Source codes classification using a modified instruction count pass

Authors

• Omar Darwish, Eastern Michigan University
• Majdi Maabreh, Hashemite University, Jordan
• Ola Karajeh, Virginia Polytechnic Institute and State University
• Belal Alsinglawi, Western Sydney University, Australia

Document Type

Conference Proceeding

Publication Date

2019

Department/School

Information Security and Applied Computing

Publication Title

Web, Artificial Intelligence and Network Applications

Abstract

The vulnerability is a flaw in the system’s implementation which may result in severe consequences. The existence of these flaws should be detected and managed. There are several types of research which provide different solutions to detect these flaws through static analysis of the original source codes. Static analysis process has many disadvantages, some of them are; slower than compilation and produce high false positive rate. In this project, we introduce a prediction technique using the output of one of the LLVM passes; “InstCount”. A classifier was built based on the output of this pass on 500 source codes written in C and C++ languages with 88% of accuracy. A comparison between our classifier and Clang static analyzer showed that the classifier super performed to predict the existence of memory leak and Null pointers. The experiment also showed that this classifier could be applied or integrated with static analysis tools for more efficient results.

Comments

O. Darwish is a faculty member in EMU's School of Information Security and Applied Computing.

Recommended Citation

Darwish, O., Maabreh, M., Karajeh, O., & Alsinglawi, B. (2019). Source codes classification using a modified instruction count pass. In L. Barolli, M. Takizawa, F. Xhafa, & T. Enokido (Eds.), Web, Artificial Intelligence and Network Applications (pp. 897–906). Springer International. https://doi.org/10.1007/978-3-030-15035-8_88