Network anomaly detection

Assignee

• Hewlett Packard Enterprise Development LP · US

Inventors

• Simon Ian Arnell · Bracknell, GB
• Marco Casassa Mont · Bristol, GB
• David Graves · Palm Bay, US
• Edward Reynolds · Plano, US
• Niall Lawrence Saunders · Bristol, GB

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/144
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Examples relate to detecting network anomalies. In one example, a computing device may: receive, from each of a plurality of packet capture devices of a private network, domain name system (DNS) query packets that were sent by a particular client computing device operating on the private network, each DNS query packet specifying i) a destination DNS server, ii) a query domain name, and iii) a source address that specifies the particular client computing device; provide at least one of the DNS query packets to a DNS traffic analyzer that is trained to identify DNS anomalies based on characteristics of the DNS query packets; receive anomaly output from the DNS traffic analyzer, the anomaly output indicating a DNS anomaly that was identified for the DNS query packets; and in response to receiving the anomaly output, provide a user device with data specifying the identified DNS anomaly.