JP2019511030A - Computer security by artificial intelligence - Google Patents

Abstract

The present invention relates to a system of computer security by artificial intelligence.
[Solution means]
Artificial intelligence-based computer security systems include critical infrastructure protection and return (CIPR) with cloud-based multi-layered information security (CTIS), secret machine learning (MACINT) and return with secret operations in cyberspace, zero by logical reasoning Universal with database deductive real-time defense (LIZARD), critical thinking memory and perception (CTMP), lexical objectivity search (LOM), linear quantum information transfer (LAQIT), base-connected coordinated attack integration node (BCHAIN) Complete BCHAIN connection.
[Selected figure] Figure 1

Description

This application claims the benefit of US Provisional Patent Application No. 62286 437, filed Jan. 24, 2016 entitled "Secret Machine Learning and Retaliation with Secret Operations in Cyberspace,""Deduction of Zero Database by Logical Reasoning US Provisional Patent Application No. 62294258, filed Feb. 11, 2016 entitled "Real-time Defense", entitled "Important Infrastructure Protection and Retaliation with Cloud and Layered Information Security (CTIS) (CIPR)", March 2016 US Provisional Patent Application No. 62307558 filed on Dec. 13, US Provisional Patent Application No. 62323657, filed Apr. 16, 2016, entitled "Critical Thinking Memory and Perception (CTMP)", "Linear Quantum Information Transfer (LAQIT)" Title ", US Provisional Patent Application No. 62236723, filed April 23, 2016, US Provisional Patent Application No. 62241310, filed May 25, 2016, entitled “Objective Discussion Machine (ODM)” U.S. Provisional Patent Application No. 62439409, filed December 27, 2016, entitled "Method and Apparatus for Managing Security in a Computer Network", entitled U.S. Provisional Patent Application, filed on May 4, 2015, entitled "LOM"; No. 15145800, and U.S. Provisional Patent Application No. 15264744, filed September 14, 2016, entitled "System of Persistent Charity", and which claims priority from US Provisional Patent Application Ser. As incorporated herein by reference.

  The present invention relates to a system of computer security by artificial intelligence. Subsystems include Critical Infrastructure Protection and Retaliation (CIPR) with Cloud-Based Multi-Layered Information Security (CTIS), Secret Machine Learning with Secret Operations in Cyberspace (MACINT) and Retaliation, Deductive Real-Time Zero Database Deduction with Logical Reasoning Defense (LIZARD), Critical Thinking Memory and Perception (CTMP), Lexical Objectivity Search (LOM), Linear Quantum Information Transfer (LAQIT), and Universal BCHAIN All-Connect (UBEC) with Base-Connected Cooperative Attack Integration Node System, including.

  Problems related to computer network security have often relied on human experts due to the complexity of the problem. The rapid expansion of computer and network capabilities has been exploited by hackers and other malicious entities, and in the end overwhelm traditional solutions that have been sought by human experts. Strategies using artificial intelligence are becoming solutions to overcome the limitations of this situation. However, this new solution requires an advanced model that is tailored to mimic human thought processes effectively and to be implemented on computer hardware.

  An artificial intelligence computer security system, the system comprising a memory for storing programmed instructions, a processor connected to the memory, executing the programmed instructions, and at least one database, the system being designated A computer implemented system that provides the described functionality.

The computer-implemented system is critical infrastructure protection and retaliation (CIPR / CTIS) with cloud and layered information security,
a) a trusted platform with a network of agents reporting hackers behavior, and b) a managed network and security service provider (MNSP) providing managed cryptographic security, connectivity and compliance solutions and services. Equipped
A virtual private network (VPN) connects the MNSP and the trusted platform, and the VPN provides a communication channel with the trusted platform, and the MNSP is configured to be able to analyze all the traffic of the enterprise network, The traffic is routed to the MNSP.

The MNSP is
a) A zero database deductive real-time defense (LIZARD) by logical reasoning, which derives goals and functions from foreign code and blocks the foreign code in response to the presence of malicious intent or lack of a justifiable motivation. , Deductive real-time defense of zero database by logical reasoning, analyzing the threat itself without referring to historical data up to that point,
b) A pseudo-security threat (AST), which provides a virtual security scenario to test the effectiveness of the security ruleset,
c) a creation module, which performs processing to intelligently create a new hybrid shape from the previous shape,
d) Collusion detection: identify information linkages, extract security related behavior patterns, provide periodic identity checks for multiple collusion security events, and determine patterns and relationships between seemingly unrelated security events Try to try, with collusion detection,
e) Security behavior, storing and indexing events and their security responses, said responses including block / permission decisions,
f) Iterative Intellectual Growth / Intelligent Evolution (I ² GE), using big data and malware signature recognition to emulate possible future malware changes by leveraging AST with the creativity module , Iterative intellectual growth / intellectual evolution,
g) Critical Thinking Memory Perception (CTMP), which criticizes the block / approval decisions and acts as a complementary layer of security, cross-reference information from I ² GE, LIZARD, and credit platforms With collection of critical thinking memory perceptions that make use of collections, the CTMP estimates the ability to construct objective decisions about a matter and refrains from asserting decisions made based on internal low confidence Provide critical thinking memory perception.

The LIZARD Light Client is configured to work with the devices of the enterprise network and securely communicates with the MNSP's LIZARD.

The Demilitarized Zone (DMZ) has a subnetwork with an HTTP server that is at a security disadvantage over regular computers, so that it does not expose the rest of the enterprise network to such security penalties. There is.

The I ² GE has an iterative evolution in which multiple evolutionary strains are developed and selected in parallel, and an iterated generation adapts to the same pseudo-security threat (AST) and a strain having the best personality trait After all, you will endure this security threat best.

The LIZARD is
a) A syntax module, which provides a framework for reading and writing computer code, and
b) a goal module, wherein the goal module derives a goal from code using the syntax module and outputs the goal to its own complex goal format;
c) virtual obfuscation, where corporate networks and databases are replicated in the virtual environment, sensitive data is replaced with simulated (fake) data, and the environment is dynamically changed in real time according to the behavior of the target, Virtual obfuscation, with the system as a whole containing more fake elements, or more real elements
d) signal mimics, which provide a shape of retaliation when analysis of virtual obfuscation is complete,
e) Internal consistency check, which checks that the integrity of all internal functions of the foreign code is correct, and
f) foreign code revision, using the syntax module and the goal module to combine the foreign code into a complex goal format;
g) Secret code detection, which detects codes secretly embedded in data and transmission packets;
h) Requirement map matching, comprising a hierarchical structure of mapped requirements and goals, which is referenced to determine whether the foreign code fits the overall purpose of the system,
For writing, the syntax module receives the complex-form target from the target module, writes code with arbitrary code syntax, the helper function translates the arbitrary code into actual executable code, and for reading The syntax module provides a syntactical interpretation of the code so that the target module can derive a functional goal of such code.
The signal mimicry is a false impression that malware has used the syntax module to decipher the syntax for communicating with the hacker, and then successfully hijacked such communication and sent confidential data to the hacker. The malware gives the malware the error code of the malware also sent by LIZARD, making this error code seem to come from the malware,
The foreign code revision builds a code set that uses the derived goals, so that only the desired goals read from the foreign code are executed in the enterprise and unintended execution of the function accesses the system It is guaranteed that there is nothing to do.

It shows how foreign code revision syntactically reproduces the foreign code to mitigate possible undetected malicious exploits, and the combined method compares and matches the declared goal with the derived goal. The goal module is used to manipulate the complex goal format, and using the derived goal, the requirements map matching maintains hierarchical structure and maintains the jurisdiction of all companies, Depending on the availability of jurisdiction-oriented request maps, the purpose of the code block is defined and justified, and the entered goals are incorporated into the recursive debugging process.

The recursive debugging loops through code segments to test for bugs, apply bug fixes, and if bugs still remain, the entire code segment is replaced with the original foreign code segment, The original code segment is then tagged to facilitate virtual obfuscation and behavioral analysis, and using the foreign code to revise the code, the target module and syntax module use the original state of the code. When it is necessary to interpret and install the original foreign code segment because there is a permanent bug in the revised version, the foreign code is referenced directly from the debugger, and in the revised code, the segment is tested by the virtual runtime environment , There is a coding bug The virtual runtime environment executes code segments, checks for the presence of runtime errors, and using coding bugs, errors that occur in the virtual runtime environment are defined in scope and type, consistent with purpose By de-compressing the code from the declared purpose using, the candidate for the solution to the coding bug is figured out, and the scope of the coding bug is an alternative format to avoid such bug. If it is rewritten in the form and the solution candidate is output and there is no other solution, the code revision for the code segment is lost and the original code segment coming directly from the foreign code is the final code Used in sets.

For operation of requirement map matching, LIZARD Cloud and LIZARD Lite refer to the hierarchical structure map of the jurisdiction department of the company, and whether the input target is claimed or derived through the target module Regardless, requirement map matching verifies the basis for code / function to execute inside the enterprise system, and the master copy of the hierarchical map is stored in the LIZARD cloud of MNSP, and refers to the master copy The demand index in demand map matching is calculated and the pre-optimized demand index is distributed to the clients of all accessible endpoints, the demand map matching being the most appropriate system-wide Request a request for request And the corresponding output is a composite target format representing the appropriate request.

The entire corporate LAN infrastructure is virtually restructured within the MNSP, and when the system performs behavioral analysis, the hacker is exposed to elements that are both in the real LAN infrastructure and in the virtual clone version LAN infrastructure. If the results of such analysis indicate a risk, the exposure of the hacker to the virtual clone infrastructure is increased to reduce the risk of the actual data and / or devices being compromised.

To generate a new version / variants of malware root signatures, the malware root signatures given to AST, polymorphic variants of malware is output from the I ² GE, is transferred to the malware detection.

The malware detection is located at all three levels of computer configuration provided with user space, kernel space and firmware / hardware space, all of which are monitored by the LIZARD light agent.

The computer-implemented system is Secret Machine Learning (MACINT) and Retaliation by Secret Operations in Cyberspace,
a) Intellectual Information and Configuration Management (I ² CM), which provides management, viewing, and control of intelligent information;
b) a management console (MC), further comprising a management console providing input and output channels to the user;
The I ² CM is
i) aggregation, using generic level criteria to block unnecessary and redundant information, merge and tag information streams from multiple platforms, aggregation,
ii) setting and introduction service, which is an interface for introducing a new enterprise property (computer, laptop computer, mobile phone) with correct security setting and communication setting,
iii) Division by jurisdiction, where the collection of tagged information is divided exclusively according to the corresponding jurisdiction to the user of the management console;
iv) Threat division, which organizes information according to individual threats,
v) Automated control, comprising automated control to access the MNSP cloud, trusted platform, or additional third party services.

In the MNSP cloud, behavior analysis observes the state of the malware and the activities performed while in the simulated data environment, and when the malware is trying to transmit fake data to the hacker, the signal sent is: Fake hackers are routed to receive, the hacker interface receives the code structure of the malware, reverse-engineers the internal structure of the malware, outputs the hacker interface, fake hackers and fake malware virtual environment A fake hacker emulated in and virtual sends a response signal to the real malware to observe the next behavior pattern of the malware, and the hacker behavior of the real malware / False response code unrelated to status is given.

Exploit scans identify the capabilities and nature of criminal assets, and the resulting scan results are managed by the exploit, which is transmitted by the credit platform via a retaliatory exploit database that infiltrates the targeted crime system. The retaliatory exploit database contains the backdoors installed and the means for exploiting criminal activity provided by the hardware vendor as a known vulnerability, and the integrated forensic forensic evidence database is Contains forensic evidence collected from numerous sources across

Dual spy from crime system captures files of corporate network, firewall generates logs, logs are transferred to log aggregation, log aggregation is directed to long-term / deep scan and real-time / surface scan, data To separate by category.

The deep scan contributes and works with big data utilizing collusion detection sub-algorithm and foreign entity management sub-algorithm, standard logs from security checkpoints are aggregated, selected by log aggregation low restriction filter, and events Index + tracking stores detailed information of events, anomaly detection determines possible risk events by using event index and security behavior based on the intermediate data provided by the deep scan module, foreign entities Management and collusion detection is concerned with the analysis of events.

The trust platform searches for an arbitrary computer, and determines whether the arbitrary computer or its related / nearby server (server to which the arbitrary computer connects) is a double or triple spy installed in the past for the trust platform. Check and Agent Search Check is performed on a trusted double spy index + tracking cloud and a trusted triple spy index + tracking cloud, and a trusted double spy on the optional computer through its trusted channel The exploit is pushed, the exploit tries to find the confidential file, quarantines the confidential file, sends the exact status of the confidential file back to the trust platform, and then the confidential file is said crime compilation Safely when you try to erase from over data.

An ISP API request is made via a trusted platform, and network supervision finds network logs on the optional system and the possibility that the file has been transferred to the crime computer, and uses metadata to send the file to which computer It is determined with a high degree of certainty that the network supervisor discovers the details of the crime computer network, sends such information to the credit platform by another route, and uses the credit platform It demonstrates a method of exploiting installed backdoors that can execute security APIs provided by software vendors and hardware vendors and support judicial investigations.

