NgViz: Detecting DNS Tunnels through N-Gram Visualization and Quantitative Analysis
Kenton Born, David Gustafson
TL;DR
NgViz is a tool that detects DNS tunnels by analyzing n-gram frequency anomalies in DNS traffic, combining quantitative metrics and visualizations to identify suspicious activity.
Contribution
The paper introduces NgViz, a novel tool that uses n-gram analysis and visualization techniques to detect DNS tunnels effectively.
Findings
NgViz successfully identifies DNS tunnels through anomaly detection.
The tool provides both quantitative metrics and visual insights.
NgViz improves detection accuracy over traditional methods.
Abstract
This paper introduced NgViz, a tool that examines DNS traffic and shows anomalies in n-gram frequencies. This is accomplished by comparing input files against a fingerprint of legitimate traffic. Both quantitative analysis and visual aids are provided that allow the user to make determinations about the legitimacy of the DNS traffic.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Network Security and Intrusion Detection · Network Packet Processing and Optimization