SlideShare a Scribd company logo

Ontology model for c overflow vulnerabilities attack

Download as PPTX, PDF
Nurul Haszeli Ahmad
Nurul Haszeli Ahmad

An Ontology Model for C Overflow Vulnerabilities Attack developed based on C Overflow Vulnerabilities Attack Taxonomy

Technology
1 of 18
Ontology Model for C-Overflow Vulnerabilities Attack NURUL HASZELI, SYED AHMAD ALJUNID, NORMALY KAMAL ISMAIL, MUTHUKKARUPPAN ANNAMALAI, SHAIFUL BAKHTIAR BIN RODZMAN Faculty of Computer & Mathematical Sciences, Universiti Teknologi MARA, Shah Alam, Malaysia 21st March 2020
Abstract 1. A proposal to model C-Overflow Vulnerabilities (COV) Attack using Ontology concept 2. The proposed model includes the relationship between the vulnerabilities and its properties (characteristics and behavior) 3. Many existing COV model ignore the relationship resulting of inefficiencies in detecting COV. 4. There are existing COV model that focus on relationship based on the symptoms rather than root cause resulting of false alarm. 5. Using Ontology Model to model the COV attack will resolved the above limitations does increase the accuracy in detecting COV. 6. The Ontology Model of COV Attack is comprises of 16 classes and 4 new object properties Ontology Model for C-Overflow Vulnerabilities Attack
Table of Contents 1.0 Introduction • 2.1 Ontology Framework Design • 2.2 Ontology Construction • 2.3 Result & Analysis 2.0 Research Method 3.0 Conclusion 4.0 Acknowledgement Ontology Model for C-Overflow Vulnerabilities Attack
1.0 Introduction ONTOLOGY MODEL FOR C-OVERFLOW VULNERABILITIES ATTACK
1.0 Introduction 1. Program analysis started in the early 70s for debugging, verifying and understanding computer systems and further extended as program analysis is used for security analysis to analyze software vulnerabilities within computer systems in the early 2000s. 2. Among all vulnerabilities, overflow vulnerabilities (OV) is the most prominent and predicted to continue its existence, with C Overflow Vulnerabilities (COV) as the most dangerous due to its behavior, lack of defensive and preventive measures. 3. There are 10 classes of COV based on its unique characteristics, behavior and trigger path. 4. There are many methods, techniques and tools introduce to combat COV. 5. Recently, ontology was brought into software security domain such as by H. Gomes in [13] and specifically for program analysis by Harshal et al in [14] to improve the effectiveness of COV detection. Ontology Model for C-Overflow Vulnerabilities Attack
1.0 Introduction .. continue 6. The use of ontology will help to capture the relationship between the classes and provide a readable specifications between the taxonomy and source code in a structure model [14]. This will enhance the analysis capability such as in [15] especially in a complicated source code or application in [16]. 7. The earliest and significant implementation of ontology method in static analysis was identified as by Ellison & Rosu in 2012 [18] and Hatthorn in 2015 [19]. 8. However, there are still shortcomings on the implementations. The ontology used was similar to constructing taxonomy and/or focusing on symptoms rather than root cause. This has reduced the effectiveness of the method (Alqahtani et al. in [20]) Ontology Model for C-Overflow Vulnerabilities Attack
2.0 Research Method ONTOLOGY MODEL FOR C-OVERFLOW VULNERABILITIES ATTACK
2.1 Ontology Framework Design Ontology Model for C- Overflow Vulnerabilities Attack
