INTEL GROUP MEETING
November 18, 1998
9:00 10:00
3085 ENG II
In attendance:
Jim Hoagland (JH), Karl Levitt (KL), Jeff Rowe (JR), Steven Templeton
(ST)
Topics
Translating LaSCO to GrIDS
Ideas for DARPA 99-10 BAA
Correlation/Aggregation
Correcting Codes
Redundancy
Smart Cards
-
JR: Are there any stupid LaSCO rulesets that we can translate into GrIDS
right away?
-
JH: Preconditions
-
JR: There is an edge in GrIDS if you want to use it later, dont want to
aggregate.
-
KL: DARPA 99-10 BAA Is Jeff interested in participating? Calvin is doing
IDS, Nick is doing one on his own for routers, Michael & Prem are doing
policy
-
JR: Correlation nothing in Global Guard on correlation. Aggregation
routing, discovery coordinator, flooding algorithm, tables shared
-
ST: Communication to people who want to receive the message. In CIDF you
subscribe. Add more specifics to Stuarts BDI.
-
ST: Channel coding network to produce turbo code considerably better.
Add redundant bits; recursive network
-
Parallel to type of communication at a higher level; need type of redundancy
available
-
KL: Notion of correcting codes
-
ST: Expert system rule assumed correct; interaction of rules complex.
Facts rules static/correct
-
Have to deal with noise, missing data in rules
-
Generating rules from data rules that dealt with unknowns
-
Rough set rules vote overwhelmed by correct rules/votes
-
KL: Works in compromise system; formal view. Yemini uses binary; have to
have data, redundancy to check tolerance. Detect level of error can be
tolerated.
-
KL: Look at redundancy; write rules to handle missing or compromised data
-
JR: Data from many sources
-
ST: Sensor fusion combination of information from multiple sensors to
reduce data error
-
JH: Data fusion make sure youre talking about same entity
-
KL: New idea build on BDI or redundancy think one year ahead
-
JR: With Chris Wee game theory to set aggregate less benefit to being
selfish
-
KL: Local Policy see aggregate change to rules
-
KL: Demonstrations only for proposal
-
ST: IDS detectors sum of policy; Bottom-up design discover what policy
is being implemented; matches policy at top.
-
JR: Build around Prems Smart Cards
-
KL: Smart card controls one process cant kill process from the outside
without physically removing the card.
-
JR: Someone will know if you tamper with a smart card
-
ST: Smart Card is different from the system; another level above root
trusted root