The trusted platform performs a software or firmware update on the crime computer to install a new backdoor and push a placebo update to nearby similar devices to protect the covert and target Identity details are sent to the credit platform, the credit platform communicates with the software / firmware maintainer 287, pushes placebo and backdoor updates to the appropriate computer, and the backdoor updates the criminal computer Introduced a new backdoor to the crime computer system by using the software update system already If you transfer the quidor to the target, in addition to a computer that has even above average exposure to the target, and deploy the exploit through backdoor updates, confidential files can be analyzed for their metadata usage history later Quarantined, copied and captured forensic data are collected and sent to the exploit contacts on the credit platform.

In order to monitor the crime system for any and all changes / updates, a long-term priority flag is pushed to the credit platform, the enterprise system submits the target to the warrant module, which scans all the inputs of the line system Search for any relevance of the defined target, and if there is a match, the information is passed to the enterprise system, and the enterprise system defines the warrant and tries to infiltrate the target, said input Are transferred to the desired analysis module, which synchronizes mutually useful security information

The computer implemented system is a zero database deductive real-time defense (LIZARD) by logical reasoning,
a) Static core (SC), which comprises mainly immutable program modules,
b) Iteration module to modify, create, and dispose of modules on the dynamic shell, use AST for security performance reference, and use the iteration core to handle the automatic code description methodology To the iteration module,
c) A difference change algorithm, which changes the base version according to the defects found by the AST, and after the difference logic is applied, a new version is presented, and immediately thereafter, the iteration core is recursively called, ART Go through the same process that was tested by the delta change algorithm,
d) A logical subtraction algorithm, which receives a known security response of the dynamic shell version from a pseudo security threat (AST), the LDA also determines which code set configuration achieves the known correct response, security scenario Logical subtraction algorithm to infer according to
e) a dynamic shell (DS), which mainly comprises a dynamic program module automatically programmed by the iteration module (IM),
f) Code quarantine, which isolates foreign code in a restricted virtual environment,
g) Secret code detection, which detects codes secretly embedded in data and transmission packets;
h) Foreign code revision, further comprising a foreign code revision that revises a part or all of the code and allows only the revision to be executed after the goal of the foreign code is derived;
All corporate devices are routed to LIZARD, and all software and firmware that runs corporate devices are hard-coded to perform any kind of download / upload like LIZARD as a persistent proxy, LIZARD Interacting with three types of data, including data in motion, data in motion, and data in use, LIZARD interacts with data media, including files, email, web, mobile, cloud and removable media Do.

The system
a) AST overflow relay, where the data is relayed to the AST for future version improvement when the system is only able to judge low confidence, which is AST overflow relay;
b) an internal consistency check, which checks whether all internal functions of the block of foreign code fit together;
c) In the mirror test, make sure that the input / output relationship of the revised version is the same as that of the original code, so that any hidden exploits present in the original code will not be used Never run again, with mirror test,
d) requirements map matching, which comprises a hierarchical structure of mapped requirements and goals, and which is referenced to determine whether the foreign code fits the overall purpose of the system;
e) an actual data synchronization unit, which is an actual data synchronization unit, selects which priority is given to the data to be given to the mixed environment, thereby making it impossible to access confidential information to suspected malware;
f) a data manager, which is an intermediary interface between entities and data coming from outside the virtual environment,
g) virtual obfuscation, which is a gradual and partial sinking into a virtualized fake environment, which clutters and restricts code, virtual obfuscation,
h) A secret transport module, which secretly transfers malware to a simulated data environment without informing the malware, and
i) Data recall tracking, further comprising data recall tracking, which tracks all information that is uploaded to or downloaded to the suspicious entity.

The system is a goal comparison module, which compares four different types of objectives and understands the presence and behavior of that entity by LIZARD in providing good results for the overall objectives of the system It further comprises a goal comparison module, which guarantees that it is done.

The iteration module uses the SC to syntactically change the code base of the DS according to the defined goals from the Data Relaying Relay (DRR), the modified version LIZARD being a number by the AST In parallel, under different stress scenarios under different security scenarios.

Inside the SC, the logical derivation logically derives the required functionality from the earlier simpler functionality, whereby the entire tree of functional dependencies is built from the declared composite goals,
The code translation converts any general-purpose code that can be read directly by the syntactic module function into an arbitrarily chosen known computer language, and also performs a back translation from the known computer language to any code.
Logic reduction organizes the logic described in the code into simpler shapes and generates a map of interconnected functions,
The complex goal format represents a storage format for storing interrelated lower goals representing the entire goal,
The relevance of the goal is a hard-coated reference to find out which types of goals and functions of the behavior are pointing to,
Iterative extensions refer to the relevance of goals, add detail and complexity, and evolve simple goals into compound goals,
Iterative interpretation loops through interconnected functions and generates interpreted goals by referring to the relevance of the goals,
Together, the outer core is formed by a syntactic module and a goal module that derives logical goals from unknown foreign code and generates executable code from the goals of the declared function code by collaborating,
The foreign code is a code unknown to LIZARD, its function and intended goal are unknown, the foreign code is an input to the inner core, the derived goal is an output, and the derived goal Is the intent of any code as estimated by the goal module, and the derived goal is returned in a complex goal format.

The IM uses the AST for security performance reference, uses an iteration core to handle the automatic code description methodology, and the DRR requires LIZARD to make decisions with unreasonably low confidence If not, data on malicious attacks and addicts is relayed to the AST, and inside the iteration core, a Differential Modification Algorithm (DMA) from the inner core provides guidance on syntactic / purpose programming capabilities and system goals. Receive and use the code set to change the base version according to the defects found by the ART, and defects in security test results pass the base version while running the virtual execution environment Be presented visually to indicate a security threat

Inside the DMA, the current state represents the dynamic shell code set with symbolically correlated figures, sizes, and locations, and the various configurations of these figures provide security information collection and security. Fig. 6 shows different configurations of responses, the AST providing possible responses of the current state, which may be false or correct responses;
Attack vectors act as symbolic demonstrations of cybersecurity threats, and direction, size, and color are all related to hypothetical security properties, such as attack vectors, malware size, and malware types. The attack vector symbolically collides with the code set to represent the security response of the code set,
The correct state represents the final result of the DMA process that produces the desired security response from the dynamic shell code block, the difference between the current state and the correct state result is the difference between the responses of the various attack vectors. Return to
The AST provides known security flaws in addition to the correct security response, and the logic inference algorithm uses the past version of the DS to provide excellent and well-equipped, called the correct security response program. Create a dynamic shell version.

Within virtual obfuscation, questionable code is secretly assigned to an environment where half of the data is intelligently mixed with simulated data, virtually any target running in a real system Isolation allows for easy and confidential transfer to a partial simulated data environment or a fully simulated data environment, and the simulated data generator comes and uses the real data synchronizer as a template for creating counterfeit and useless data The perception of risk confidence in the perception of the foreign code affects the level of obfuscation chosen by LIZARD, and if there is a high degree of certainty that the code is malicious, an environment containing a large amount of simulated data is assigned, If the confidence in the code is malicious is low, either the real system or the 100% simulated data environment will The temple.

Data recall tracking keeps track of all information uploaded from and downloaded to suspicious entities, and when simulated data is sent to a legitimate enterprise entity, callbacks are run that recall all simulated data Data is sent instead, and callback triggers are implemented to withhold operations on specific information until a legitimate enterprise entity is verified that the data is not false.

Behavioral analysis tracks the download and upload behavior of suspicious entities to determine corrective action candidates, and the real system contains real data from the original, completely outside the virtual environment, and simulated data The actual data replacing is the place where the actual data is provided for data recall tracking without filtering. This allows real data patches to be created to replace the simulated data with real data on previous suspicious entities, and a data manager submerged in a virtually isolated environment may When the actual data patch is received and the harmless code is determined to be malicious by behavior analysis, a corrective action is performed to indicate the actual data that it represents the simulated data of the previous suspicious entity The secret token is a security string that is generated and assigned by LIZARD and prevents the entity from doing its job to the entity that is truly harmless, and if no token is found, this is the risk that it is malware For this evaluation, this legitimate entity Show a scenario that is likely to be deployed in a partially simulated data environment, and then a delayed session with the delayed interface is launched, and if a token is found, that the server environment is genuine And thus the delayed session is invalidated.

Within the behavior analysis, the goal map is a hierarchical structure of the goals of the system that give goals throughout the enterprise system, and the declared goals, goals of the activity, and goals of the code base are those that the suspicious entity is doing. Whatever is compared to the original system requirements, activity monitoring monitors the storage, CPU processing, and network activity of the suspect entity, and the syntax module interprets such activity for the desired function, Such functionality is then translated into the intended goal in behavior by the goal module, the code base is the source code / programming structure of the suspect entity, transferred to the syntax module, and the syntax module Understand the syntax of the coding, and Reduce the activities of the target to an intermediate function linkage map, the goal module generates an output of the perceived intentions of the suspect entity, a code base goal, and a goal of the activity, the code base goal being a LIZARD Contains the said known goals, functions, jurisdictions and authorities of the entity, drawn by the syntactic programming ability of the program, and the goals of said activities are interpreted by the understanding of LIZARD storage, processing and network activities In addition, the known goals, functions, jurisdictions and authorities of the entity are included, and the declared goals are assumed purposes, functions, jurisdictions and authorities of the entity declared by the entity itself. , Said required goal is the period required by the enterprise system Target objectives, functions, jurisdiction scope and authority, and all goals are compared in the comparison module, and if there is a discrepancy between the goals, a goal divergence scenario is invoked leading to corrective action .

The computer implemented system is critical thinking memory and perception (CTMP), and the system further comprises:
a) Critical Rule Scope Extender (CRSE), a Critical Rule Scope Extender, which receives a known Perception scope and extends the Perception's known scope to include the Perception's Critical Thinking scope.
b) Valid rules, indicating valid rules derived by using the perceptive critical thinking scope;
c) Rule execution (RE), the rule being checked as present and satisfiable by scanning the random field to generate the corresponding desired critical thinking decisions Do, rule execution,
d) Critical decision output, which is the critical decision output that generates the final logic to determine the entire output of the CTMP by comparing the conclusions reached by both the Perception Viewer Emulator (POE) and the rule execution And further,
The POE generates an emulation of the observer and tests / compares all possible perception points using such various observer emulations,
The RE comprises a checkered plane, used to track the transformation of rulesets, and the objects on the plane represent the complexity of any security situation, while the "checkerboard of security" The movement of such objects over time indicates the evolution of the security context managed by the response of the security ruleset.

The system further comprises
a) Subjective opinion determination, which is a decision given by a selection pattern matching algorithm (SPMA),
b) input system metadata, including input metadata, provided by SPMA and describing the mechanical processes of the algorithm and the circumstances leading to such a determination;
c) event processing, which logically understands assertions by comparing property attributes; event processing;
d) rule processing, wherein the derived result rule is used as a reference point for determining the scope of the immediate problem;
e) Memory web, which scans the log for satisfiable rules;
f) Raw Perception Generation, receiving metadata logs from SPMA, such logs are parsed, and a Perception representing the Perception of such an algorithm is formed, said Perception being in Composite Perception Format (PCF) Raw Perception, stored and emulated by the POE, shows the perspective of the perception that has already been applied and used by SPMA.
g) Take advantage of the creation module that generates hybrid perception, which is an automated perception discovery mechanism (APDM), formed according to the input given by the perspective of applied perception, thereby extending the scope of said perception Automated perception detection mechanism, and
h) Estimate the scope and type of knowledge that may be unknown, which is self-critical knowledge density (SCKD) and beyond the limit of the reportable log, and this leads to critical thinking of the resulting CTMP Attributes allow to exploit all possible scopes of knowledge involved, and critical thinking, representing the outer scope of rule-based thinking, with self-critical knowledge density,
i) further comprising a semantic derivation, which derives the data of the perspective of the perception, which is a semantic derivation (ID), which can be semanticized from the perspective of the currently applied perception;
The SPMA is juxtaposed with the critical thinking performed by the CTMP via perceptions and rules.

The system further comprises
a) Resource Management and Allocation (RMA), where the adjustable policy defines the number of perceptions to be exploited to perform observer emulation, and the chosen perception of priority is selected in descending order of weight Resource management and allocation, which defines how to select truncation, whether the policy is a percentage, fixed value or more complex selection algorithm.
b) Storage retrieval (SS), using the CVF from the data extension log as a decision criterion in Perception Storage (PS) database retrieval, where in PS the perceptions and their corresponding weights are Storage search, stored with comparable variable format (CVF) as index;
c) metric processing, wherein reverse engineering is performed on variable assignment from the SPMA;
d) Perception inference (PD), wherein a perceptive inference (PD) is performed using the responses of the assignment and the corresponding system metadata to reproduce the original perception of the responses of the assignment;
e) A metadata categorization module (MCM), wherein debugging and algorithm tracking are divided into separate categories by syntax-based information categorization, said categories being correlated with risk and opportunity Metadata categorization module, which is used to organize and generate
f) metric combining, which divides the perspective of perception into categories of metrics;
g) metric transformation, which returns individual metrics to the entire perspective of the perception;
h) Metric extensions (ME), which store metrics of many different perceptual viewpoints in individual databases by category, metric extensions,
i) A comparable variable format generator (CVFG), which converts the information stream to a comparable variable format (CVF).