2.2 Ontology Construction 1. Ontology must be designed in intention to meet the purpose and reasons of their development (Shaharuddin et al in [21] ) 2. The ontology construction is started by identifying the additional classes based on the 10 attack classes. Based on that, it is extended with Activity, Function, Vulnerable Criteria, Location, Other Attack and Situation which is significant to the domain. Ontology Model for C-Overflow Vulnerabilities Attack Class Vulnerable Criteria Function Activity Location Other Attack Situations Array Out of Bound ✔ ✔ Unsafe Function ✔ ✔ ✔ ✔ Memory Function ✔ ✔ ✔ Table 1: The Example Extended Classes of C-Overflow Vulnerabilities for Ontology Construction
2.2 Ontology Construction.. continue 1. It is followed with the data collection and analysis according to the previous taxonomy in [22]. 2. Upon completed, the ontology is designed based on the step suggested by Noy, N. F., & McGuinness in [23]. 3. Once the design completed, it is constructed using a tool (Protégé) and finally, the ontology is verified using SPARQL query. Ontology Model for C-Overflow Vulnerabilities Attack
2.3 Result & Analysis Ontology Model for C-Overflow Vulnerabilities Attack With extended classes due to satisfying the ontology domain An Ontograph of Unsafe Function class in C-Overflow Vulnerabilities Attack
2.3 Result & Analysis… continue Ontology Model for C-Overflow Vulnerabilities Attack An example of hasCriteria and the criteria satisfying the domain for Array Out of Bound Vulnerabilities Attack Class
2.3 Result & Analysis… continue (result) 1. The method was based on work by Hamiz et al [24] and informal review with Dr. Hazrina binti Sofian from Faculty of Computer Science & Information Technology, Universiti Malaya. 2. Using SPARQL query to extract the information based on the constructed ontology. 3. Based on the evaluation, it shows that using ontology, reliable and significant information are possible to be extracted, thus allowing for accurate and effective analysis on COV. 4. Consequently, shown to us the classes and Object Properties that have been added on the C-Overflow Vulnerabilities Attack Ontology Model have its own purpose and can be utilized in further research and analysis due to it can provide the correct and right information.
3.0 Conclusion ONTOLOGY MODEL FOR C-OVERFLOW VULNERABILITIES ATTACK
3.0 Conclusion 1. Through the previous research, the researcher has identified the 10 types COV that can be the basis of the Classes with additional frequent classes related to the domain such as Activity, Function, Vulnerable Criteria, Location, Other Attack and Situation. 2. Furthermore, four object properties such as; afffectFunction, hasCriteria, hasPart, and hasSituation also have been added to link and provide the association among the classes. 3. Evaluation on the constructed ontology shown a promising technique in combating COV attacks. 4. Further research which shall includes an actual complete constructed C program and the development of static analysis program to analyze the code shall be implemented to prove the effectiveness of the ontology model. Ontology Model for C-Overflow Vulnerabilities Attack
4.0 Acknowledgement This research is funded by the Ministry of Education (MOE) Malaysia under FRGS Research Grant at Universiti Teknologi MARA, Shah Alam (600-IRMI/FRGS 5/3 (021/2017)). Ontology Model for C-Overflow Vulnerabilities Attack
Ontology Model for C-Overflow Vulnerabilities Attack
Ontology Model for C-Overflow Vulnerabilities Attack Nurul Haszeli Ahmad, Syed Ahmad Aljunid, Normaly Kamal Ismail, Muthukkaruppan Annamalai, Shaiful Bakhtiar bin Rodzman Ontology Model for C-Overflow Vulnerabilities Attack Faculty of Computer & Mathematical Sciences, Universiti Teknologi MARA, Shah Alam, Malaysia 21st March 2020

