Poster: Angry birding: evaluating application exceptions as attack canaries

Research output: Chapter in Book/Report/Conference proceedingConference contribution

72 Downloads (Pure)

Abstract

Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.
Original languageEnglish
Title of host publication2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021
Subtitle of host publicationvirtual conference, 6-10 September 2021: proceedings
EditorsLisa O'Conner
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages701-703
Number of pages3
ISBN (Electronic)9781665414913
ISBN (Print)9781665430487
DOIs
Publication statusPublished - 13 Nov 2021
Event6th IEEE European Symposium on Security and Privacy - Online
Duration: 6 Sep 202110 Sep 2021
Conference number: 6th
https://www.ieee-security.org/TC/EuroSP2021/

Conference

Conference6th IEEE European Symposium on Security and Privacy
Abbreviated titleIEEE EuroS&P 2021
Period6/09/2110/09/21
Internet address

Keywords

  • Honeytoken
  • Canary
  • Intrusion detection
  • Exception monitoring
  • Developer-centred security

Cite this