Nabs

A system for detecting resource abuses via characterization of flow content type

Kulesh Shanmugasundaram, Mehdi Kharrazi, Nasir Memon

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to circumvent security policies. This paper presents the design and implementation of a system, called Nabs, that characterizes content types of network flows based solely on the payload which can then be used to identify abuses of computing resources. The proposed method does not depend on packet headers or other simple packet characteristics hence is more robust to circumvention.

    Original languageEnglish (US)
    Title of host publicationProceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004
    Pages316-325
    Number of pages10
    DOIs
    StatePublished - 2004
    Event20th Annual Computer Security Applications Conference, ACSAC 2004 - Tucson, AZ, United States
    Duration: Dec 6 2004Dec 10 2004

    Other

    Other20th Annual Computer Security Applications Conference, ACSAC 2004
    CountryUnited States
    CityTucson, AZ
    Period12/6/0412/10/04

    Fingerprint

    Peer to peer networks
    Tunnels
    Personnel

    ASJC Scopus subject areas

    • Software
    • Engineering(all)

    Cite this

    Shanmugasundaram, K., Kharrazi, M., & Memon, N. (2004). Nabs: A system for detecting resource abuses via characterization of flow content type. In Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004 (pp. 316-325) https://doi.org/10.1109/CSAC.2004.24

    Nabs : A system for detecting resource abuses via characterization of flow content type. / Shanmugasundaram, Kulesh; Kharrazi, Mehdi; Memon, Nasir.

    Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004. 2004. p. 316-325.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Shanmugasundaram, K, Kharrazi, M & Memon, N 2004, Nabs: A system for detecting resource abuses via characterization of flow content type. in Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004. pp. 316-325, 20th Annual Computer Security Applications Conference, ACSAC 2004, Tucson, AZ, United States, 12/6/04. https://doi.org/10.1109/CSAC.2004.24
    Shanmugasundaram K, Kharrazi M, Memon N. Nabs: A system for detecting resource abuses via characterization of flow content type. In Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004. 2004. p. 316-325 https://doi.org/10.1109/CSAC.2004.24
    Shanmugasundaram, Kulesh ; Kharrazi, Mehdi ; Memon, Nasir. / Nabs : A system for detecting resource abuses via characterization of flow content type. Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004. 2004. pp. 316-325
    @inproceedings{53c9d5de9ed14b3184dc7f552161a32b,
    title = "Nabs: A system for detecting resource abuses via characterization of flow content type",
    abstract = "One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to circumvent security policies. This paper presents the design and implementation of a system, called Nabs, that characterizes content types of network flows based solely on the payload which can then be used to identify abuses of computing resources. The proposed method does not depend on packet headers or other simple packet characteristics hence is more robust to circumvention.",
    author = "Kulesh Shanmugasundaram and Mehdi Kharrazi and Nasir Memon",
    year = "2004",
    doi = "10.1109/CSAC.2004.24",
    language = "English (US)",
    isbn = "0769522521",
    pages = "316--325",
    booktitle = "Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004",

    }

    TY - GEN

    T1 - Nabs

    T2 - A system for detecting resource abuses via characterization of flow content type

    AU - Shanmugasundaram, Kulesh

    AU - Kharrazi, Mehdi

    AU - Memon, Nasir

    PY - 2004

    Y1 - 2004

    N2 - One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to circumvent security policies. This paper presents the design and implementation of a system, called Nabs, that characterizes content types of network flows based solely on the payload which can then be used to identify abuses of computing resources. The proposed method does not depend on packet headers or other simple packet characteristics hence is more robust to circumvention.

    AB - One of the growing problems faced by network administrators is the abuse of computing resources by authorized and unauthorized personnel. The nature of abuse may vary from using unauthorized applications to serving unauthorized content. Proliferation of peer-to-peer networks and wide use of tunnels makes it difficult to detect such abuses and easy to circumvent security policies. This paper presents the design and implementation of a system, called Nabs, that characterizes content types of network flows based solely on the payload which can then be used to identify abuses of computing resources. The proposed method does not depend on packet headers or other simple packet characteristics hence is more robust to circumvention.

    UR - http://www.scopus.com/inward/record.url?scp=21644479389&partnerID=8YFLogxK

    UR - http://www.scopus.com/inward/citedby.url?scp=21644479389&partnerID=8YFLogxK

    U2 - 10.1109/CSAC.2004.24

    DO - 10.1109/CSAC.2004.24

    M3 - Conference contribution

    SN - 0769522521

    SP - 316

    EP - 325

    BT - Proceedings - 20th Annual Computer Security Applications Conference, ACSAC 2004

    ER -