Recommended

Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...butest
 
50120140502017
5012014050201750120140502017
50120140502017IAEME Publication
 
Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Abhimanyu Mishra
 
Sta unit 4(abimanyu)
Sta unit 4(abimanyu)Sta unit 4(abimanyu)
Sta unit 4(abimanyu)Abhimanyu Mishra
 
Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Abhimanyu Mishra
 
Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...
Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...
Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...CSCJournals
 
SOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTES
SOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTESSOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTES
SOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTESsuthi
 
Unit1
Unit1Unit1
Unit1Abhimanyu Mishra
 

Recommended

Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...butest
 
50120140502017
5012014050201750120140502017
50120140502017IAEME Publication
 
Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Abhimanyu Mishra
 
Sta unit 4(abimanyu)
Sta unit 4(abimanyu)Sta unit 4(abimanyu)
Sta unit 4(abimanyu)Abhimanyu Mishra
 
Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Sta unit 2(abimanyu)
Sta unit 2(abimanyu)Abhimanyu Mishra
 
Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...
Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...
Comprehensive Testing Tool for Automatic Test Suite Generation, Prioritizatio...CSCJournals
 
SOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTES
SOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTESSOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTES
SOFTWARE QUALITY ASSURANCE AND TESTING - SHORT NOTESsuthi
 
Unit1
Unit1Unit1
Unit1Abhimanyu Mishra
 
Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Test design techniques
Test design techniquesTest design techniques
Test design techniquesGregory Solovey
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
Icsm19.ppt
Icsm19.pptIcsm19.ppt
Icsm19.pptYann-Gaël Guéhéneuc
 
Istqb Sample Questions
Istqb Sample QuestionsIstqb Sample Questions
Istqb Sample QuestionsRutwika Karankar
 
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?Shinpei Hayashi
 
Software testing
Software testingSoftware testing
Software testingBala Ganesh
 
FEB-08 ISTQB PAPER
FEB-08 ISTQB PAPERFEB-08 ISTQB PAPER
FEB-08 ISTQB PAPERSuhas Yerrapureddy
 
Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsLionel Briand
 
Istqb question-paper-dump-11
Istqb question-paper-dump-11Istqb question-paper-dump-11
Istqb question-paper-dump-11TestingGeeks
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET Journal
 
ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 Parul Chotalia
 
Đề thi mẫu 1(ISTQB)
Đề thi mẫu 1(ISTQB)Đề thi mẫu 1(ISTQB)
Đề thi mẫu 1(ISTQB)Jenny Nguyen
 
Topic 5 chapter 1
Topic 5 chapter 1Topic 5 chapter 1
Topic 5 chapter 1TestingGeeks
 
Software testing quiz questions and answers
Software testing quiz questions and answersSoftware testing quiz questions and answers
Software testing quiz questions and answersRajendraG
 
Zander diss
Zander dissZander diss
Zander dissJustyna Zander
 
Topic 5 chapter 3
Topic 5 chapter 3Topic 5 chapter 3
Topic 5 chapter 3TestingGeeks
 
Istqb question-paper-dump-2
Istqb question-paper-dump-2Istqb question-paper-dump-2
Istqb question-paper-dump-2TestingGeeks
 
SEP-07 ISTQB PAPER
SEP-07 ISTQB PAPERSEP-07 ISTQB PAPER
SEP-07 ISTQB PAPERSuhas Yerrapureddy
 
Specification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsSpecification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsIDES Editor
 
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...Nurul Haszeli Ahmad
 
Testing survey by_directions
Testing survey by_directionsTesting survey by_directions
Testing survey by_directionsTao He
 

More Related Content

What's hot

Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing TechniquesKiran Kumar
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?Shinpei Hayashi
 
Software testing
Software testingSoftware testing
Software testingBala Ganesh
 
Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsLionel Briand
 
Istqb question-paper-dump-11
Istqb question-paper-dump-11Istqb question-paper-dump-11
Istqb question-paper-dump-11TestingGeeks
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET Journal
 
ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 Parul Chotalia
 
Đề thi mẫu 1(ISTQB)
Đề thi mẫu 1(ISTQB)Đề thi mẫu 1(ISTQB)
Đề thi mẫu 1(ISTQB)Jenny Nguyen
 
Software testing quiz questions and answers
Software testing quiz questions and answersSoftware testing quiz questions and answers
Software testing quiz questions and answersRajendraG
 
Istqb question-paper-dump-2
Istqb question-paper-dump-2Istqb question-paper-dump-2
Istqb question-paper-dump-2TestingGeeks
 

What's hot (19)

Software Testing Techniques
Software Testing TechniquesSoftware Testing Techniques
Software Testing Techniques
 
Test design techniques
Test design techniquesTest design techniques
Test design techniques
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram
 
Icsm19.ppt
Icsm19.pptIcsm19.ppt
Icsm19.ppt
 
Istqb Sample Questions
Istqb Sample QuestionsIstqb Sample Questions
Istqb Sample Questions
 
