Dec. 6, 2004 to Dec. 10, 2004
Kulesh Shanmugasundaram , Polytechnic University, Brooklyn, NY
Mehdi Kharrazi , Polytechnic University, Brooklyn, NY
Nasir Memon , Polytechnic University, Brooklyn, NY
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2004.24
One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to circumvent security policies. This paper presents the design and implementation of a system, called Nabs, that characterizes content types of network ows based solely on the payload which can then be used to identify abuses of computing resources. The proposed method does not depend on packet headers or other simple packet characteristics hence is more robust to circumvention.
Kulesh Shanmugasundaram, Mehdi Kharrazi, Nasir Memon, "Nabs: A System for Detecting Resource Abuses via Characterization of Flow Content Type", ACSAC, 2004, Computer Security Applications Conference, Annual, Computer Security Applications Conference, Annual 2004, pp. 316-325, doi:10.1109/CSAC.2004.24