Abstract
Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.
Original language | English |
---|---|
Title of host publication | 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021 |
Subtitle of host publication | virtual conference, 6-10 September 2021: proceedings |
Editors | Lisa O'Conner |
Place of Publication | Piscataway, NJ |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 701-703 |
Number of pages | 3 |
ISBN (Electronic) | 9781665414913 |
ISBN (Print) | 9781665430487 |
DOIs | |
Publication status | Published - 4 Nov 2021 |
Event | 6th IEEE European Symposium on Security and Privacy - Online Duration: 6 Sept 2021 → 10 Sept 2021 Conference number: 6th https://www.ieee-security.org/TC/EuroSP2021/ |
Conference
Conference | 6th IEEE European Symposium on Security and Privacy |
---|---|
Abbreviated title | IEEE EuroS&P 2021 |
Period | 6/09/21 → 10/09/21 |
Internet address |
Keywords
- Honeytoken
- Canary
- Intrusion detection
- Exception monitoring
- Developer-centred security
Fingerprint
Dive into the research topics of 'Poster: Angry birding: evaluating application exceptions as attack canaries'. Together they form a unique fingerprint.Student theses
-
Investigating attack-aware web applications
Ünlü, T. (Author), Shepherd, L. (Supervisor), Coull, N. (Supervisor) & McLean, C. (Supervisor), 1 Mar 2024Student thesis: Doctoral Thesis