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
 
Software testing
Software testingSoftware testing
Software testing
 
FEB-08 ISTQB PAPER
FEB-08 ISTQB PAPERFEB-08 ISTQB PAPER
FEB-08 ISTQB PAPER
 
Automated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web ApplicationsAutomated Inference of Access Control Policies for Web Applications
Automated Inference of Access Control Policies for Web Applications
 
Istqb question-paper-dump-11
Istqb question-paper-dump-11Istqb question-paper-dump-11
Istqb question-paper-dump-11
 
IRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine LearningIRJET- Effective Technique Used for Malware Detection using Machine Learning
IRJET- Effective Technique Used for Malware Detection using Machine Learning
 
ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3 ISTQB Foundation level Sample Paper - Part 3
ISTQB Foundation level Sample Paper - Part 3
 
Đề thi mẫu 1(ISTQB)
Đề thi mẫu 1(ISTQB)Đề thi mẫu 1(ISTQB)
Đề thi mẫu 1(ISTQB)
 
Topic 5 chapter 1
Topic 5 chapter 1Topic 5 chapter 1
Topic 5 chapter 1
 
Software testing quiz questions and answers
Software testing quiz questions and answersSoftware testing quiz questions and answers
Software testing quiz questions and answers
 
Zander diss
Zander dissZander diss
Zander diss
 
Topic 5 chapter 3
Topic 5 chapter 3Topic 5 chapter 3
Topic 5 chapter 3
 
Istqb question-paper-dump-2
Istqb question-paper-dump-2Istqb question-paper-dump-2
Istqb question-paper-dump-2
 
SEP-07 ISTQB PAPER
SEP-07 ISTQB PAPERSEP-07 ISTQB PAPER
SEP-07 ISTQB PAPER
 

Similar to Ontology model for c overflow vulnerabilities attack

Specification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsSpecification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsIDES Editor
 
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...Nurul Haszeli Ahmad
 
Testing survey by_directions
Testing survey by_directionsTesting survey by_directions
Testing survey by_directionsTao He
 
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...IEEEMEMTECHSTUDENTSPROJECTS
 
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...IEEEFINALYEARSTUDENTPROJECTS
 
Validation and Verification of SYSML Activity Diagrams Using HOARE Logic
Validation and Verification of SYSML Activity Diagrams Using HOARE Logic Validation and Verification of SYSML Activity Diagrams Using HOARE Logic
Validation and Verification of SYSML Activity Diagrams Using HOARE Logic ijseajournal
 
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSUSING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSijseajournal
 
Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...
Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...
Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...IJCSIS Research Publications
 
130404 fehmi jaafar - on the relationship between program evolution and fau...
130404 fehmi jaafar - on the relationship between program evolution and fau...130404 fehmi jaafar - on the relationship between program evolution and fau...
130404 fehmi jaafar - on the relationship between program evolution and fau...Ptidej Team
 
A novel approach for clone group mapping
A novel approach for clone group mappingA novel approach for clone group mapping
A novel approach for clone group mappingijseajournal
 
Re2018 Semios for Requirements
Re2018 Semios for RequirementsRe2018 Semios for Requirements
Re2018 Semios for RequirementsClément Portet
 
Practical Guidelines to Improve Defect Prediction Model – A Review
Practical Guidelines to Improve Defect Prediction Model – A ReviewPractical Guidelines to Improve Defect Prediction Model – A Review
Practical Guidelines to Improve Defect Prediction Model – A Reviewinventionjournals
 
A Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueA Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueINFOGAIN PUBLICATION
 
A Survey of functional verification techniques
A Survey of functional verification techniquesA Survey of functional verification techniques
A Survey of functional verification techniquesIJSRD
 
Cs6502 ooad-cse-vst-au-unit-v dce
Cs6502 ooad-cse-vst-au-unit-v dceCs6502 ooad-cse-vst-au-unit-v dce
Cs6502 ooad-cse-vst-au-unit-v dcetagoreengineering
 
A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...
A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...
A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...IJCI JOURNAL
 
STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...
STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...
STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...IJCSES Journal
 
Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...UltraUploader
 

Similar to Ontology model for c overflow vulnerabilities attack (20)

Specification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsSpecification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete Programs
 
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
A SOURCE CODE PERSPECTIVE C OVERFLOW VULNERABILITIES EXPLOIT TAXONOMY BASED...
 
