Abstract
The vulnerability is a flaw in the system’s implementation which may result in severe consequences. The existence of these flaws should be detected and managed. There are several types of research which provide different solutions to detect these flaws through static analysis of the original source codes. Static analysis process has many disadvantages, some of them are; slower than compilation and produce high false positive rate. In this project, we introduce a prediction technique using the output of one of the LLVM passes; “InstCount”. A classifier was built based on the output of this pass on 500 source codes written in C and C++ languages with 88% of accuracy. A comparison between our classifier and Clang static analyzer showed that the classifier super performed to predict the existence of memory leak and Null pointers. The experiment also showed that this classifier could be applied or integrated with static analysis tools for more efficient results.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Hughes, J., Cybenko, G.: Three tenets for secure cyber-physical system design and assessment. In: Cyber Sensing 2014, vol. 9097, p. 90970A. International Society for Optics and Photonics (2014)
Eigler, F.C.: Mudflap: Pointer use checking for C/C++ (2003)
Flawfinder. http://www.dwheeler.com/flawfinder/
Clang Static Analyzer. http://clang-analyzer.llvm.org/
The LLVM Compiler. Infrastructure. http://llvm.org/
Viega, J., Bloch, J.T., Kohno, Y., McGraw, G.: Its4: a static vulnerability scanner for C and C++ code. In: 16th Annual Conference on Computer Security Applications, ACSAC 2000, pp. 257–267. IEEE (2000)
Shin, Y., Williams, L.: Is complexity really the enemy of software security? In: Proceedings of the 4th ACM Workshop on Quality of Protection, pp. 47–50. ACM (2008)
Chowdhury, I., Zulkernine, M.: Using complexity, coupling, and cohesion metrics as early indicators of vulnerabilities. J. Syst. Architect. 57(3), 294–313 (2011)
Mizuno, O., Ikami, S., Nakaichi, S., Kikuno, T.: Spam filter based approach for finding fault-prone software modules. In: Proceedings of the Fourth International Workshop on Mining Software Repositories, p. 4. IEEE Computer Society (2007)
Aversano, L., Cerulo, L., Del Grosso, C.: Learning from bug-introducing changes to prevent fault prone code. In: Ninth International Workshop on Principles of Software Evolution: in Conjunction with the 6th ESEC/FSE Joint Meeting, pp. 19–26. ACM (2007)
Scandariato, R., Walden, J., Hovsepyan, A., Joosen, W.: Predicting vulnerable software components via text mining. IEEE Trans. Softw. Eng. 40(10), 993–1006 (2014)
National Institute of Standards and Technology. http://www.nist.gov
Mathematics Source Library C & ASM. http://www.mymathlib.com
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix
Appendix
Confusion matrix.
Confusion matrix for vulnerable source codes.
Sample of the output of new instcount pass.
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Darwish, O., Maabreh, M., Karajeh, O., Alsinglawi, B. (2019). Source Codes Classification Using a Modified Instruction Count Pass. In: Barolli, L., Takizawa, M., Xhafa, F., Enokido, T. (eds) Web, Artificial Intelligence and Network Applications. WAINA 2019. Advances in Intelligent Systems and Computing, vol 927. Springer, Cham. https://doi.org/10.1007/978-3-030-15035-8_88
Download citation
DOI: https://doi.org/10.1007/978-3-030-15035-8_88
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-15034-1
Online ISBN: 978-3-030-15035-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)