Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.
|Publication status||Published - 10 Sep 2021|
|Event||6th IEEE European Symposium on Security and Privacy - Online|
Duration: 6 Sep 2021 → 10 Sep 2021
Conference number: 6th
|Conference||6th IEEE European Symposium on Security and Privacy|
|Abbreviated title||IEEE EuroS&P 2021|
|Period||6/09/21 → 10/09/21|