D A S S A/ Teknowledge
Codify knowledge about attacks using CyC
Use Jigsaw?
Level of planning: Not a single enclave
Get intrusion reports from multiple enclaves
Go from low-level "resources" to low-level "mission"
Abstract common threads - go to higher-level "mission"
Abstract model of mission
Goal
> where to go : requires mission
MISSION
> "plan" to reach goal : requires resources
RESOURCES
> what attacker goes for : attacker's goal
- mission: plan to disrupt
- resources: what used to.....
TACTICAL vs. STRATEGIC
> look at Jigsaw