Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • Security '12 Home
  • Registration Information
  • Registration Discounts
  • Organizers
  • At a Glance
  • Calendar
  • Technical Sessions
  • Workshops
  • Hotel & Travel Information
  • Poster Session
  • Rump Session
  • Birds-of-a-Feather Sessions
  • Sponsors
  • Activities
  • Students
  • Questions?
  • For Participants
  • Help Promote
  • Call for Papers
  • Past Proceedings

sponsors

Gold Sponsor
Silver Sponsor
Silver Sponsor
Bronze Sponsor
Bronze Sponsor
Bronze Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor
Media Sponsor

twitter

Tweets by USENIXSecurity

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Chimera: A Declarative Language for Streaming Network Traffic Analysis
Tweet

connect with us

http://twitter.com/USENIXSecurity
https://www.facebook.com/events/309825352408177/

Chimera: A Declarative Language for Streaming Network Traffic Analysis

Authors: 

Kevin Borders, National Security Agency; Jonathan Springer, Reservoir Labs; Matthew Burnside, National Security Agency

Abstract: 

Intrusion detection systems play a vital role in network security. Central to these systems is the language used to express policies. Ideally, this language should be powerful, implementation-agnostic, and cross-platform. Unfortunately, today’s popular intrusion detection systems fall short of this goal. Each has their own policy language in which expressing complicated logic requires implementation-specific code. Database systems have adapted SQL to handle streaming data, but have yet to achieve the efficiency and flexibility required for complex intrusion detection tasks.

In this paper, we introduce Chimera, a declarative query language for network traffic processing that bridges the gap between powerful intrusion detection systems and a simple, platform-independent SQL syntax. Chimera extends streaming SQL languages to better handle network traffic by adding structured data types, first-class functions, and dynamic window boundaries. We show how these constructs can be applied to real-world scenarios, such as side-jacking detection and DNS feature extraction. Finally, we describe the implementation and evaluation of a compiler that translates Chimera queries into low-level code for the Bro event language.

Kevin Borders, National Security Agency

Jonathan Springer, Reservoir Labs

Matthew Burnside, National Security Agency

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {180224,
author = {Kevin Borders and Jonathan Springer and Matthew Burnside},
title = {Chimera: A Declarative Language for Streaming Network Traffic Analysis},
booktitle = {21st USENIX Security Symposium (USENIX Security 12)},
year = {2012},
isbn = {978-931971-95-9},
address = {Bellevue, WA},
pages = {365--379},
url = {https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/borders},
publisher = {USENIX Association},
month = aug,
}
Download
Borders PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

Gold Sponsors

Silver Sponsors

Bronze Sponsors

Media Sponsors & Industry Partners

© USENIX

  • Privacy Policy
  • Contact Us