The system further comprises
a) Perception matching, in which CVFs are formed from perceptions received from rule syntax derivation (RSD), and newly created CVFs have a similar index in the PS, in order to search for corresponding perceptions Perceptual matching, which is used for matching and matching candidates are returned to rule syntax generation (RSG)
b) Memory recognition (MR), in which random fields are formed from the input data;
c) Indexing of memory concepts, all concepts being individually optimized to an index, said index being used by the character scanner to work with random fields, memory concept indexing, and
d) A Rule Fulfillment Parser (RFP), which receives the individual parts of the rule with a tag of recognition, each part being marked as found or not found in the random field by memory recognition, A rule satisfaction degree parser that logically infers the whole rule, that is, the synthesis of all the parts of the rule is sufficiently recognized in the random field to be worth the RE.
e) Rule Grammar Format Splitting (RSFS), where the rules are split and grouped by type, so that all actions, properties, conditions and objects are bundled separately ,
f) Rule syntax derivation, where logical "white or black" rules are converted to metric-based perception, whereby a complex array of many rules is represented by many metrics of various gradients Rule syntax derivation, which is transformed into a single, uniform perception
g) Rule Syntax Generation (RSG), receiving previously identified perceptions stored in the perception format, and engaging in the internal metric organization of perceptions, such gradient-based metric measurements The rule syntax generation, which is converted into a binary and logical rule set, enumerating the flow of information input / output of the original perception
h) Rule Grammar Format Partitioning (RSFS), where the valid rules represent the exact manifestation of the ruleset according to the reality of the object being observed, the valid rules are split and grouped by type, so all Rules, rules, properties, and objects are bundled separately, which allows the system to determine which parts are found in the random field and which parts are not found Format division,
i) Intrinsic logical reasoning, using logical principles and thus avoiding errors, deducing what kind of rule accurately represents the gradient of the metric within the scope of perception, intrinsically Logical reasoning,
j) Metric context analysis, which analyzes interrelationships within the perceptibility of metrics, and some metrics may depend on other metrics in various magnitude relationships, and this contextualization is a "digital" rule set Metric context analysis, used to complement the mirrored interrelationships of rules within the formalism;
k) Rule-syntax formal conversion (RSFC), and in accordance with the syntax of the rule syntactic form (RSF), rearrange, divide, and intuitively decide rules, engage in critical thinking through leveraging perception, thinking Decisions are involved in critical thinking through the use of rules, perceptions are data received from intuitive decisions according to the formal syntax defined in the internal form, satisfaction rules are data received from thought decisions , And is a set of satisfiable rule sets from the RE, further comprising a rule syntax form conversion, wherein the data is passed according to the form syntax defined in the internal form,
An action indicates an action that may or may not be performed, is considered for activation, and a property indicates an attribute such as some property that describes something else Being a treatment, a condition, or an object, the condition indicates a logical operation or an operator, the object indicates a target that can have an attribute applied to it,
The split rule format is used as output from rule grammar format split (RSFS), which is considered as a pre-memory recognition stage, and as output from memory recognition (MR), which is considered as a post-memory recognition stage used.

The system further comprises
a) Random Field Parsing (CFP), which combines multiple log formats into a single scanable random field;
b) an additional rule, further comprising an additional rule generated from memory recognition (MR) to supplement said valid rule,
Within Perception Matching (PM), metric statistics provide statistical information from perceptual storage, and error management parses syntax errors and / or logical errors arising from any of the individual metrics, and individual metrics The node comparison algorithm (NCA) receives the node configuration of two or more CVFs, and each node of the CVF is a property, since it separates the individual metrics into a single unit that was input perception. The similarity comparison is performed for each node, the overall variance is calculated, and when the numerical value of the variance is small, it indicates that the degree of coincidence is high.

The system of claims is
a) Raw Perception-Intuitive Thinking (Analog), which processes Perception according to the "Analog" format, and the Perception in Analog format related to said determination is stored in a smooth curve gradient without steps And the raw perception,
b) Raw rules-logical thinking (digital), which processes rules according to the "digital" form, and the raw form raw rules in the digital form pertaining to said decision have no or nearly no "fuzzy areas" Further comprising the unprocessed rules-logical thinking, stored step by step,
Unsatisfied rules are rule sets that are not well recognized in random fields according to their logical dependencies, and fulfillment rules are fully available in random fields according to their logical dependencies. A rule set that is recognized as
Queue management (QM) utilizes syntactic relationship reconstruction (SRR) to analyze individual parts in the most logical order and to access the results of memory recognition (MR), thereby: It can answer binary yes / no-flow questions and take appropriate action, QM checks all rule segments in a step-by-step fashion, single segments missing from random fields, other segments and so on If not in an appropriate relationship, the rule set is flagged as unsatisfied.

Sequential memory organization is an optimized information storage for "chains" of ordered information, in memory access points the width of each of the nodes (blocks) is the stored object (nodes) Represents the observer's direct reachability, and in the reachability range, each character represents the point of direct memory access to the observer, and the wider reachability range is more reachable per sequence node The longer the sequence is that points are present and are only referenced "in order" and not referenced from randomly selected nodes, the narrower the reachability range (compared to the sequence size) and the nested sub-sequence layer In a sequence that exhibits strong non-uniformity, it is composed of a series of interconnected shorter subsequences That.

Non-sequential memory organization deals with information storage of non-sequential related items, showing that reversibility shows non-sequential arrangement and uniform scope, non-sequential relation is relatively wide access point per node A similar uniformity exists when the order of the nodes is shuffled, and in the core topic and association, the same set of nodes is repeated except for different kernels (central objects), This core represents the main topic, which acts as a memory neighbor more easily accessible to the remaining nodes, as opposed to when the core topic is not defined.

Memory recognition (MR) scans random fields to recognize known concepts, and random fields are "fields" of a concept that is arbitrarily lurking in the "white noise" information, and memory concept retention is Store the recognizable concept, ready to be indexed and referenced for field inspection, scan the random field, and check the 3-character segment corresponding to the target The five-character scanner scans the random fields and checks against the five-character segment that corresponds to the target, but now the segments checked by all the progress across the field are whole words, and the random fields are , Divided to scan at different rates As the scope of the scan narrows, the accuracy improves, and as the scanner's field area increases, larger character scanners perform recognition at the expense of accuracy, making them more efficient and indexing memory concepts (MCI) switches the size of the scanner in response to the remaining unprocessed memory concept, MCI 500 starts with the largest of the available scanners and gradually decreases, thereby more Many computing resources are discovered, and the possibility of smaller memory concept targets can be checked.

Field Interpretation Logic (FIL) performs logistics to manage multiple scanners of varying character width, general purpose scope scanning starts logic from large character scanning, field at the expense of accuracy on a small scale Scrutinizing large scopes with less resources, detailed scope scans are used when critical areas are identified and need to be “zoomed in” there, thereby providing redundant, non-productive locations High cost, high precision scanning is guaranteed not to be used, and receiving additional recognition of the memory concept in random fields indicates that the field scope includes a high density saturated memory concept.

In the Automated Perception Discovery Mechanism (APDM), perception perspectives are made up of multiple metrics, including scope, type, strength and consistency, which are metrics of the multiple perceptions that make up the overall perception. The aspect is defined, the creation module generates complex variations of perception, and the perception weights define how much the perception has relative impact while being emulated by the POE. The weights of both input perceptions are considered while defining the weights of the newly iterated perception, including hybrid metrics that were affected from previous generations of perception.

The input of the CVFG is a data batch, an arbitrary collection of data representing the data that must be represented by the node configuration of the generated CVF, and sequential each of the individual units defined by the data batch The data units used are converted to the node format and have the same configuration information as referenced by the final CVF, and the nodes converted in this way check their presence at the stage, Holdouts are temporarily stored, if they are not found, they are created, updated with statistical information including generation and use, all nodes with holdouts are assembled, pushed as CVF, as module output Be done.

The node comparison algorithm compares two node configurations read from an unprocessed CVF, and in partial match mode (PMM), there is an active node in one CVF and it is not found as a comparison candidate (node is in hibernation) In this case, the comparison is not penalized, and in all match mode (WMM), there is an active node in one CVF and it is not found in the comparison candidate (the node is dormant) , This comparison is penalized.

System Metadata Partitioning (SMS) divides input system metadata into meaningful security causalities and uses pre-sorted containers and raw analysis results from the categorization module with subject scanning / absorption The subject / suspiciousness of the security situation is extracted from the system metadata, the subject is used as the main reference point for deriving the security response / variable relationship, and the risk factor of the security situation by the risk scan / absorption, Extracted from system metadata using pre-created classification containers and raw analysis results from classification modules, risks being targets that are presenting or being exposed to such risks Relevant to the subject, categorized by response scan / absorb Using the pre-created classification container from the module and the raw analysis results, from the system metadata, the security situation response generated by the input algorithm is extracted, and this response is worthy of such response Associated with the security target being

In MCM, format division separates and classifies metadata according to recognized format rules and syntax, and local formatting rules and syntax allow MCM modules to recognize pre-formatted metadata streams Debug tracking is a trace of coding levels that provides the variables / functions / methods / classes used and the type / content of the respective input and output variables, and the algorithm tracking is combined with the algorithm analysis results Software level trace that provides security data, and the resulting security decisions (permit / block) are the path to how that decision (justification) was reached, and for each element to make its security decisions Appropriate contributed It is provided along with the weight.

In metric processing (MP), security response X represents a series of factors that contribute to the resulting security response chosen by SPMA, initial weights are determined by SPMA, and Perception Inference (PD) is one of the security responses. And the corresponding system metadata to reproduce the original perception of the security response, and the interpretation of the perception of the multidimensional series, the PD adopts the SPMA security response, and the corresponding input system meta Relating to data, it shows that SPMA regenerates the full scope of the intellectual "digital perception" as originally used, and the fill figure, the piled amount, and the multidimensional type are intelligent algorithm Digital parlor that captures the It is an interception.

In the PD, the security response X is transferred as input to the calculation of rationale / reasoning, and by using the rationale / reasoning calculation, the supply of intent of the input / output reduction (IOR) module, the security response of SPMA is Determining justification, the IOR module uses split inputs and outputs of various function calls listed in metadata, and the metadata split is performed by the MCM.

For POE, the input system metadata is the initial input used to generate the perception with CVF by Raw Perception Generation (RP2), and with Storage Search (SS) the CVF (derived from the data extension log) Comparable Variable Format) is used as a criterion in Perception Storage (PS) database search, in classification, perception is ordered according to final weight, data expansion log is applied to perception, block / permit Recommendations, and the SCKD tags the log to define the expected upper scope of unknown knowledge, and the data parse determines the original permissions or blocks determined by the original SPMA. Data to output Make a basic interpretation of Zhang log and input system metadata, CTMP criticize decisions according to perception in the POE and criticize decisions according to logically defined rules in rule execution (RE) .

For metric complexity, the outer boundary of the circle represents the peak of known knowledge about an individual metric and, towards the outer edge of the circle, the metric complexity is greater, while the center is the metric complexity The light gray in the middle represents the metric composition of the current set of applied perception perspectives, the dark gray in the outer represents the complexity of the metrics generally stored by the system. The goal of the ID is to increase the complexity of the associated metric so that the perception perspective can be multiplied by the complexity, and the dark gray surface area is the current cluster of applied Represents the full range of perception perspectives and the amount of scope left behind according to known upper bounds, extended and highly complex Then, the metric is returned as the complexity of the metric, the complexity of the metric is passed as the input of the metric transformation, and the metric transformation returns from the individual perception point of view to the whole perception point, whereby the final output is Constructed as a semantic perception perspective.

For SCKD, Known Data Categorization (KDC) divides known information categorically from input so that appropriate DB analogy queries can be performed, divides information into categories, and said divided The categories individually provide input to CVFG, which outputs category information in CVF format, which is used to check the similarity in known data scope DB by storage search (SS), SS results According to the corresponding scope of known data is tagged to each category and the tagged scope of unknown information per category is reconstructed in the unknown data combiner (UDC) into the same stream of original input .

