公开(公告)号：US20170318037A1

公开(公告)日：2017-11-02

申请号：US15142687

申请日：2016-04-29

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Jerome Rolia ,  Martin Arlitt ,  Alberto Cueto ,  Rodrigo Novelo ,  Wei-Nchih Lee ,  Gowtham Bellala

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F21/55 ,  G06F21/554 ,  H04L63/1425

Abstract: Examples relate to distributed anomaly management. In one example, a computing device may: receive real-time anomaly data for a first set of client devices, wherein the received anomaly data includes: anomalous network behavior data received from a network intrusion detection system (NICKS) monitoring network traffic behavior, anomalous host event data received from a host intrusion detection system (HIDS) monitoring host events originating from client devices in the first set, and anomalous process activity data received from a trace intrusion detection system (TIDS) monitoring process activity performed by client devices in the first set; for each client device in the first set of client devices for which anomaly data is received, associate the received anomaly data with the client device; and determine, for a particular client device, a measure of risk, wherein the measure of risk is dynamically adjusted based on the received real-time anomaly data.