Med informatics survey (0:05) Raymond Who will attend & distribute since we're at CMAD IV. Development environment (0:15) Steven NT server, NT workstation, technet and Office have arrived. Reflection X on hold until more details. Someone has to volunteer to order the H/W by a deadline. Programming tools. Walnut Creek Hospital (0:10) Chris Julie contacts the hospital in Walnut Creek KDD (0:20) Steven off the shelf packages? intrusion data from contest. Detecting Misuse in Healthcare (0:20) Brant Chris presents paper; everyone provide feedback Network Router Auditing: A toy problem? (0:20) Chris Brant presents paper; everyone provide feedback
Med informatics survey
The survey was sent to Leah and Hogarth. Leah will distribute it.
Mike Hogarth - 2 med students doing a survey. We ca piggy back with theirs.
Steve will tabulate results.
Development environment
We have the software. Reflection X is about $300+, but David and Alan say
they got it for about $100.
$10,000 left after notebook
Options: 1 server and 2 workstations?
not clear what we are going to do.
$6000 left for software and supplies (1000 spent)
should get a C compiler since we would also get the API interface, etc.
Get the Microsoft compiler.
Can we get 3 machine instead of 2? Is 3 better than 2? Probably not.
We won't be able to generate our own NT logs on our own network anyway.
Julie and Steven will order the hardware + programing tools
Walnut Creek Hospital
Email to FOX news bounces back. The station apparently has no on-line
connectivity.
Julie will try the phone
KDD
skip
Detecting Misuse in Healthcare
Most rules given to us are not useful. "Info most be limited with a need
to know." Its too high level. There is a hugh body of policy that we still
do not know. Integrity is also weak. For example, "limited pharamacists can
change prices" is too ambiguous.
How accurate must the policy be? We can make up our own and see how flexible
we can be when changing policy.
We can have the system generate its own rules. We need a generalization engine
and inductive learning.
What is the VMACS access control mechanism? Can we dump the rules of their enforcement mechanisms? Raymond proposes that perhaps we need to implement our own toy IS system. Then we will role play or use audit logs from VMACS to drive a simulation.
Another stategy is to find vendors that sell NT-based medical information
systems. Ask them for clients. Ask clients for audit data.
Find a snippet of real audit data. We will allow ourselves until
Feb 97 to locate a source of NT-based medical audit data. We anticipate
that we won't actually need multi-megabytes of audit data until Summer 97
for the KDD tools.
Network Router Auditing
Mars, the router simulator, doesn't appear to fit the project.
One way to think of it is as an application with a client as a packet
that queries the router to go out a door. The application is one client,
one query, etc. It might be useful to explore audit log management issue.
KDD
How much is enough to construct a good model?
It depends on noise, how much missing, etc.
There is similarity between KDD tasks
To be continued
Topics for next week
con't Steven's talk on KDD
Julie and Steven on Hardware
Survey
monthly report - 10 min.
Julie presents thesis
Walnut Creek / NT hospital
20 minutes for papers
NT audit logs