Kenton Born - Researcher, Programmer, Geek!

In the Proceedings of the 6th Annual Cyber Security and Information Intelligence Research Workshop

Oak Ridge, TN

April 21-23, 2010

This paper introduced NgViz, a tool that examines DNS traffic and shows anomalies in n-gram frequencies. This is accomplished by comparing input files against a fingerprint of legitimate traffic. Both quantitative analysis and visual aids are provided that allow the user to make determinations about the legitimacy of the DNS traffic.

[screenshots]

[pdf]