Poster: Angry birding: evaluating application exceptions as attack canaries

Tolga Ünlü; Lynsay A. Shepherd; Natalie Coull; Colin McLean

doi:10.1109/EuroSP51992.2021.00052

Poster: Angry birding: evaluating application exceptions as attack canaries

Tolga Ünlü, Lynsay A. Shepherd, Natalie Coull, Colin McLean

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

72 Downloads (Pure)

Abstract

Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.

Original language	English
Title of host publication	2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021
Subtitle of host publication	virtual conference, 6-10 September 2021: proceedings
Editors	Lisa O'Conner
Place of Publication	Piscataway, NJ
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	701-703
Number of pages	3
ISBN (Electronic)	9781665414913
ISBN (Print)	9781665430487
DOIs	https://doi.org/10.1109/EuroSP51992.2021.00052
Publication status	Published - 13 Nov 2021
Event	6th IEEE European Symposium on Security and Privacy - Online Duration: 6 Sep 2021 → 10 Sep 2021 Conference number: 6th https://www.ieee-security.org/TC/EuroSP2021/

Conference

Conference	6th IEEE European Symposium on Security and Privacy
Abbreviated title	IEEE EuroS&P 2021
Period	6/09/21 → 10/09/21
Internet address	https://www.ieee-security.org/TC/EuroSP2021/

Keywords

Honeytoken
Canary
Intrusion detection
Exception monitoring
Developer-centred security

Access to Document

10.1109/EuroSP51992.2021.00052

Unlu_AngryBirding_Accepted_Poster_2021Accepted author manuscript, 461 KB
Shepherd_AngryBirding_Accepted_2021Accepted author manuscript, 481 KB

Cite this

Ünlü, T., Shepherd, L. A., Coull, N., & McLean, C. (2021). Poster: Angry birding: evaluating application exceptions as attack canaries. In L. O'Conner (Ed.), 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021: virtual conference, 6-10 September 2021: proceedings (pp. 701-703). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/EuroSP51992.2021.00052

Ünlü, Tolga ; Shepherd, Lynsay A. ; Coull, Natalie ; McLean, Colin. / Poster: Angry birding : evaluating application exceptions as attack canaries. 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021: virtual conference, 6-10 September 2021: proceedings. editor / Lisa O'Conner. Piscataway, NJ : Institute of Electrical and Electronics Engineers Inc., 2021. pp. 701-703

@inproceedings{8b437559983849f98882162eed3776bd,

title = "Poster: Angry birding: evaluating application exceptions as attack canaries",

abstract = "Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.",

author = "Tolga {\"U}nl{\"u} and Shepherd, {Lynsay A.} and Natalie Coull and Colin McLean",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 6th IEEE European Symposium on Security and Privacy, IEEE EuroS&P 2021 ; Conference date: 06-09-2021 Through 10-09-2021",

year = "2021",

month = nov,

day = "13",

doi = "10.1109/EuroSP51992.2021.00052",

language = "English",

isbn = "9781665430487",

pages = "701--703",

editor = "Lisa O'Conner",

booktitle = "2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

url = "https://www.ieee-security.org/TC/EuroSP2021/",

}

Ünlü, T , Shepherd, LA , Coull, N & McLean, C 2021, Poster: Angry birding: evaluating application exceptions as attack canaries. in L O'Conner (ed.), 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021: virtual conference, 6-10 September 2021: proceedings. Institute of Electrical and Electronics Engineers Inc., Piscataway, NJ, pp. 701-703, 6th IEEE European Symposium on Security and Privacy, 6/09/21. https://doi.org/10.1109/EuroSP51992.2021.00052

Poster: Angry birding : evaluating application exceptions as attack canaries. / Ünlü, Tolga ; Shepherd, Lynsay A.; Coull, Natalie ; McLean, Colin.

2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021: virtual conference, 6-10 September 2021: proceedings. ed. / Lisa O'Conner. Piscataway, NJ : Institute of Electrical and Electronics Engineers Inc., 2021. p. 701-703.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Poster: Angry birding

T2 - 6th IEEE European Symposium on Security and Privacy

AU - Ünlü, Tolga

AU - Shepherd, Lynsay A.

AU - Coull, Natalie

AU - McLean, Colin

N1 - Conference code: 6th

PY - 2021/11/13

Y1 - 2021/11/13

N2 - Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.

AB - Application exceptions are anomalous events occurring within the application. These can be caused by common issues such as simple programming errors; however, they can also originate from the side-effects of a trial-and-error process used in active attacks. Utilising attacker-induced exceptions as a canary for intrusion detection has been demonstrated as a feasible technique for SQL injection detection, but this has not been applied to other types of attacks. This paper proposes an approach to consider attacker-induced application exceptions as attack canaries. The work is part of an ongoing investigation on integrating detective defences into applications through established development practices.

U2 - 10.1109/EuroSP51992.2021.00052

DO - 10.1109/EuroSP51992.2021.00052

M3 - Conference contribution

SN - 9781665430487

SP - 701

EP - 703

BT - 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021

A2 - O'Conner, Lisa

PB - Institute of Electrical and Electronics Engineers Inc.

CY - Piscataway, NJ

Y2 - 6 September 2021 through 10 September 2021

ER -

Ünlü T , Shepherd LA , Coull N , McLean C. Poster: Angry birding: evaluating application exceptions as attack canaries. In O'Conner L, editor, 2021 IEEE European Symposium on Security and Privacy, EuroS&P 2021: virtual conference, 6-10 September 2021: proceedings. Piscataway, NJ: Institute of Electrical and Electronics Engineers Inc. 2021. p. 701-703 https://doi.org/10.1109/EuroSP51992.2021.00052