NgViz: detecting DNS tunnels through n-gram visualization and quantitative analysis

Authors:
Kenton Born;David Gustafson
Affiliations:
Kansas State University;Kansas State University
Venue:
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Year:
2010

Citing 3
Cited 1

Web tap: detecting covert web traffic

Proceedings of the 11th ACM conference on Computer and communications security
Visualizing DNS traffic

Proceedings of the 3rd international workshop on Visualization for computer security
Context-aware clustering of DNS query traffic

Proceedings of the 8th ACM SIGCOMM conference on Internet measurement

Visual exploration of time-series data with shape space projections

EuroVis'11 Proceedings of the 13th Eurographics / IEEE - VGTC conference on Visualization

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper introduced NgViz, a tool that examines DNS traffic and shows anomalies in n-gram frequencies. This is accomplished by comparing input files against a fingerprint of legitimate traffic. Both quantitative analysis and visual aids are provided that allow the user to make determinations about the legitimacy of the DNS traffic.