Testing survey by_directions
Testing survey by_directionsTesting survey by_directions
Testing survey by_directions
 
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
2014 IEEE JAVA DATA MINING PROJECT Security evaluation of pattern classifiers...
 
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
IEEE 2014 JAVA DATA MINING PROJECTS Security evaluation of pattern classifier...
 
Validation and Verification of SYSML Activity Diagrams Using HOARE Logic
Validation and Verification of SYSML Activity Diagrams Using HOARE Logic Validation and Verification of SYSML Activity Diagrams Using HOARE Logic
Validation and Verification of SYSML Activity Diagrams Using HOARE Logic
 
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTSUSING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
USING CATEGORICAL FEATURES IN MINING BUG TRACKING SYSTEMS TO ASSIGN BUG REPORTS
 
Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...
Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...
Enhanced Feature Analysis Framework for Comparative Analysis & Evaluation of ...
 
130404 fehmi jaafar - on the relationship between program evolution and fau...
130404 fehmi jaafar - on the relationship between program evolution and fau...130404 fehmi jaafar - on the relationship between program evolution and fau...
130404 fehmi jaafar - on the relationship between program evolution and fau...
 
Csmr13c.ppt
Csmr13c.pptCsmr13c.ppt
Csmr13c.ppt
 
A novel approach for clone group mapping
A novel approach for clone group mappingA novel approach for clone group mapping
A novel approach for clone group mapping
 
Spam email filtering
Spam email filteringSpam email filtering
Spam email filtering
 
Re2018 Semios for Requirements
Re2018 Semios for RequirementsRe2018 Semios for Requirements
Re2018 Semios for Requirements
 
Practical Guidelines to Improve Defect Prediction Model – A Review
Practical Guidelines to Improve Defect Prediction Model – A ReviewPractical Guidelines to Improve Defect Prediction Model – A Review
Practical Guidelines to Improve Defect Prediction Model – A Review
 
A Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueA Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid Technique
 
A Survey of functional verification techniques
A Survey of functional verification techniquesA Survey of functional verification techniques
A Survey of functional verification techniques
 
Cs6502 ooad-cse-vst-au-unit-v dce
Cs6502 ooad-cse-vst-au-unit-v dceCs6502 ooad-cse-vst-au-unit-v dce
Cs6502 ooad-cse-vst-au-unit-v dce
 
A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...
A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...
A NOVEL APPROACH TO ERROR DETECTION AND CORRECTION OF C PROGRAMS USING MACHIN...
 
STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...
STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...
STATE-OF-THE-ART IN EMPIRICAL VALIDATION OF SOFTWARE METRICS FOR FAULT PRONEN...
 
Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...
 

More from Nurul Haszeli Ahmad

Agile Project Management: Introduction to AGILE - The Basic 101
Agile Project Management: Introduction to AGILE - The Basic 101Agile Project Management: Introduction to AGILE - The Basic 101
Agile Project Management: Introduction to AGILE - The Basic 101Nurul Haszeli Ahmad
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...Nurul Haszeli Ahmad
 
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTUREVULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURENurul Haszeli Ahmad
 
Understanding Vulnerability by Refining Taxonomy
Understanding Vulnerability by Refining TaxonomyUnderstanding Vulnerability by Refining Taxonomy
Understanding Vulnerability by Refining TaxonomyNurul Haszeli Ahmad
 

More from Nurul Haszeli Ahmad (9)

Agile Project Management: Introduction to AGILE - The Basic 101
Agile Project Management: Introduction to AGILE - The Basic 101Agile Project Management: Introduction to AGILE - The Basic 101
Agile Project Management: Introduction to AGILE - The Basic 101
 
Windows Services 101
Windows Services 101Windows Services 101
Windows Services 101
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
 
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTUREVULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
 
Introduction to UML
Introduction to UMLIntroduction to UML
Introduction to UML
 
Introduction To TRIZ
Introduction To TRIZIntroduction To TRIZ
Introduction To TRIZ
 
Understanding Vulnerability by Refining Taxonomy
Understanding Vulnerability by Refining TaxonomyUnderstanding Vulnerability by Refining Taxonomy
Understanding Vulnerability by Refining Taxonomy
 
Amazing quran by Dr Milller
Amazing quran by Dr MilllerAmazing quran by Dr Milller
Amazing quran by Dr Milller
 
2013 Security Report by Sophos
2013 Security Report by Sophos2013 Security Report by Sophos
2013 Security Report by Sophos
 

Recently uploaded

Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 

Ontology model for c overflow vulnerabilities attack

  • 1. Ontology Model for C-Overflow Vulnerabilities Attack NURUL HASZELI, SYED AHMAD ALJUNID, NORMALY KAMAL ISMAIL, MUTHUKKARUPPAN ANNAMALAI, SHAIFUL BAKHTIAR BIN RODZMAN Faculty of Computer & Mathematical Sciences, Universiti Teknologi MARA, Shah Alam, Malaysia 21st March 2020
  • 2. Abstract 1. A proposal to model C-Overflow Vulnerabilities (COV) Attack using Ontology concept 2. The proposed model includes the relationship between the vulnerabilities and its properties (characteristics and behavior) 3. Many existing COV model ignore the relationship resulting of inefficiencies in detecting COV. 4. There are existing COV model that focus on relationship based on the symptoms rather than root cause resulting of false alarm. 5. Using Ontology Model to model the COV attack will resolved the above limitations does increase the accuracy in detecting COV. 6. The Ontology Model of COV Attack is comprises of 16 classes and 4 new object properties Ontology Model for C-Overflow Vulnerabilities Attack
  • 3. Table of Contents 1.0 Introduction • 2.1 Ontology Framework Design • 2.2 Ontology Construction • 2.3 Result & Analysis 2.0 Research Method 3.0 Conclusion 4.0 Acknowledgement Ontology Model for C-Overflow Vulnerabilities Attack
  • 5. 1.0 Introduction 1. Program analysis started in the early 70s for debugging, verifying and understanding computer systems and further extended as program analysis is used for security analysis to analyze software vulnerabilities within computer systems in the early 2000s. 2. Among all vulnerabilities, overflow vulnerabilities (OV) is the most prominent and predicted to continue its existence, with C Overflow Vulnerabilities (COV) as the most dangerous due to its behavior, lack of defensive and preventive measures. 3. There are 10 classes of COV based on its unique characteristics, behavior and trigger path. 4. There are many methods, techniques and tools introduce to combat COV. 5. Recently, ontology was brought into software security domain such as by H. Gomes in [13] and specifically for program analysis by Harshal et al in [14] to improve the effectiveness of COV detection. Ontology Model for C-Overflow Vulnerabilities Attack
  • 6. 1.0 Introduction .. continue 6. The use of ontology will help to capture the relationship between the classes and provide a readable specifications between the taxonomy and source code in a structure model [14]. This will enhance the analysis capability such as in [15] especially in a complicated source code or application in [16]. 7. The earliest and significant implementation of ontology method in static analysis was identified as by Ellison & Rosu in 2012 [18] and Hatthorn in 2015 [19]. 8. However, there are still shortcomings on the implementations. The ontology used was similar to constructing taxonomy and/or focusing on symptoms rather than root cause. This has reduced the effectiveness of the method (Alqahtani et al. in [20]) Ontology Model for C-Overflow Vulnerabilities Attack
  • 7. 2.0 Research Method ONTOLOGY MODEL FOR C-OVERFLOW VULNERABILITIES ATTACK
