Analyzing Network Traffic with Chimera
Jonathan Springer, Kevin Borders, and Matthew Burnside
The increasing frequency and complexity of network-based attacks is generating a correspondingly high level of interest in intrusion detection systems (IDS), which detect and filter these attacks. A variety of languages such as Snort and Bro have been developed to program an IDS to recognize specific threats, but these languages cater to specialists. We are developing a new IDS language, Chimera, that is more accessible to analysts and system administrators due to its adoption of the familiar SQL syntax.