Saturday, September 11, 2004
Background material on why a National Project is required
Link to: Tutorial on the
Nature of a new Memetic Technology
based on categorical
abstraction and event chemistry
Regarding a deep and satisfying theory over real
time event structures
Paul…
It has been about a year
since we last spoke and I have been busy completing my PhD and working on a
formal modeling approach to dealing with digital incidents, IT risk management,
etc. My current interest is the application of formal methods to
information assurance, IT risk management and cyber crime.
During that period your
SLIP/eC/cA approach has been a core concept of my work. The need for
controlled link analysis is key to understanding the behavior of a security
event within a bounded enterprise. I have credited you at every turn and
given pointers to your web site and, probably, over that course of time, have
earned a convert or two. I appreciate the work you have done and regret
that you had to curtail development (at least that was my understanding at the
time we last spoke) of the SLIP tools. I found much of your thinking
inspirational.
Now, I am embarking upon a
very interesting project – (private information) – that has a serious need for
your approach and tool set. There may be some grant money here from – (private
information), and I would like to discuss how we might collaborate on the use
and, perhaps, further development of your tool. I have been to your web
site and noted that your direction has changed a bit, but I certainly saw some
familiar screen shots indicating that you have not abandoned your earlier
approaches completely.
Might I ask that you catch me up on your work and,
perhaps, discuss where it fits into my current project (an investigative
support tool for very complex cyber investigations)?
Peter,
It was a pleasure to get a note
from you.
Nathan Einwechter and Dean Rich and I still talk about intrusion event structures, but we have never been in a position to compete with the Powers That Be in regards to allowing what would be a global and transformational solution to mapping digital events. In 2001 and 2002 I wrote many proposals on the use of SLIP cA/eC:
http://www.ontologystream.com/aSLIP/index1.htm
But the work never was rewarded by contracts or grants.
SLIP itself has found a home as a
visualization technology, visualizing the categories of co-occurrence over
observables in text. This has lead to
additional work that does apply to the general problems related to measurement
of observables that have a hidden nature such as concepts expressed in social
discourse.
I would love to spend some time
on cyber event mapping. We have a well qualified team who has spend the time
since 2001 slowly maturing in our understanding of the general problems of measurement
and interpretation.
Our intuitions about what might
be done quickly and long term are mature, as are yours.
No one in my part of the woods is trying to make a lot of money, and so for a small sum we could create a team that would bring forward what we have learned in the measurement of concepts in real time social discourse. My group is looking for very large funding levels supporting a community and a new type of information science, but the cyber event detection aspects has not been our focus. I hold the position that new binary XML aspects, CoreSystem, will soon make security issues simpler due to a 100% deep packet inspection over standard data regularity in context:
See Sandy Klausner’s abstract at:
http://www.mitre.org/news/events/xml4bin/agenda.html
My sense is that you are in a
position to manage the team and provide direction to a portion of my effort,
some of Dean's time and perhaps 100% of Nathan's effort.
The burn rate for such a project
might be between $8,000 - 12,000 per month. We should be able to deliver
some results within a few weeks, and then develop a deployable system within
three months.
Is this what you are thinking
might be possible? I have no interest in capturing intellectual property
and hording it in ways that destroys our community’s ability to function.
So by policy, we make every thing into a tutorial and make the IP public
domain. However, if there is a real shot at developing a business that
delivers this generation of tools into the marketplace, then the team is
willing to work with an enlightened business group.
As I read your note and wrote the
reply above, I keep thinking about the Conjecture on Stratification:
http://www.bcngroup.org/beadgames/graphs/fiftyfive.htm
The theory and implications of
this Conjecture are discussed in the thread:
http://www.ontologystream.com/beads/nationalDebate/fiftynine.htm
through
http://www.ontologystream.com/beads/nationalDebate/114.htm
I have lost the memory of the
name of a group that uses what is effectively the Conjecture as applied to
modeling the event structural patterns of a Unix operating system and cyber
attacks on it, "Cylant" is what I am recalling, but that
is not right. Anyway, the group has a deep approach that could have
been visualized
http://www.ontologystream.com/cA/tutorials/pre-CDKB.htm
by SLIP. I think I see in
your note a hint that you also understand that the measurement by SLIP can vary
and that optimal measurement can be fed into the visualization browser.
The detection of events in a
"space" that is an emergent "far from equilibrium" phenomenon,
depends on the reuse of a small set of patterns. Certainly the
world of hackers working to create chaos in the software markets is such a
space. In the same way as one finds in our theory of substructural
ontology for natural language (Readware Provenance (TM)
http://www.bcngroup.org/beadgames/InOrb/provenance.ppt
one will find substructural ontology for cyber events.
Our experience with attempting to market SLIP with the Conjecture on Stratification is that this notion of substructural ontology WILL NOT BE UNDERSTOOD by a class of PhDs who have developed some type of memetic immunology about the notion that physical space is where all things occur.
As we pursue a strategy of stating and re-stating the Conjecture and demonstrating evidence that that Conjecture can be taken seriously, we find individuals who damage the cause without understanding why they do this.
Over time, our core group has come to understand the “memetic” nature of opposition to the Conjecture on Stratification and have come closer to a real commercial product that builds substructural ontology while understanding simple things like the openness of a specific “stable” substructure to undergo reorganizations un-expectedly. The Process Compartment Hypothesis (Prueitt, 1995) is illustrated in mathematical models of the physical process underlying the instantiation of a substructural ontology as a “transient” phenomenon.
Polylogics, from www.pilesys.com, is one of the technologies that can be used to address metastable transitions between transience substructural ontology. Polylogic has a history that we need to bring forward in the K-12 curriculum proposals that a National Project would develop.
This means that the substructural ontology, unlike the periodic table of atoms, can undergo transformations. If one does not anticipate this fact, then the application of the Conjecture on Stratification to mapping cyber events, or event space in the social discourse, will fail to be useful.