D A S S A/ Teknowledge

        Codify knowledge about attacks using CyC

        Use Jigsaw          

                Level of planning:  Not a single enclave

                  Get intrusion reports from multiple enclaves

                  Go from low-level "resources" to low-level "mission"

                  Abstract common threads - go to higher-level "mission"

                             

                     Abstract model of mission

                               Goal

                                        >  where to go :    requires mission 

                                MISSION

                         >  "plan" to reach goal :    requires resources 

                               RESOURCES

                                what attacker goes for :   attacker's goal

                                  - mission:  plan to disrupt

                                           - resources:  what used to.....

                               TACTICAL vs. STRATEGIC

         look at Jigsaw