NgViz: Detecting DNS Tunnels through N-Gram Visualization and Quantitative Analysis
| Autor: | Born, Kenton, Gustafson, David |
|---|---|
| Rok vydání: | 2010 |
| Předmět: | |
| Druh dokumentu: | Working Paper |
| Popis: | This paper introduced NgViz, a tool that examines DNS traffic and shows anomalies in n-gram frequencies. This is accomplished by comparing input files against a fingerprint of legitimate traffic. Both quantitative analysis and visual aids are provided that allow the user to make determinations about the legitimacy of the DNS traffic. Comment: In Proceedings of the the 6th Annual Cyber Security and Information Intelligence Research Workshop, Oak Ridge, TN, April 21-23, 2010 |
| Databáze: | arXiv |
| Externí odkaz: |
|