The computer implemented system is a lexical objectivity search (LOM), and the system further comprises:
a) Initial Query Inference (IQR), in which the question is forwarded and processed in order to decipher the missing detailed information that is necessary in understanding and answering / answering the question using the Knowledge Holding Center (CKR) Transferred for initial query inference, and
b) Survey clarification (SC), wherein the question and supplemental question data are transferred, receiving input from a human subject, sending output to a human subject, and clarifying the question / statement Clarification of investigation, forming
c) Constructing an assertion (AC), constructing an assertion, receiving a proposition in the form of an assertion or question, and providing an output of a concept related to the proposition;
d) Presentation of the answer, which is an interface for presenting the conclusion drawn by the AC to both human subjects and rational appeals (RA);
e) Hierarchical mapping (HM), which maps the relevant concepts, finds support or conflicts in the consistency of questions / expressions, and takes advantage of the risks and risks of taking a certain position on the topic Calculate, hierarchical mapping,
f) a knowledge retention center (CKR), which is the main database for referencing knowledge for LOM;
g) Knowledge verification (KV), knowledge verification that needs to be logically divided for querying and absorption into CKR, receiving high confidence and pre-criticized knowledge, and
h) Acceptance of the response, an option given to human subjects that either accepts the LOM response or appeals with criticism, and if the response is accepted, it is processed by the KV Can be stored in CKR as confirmed (high confidence) knowledge and forwarded to the RA to check and criticize the reason for the appeal given by a human subject if it does not accept a response , Acceptance of response,
i) A managed artificial intelligence service provider (MAISP), running the LOM's Internet cloud instance with the CKR master instance, LOM front-end services, back-end services, third party application dependencies, information Further comprising a source and a managed artificial intelligence service provider connecting to the cloud of MNSP.

Front-end services include artificial intelligence personal assistants, communications applications and protocols, home automation, and medical applications, while back-end services include online shopping, online transportation, prescription ordering, front-end services and back-end services Interacts with the LOM through a documented API infrastructure that enables information transfer and protocol standardization, and the LOM communicates knowledge from external sources through an automated search mechanism (ARM) Take out.

Linguistic construction (LC) interprets raw query / expression input from human subjects and similar modules, generates logical divisions of language syntax, and concept discovery (CD) Receive points of interest in a structured question / statement, derive relevant concepts by leveraging CKR, and prioritize concepts (CP) receive relevant concepts, identify them with specificity and generality Organizing into logical layers of representation, response partitioning logic (RSL) understands human responses by leveraging LCs and associates appropriate and valid responses with the initial clarification request, thereby Achieving the goals of the SC, the LC will be re-utilized in the output phase, modify the original questions / expressions to include additional information received by the SC, and Text construction (CC) provides the CTMP raw facts for critical thinking, using assertion construction (AC) metadata and evidence from human subjects, to compare decisions (DC 2.) Determine the overlap between pre-criticized decisions and post-criticized decisions, and concept compatibility detection (CCD) compares conceptual derivations from the original question / statement Check the result of logical compatibility, Profit / Risk Calculation (BRC) receives the result of compatibility from CCD, and makes uniform decisions covering the slope of variables implicitly included in the concept configuration Weighted benefits and risks to form a concept linkage (CI), attributes associated with the concept of AC, information collected from human subjects via survey clarification (SC) Assigned to the part.

Inside the IQR, the LC receives the original question / statement, the questions / statements are linguistically separated, and the IQR leverages the CKR to process individual phrases at a time and reference the CKR In this way, IQR considers possible choices of options while taking into account word / phrase ambiguity.

The Study Clarification (SC) receives input from the IQR 802, which is a series of human subjects to respond for an objective response to the original question / expression to be achieved. Any clarifications made to the clarifications, including the clarifications requested, are forwarded to the response split logic (RSL), correlating the correspondence and clarification request, and the clarifications requested. In parallel, a linguistic linkage of clarification is provided to the LC, which includes the internal relation between the requested clarification and the language structure, which internal relation makes the RSL the original question. The assertion can be modified, whereby the LC outputs the clarified question.

On the construction of the statement that received the clarified question / statement, the LC breaks this problem into points of interest and passes it on to the concept discovery, the CD derives the related concept by exploiting the CKR, Concept prioritization (CP) organizes concepts into logical layers, with the top layer being assigned the most general concept, and the lower layers being more specific. The upper layer is transferred to the hierarchical mapping (HM) as an input of the module, and in parallel transfer of information, the HM receives a point of interest, which is processed by its dependent module, the concept coordination (CI) , CI attributes to such points of interest by accessing information indexed by CKR Against Ri, the HM is completed the internal process, its final output is compatible derived concepts tested, after returning benefit / risk of a position is weighted, it returned to the AC.

About HM, CI provides input to the CCD, which identifies compatibility / contention levels between the two concepts, and such compatibility / contention data takes a holistic and unified position on the issue Said that compatibility and competition are converted to benefits and risks, transferred to BRC, such positions are transferred to AC as output of modules along with risk / benefit factors, systems including loops of information flow , Represents a gradually constructed objective response, in which the tendency of intelligence is gradually complemented as the subjective nature of the question / expression, and the CI receives points of interest and redefines the prioritized concept Interpret each point of interest according to the upper layer.

For RA, the core logic processes the language text and returns a result, and if the result is high confidence, the result is passed to knowledge verification (KV) for proper absorption into CKR and the result is low In the case of confidence, the results are passed to AC, passed to Knowledge Verification (KV) for proper absorption, continue the self-criticizing cycle, and the core logic is a pre-criticized decision without language elements Receive input from the LC, the decision is forwarded to the CTMP as a subjective opinion, and the decision also uses the metadata from the AC and the prospective evidence from the human subject to make the raw facts Such information will reach the "objective opinion" when it is transferred to context building (CC), which gives CTMP as the "objective fact" to input, and CTMP receives two mandatory inputs. It is processed to output the best attempt, the opinion is treated as a post-critic decision in RA, and both the pre-critic and post-critic decisions are between the two decisions. The decision to compare the scope of duplication is forwarded to the Decision Comparison (DC), which in turn is contrasted to explain why the appeal is found to be true or this appeal is invalid. Regardless of whether it is improved or admits or improves the scenario, the high confidence result 846 is passed to the KV and the low confidence result is passed to the AC 808 for further analysis.

For CKR, units of information are stored in the Unit Knowledge Format (UKF), and Rule Syntax Format (RSF) is a set of syntactic standards for keeping track of reference rules, and for multiple rules in RSF The unit can be used to describe a single purpose or action, the source attribute is a collection of complex data tracking the requested source, and the UKF cluster is information divided by jurisdiction Is composed of a chain of variants of the UKF linked to define, UKF2 contains the main targeted information and UKF1 contains the time stamp information, so infinite regression Because the timestamp field itself is omitted to avoid the UKF3 contains source attribute information, the source to avoid infinite regression Field itself is omitted, at least one UKF1 with one UKF3 must have been attached to all UKF2. Otherwise, the clusters (sequences) are considered incomplete and the information present there can not be processed by the general logic of the entire LOM system, but linked between the central UKF2 and the corresponding UKF1 and UKF3 There is a UKF2 unit that acts as a bridge, and a series of UKF clusters are processed by KCA to form derived representations, and knowledge-based analysis (KCA) relates to the UKF's clustered information on stances with an opinion. After KCA's processing is complete, CKR can output a dogmatic position, which concludes the topic, in order to support the evidence.

For ARM, as represented by the user activity, when the user interacts with the LOM, the concept is brought about directly or indirectly in relation to the answer / response to the question / expression and the user activity is requested As shown in the list of not yet available concepts, CKR is expected to eventually generate a concept with almost no information about it, and the concept sort and prioritization (CSP) Definitions are received from three independent sources, aggregated to prioritize resources of information requests, and the data provided by the information sources are information aggregators (IAs according to the definition of the concept that requested them) Received and analyzed, the corresponding metadata is retained, and the information is It is sent to cross-reference analysis (CRA), where the information received is compared with the existing knowledge of the CKR, is constructed in consideration of it.

Personal Information Profiles (PIPs) are places where personal information of individuals is stored via a large number of potential endpoints and front ends, and although personal information is isolated from CKR, it spans the entire LOM system In generic logic, personal information about artificial intelligence applications is encrypted and stored in a personal UKF cluster pool in UKF format, and in the Information Anonymization Process (IAP), the information is stripped of personally identifiable information After that, CKR is supplemented, and in cross reference analysis (CRA), the received information is compared with the existing knowledge from CKR and constructed in consideration of it.

Life Management and Automation (LAA) connects with various Internet-enabled devices and services on an integrated platform, Active Decision Making (ADM), front-end services, back-end services, availability of IoT devices and Considering the functionality and considering the available spending rules and amounts according to FARM, FARM is responsible for ADM 813 D's activities, with humans manually defining the criteria, limits and scope for said module. The ADM 813D is informed about the extent of the range, funds in cryptocurrency are deposited in the digital wallet, and the IoT Integration Module (IIM) maintains and maintains a database of which IoT devices are available. Feed 862B is an IoT compatible device 8 2A represents the time to send information to LAA812D.

The system further comprises behavior monitoring (BM) that checks for the presence of unethical and / or illicit substances by monitoring requests from the user for personally identifiable data, metadata aggregation (MDA) ) Allows user related data to be aggregated from external services, reveal the user's digital identity, such information is transferred to the induction / deduction and finally to the PCD, where it is refined Analysis is performed using the supporting factor from the MNSP, and all information from the authenticated user, whose destination is the PIP, passes through the information tracking (IT) and is checked against the behavior blacklist In crime detection (PCD), deductive and inductive information is merged and analyzed to draw precoincidence conclusions, and PCD By using the CTMP to refer to the behavior black list directly, to verify the position that has been generated by the induction and deduction, black list management agencies (BMA) is running in the cloud services within the framework of MNSP.

The LOM is configured to manage a personalized portfolio in the life of an individual, the LOM receives the first question, it concludes via the LOM's internal deliberative process, the LOM receives the data from it Connect to an LAA module that connects to an Internet-enabled device that can be controlled, and in context, the LOM infers the missing link in constructing the claim, and the LOM is raised by its logic to the original assertion It deciphers that in order to solve the dilemma one must first know or assume certain variables relating to this situation.

The computer implemented system is linear quantum information transfer (LAQIT), and the system comprises:
a) Repeating a consistent color sequence recursively with a logically constructed syntax,
b) use the sequence recursively to translate in the English alphabet,
When constructing an alphabetic "base" layer, the color sequence is used in the color channel with shortened non-uniform weights, and the space left for syntax definition is the potential use and future of the syntax definition. Reserved for expansion,
Complex algorithms report their log event and status reports using LAQIT, log event and status reports are automatically generated, and the status report / log report is converted to portable text based LAQIT syntax And syntactically unsecured information is transferred digitally, and the portable text-based syntax is translated into a very readable LAQIT visual syntax (linear mode), and the key is for human storage. Optimized, based on a relatively short sequence of figures,
Locally unsecured text is entered by the sender and presented to the recipient, which is converted to portable encrypted text-based LAQIT syntax, and syntactically secure information is digitally And the data is transformed into a visibly encrypted LAQIT syntax,
The incremental recognition effect (IRE) is a channel of information transfer, and it recognizes the complete form of the unit of information before the information is fully transmitted, and the effect of this predictable index is the transition from word to word Incorporated by the display, the approximate recognition effect (PRE) is a channel of information transfer, complete or broken, mixed, or altered, a unit of information Recognize the form.

In the linear mode of LAQIT, the block represents a "basic rendering" version of the linear mode, point represents the lack of encryption, in word separator, the color of the figure represents the letter following the word, the word Acting as a break between the next word, a single view zone incorporates a smaller view zone with larger characters and thus less information, and a double view zone has more active characters per pixel Present, the shaded cover will cloud the incoming and outgoing characters so that the observer's primary focus is on the view zone.

In atomic mode, which allows a wide range of encryption levels, the main character reference of the base specifies the general principle as to which character is defined, the kicker exists in the same color range as the base and In the reading direction, the reading of the information transmission starts from the square at the top of the orbital ring 1, and once the orbital ring is complete, reading continues from the square at the top of the next orbital ring, The entry / exit portal is the point of creation and destruction of the character (its base) and a new character belonging to the relevant trajectory emerges from the portal and slides clockwise to its position, the nucleus follows the word Define the character,
In word navigation, each block represents the entire word (or multiple words in molecular mode) on the left side of the screen, and when a word is displayed, each block moves outward to the right When the word is complete, the block is retracted, the color / shape of the navigation block is the same color / shape as the base of the first letter of this word, and in sentence navigation each block represents a cluster of words, A cluster is the largest amount of words that fit in the word navigation pane, atomic state generation is a transition that triggers an incremental recognition effect (IRE), and such a transition causes the base to appear from the entry / exit portals. Kickers are hidden and move clockwise to occupy their position, atomic state expansion is an approximation recognition effect (PRE , And once the bases have reached that position, they move outward in the “extended” sequence of the information state presentation, which uncovers the kicker 925 and thereby the information state. Specific definitions can be presented, atomic state destruction is a transition that induces an incremental recognition effect (IRE), and the base is retracted to reverse the kicker (with the extension sequence reversed), The base slides clockwise to reach the inlet / outlet portal.

In figure obfuscation, the standard square is replaced with five visually distinguishable figures, and the variance of the figure in the syntax allows to insert dud (fake) characters at strategic points of the atomic profile, and dud The characters obfuscate the true intended meaning of the message, and deciphering whether the character is true or false is done by the decryption key, which is securely and temporarily transferred,
In a redirect bond, the bond combines two characters, changes the flow of reading, and starts with a typical clockwise reading pattern and launches (starts) landing legal / non-false characters When encountered, change the reading pattern and resume the landing character,
For radioactive elements, some elements that can reverse the assessment of whether a character is a fake can "make a noise", the figure shows a figure that can be used for encryption, and the central element is , Which defines the character that immediately follows the word, indicates the central element of the trajectory.

