Title :
MARFCAT: Fast code analysis for defects and vulnerabilities
Author :
Mokhov, Serguei A. ; Paquet, Joey ; Debbabi, Mourad
Author_Institution :
Dept. of Comput. Sci. & Software Eng., Concordia Univ., Montreal, QC, Canada
Abstract :
We present a fast machine-learning approach to static code analysis and fingerprinting for weaknesses related to security, software engineering, and others using the open-source MARF framework and its MARFCAT application. We used the NIST´s SATE IV static analysis tool exposition workshop´s data sets that included popular open-source projects and large synthetic sets as test cases. To aid detection of weak or vulnerable code, including source or binary on different platforms the machine learning approach proved to be fast and accurate to for such tasks where other tools are either much slower or have much smaller recall of known vulnerabilities. We use signal processing techniques in our approach to accomplish the classification tasks. MARFCAT´s design is independent of the language being analyzed, source code, bytecode, or binary.
Keywords :
learning (artificial intelligence); pattern classification; program diagnostics; signal processing; MARF-based Code Analysis Tool; MARFCAT; NIST; SATE IV; defects; fingerprinting; machine-learning; open-source MARF framework; open-source projects; signal processing techniques; static analysis tool exposition workshop data sets; static code analysis; vulnerabilities; Algorithm design and analysis; Feature extraction; Indexes; Java; NIST; Testing; Wavelet transforms; MARFCAT; signal processing; static code analysis;
Conference_Titel :
Software Analytics (SWAN), 2015 IEEE 1st International Workshop on
Conference_Location :
Montreal, QC
DOI :
10.1109/SWAN.2015.7070488
