Angry birding: evaluating application exceptions as attack canaries

Tolga Ünlü; Lynsay A. Shepherd; Natalie Coull; Colin McLean

Angry birding: evaluating application exceptions as attack canaries

Tolga Ünlü, Lynsay A. Shepherd, Natalie Coull, Colin McLean

Research output: Contribution to conference › Poster › peer-review

2 Downloads (Pure)

Abstract

Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.

Original language	English
Publication status	Published - 10 Sep 2021
Event	6th IEEE European Symposium on Security and Privacy - Online Duration: 6 Sep 2021 → 10 Sep 2021 Conference number: 6th https://www.ieee-security.org/TC/EuroSP2021/

Conference

Conference	6th IEEE European Symposium on Security and Privacy
Abbreviated title	IEEE EuroS&P 2021
Period	6/09/21 → 10/09/21
Internet address	https://www.ieee-security.org/TC/EuroSP2021/

Access to Document

Unlu_AngryBirding_Accepted_Poster_2021Accepted author manuscript, 461 KB

Cite this

@conference{8b437559983849f98882162eed3776bd,

title = "Angry birding: evaluating application exceptions as attack canaries",

abstract = "Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.",

author = "Tolga {\"U}nl{\"u} and Shepherd, {Lynsay A.} and Natalie Coull and Colin McLean",

year = "2021",

month = sep,

day = "10",

language = "English",

note = "6th IEEE European Symposium on Security and Privacy, IEEE EuroS&P 2021 ; Conference date: 06-09-2021 Through 10-09-2021",

url = "https://www.ieee-security.org/TC/EuroSP2021/",

}

TY - CONF

T1 - Angry birding

T2 - 6th IEEE European Symposium on Security and Privacy

AU - Ünlü, Tolga

AU - Shepherd, Lynsay A.

AU - Coull, Natalie

AU - McLean, Colin

N1 - Conference code: 6th

PY - 2021/9/10

Y1 - 2021/9/10

N2 - Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.

AB - Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.

M3 - Poster

Y2 - 6 September 2021 through 10 September 2021

ER -