公开(公告)号：US10686814B2

公开(公告)日：2020-06-16

申请号：US15505820

申请日：2015-04-10

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Simon Ian Arnell ,  Marco Casassa Mont ,  David Andrew Graves ,  Edward Reynolds ,  Niall Lawrence Saunders

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/14 ,  G06F21/55 ,  H04L12/26

Abstract: Examples relate to detecting network anomalies. In one example, a computing device may: receive, from each of a plurality of packet capture devices of a private network, domain name system (DNS) query packets that were sent by a particular client computing device operating on the private network, each DNS query packet specifying i) a destination DNS server, ii) a query domain name, and iii) a source address that specifies the particular client computing device; provide at least one of the DNS query packets to a DNS traffic analyzer that is trained to identify DNS anomalies based on characteristics of the DNS query packets; receive anomaly output from the DNS traffic analyzer, the anomaly output indicating a DNS anomaly that was identified for the DNS query packets; and in response to receiving the anomaly output, provide a user device with data specifying the identified DNS anomaly.