公开(公告)号：US20170295196A1

公开(公告)日：2017-10-12

申请号：US15505820

申请日：2015-04-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Simon Ian ARNELL ,  Marco CASASSA MONT ,  David Andrew GRAVES ,  Edward REYNOLDS ,  Niall Lawrence SAUNDERS

IPC: H04L29/06 ,  H04L29/12

Abstract: Examples relate to detecting network anomalies. In one example, a computing device may: receive, from each of a plurality of packet capture devices of a private network, domain name system (DNS) query packets that were sent by a particular client computing device operating on the private network, each DNS query packet specifying i) a destination DNS server, ii) a query domain name, and iii) a source address that specifies the particular client computing device; provide at least one of the DNS query packets to a DNS traffic analyzer that is trained to identify DNS anomalies based on characteristics of the DNS query packets; receive anomaly output from the DNS traffic analyzer, the anomaly output indicating a DNS anomaly that was identified for the DNS query packets; and in response to receiving the anomaly output, provide a user device with data specifying the identified DNS anomaly.