In a redirect bond, the bond starts with the "launch" character and ends with the "landing" character, and neither character may or may not be dadd, and if neither of them is dadd, the bond is in the reading direction and If the position changes and one or both are duts, then the entire bond must be ignored, otherwise the message will not be decoded correctly and the bond key definition must follow the bond when reading the information state. If it must, it depends on whether it is specifically defined by the encryption key.

In a single cluster, both neighboring nodes are non-radiative, so the scope of the cluster is defined, and the key designates dual clusters as valid, so the element is processed if it is not originally radioactive, In a double cluster, the key definition defines a double cluster as active, so all other sized clusters are considered dormant while decrypting the message, and the incorrect interpretation is that the interpreter has a double cluster It shows that it did not treat as a reverse order sequence (false positive).

In molecular mode, encryption and streaming are possible, and in secret dictionary attack resistance, false decryption of a message leads to another message of "red herring", using multiple active words per molecule, and words are molecules Presented in parallel during the procedure, which increases the information per surface area ratio, but with a consistent transition rate, binary and streaming modes indicate streaming mode, typical atomic configurations read mode binary The binary mode indicates that the core element defines the character that follows the word, and the numerator mode is also binary, unless encryption based on streaming mode is enabled, and streaming Modes refer to special characters in orbit.

The computer implemented system is a universal BCHAIN full connection (UBEC) with a base connection coordinated attack integration node (BCHAIN), and the system further comprises:
a) Communication Gateway (CG), which is the main algorithm for the BCHAIN node to interact with its hardware interface and then to communicate with other BCHAIN nodes,
b) Node Statistics Survey (NSS), which interprets behavior patterns of remote nodes, Node Statistics Survey, and
c) a node escape index, which tracks the possibility that an adjacent node avoids a perceptual node neighborhood;
d) a node saturation index, which tracks the amount of nodes within the detection range of a perceptual node,
e) track node service quality, which is the node consistency index and interpreted by the perceptual node, high node consistency index means that neighboring neighbors have more availability uptime and performance consistency Nodes that are tending to be used and used for two purposes tend to have lower consistency indexes, and nodes dedicated to the BCHAIN network have higher values, node consistency indexes, and
f) A Node Overlap Index, which is a Node Overlap Index, which tracks the amount of each other's overlap with each other, interpreted by the perceptual nodes, with each other.

The system
a) A custom chain recognition module (CRM), connected with a custom chain containing Appchains or Microchains, registered in the past by a node, CRM detects updates in the Appchain section of the Metachain or Metachain emulator of Metachain or Microchain Custom chain recognition module, which informs the rest of the BCHAIN protocol when
b) Content claim delivery (CCD), receiving the verified CCR, and then transmitting the corresponding CCF to fulfill the request, Content claim delivery;
c) Dynamic Strategy Adaptation (DSA), using creation modules to dynamically create new strategy placement by hybridizing the complex strategies that the system prefers via the Optimization Strategy Selection Algorithm (OSSA) Create, manage strategy generation module (SCM), the new strategy changes according to the input provided by Field Random Interpretation (FCI), the new strategy according to the input provided by Field Random Interpretation (FCI) Dynamic strategy adaptation, which changes
d) Encrypted Digital Economic Exchange (CDEE), with various economic personalities managed by a graphical user interface (GUI) under the UBEC platform interface (UPI), where in personality A, node resources are consumed Only those that match are consumed, and personality B consumes as much resources as possible, as long as the profit margin is greater than the predetermined value, and personality C pays a unit of work through the trading currency, and in personality D , The resource of the node, whether it is consumption of content or financial compensation, it consumes without restriction in expectation of as many things as possible, with encrypted digital economic exchange,
e) Interpreting the current status of work (CWSI), which refers to the infrastructure economy section of Metachain to determine the current surplus or deficit of this node in terms of workload credits,
f) An economically-considered labor levy (ECWI), taking into account the chosen economic personality, along with the current working surplus / deficit, to assess whether more work should be done now , And financially considered labor levy,
g) Symbolic Recursive Intelligence (SRIA), which can improve the algorithm source code by understanding the purpose of the code, can emulate LIZARD and the generation of virtual program versions Symbolic recursion that is a tripartic relationship between different algorithms, including BCHAIN networks, which is a huge network of randomly connected nodes, which can execute l2GE and programs of complex data bias in a distributed way. Further improving the intelligence.

The invention will be more fully understood by reading the detailed description in conjunction with the accompanying drawings in which:
Figures 1-26 are schematic diagrams showing Critical Infrastructure Protection and Retaliation (CIPR) (collectively known as CIPR / CTIS) with Cloud and Layered Information Security (CTIS), and more particularly:
FIG. 5 is a schematic diagram showing how definitions for multiple aspects of security interpretation are presented as a methodology for analysis. FIG. 5 is a schematic diagram showing how definitions for multiple aspects of security interpretation are presented as a methodology for analysis. FIG. 1 is a schematic diagram illustrating a cloud based managed cryptographic security service architecture for secure EI ² (extranet, intranet, internet) networking. FIG. 1 is a schematic diagram showing an overview of a managed network and security service provider (MNSP). FIG. 1 is a schematic diagram showing an overview of a managed network and security service provider (MNSP). FIG. 1 is a schematic diagram showing an overview of a managed network and security service provider (MNSP). FIG. 1 is a schematic diagram showing an overview of a managed network and security service provider (MNSP). FIG. 1 is a schematic diagram showing an overview of a managed network and security service provider (MNSP). FIG. 5 is a schematic diagram illustrating real-time security processing for LIZARD cloud-based cryptographic security. FIG. 1 is a schematic diagram illustrating an example of Critical Infrastructure Protection and Retaliation (CIPR) with Cloud and Layered Information Security (CTIS) in an energy system. Stage 1-schematic showing initial system intrusion. Stage 2-Initial Stage A schematic showing placement of the Trojan. Stage 3—A schematic diagram showing the download of advanced executable malware. Stage 4 is a schematic diagram showing the capture of the intrusion prevention / prevention system. FIG. 5 is a schematic diagram showing the hacker desired behavior and the actual security response. FIG. 5 is a schematic diagram illustrating scheduled internal authentication protocol access (SIAPA). FIG. 5 is a schematic diagram showing root level access rights and standard level access rights. It is a schematic view showing a supervisory review. It is a schematic diagram showing iterative intellectual growth / intelligent evolution (I ² GE). It is the schematic which shows an infrastructure system. FIG. 1 is a schematic diagram showing a crime system, an infrastructure system, and a public infrastructure. FIG. 5 is a schematic diagram showing how foreign code revisions can be used to syntactically reproduce foreign code to mitigate possible undetected malicious exploits. FIG. 5 is a schematic diagram showing how foreign code revisions can be used to syntactically reproduce foreign code to mitigate possible undetected malicious exploits. FIG. 7 is a schematic diagram showing how recursive debugging loops code segments; FIG. 7 is a schematic diagram showing how recursive debugging loops code segments; FIG. 5 is a schematic diagram illustrating the internal operating principle of request map matching. FIGS. 27-42 are schematic diagrams showing secret machine learning (MACINT) and retaliation with secret operations in cyberspace, and more particularly, Intelligent Information Management, Viewing, and Control FIG. 66 is a schematic diagram illustrating the management, viewing, and control of intellectual information. It is the schematic which shows the treatment by behavior analysis. FIG. 5 is a schematic diagram showing a crime system and retaliation against the crime system. FIG. 5 is a schematic diagram showing a crime system and retaliation against the crime system. It is the schematic which shows the flow of MACINT. It is the schematic which shows the flow of MACINT. FIG. 6 is a schematic diagram showing an overview of MACINT secret operation and how a criminal exploits a corporate system. FIG. 5 is a schematic diagram showing details of long-term / deep scan using big data. FIG. 6 is a schematic diagram showing how arbitrary computers are searched on a trusted platform. FIG. 5 is a schematic diagram showing how known double or triple spies from a credit platform will be involved in future forensic investigations. FIG. 5 is a schematic diagram showing the use of a trusted platform to implement the ISP's API. FIG. 5 is a schematic diagram showing how to use the trusted platform to implement security APIs provided by software and hardware vendors and exploit the installed backdoor. FIG. 7 is a schematic diagram showing how general purpose exploits and customizable exploits apply to random and criminal computers. FIG. 7 is a schematic diagram showing how general purpose exploits and customizable exploits apply to random and criminal computers. FIG. 7 is a schematic diagram showing how general purpose exploits and customizable exploits apply to random and criminal computers. FIG. 5 is a schematic diagram showing how a long-term priority flag is pushed to a credit platform to monitor a crime system. FIGS. 43-68 are schematics showing zero database deductive real-time protection (LIZARD) by logical reasoning, and more specifically, It is the schematic which shows the dependence structure of LIZARD. It is the schematic which shows the dependence structure of LIZARD. It is the schematic which shows the outline | summary of LIZARD. It is the schematic which shows the outline | summary of the function of the main algorithm regarding LIZARD. FIG. 2 is a schematic view showing an internal operation principle of a static core (SC). FIG. 5 is a schematic view showing the inner core containing the essential core functions of the system. It is the schematic which shows the internal working principle of dynamic shell (DS). FIG. 6 is a schematic diagram showing an iteration module (IM) that intelligently modifies, creates, and disposes of modules on a dynamic shell. FIG. 5 is a schematic diagram showing an iteration core, which is the main logic for repeatedly executing code to improve security. FIG. 5 is a schematic diagram illustrating the logical process of a difference modification algorithm (DMA). FIG. 5 is a schematic diagram illustrating the logical process of a difference modification algorithm (DMA). FIG. 5 is a schematic diagram illustrating the logical process of a difference modification algorithm (DMA). FIG. 5 is a schematic diagram illustrating the logical process of a difference modification algorithm (DMA). FIG. 5 is a schematic diagram illustrating the logical process of a difference modification algorithm (DMA). FIG. 5 is a schematic diagram illustrating the logical process of a difference modification algorithm (DMA). FIG. 1 is a schematic diagram showing an outline of virtual obfuscation. FIG. 5 is a schematic diagram illustrating aspects of monitoring and responding to virtual obfuscation. FIG. 5 is a schematic diagram illustrating aspects of monitoring and responding to virtual obfuscation. FIG. 5 is a schematic diagram illustrating aspects of monitoring and responding to virtual obfuscation. FIG. 5 is a schematic diagram showing data recall tracking, tracking all information uploaded from and downloaded to suspicious entities. FIG. 5 is a schematic diagram showing data recall tracking, tracking all information uploaded from and downloaded to suspicious entities. It is the schematic which shows the internal working principle of a data recall trigger. It is the schematic which shows the internal working principle of a data recall trigger. FIG. 5 is a schematic diagram illustrating data selection that intercepts top secret data and mixes real and simulated data. It is the schematic which shows the internal working principle of behavior analysis. It is the schematic which shows the internal working principle of behavior analysis. 69 to 120 are schematic diagrams showing critical thinking memory and perception (CTMP), more specifically: It is the schematic which shows the main logic of CTMP. It is the schematic which shows the viewpoint of perception. It is the schematic which shows the dependence structure of CTMP. It is the schematic which shows the dependence structure of CTMP. It is the schematic which shows the dependence structure of CTMP. FIG. 5 is a schematic diagram illustrating the final logic for processing intelligent information in CTMP. FIG. 2 is a schematic diagram showing that two main inputs, intuitive / cognitive and thinking / logical, assimilate into a single final output representing CTMP. FIG. 1 is a schematic diagram illustrating the scope of intellectual thinking performed with the original selection pattern matching algorithm (SPMA). FIG. 5 is a schematic diagram illustrating a conventional SPMA juxtaposed with critical thinking performed by CTMP via perceptions and rules. It is the schematic which shows a mode that a valid rule is produced | generated compared with the conventional existing rule. FIG. 5 is a schematic diagram illustrating a perception matching (PM) module. FIG. 5 is a schematic diagram illustrating a perception matching (PM) module. FIG. 6 is a schematic diagram showing rule syntax derivation / generation; FIG. 6 is a schematic diagram showing rule syntax derivation / generation; FIG. 6 is a schematic diagram showing rule syntax derivation / generation; FIG. 6 is a schematic diagram showing rule syntax derivation / generation; FIG. 6 is a schematic diagram showing rule syntax derivation / generation; FIG. 5 is a schematic diagram illustrating the operating principle of a Rule Grammar Format Partitioning (RSFS) module. FIG. 5 is a schematic diagram illustrating the operating principle of a Rule Grammar Format Partitioning (RSFS) module. It is the schematic which shows the operation principle of a rule satisfaction degree parser (RFP). FIG. 5 is a schematic diagram illustrating a fulfillment debugger. FIG. 5 is a schematic diagram illustrating a fulfillment debugger. It is a schematic diagram showing rule execution. FIG. 5 is a schematic diagram showing sequential memory organization. FIG. 5 is a schematic diagram showing sequential memory organization. FIG. 5 is a schematic diagram illustrating non-sequential memory organization. FIG. 5 is a schematic diagram illustrating memory recognition (MR). FIG. 5 is a schematic diagram illustrating memory recognition (MR). FIG. 5 is a schematic diagram illustrating memory recognition (MR). FIG. 5 is a schematic diagram illustrating field interpretation logic (FIL). FIG. 5 is a schematic diagram illustrating field interpretation logic (FIL). FIG. 1 is a schematic diagram illustrating an automated perception discovery mechanism (APDM). FIG. 1 is a schematic diagram illustrating an automated perception discovery mechanism (APDM). It is the schematic which shows unprocessed perception generation (RP2). FIG. 5 is a schematic diagram illustrating the logic flow of a comparable variable format generator (CVFG). FIG. 5 is a schematic diagram illustrating a node comparison algorithm (NCA). FIG. 2 is a schematic diagram illustrating system metadata segmentation (SMS). FIG. 2 is a schematic diagram illustrating system metadata segmentation (SMS). FIG. 5 is a schematic diagram illustrating a metadata categorization module (MCM). FIG. 5 is a schematic diagram illustrating a metadata categorization module (MCM). FIG. 7 is a schematic diagram showing metric processing (MP). FIG. 5 is a schematic diagram illustrating the internal design of Perception Inference (PD). FIG. 5 is a schematic diagram illustrating the internal design of Perception Inference (PD). FIG. 2 is a schematic diagram illustrating a Perception Viewer Emulator (POE). FIG. 2 is a schematic diagram illustrating a Perception Viewer Emulator (POE). FIG. 2 is a schematic diagram illustrating a Perception Viewer Emulator (POE). FIG. 2 is a schematic diagram illustrating a Perception Viewer Emulator (POE). It is the schematic which shows derivation | leading-out (ID) of a meaning attachment. It is the schematic which shows derivation | leading-out (ID) of a meaning attachment. BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic diagram showing self-critical knowledge density (SCKD). BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic diagram showing self-critical knowledge density (SCKD). BRIEF DESCRIPTION OF THE DRAWINGS Figure 1 is a schematic diagram showing self-critical knowledge density (SCKD). 121 to 165 are schematic diagrams showing lexical objectivity search (LOM), more specifically, It is the schematic which shows the main logic of lexical objectivity search (LOM). FIG. 1 is a schematic diagram illustrating a managed artificial intelligence service provider (MAISP). FIG. 1 is a schematic diagram illustrating a managed artificial intelligence service provider (MAISP). FIG. 1 is a schematic diagram illustrating a managed artificial intelligence service provider (MAISP). It is the schematic which shows the dependence structure of LOM. It is the schematic which shows the dependence structure of LOM. It is the schematic which shows the dependence structure of LOM. It is the schematic which shows the dependence structure of LOM. FIG. 5 is a schematic diagram illustrating the internal logic of initial query inference (IQR). FIG. 5 is a schematic diagram illustrating the internal logic of initial query inference (IQR). FIG. 5 is a schematic diagram showing the clarification of investigation (SC). FIG. 5 is a schematic diagram illustrating the construction of assertions (AC). FIG. 6 is a schematic diagram showing the internal details of how hierarchical mapping (HM) works. FIG. 6 is a schematic diagram showing the internal details of how hierarchical mapping (HM) works. FIG. 5 is a schematic diagram showing the internal details of a rational appeal (RA). FIG. 5 is a schematic diagram showing the internal details of a rational appeal (RA). FIG. 2 is a schematic diagram showing the internal details of a knowledge retention center (CKR). FIG. 2 is a schematic diagram showing the internal details of a knowledge retention center (CKR). FIG. 1 is a schematic diagram showing an automated search mechanism (ARM). FIG. 1 is a schematic diagram illustrating stylometric scanning (SS). FIG. 1 is a schematic diagram showing a hypothesis overwrite system (AOS). FIG. 2 is a schematic diagram illustrating intelligent information and configuration management (I2 CM) and a management console. FIG. 1 is a schematic diagram showing a personal intelligence profile (PIP). It is the schematic which shows management of life and automation (LAA). It is the schematic which shows behavior monitoring (BM). It is a schematic diagram showing ethical, confidential and legal (EPL). It is the schematic which shows the outline | summary of LIZARD algorithm. It is a schematic diagram showing iterative intellectual growth. FIG. 1 is a schematic diagram showing iterative evolution. FIG. 1 is a schematic diagram showing iterative evolution. It is the schematic which shows a creation module. It is the schematic which shows a creation module. It is the schematic which shows a creation module. It is the schematic which shows a creation module. It is the schematic which shows LOM currently used as a personal secretary. It is the schematic which shows LOM currently used as a personal secretary. FIG. 5 is a schematic diagram showing a LOM being used as a survey tool. FIG. 6 is a schematic diagram showing a LOM investigating the advantages and disadvantages of the presented theory. FIG. 6 is a schematic diagram showing a LOM investigating the advantages and disadvantages of the presented theory. FIG. 10 is a schematic diagram showing a LOM for making policy decisions in a diplomatic war game. FIG. 10 is a schematic diagram showing a LOM for making policy decisions in a diplomatic war game. FIG. 7 is a schematic diagram illustrating a LOM performing a survey reporting task. FIG. 7 is a schematic diagram illustrating a LOM performing a survey reporting task. It is the schematic which shows LOM which performs historical verification. It is the schematic which shows LOM which performs historical verification. Figures 166-179 are schematic diagrams showing a secure and efficient digital oriented language LAQIT, more particularly It is the schematic which shows the concept of LAQIT. It is the schematic which shows the main classification of the usable language. FIG. 5 is a schematic diagram illustrating the linear mode of LAQIT. FIG. 5 is a schematic diagram illustrating the linear mode of LAQIT. It is the schematic which shows the property of atomic mode. It is the schematic which shows the property of atomic mode. It is the schematic which shows the outline | summary of the encryption function of atomic mode. It is the schematic which shows the outline | summary of the encryption function of atomic mode. It is the schematic which shows the outline | summary of the encryption function of atomic mode. FIG. 5 is a schematic view showing a redirect bond mechanism. FIG. 5 is a schematic view showing a redirect bond mechanism. It is the schematic which shows the mechanism of a radioactive element. It is the schematic which shows the mechanism of a radioactive element. FIG. 5 is a schematic diagram showing the molecular mode that has been enabled for encryption and streaming. 180 to 184 are schematic diagrams showing a summary of the front end connected to the UBEC platform and the distributed information distribution system BCHAIN, and more specifically, FIG. 5 is a schematic diagram illustrating a BCHAIN node having and executing a BCHAIN enabled application. FIG. 5 is a schematic diagram showing core logic of the BCHAIN protocol. FIG. 5 is a schematic diagram illustrating dynamic strategy adaptation (DSA) managing strategy generation module (SCM). FIG. 2 is a schematic diagram showing the encrypted digital economic exchange (CDEE) with various economic personalities. It is the schematic which shows a recursive intelligence improvement.

