Grants and Contributions:

Back to search

Title:

Improving Static Code Analysis Using Machine Learning Methods

Agreement Number:

EGP

Agreement Value:

$25,000.00

Agreement Date:

Nov 8, 2017 -

Organization:

Natural Sciences and Engineering Research Council of Canada

Location:

Ontario, CA

Reference Number:

GC-2017-Q3-00627

Agreement Type:

Grant

Report Type:

Grants and Contributions

Additional Information:

Grant or Award spanning more than one fiscal year (2017-2018 to 2018-2019).

Recipient's Legal Name:

Guo, Yuhong (Carleton University)

Program:

Engage Grants for universities

Program Purpose:

Verifying computer programs is expensive and difficult. The available empirical tests are oftenx000D
time-consuming and ad-hoc providing only a fragmented understanding of the program being analyzed. Staticx000D
code analysis, which performs computer program debugging by examining the source code without explicitlyx000D
executing the program, is an invaluable asset for evaluating programs. However, most existing static analysisx000D
tools have major drawback of producing unmanageable number of false positives, while requiring significantx000D
costly manual interventions. This research project addresses this problem by developing machine learningx000D
approaches that increase the agent's ability to detect false vulnerabilities and induce more reliable staticx000D
analyzers. The project will provide a tangible benefit to the development of Software Secured's flagshipx000D
product Omega and their clients who will save countless man-hours currently spent triaging false positives.x000D
It also will have a significant impact on improving the quality of complex softwares in general.