SSRFSeek: An LLM-based Static Analysis Framework for Detecting SSRF Vulnerabilities in PHP Applications

SSRFSeek: An LLM-based Static Analysis Framework for Detecting SSRF Vulnerabilities in PHP Applications

연구 분야: Strategies

학회: 2025 IEEE 6th International Seminar on Artificial Intelligence, Networking and Information Technology (AINIT)

Server-side request Forgery (SSRF) vulnerabilities pose significant security risks to web applications, and the attack surface for SSRF continues to expand with the widespread adoption of microservices architecture and cloud services. However, existing research on SSRF vulnerability detection still has significant shortcomings, particularly the lack of systematic modeling for framework-specific implementations and precise analysis of complex code logic. This paper proposes SSRFSeek, a PHP static analysis framework based on large language models, to detect SSRF vulnerabilities in web applications. SSRFSeek consists of two phases: in the vulnerability modeling phase, a chain-of-thought-based document analysis method is used to guide the large language model in automatically extracting source and SSRF sink from API documentation; in the vulnerability analysis phase, taint analysis based on code property graphs is combined with taint flow effectiveness inference based on large language models to reduce false positives effectively. We evaluated SSRFSeek (built upon the DeepSeek R1 model) on 6 PHP applications, successfully identifying 2 known vulnerabilities and 5 previously unknown vulnerabilities while reducing the false positive rate by 41.7 %, confirming the framework's capability in SSRF vulnerability detection. All discovered vulnerabilities have been responsibly reported to the affected vendors and received 3 new CVE numbers.