Critical Infrastructure Protection and Retaliation (CIPR) with Cloud-Based Multi-Layered Information Security (CTIS)
Figures 1-2 show a way to present definitions for multiple aspects of how to interpret security as a methodology for analysis. In reference numeral 1, a map of an attacker and an addict is created using a network of beacons and agents. By combining such maps / databases with sophisticated prediction algorithms, potential unintended threats emerge. I ² GE 21 leverages big data and malware signature recognition to determine human factors. The storage of security behavior 20 forms a precedent of security events, their impact, and appropriate responses. Such appropriate responses may be criticized by CTMP 22 (Critical Thinking Memory Perception) as a complementary layer of security. Reference 2 indicates what assets are at risk and what kind of damage can occur. Example: All sluices of a hydroelectric dam may be opened, resulting in the submersion of nearby towns, leading to loss of life and property. The infrastructure database 3 is a comprehensive database including confidential or non-confidential information on a public or private enterprise engaged in infrastructure projects throughout the country. Infrastructure control 4 is a possible technical, digital and / or mechanical meaning of control of industrial infrastructure equipment, such as dam locks and wattage of the national grid. Reference numeral 5 analyzes the traffic pattern to emphasize the time that can be a blind spot. Such an attack is easily masked and mixed with legitimate traffic, making it a cover-up. The following questions have been asked. Are there political, financial, sports or other events that could be of interest to addicts? A network of trusted platforms, consisting of external agents, report back on hacker activity and preparation.
Therefore, the timing of the attack can be estimated. At reference numeral 6, the following question is asked. Which security vulnerable companies can be targets for attacks? What types of companies are vulnerable to security by geographical location? What are the most vulnerable assets / controls, and what is the best way to protect them? A network of trusted platforms, consisting of external agents, report back on hacker activity and preparation. Therefore, the location of the attack can be inferred. At reference numeral 7, the following question is asked. What geopolitical, regional, and financial pressures exist in the world to fund and aid such attacks? Who earns how much? A network of trusted platforms, consisting of external agents, report back on hacker activity and preparation. Therefore, the motive for the attack can be guessed. At reference numeral 8, the following question is asked. What are the exploitable points and hideouts for malware? How are these dead spots and inefficient access points used to capture critical asset and infrastructure control points? LIZARD 16 derives goals and functions from foreign code and blocks the foreign code in response to the presence of malicious intent or lack of a justifiable motive. The CTMP 22 can critically think about block / permit decisions and also acts as an auxiliary layer of security.

FIG. 3 shows a cloud based managed cryptographic security service architecture for secure EI ² (extranet, intranet, internet) networking. The Managed Network and Security Service Provider (MNSP) 9 provides managed cryptographic security, connectivity, and compliance solutions and services to it. A trusted platform is a group of companies and systems that have been verified, which benefit from each other by sharing security information and services. The hardware / software vendor 11 is an industry-recognized maker of hardware / software (for example, Intel, Samsung, Microsoft, Symantec, Apple, etc.). In this context, these vendors provide the trusted platform with a means of exploit that allows backdoor access with limited or full capacity to all possible access means and / or products of those vendors. This has become possible due to possible security and / or punitive processes that the credit platform wants to perform in cooperation with its partner and joint security department. Virtual Private Network (VPN) 12 is an industry standard technology that enables secure and business segregated communication with MNSP 9, a trusted platform, and their affiliated partners. The extranet allows the digital elements to be virtually shared as if they were in the same vicinity (e.g. LAN). Thus, combining these two technologies promotes efficient and secure communication between partners and improves the operation of the credit platform. The security service provider 13 is a collection of public and / or private companies offering digital security strategies and solutions. The solutions and products of the security service provider 13 are organized by contract, in order to allow the credit platform to benefit from unique security information (eg new malware signatures) and security analysis. . After all, such an increase in security strength benefits the security service provider itself. Third-party threat intelligence (3PTI) 14 is the mutual sharing of security information (eg, new malware signatures). A centralized hub trust platform functions as a centralized hub for sending, receiving and absorbing such security information. By providing a large amount of information, it is possible to obtain more sophisticated patterns of security-related behavior (by utilizing the security service provider) through an analysis module (for example, collision detection 19) for identifying information cooperation It is. The law enforcement agency 15 may be at the state level (e.g., the New York Metropolitan Police Department (NYPD)), at the national level (e.g., the U.S. Federal Bureau of Investigation (FBI)), or at the international level (e.g., the International Criminal Police Organization (INTERPOL) If applicable, refer to the applicable law enforcement department. Communication is initiated and security information is sent and received to facilitate or complete retaliation against the cracker. Retaliation typically involves locating and arresting the appropriate suspect and placing it in a court of law.