  • 8. 2.1 Ontology Framework Design Ontology Model for C- Overflow Vulnerabilities Attack
  • 9. 2.2 Ontology Construction 1. Ontology must be designed in intention to meet the purpose and reasons of their development (Shaharuddin et al in [21] ) 2. The ontology construction is started by identifying the additional classes based on the 10 attack classes. Based on that, it is extended with Activity, Function, Vulnerable Criteria, Location, Other Attack and Situation which is significant to the domain. Ontology Model for C-Overflow Vulnerabilities Attack Class Vulnerable Criteria Function Activity Location Other Attack Situations Array Out of Bound ✔ ✔ Unsafe Function ✔ ✔ ✔ ✔ Memory Function ✔ ✔ ✔ Table 1: The Example Extended Classes of C-Overflow Vulnerabilities for Ontology Construction
  • 10. 2.2 Ontology Construction.. continue 1. It is followed with the data collection and analysis according to the previous taxonomy in [22]. 2. Upon completed, the ontology is designed based on the step suggested by Noy, N. F., & McGuinness in [23]. 3. Once the design completed, it is constructed using a tool (Protégé) and finally, the ontology is verified using SPARQL query. Ontology Model for C-Overflow Vulnerabilities Attack
  • 11. 2.3 Result & Analysis Ontology Model for C-Overflow Vulnerabilities Attack With extended classes due to satisfying the ontology domain An Ontograph of Unsafe Function class in C-Overflow Vulnerabilities Attack
  • 12. 2.3 Result & Analysis… continue Ontology Model for C-Overflow Vulnerabilities Attack An example of hasCriteria and the criteria satisfying the domain for Array Out of Bound Vulnerabilities Attack Class
  • 13. 2.3 Result & Analysis… continue (result) 1. The method was based on work by Hamiz et al [24] and informal review with Dr. Hazrina binti Sofian from Faculty of Computer Science & Information Technology, Universiti Malaya. 2. Using SPARQL query to extract the information based on the constructed ontology. 3. Based on the evaluation, it shows that using ontology, reliable and significant information are possible to be extracted, thus allowing for accurate and effective analysis on COV. 4. Consequently, shown to us the classes and Object Properties that have been added on the C-Overflow Vulnerabilities Attack Ontology Model have its own purpose and can be utilized in further research and analysis due to it can provide the correct and right information.
  • 14. 3.0 Conclusion ONTOLOGY MODEL FOR C-OVERFLOW VULNERABILITIES ATTACK
  • 15. 3.0 Conclusion 1. Through the previous research, the researcher has identified the 10 types COV that can be the basis of the Classes with additional frequent classes related to the domain such as Activity, Function, Vulnerable Criteria, Location, Other Attack and Situation. 2. Furthermore, four object properties such as; afffectFunction, hasCriteria, hasPart, and hasSituation also have been added to link and provide the association among the classes. 3. Evaluation on the constructed ontology shown a promising technique in combating COV attacks. 4. Further research which shall includes an actual complete constructed C program and the development of static analysis program to analyze the code shall be implemented to prove the effectiveness of the ontology model. Ontology Model for C-Overflow Vulnerabilities Attack
  • 16. 4.0 Acknowledgement This research is funded by the Ministry of Education (MOE) Malaysia under FRGS Research Grant at Universiti Teknologi MARA, Shah Alam (600-IRMI/FRGS 5/3 (021/2017)). Ontology Model for C-Overflow Vulnerabilities Attack
  • 17. Ontology Model for C-Overflow Vulnerabilities Attack
  • 18. Ontology Model for C-Overflow Vulnerabilities Attack Nurul Haszeli Ahmad, Syed Ahmad Aljunid, Normaly Kamal Ismail, Muthukkaruppan Annamalai, Shaiful Bakhtiar bin Rodzman Ontology Model for C-Overflow Vulnerabilities Attack Faculty of Computer & Mathematical Sciences, Universiti Teknologi MARA, Shah Alam, Malaysia 21st March 2020

Editor's Notes

  1. An example, the Unsafe Function class that contain three subclasses such as Criteria, Most Attack and Similar Attach