| 发明名称 |
DOMAIN NAME SYSTEM (DNS) BASED ANOMALY DETECTION |
| 摘要 |
In one embodiment, a method includes receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data, identifying at the analytics module, Domain Name System (DNS) exchanges within the network, associating at the analytics module, the DNS exchanges with process, user, and host information, and identifying at the analytics module, anomalies in the DNS exchanges. An apparatus and logic are also disclosed herein. |
| 申请公布号 |
US2016359887(A1) |
申请公布日期 |
2016.12.08 |
| 申请号 |
US201615097236 |
申请日期 |
2016.04.12 |
| 申请人 |
CISCO TECHNOLOGY, INC. |
发明人 |
Yadav Navindra;Scheib Ellen;Agasthy Rachita |
| 分类号 |
H04L29/06;H04L29/12 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
receiving at an analytics module operating at a network device, network traffic data collected from a plurality of sensors distributed throughout a network and installed in network components to obtain the network traffic data; identifying at the analytics module, Domain Name System (DNS) exchanges within the network; associating at the analytics module, said DNS exchanges with process, user, and host information; and identifying at the analytics module, anomalies in said DNS exchanges. |
| 地址 |
San Jose CA US |