4 to 8 show an overview of the relationship between the managed network and security service provider (MNSP) 9 and the internal submodules. LIZARD 16 analyzes the threat itself without referring to historical data. The Pseudo Security Threat (AST) 17 provides a virtual security scenario to test the effectiveness of security rule sets. Each security threat is consistent in severity and type so that meaningful comparisons of security scenarios can be made. The creation module performs processing to intelligently create a new hybrid shape from the previous shape. Creation modules are used as plug-in modules that provide processing for multiple algorithms. Collusion detection 19 provides periodic identity checks on multiple "collusion" security events and attempts to determine patterns and correlations between seemingly unrelated security events. Security Behavior 20: Events and their respective security responses and traits are stored and indexed for future queries. I ² GE 21 is a big data, retrospective analysis part of MNSP9. Among the standard signature tracking capabilities, I 2 ^GE is by leveraging with creation module AST, it is possible to emulate the future variants candidates malware. The CTMP 22 leverages cross-reference information collection from multiple sources (eg, I ² GE, LIZARD, Credit Platform, etc.) to learn about the expectations and realities of perception. The CTMP estimates the ability to form an objective decision on a subject, and refrains from asserting if a decision is made based on low internal confidence. The management console (MC) 23 is a human-friendly intelligent interface that monitors and controls a complex but semi-automatic system. Intelligent Information and Configuration Management (I ² CM) 24 includes a combination of information flow and functions that control authorized system utilization.
The energy network exchange 25 is a huge private extranet connecting energy suppliers, producers, buyers, and so on. In an energy network exchange, suppliers, producers, buyers, etc. can exchange security information on the industry common to them. The energy network exchange communicates with the MNSP cloud 9 via the VPN / extranet 12. Such cloud-based communication enables two-way security analysis in the following points. 1) critical security information data is provided from the energy network exchanges in MNSP cloud, and 2) critical security corrective action, all EI 2 ^(Explorer provided by MNSP cloud energy network exchanges, intranets , Internet) network traffic is always routed to the MNSP cloud via VPN12. The authentication and encryption techniques used by the MNSP in all services are described by national standards (eg, Federal Risk and Authorization Management Program (FedRAMP), National Institute of Standards and Technology (NIST)). US National Institute of Standards and Technology), OMB (Office of Management and Budget, etc.) and the international standards (ETSI (European Telecommunications Standards Institute), ISO / IEC (International Organi) ITE for Internationalization / International Electrotechnical Commission), IETF (Internet Engineering Task Force: Internet Engineering Task Force), IEEE (The Institute of Electrical and Electronics Engineers, Inc .: Institute of Electrical and Electronics Engineers) Etc.), as well as encryption requirements (eg, FIPS (Federal Information Processing Standards)). The Intranet 26 (Encrypted Layer 2/3 VPN) provides secure internal connectivity within the private network 27 of the enterprise (energy company). As a result, the LIZARD light client 43 can operate in the enterprise infrastructure in a state where it can securely communicate with the LIZARD cloud 16 in the MNSP cloud 9. Reference numeral 27 denotes a local node of the private network. Such private networks provide multiple locations (labeled as locations A, B, and C). Each private network may have a different technology infrastructure, such as a server cluster (base C) or an employee sharing office (base A) with a mobile device and a private Wi-Fi connection. Good. Each node of the private network is provided with its own management console (MC) 23. The portable media device 28 is configured to securely connect to the private network and thus to the intranet 26 and thus these devices are indirectly connected to the MNSP 9 via the secure VPN / extranet connection 12. When using this secure connection, all traffic is routed through the MNSP so that it is fully exposed to deployed real-time, retrospective security analysis algorithms. Such a portable device can maintain this secure connection even in a secure private network or in a coffee shop Wi-Fi access environment throughout the city. The Demilitarized Zone (DMZ) 29 is a subnetwork having an HTTP server that is at a security disadvantage over regular computers. The HTTP server is in a security disadvantage not because of security neglect but because the software and hardware organization of the public server is complex. Even though we make our best effort to tighten security, there are many points that could be attacked. Therefore, this server is installed in the demilitarized zone so as not to expose the rest of the private network (base C) to such a security disadvantage. By this separation, the HTTP server can not communicate with other devices inside the private network and not in the demilitarized zone. Since the LIZARD write client 43 is installed on the HTTP server, it can operate inside the DMZ. An exception is provided in the DMZ policy so that the MC 23 can access the HTTP server and the DMZ. The write client communicates with the MNSP via the encrypted channel formed from events 12 and 26. At reference numeral 30, these servers are isolated in the private network but visible to the DMZ 29. This allows devices inside the private network to communicate with each other. Each of these servers has an independent instance of the LIZARD write client 43. The Internet 31 is referred to as a medium for communication between the MNSP 9 and each device 28 of a company operating a LIZARD light client. The Internet is the most risk-prone source of security threats for corporate devices, which is different from the threats at local locations that occur in local area networks (LANs). This high security risk causes all communication on each device to be routed to the MNSP acting like a proxy. The presence of the VPN / extranet 12 allows only the encrypted information to be viewed by the potential offenders from the Internet. Third Party Threat Information Delivery (3PTI) 32 represents the entry of customized information provided by a third party in accordance with existing contractual obligations. Iterative Evolution Algorithm 33: Parallel evolutionary lines are developed and selected. The iterated generation adapts to the same pseudo-security threat (AST), and the family with the best personality trait will eventually best withstand this security threat. Evolutionary line 34: A generation of a set of virtually contained and isolated rule sets. Evolutionary features and criteria are defined by such lineage personality X.

FIG. 9 illustrates real-time security processing for LIZARD cloud based cryptographic security. The syntax module 35 provides a framework for reading and writing computer code. For writing, the syntax module receives the target of the complex format from the PM (target module) and writes the code in arbitrary code syntax, so that the helper functions this arbitrary code (depending on the desired language) It can be translated into actual executable code. For loading, the syntax module provides syntactic interpretation of this code so that the PM can derive the goal of the functionality of the code. The goal module 36 derives a goal from the code using the syntax module 35 and outputs this goal to its "composite goal format". This goal fully describes the intended functionality of the code block interpreted by the SM (Syntax Module) (even if this code is secretly embedded in the data). In virtual obfuscation 37, corporate networks and databases are replicated in the virtual environment, and sensitive data is replaced with simulated (fake) data. The environment is dynamically changed in real time according to the behavior of the target to include more fake elements as a whole system or more real elements. Signal mimicry 38 provides a form of retaliation that is typically used when virtual obfuscation (protection) is analytically complete. Signal mimicry uses syntax modules to decipher the syntax for malware to communicate with hackers. The signal mimicry then gives the malware a false impression that it has successfully hijacked this communication and sent confidential data to the hacker (even if this confidential data was fake data sent against a virtual hacker image) ). LIZARD also sends malware error codes to real hackers, making this error code seem to come from malware. This diverts hackers' time and resources to derailed work of false debugging, eventually giving up working malware with the false impression that the malware did not work. An internal integrity check 39 checks that the integrity of all internal functions of the foreign code is correct. It is verified that there is no fragment of code internally incompatible with the goal as a whole foreign code. The foreign code revision 40 uses syntax modules and target modules to combine foreign code into a complex target format. Then build a code set that uses the derived goals. This ensures that only the desired goals read from the foreign code are executed within the enterprise and that unintended functions are not accessed to access the system. Secret code detection 41 detects codes secretly embedded in data and transmission packets. The requirements map matching 42 is a hierarchical structure of mapped requirements and goals, and is referenced to determine if the foreign code fits the overall purpose of the system. The LIZARD write client 43 is a lightweight version of the LIZARD program that eliminates the resource intensive functions such as virtual obfuscation 208 and signal mimicry. By using objective and deductive threat analysis that does not use the signature database for queries, we perform instantaneous real-time threat analysis using minimal computer resources. With multiple logs 44, the energy company's system 48 has multiple points to create logs such as standard software error output / access logs, operating system logs, monitoring probes, and the like. These logs are provided to the local pattern matching algorithm 46 and the CTMP 22 for detailed and responsive security analysis. For traffic 45, which is all internal and external traffic present in the energy company, the local pattern matching algorithm 46 consists of industry standard software that provides an initial layer of security, such as antivirus, adaptive firewall, etc. Corrective action 47 will be undertaken by the local pattern matching algorithm 46 that is initially understood to resolve security issues / risks. Corrective actions include blocking ports, file transfers, manager requests, etc. The energy company has a system 48 isolated from these specialized security algorithms, which also sends its log and traffic information. This is because these algorithms and LIZARD 16, I ² GE 21 and CTMP 22 are installed in the MNSP cloud 9. This separation makes it possible to provide a centralized database model. This leads to a larger pool of security data / trend, thus leading to a more comprehensive analysis.

Referring to FIG. 11, the crime system scans the available intrusion channels to the target system. If possible, the criminal system exploits this channel to deliver small payloads. The crime system 49 is used by a group of criminals to launch a malware attack towards the partner system 51 and thus ultimately the infrastructure system 54. The malware source 50 is a container of inactive form of malicious code (malware). Once this code reaches (or attempts to reach) the targeted infrastructure system 54, the malware starts and performs malicious tasks as predetermined or on demand. The partner system 51 exchanges information with the infrastructure system according to the contractual agreement between the infrastructure company (energy company) and the partner company. Such an agreement reflects certain business operations, such as supply chain management services and inventory tracking exchanges. In fulfilling the agreed service, the two exchange information electronically according to the prior agreed security standard. The malware source 50 attempts to find an exploit for infiltrating the partner's system on behalf of the malicious gang running the crime system 49. In this way, malware can reach the infrastructure system 54 that is its ultimate infection target. In this way, the partner's system is being used in a surrogate infection process that originates from the malware source 50. Among the many communication channels between partner system 51 and infrastructure system 54, channel 52 has been exploited by malware originating at malware source 50. Referring to channel / protocol 53, this shows the communication channel between partner system 51 and the unacquired infrastructure system 54. These channels include file system connections, database connections, mail routing, VOIP connections, etc. Infrastructure system 54 is an important element in the operations of energy companies that have direct access to infrastructure database 57 and infrastructure control 56. An industry standard intrusion prevention system 55 is implemented as a standard security procedure. The infrastructure control 56 is a digital interface that connects energy related equipment. Infrastructure control includes, for example, the opening and closing of a water gate of a hydroelectric dam and the angle at which the solar panels are facing. The infrastructure database 57 has confidential information on the details of the infrastructure system and core operations of the energy company as a whole. Such information may include contact information, employee shift history, energy equipment documentation and blueprints.

Referring to FIG. 12, the channel 52 being exploited provides a very narrow window of exploit opportunity. Thereby, a very simple Trojan horse is uploaded to the target system, expanding the opportunity for exploit execution. The Trojan horse 58 originates from the malware source 50 and arrives at the targeted infrastructure system 54 through the channel 52 which has been exploited. The purpose of the Trojan horse is to provide the opportunity provided by exploits so that highly executable malware payloads (more complex and contain actual malicious code that steals data etc) can be installed on the target system It is.

FIG. 13 shows how a large executable malware package can be safely uploaded to the system through a channel newly opened by the Trojan after the Trojan horse has further exploited the system. The advanced executable malware 59 is transferred to the infrastructure system 54 and thus to the sensitive database and infrastructure control 56. Advanced executable malware uses the digital path that Trojans have built in previous exploits to reach their destination of confidence.

