NgViz: Detecting DNS Tunnels through N-Gram Visualization and Quantitative Analysis

13 years 3 months ago

Download www.kentonborn.com

This paper introduced NgViz, a tool that examines DNS traffic and shows anomalies in n-gram frequencies. This is accomplished by comparing input files against a fingerprint of legitimate traffic. Both quantitative analysis and visual aids are provided that allow the user to make determinations about the legitimacy of the DNS traffic. Categories and Subject Descriptors C.2.3 [Computer-Communication Networks]: Network Operations General Terms Measurement, Security, Experimentation, Algorithms Keywords Anomaly Detection, Network Traffic Analysis, DNS, Tunnel Detection, Character Frequency Analysis, Visualization

Kenton Born, David Gustafson

Real-time Traffic

CORR 2010 | DNS Traffic | Education | Legitimate Traffic | Network Traffic Analysis |

claim paper

Post Info
More Details (n/a)

Added	24 Jan 2011
Updated	24 Jan 2011
Type	Journal
Year	2010
Where	CORR
Authors	Kenton Born, David Gustafson

Comments (0)

Sciweavers

NgViz: Detecting DNS Tunnels through N-Gram Visualization and Quantitative Analysis

CORR 2010 | DNS Traffic | Education | Legitimate Traffic | Network Traffic Analysis |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers