*Result*: PRWHA: RGB Image-Based Hybrid Attention for Cross-File SQLI/XSS Vulnerability Detection in PHP Web Applications.

*As the most widely used server-side programming language for web applications, PHP has a large number of SQL injection (SQLI) and cross-site scripting (XSS) vulnerabilities that are exploited maliciously, making the detection of such vulnerabilities increasingly critical. Existing source code detection methods suffer from issues such as uncleaned redundant information, limited representation dimensions and poor detection performance. To address these challenges, we propose a PHP vulnerability detection method based on RGB image representation and hybrid attention mechanisms — PHP ResNet with Hybrid Attention (PRWHA). First, PRWHA marks the input sources and sensitive functions, constructs data flow and control flow graphs between source and sink points and adds function call edges. This method uniquely identifies nodes in the graph using filenames and line numbers to enable inter-procedural and cross-file detection. Next, it leverages both the topological information (including data flow, control flow and function call relationships) and textual information of the code's graph structure to generate RGB images. These images are then processed by a ResNet-50 model enhanced with a hybrid attention layer to detect SQLI and XSS vulnerabilities. To validate the effectiveness of PRWHA, we evaluated it on both publicly available datasets and real-world software datasets. The results demonstrate that PRWHA outperforms traditional methods as well as other machine learning, deep learning and Large Language Model (LLM)-based detection approaches. On the public dataset, PRWHA achieved an accuracy of 99.00% and an F1-score of 97.13% on the test set. On the real-world software dataset, it achieved an accuracy of 73% and a vulnerability detection rate of approximately 83.67%. [ABSTRACT FROM AUTHOR]

Copyright of International Journal of Software Engineering & Knowledge Engineering is the property of World Scientific Publishing Company and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)*