunately, such coarse-grained queries often leave vulnerabilities due to faulty input sanitization undetected. In this paper, we propose, a scalable system designed to identify various web vulnerabilities, including bugs that stem from incorrect sanitization. We designed to find a subgraph in a target CPG that matches a given CPG query having a known vulnerability, which is known as the subgraph isomorphism problem. To address the scalability challenge that stems from the NP-complete nature of this problem, leverages optimization techniques designed to boost the efficiency of matching vulnerable subgraphs. found confirmed vulnerabilities including CVEs among 2,464 potential vulnerabilities in real-world CPGs having a combined total of 1 billion nodes and 1.2 billion edges. | - |
dc.language | English | - |
dc.publisher | Association for Computing Machinery | - |
dc.title | HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs | - |
dc.type | Conference | - |
dc.identifier.wosid | 000852713000076 | - |
dc.identifier.scopusid | 2-s2.0-85129819591 | - |
dc.type.rims | CONF | - |
dc.citation.beginningpage | 755 | - |
dc.citation.endingpage | 766 | - |
dc.citation.publicationname | The 31st ACM World Wide Web Conference | - |
dc.identifier.conferencecountry | FR | - |
dc.identifier.conferencelocation | Virtual | - |
dc.identifier.doi | 10.1145/3485447.3512235 | - |
dc.contributor.localauthor | Whang, Joyce Jiyoung | - |
dc.contributor.localauthor | Son, Sooel | - |
dc.contributor.nonIdAuthor | Woo, Sijae | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.