Abstract
Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.
Original language | English |
---|---|
Title of host publication | 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021 |
Subtitle of host publication | virtual conference, 6-10 September 2021: proceedings |
Editors | Lisa O'Conner |
Place of Publication | Piscataway, NJ |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Pages | 701-703 |
Number of pages | 3 |
ISBN (Electronic) | 9781665414913 |
ISBN (Print) | 9781665430487 |
DOIs | |
Publication status | Published - 4 Nov 2021 |
Event | 6th IEEE European Symposium on Security and Privacy - Online Duration: 6 Sep 2021 → 10 Sep 2021 Conference number: 6th https://www.ieee-security.org/TC/EuroSP2021/ |
Conference
Conference | 6th IEEE European Symposium on Security and Privacy |
---|---|
Abbreviated title | IEEE EuroS&P 2021 |
Period | 6/09/21 → 10/09/21 |
Internet address |
Keywords
- Honeytoken
- Canary
- Intrusion detection
- Exception monitoring
- Developer-centred security