FIG. 14 shows that advanced infrastructure malware 50 exploits IDS to individually download confidential infrastructure information and control points to undetected criminal systems. In the hacker desired behavior 60, the hacker 65 has successfully obtained certain company employee's trustworthy credentials, along with legitimately authorized access credentials. The hacker wants to use these credentials to gain inconspicuous and unrecognizable access to LANs limited to employee use. The hacker is looking to "back too late" security responses. Even if this endpoint security client succeeds in relaying data to the cloud security service, a retrospective analysis security solution will damage rather than remove and manage threats in real time from the early stages of intrusion. You can only manage the control. In the actual security response 61, the LIZARD Lite client (usage at the endpoint) can not clearly prove the need, function, purpose of the login of credentials and the use of system access. This user is partially placed in a virtual / mock environment, as it is still unclear if the user with this credential is really the intended legitimate user. This environment can dynamically alter the exposure to sensitive data in real time while analyzing user behavior. Behavioral analysis 62 is performed for hackers 65 and is performed based on hacker-facing elements that exist in both real LAN infrastructure 64 and virtually cloned LAN infrastructure 64. The hacker uses the captured authentication information 63 to obtain access authentication information that gives the administrator authority access to the laptop computer 28 of the energy company and thus the LAN infrastructure 64 to which this laptop is connected. These credentials may have been attacked first, such as by intercepting unencrypted mail, or stealing unencrypted corporate devices with locally stored credentials. The LAN infrastructure 64 represents a set of enterprise devices connected through a local network (wired and / or wireless). This LAN infrastructure includes printers, servers, tablets, and phones. The entire LAN infrastructure is virtually reconfigured in the MNSP cloud 9 (virtual router IP assignment, virtual printer, virtual server, etc.). When the system performs behavioral analysis 62, the hacker is exposed to elements that are both in the real LAN infrastructure and in the virtually cloned version of the LAN infrastructure. If the results of such analysis indicate a risk, hacker damage to the fake infrastructure (rather than the actual infrastructure) is increased to reduce the risk that the actual data and / or equipment will be at risk. Do. The hacker 65 is a person performing a malicious act who is thinking of accessing and stealing confidential information through the initial intrusion made possible by the captured authentication information 63. Using password set 66, three sets of passwords have been assigned for authenticated access. These passwords are not stored separately, but always appear in one set. The employee must enter a combination of these three passwords according to the protocol temporarily assigned from SIAPA. Scheduled Internal Authentication Protocol Access (SIAPA) 67 changes the authentication protocol for individual employee login portals on a weekly / monthly basis. This protocol may be to select passwords A and C from the set of passwords A, B and C (pre-assigned for authentication). By scheduling changes in the authentication method on a regular basis (every Monday or every day on a monthly basis), you can detect false positive events (such as a legitimate employee can not get out of the simulated data environment 394 by using the old protocol) Employees are used to switching authentication protocols that are minimal. To offset the risk of a new protocol being attacked by a hacker, employees can view the new protocol only once, before being destroyed and not visible again. This first and last browsing requires special multi-factor authentication, such as biometric / retina / telephone short messages. Employees are only required to store one or two letters representing what of the three passwords should be entered. Referring to the first week 68, any password except the passwords A and B only triggers the simulated data environment 394. Referring to the second week 69, any password except the passwords A and C only triggers a simulated data environment. Referring to the third week 70, any password except Password B only triggers a simulated data environment. Referring to the fourth week 71, any password triggers a simulated data environment. In SIAPA 72, the authentication protocol is kept secret and only those with access to temporary announcements know the correct protocol. In the virtual clone 73 of the LAN infrastructure, the hacker 65 enters all three passwords instead of omitting the correct password, so this hacker is not in the copy environment in the MNSP cloud 9 which does not contain any important data or functions. , Transferred without knowing anything. Forensic evidence and behavioral analysis are collected while we believe that hackers can infiltrate the actual system. Referring to the “incorrect protocol is used” case scenario 74, the hacker did not use the correct protocol as there is no way to know the correct protocol. Even better, hackers didn't even expect that there was a special protocol for omitting certain passwords. Referring to reference numeral 75, the hacker has successfully stolen legitimate authentication information and is considering logging into the company's system in order to steal confidential data. The company internal supervisory department 76 comprises a management committee and a technical guidance center. The internal corporate oversight department is the top layer of monitoring and the ability to allow / block potentially malicious behavior. Employees B and D 77 are not criminals (they are exclusively full of corporate interests), and have been selected as tripartite co-certified employees who allow the route level function 80. Employee A 78 is not selected for the three-party process 80. The reason for this is that employee A does not have sufficient work experience, technical experience at this company, or other cases that may have had a previous medical examination or were considering collusion with this company It is possible that you were too close to your employees. Employee C (offender) 79 attempts to access root level features / activities to perform malicious purposes. This root level function 80 can not be performed without the consent and permission of three employees for each root level access. Employee C is the only malicious employee, but all three employees are equally responsible for the outcome of performing such root level functions. This encourages a corporate culture of caution and skepticism, and also strongly prevents any malicious behavior from taking place, as employees first know about this procedure in advance. Employees E and F 81 have not been chosen for the three-way collaborative process 80 because they do not have or allow root level access to perform the required root level function. Supervisory Review 82 reviews and reviews the requested action using the time provided by the artificial (intentional) delay. The root level activity 83 is delayed by one hour and the supervisory department is given the opportunity to review this requested action and to explicitly allow or block that action. The policy may define a default action (Permit or Block) if the supervisory department fails to make a decision. Supervisory review 84 identifies the reasons for not achieving the unanimous decision (of three employees). Referring to the executed root level activity 85, as it passes through the coordination and supervision monitoring system, the root level activity is executed with a record of who authorized what is maintained safely. Thus, if root level activity proves to be contrary to the company's best interests, a detailed investigation is conducted. At 86, the root level activity has been canceled because the tripartite operation failed (the unanimous decision was not reached). At reference numeral 87, all three selected employees with root level access are unanimously authorized for certain root level activities. If this root level activity was actually malicious, then all three employees would have to be involved in collusion with the company. Although this is unlikely, but still possible, the root level activity 83 is delayed by one hour, giving the supervisory department the opportunity to review this activity (see references 76 and 82). . At reference numeral 88, one or more qualified employees selected for three-way collaboration have rejected the requested root level activity. Accordingly, since the unanimous decision was not reached, the root level activity itself was also canceled 89 and the root level activity 85 was also canceled. The evolution pattern database 90 contains the patterns of security risks that have been previously discovered and processed. These patterns enumerate possible means of evolution as the state of current malware is transformed. In order to generate a new version / variant of the signature 91, a malware root signature 91 is given to the AST 17. A polymorphic variant 92 of malware is output from I ² GE and transferred to the malware detection system 95. The infrastructure system 93 physically exists on the premises of the infrastructure. Infrastructure systems generally manage infrastructure functions such as hydropower plants and transmission networks. The infrastructure computer 94 is a specific computer that executes a function enabling an infrastructure function from the infrastructure system 93 or a part of the function. Malware detection software 95 is located at all three levels in the infrastructure computer configuration. The infrastructure computer is provided with a user space 97, a kernel space 99, and a firmware / hardware space 101. This corresponds to the deployment of malware detection performed by LIZARD light agents deployed specifically for each of the three levels. The form of the malware 96 iterated through the evolutionary path 34 is found in the driver (which resides inside the kernel space 99). User space 97 is provided for mainstream development applications. User space is the easiest space to infiltrate using malware, but it is also the easiest space to detect and quarantine malware. All of the activities in user space are efficiently monitored by LIZARD lights. Applications 98 in user space may include programs such as Microsoft Office, Skype, Quicken, and the like. The kernel space 99 is mostly maintained by operating system vendors such as Apple, Microsoft, and Linux Foundation. Kernel space is more difficult to infiltrate than user space, but most of the responsibility belongs to the vendor, unless the respective infrastructure makes changes to the kernel. All of the activities in the kernel (registry changes (for Microsoft OS), memory management, network interface management etc) are efficiently monitored by LIZARD Lite. The driver 100 enables the infrastructure computer 94 to interact with peripherals and hardware (mouse, keyboard, fingerprint scanner, etc.). The firmware / hardware space 101 is entirely firmware /
It is maintained by the hardware vendor. For malware, it is extremely difficult to affect without physically accessing the corresponding hardware directly (eg, removing the old BIOS chip from the motherboard and soldering the new chip). Some of the firmware's activities are monitored by LIZARD lights but depend on the hardware settings. The BIOS 102 (a type of firmware) is the first software layer on which the operating system is built. The public infrastructure 103 is an unknown and possibly exploitable digital infrastructure (ISP router, fiber cable, etc.). The agent 104 monitors the known callback channel by interlocking with a known description (port, protocol type, etc.) of the callback channel stored in the public infrastructure and stored in the trust platform database. There is. The agent uses the malware source by checking for the presence of a heartbeat signal and notifying the trust platform. With the auto-discovery and light client installation 105, the MNSP 9's LIZARD cloud detects endpoint systems (eg, laptops) that do not send a response signal (handshake) to the LIZARD. This endpoint is synchronized as it is discovered and classified by I ² CM 24 (Intelligent Information and Configuration Management). Therefore, LIZARD Cloud detects that LIZARD light client is not installed / started (via SSH remote root shell), and forcibly installs LIZARD light client 43 using root shell, LIZARD light client correctly Ensure that it is activated. Since the light client 43 is not installed on the entry device, the malware 106A intrudes first. The light client 43 is installed on almost every possible instance of the system but all incoming and outgoing traffic is routed through the MNSP with LIZARD cloud. Early exploits 107 may be blocked before the exploit can open the secret callback channel 106B when the first strike of the exploit is detected. Channel 106B is an unknown communication path for malware 106B to individually communicate with its home location. This involves masking the signal to make it appear as legitimate http or https application traffic. Various vendors 108 provide valuable resources such as software, hardware, firewalls, services, secret access to financial and critical infrastructures, and are able to deploy agents 104 in public infrastructures . By means of malware, heartbeat signals with a specific size and frequency are sent at regular intervals via the callback channel 106B and directed to the source / loose source of malware via the secret callback channel. This signal indicates the status / ability of the malware to allow the malware source 50 to determine future exploits and coordinated attacks. This malware source indicates an organization that is malicious or hacking capable, whether it is a Black Hat Hacking Syndicate or a national government. Malware 106A and heartbeat signals (within channel 106B) are detected by LIZARD running on MNSP cloud 9, as all transmit and receive traffic is routed through the MNSP cloud / LIZARD via the VPN tunnel.

FIGS. 22-23 illustrate how the foreign code revision syntactically reproduces the foreign code to mitigate possible undetected malicious exploits. The combination method 113 compares and matches the declared goal 112A (possibly, according to the corporate policy 147, optionally) with the derived goal 112B. The combination method manipulates the composite goal format using goal module 36 to obtain the resulting matched or mismatched case scenario. Using the derived goals 112 B, requirement map matching maintains the hierarchical structure and maintains the jurisdiction of all enterprise requirements. Thus, depending on the availability of jurisdiction-oriented request map 114, the purpose of the code block is defined and justified. The input goal 115 is to be taken into the process of recursive debugging 119 (utilizing the goal / syntax module). Instead of merging multiple inputs (eg, goals), separate parallel instances are initialized for each goal input. The final security check 116 guards any exploitable points in programming by making use of the syntax module 35 and the goal module 36 to perform general purpose "soundness" checks, and also forwards the final output 117 to the VPN / extranet Do.

FIGS. 24-25 illustrate how recursive debugging 119 loops through code segments to test for bugs and applies bug fixes 129 (solutions) where possible. If the bug persists, the entire code segment is replaced 123 with the original (foreign) code segment 121. The original code segment then allows additional security layers such as virtual obfuscation and behavioral analysis Tagged for. In order to revise the code, goal module 36 and syntax module 35 use foreign code 120 to interpret the original state of the code. If it is necessary to install the original (foreign) code segment because there is a permanent bug in the revised version, the foreign code 120 is directly referenced from the debugger. The segment 121 of the revision code 122 is tested by the virtual runtime environment 131 to check for the presence of a coding bug 132. The environment 131 executes code segments 121 such as functions and classes, and checks for runtime errors (syntax errors, buffer overflows, incorrect function calls, etc.). Any coding errors are handled for correction purposes. With coding bug 132, errors that occur in the virtual runtime environment are defined in scope and type. All relevant coding content is given, enabling the solution. By matching the goal 124 again, a possible solution to the coding bug 132 can be devised by re-extracting the code from the declared purpose of this function or class. To avoid this bug, the scope of the coding bug is rewritten to an alternative format. If a possible solution is output and there is no other solution, the code revision for code segment 121 is lost and the original code segment (which came directly from the foreign code) is the final code set Used in Typically, in a single loop, code bug 132 receives multiple coding solutions. If all the coding solution runs out in solving this bug 132, the solution is lost and the original foreign code 133 is used. The code segment 121 may be tagged 136 as foreign to allow for the determination of additional security measures, such as virtual obfuscation and behavioral analysis. For example, if the revised code block contains advanced foreign code segments, this code block is more likely to be placed in the simulated data environment 394. Code segment caching 130 caches individual code segments (functions / classes) and reuses them in multiple revisions to increase the resource efficiency of the LIZARD cloud. This cache is used very well because in the cloud all traffic is concentrated via VPN. The revised code segment provider 128 provides the pre-revised code segment 121 so that coding bugs can apply the solution to the code segment 129.

FIG. 26 shows the internal operation principle of the request map matching 114 for verifying the target jurisdiction range. The LIZARD Cloud and the LIZARD Lite refer to the hierarchical structure map 150 of the corporate jurisdiction department. This reference is made to justify the goal of the code / function, and may block such code / function if it lacks a valid basis. Whether the input goal 139 is claimed or derived (via the goal module 35), the requirements map matching 114 verifies the basis for the code / function to execute inside the enterprise system . The master copy of the hierarchical structure map 150 is stored in the MNSP 9 LIZARD cloud with the corresponding registered company account. The request index 145 of the request map matching 114 is calculated by referring to the master copy. The pre-optimized (not hierarchical itself) request index is then distributed to all accessible endpoint clients. The request map matching receives the request request 140 for the most appropriate system-wide request. The corresponding output is a composite target format 325 representing this appropriate request. Then, using request criteria + priority sorter 143, appropriate requests are retrieved within the scope of the appropriate corporate policy. Such policy 147 defines the types and categories of requests that each jurisdiction has. The request may vary, such as mail exchange, software installation request, etc. Policy 147 determines what the priority of the request for the company is. According to the definition associated with each department, the department and request corresponding to the definition are associated. In this way, permission checks are performed. Example: Requirements Map Matching allows the HR department to request that all employees' resumes be downloaded. The reason is that now is the time to evaluate each performance yearly according to the ability of the employees. The initial parse 148 downloads each jurisdiction department for reference to the request. The department requirements calculator 149 associates requirements with each corresponding department according to the definitions associated with each department. In this way, permission checks are performed. Example: Requirements Map Matching allows the HR department to request that all employees' resumes be downloaded. The reason is that it is now time to evaluate the performance of employees annually according to the scope of jurisdiction defined in the hierarchy map.
Secret Machine Learning (MACINT) and Retaliation by Secret Operations in Cyberspace

FIG. 27 shows management, browsing, and control of intelligent information. Referring to aggregation 152, information streams from multiple platforms are merged and tagged while unnecessary and redundant information is blocked using generic level criteria. The setting and introduction service 153 is an interface for introducing a new enterprise property (computer, laptop computer, mobile phone) with correct security setting and communication setting. After a device is added and configured, security settings and communication settings are fine-tuned through the management console, interposing management feedback control. The configuration and deployment service also manages the deployment of new customer / client user accounts. The deployment may include the association of hardware with user accounts, interface customization, and a list of customer / client variables (e.g., business types, product types, etc.). The division by jurisdiction 154 divides the pool of tagged information exclusively according to the jurisdiction that corresponds to the user of the management console. The division by threat 155 organizes the information according to the individual threat. All types of data are associated with or deleted from certain (adding some information) threats. At this stage of the process labeled Intellectual Contextualization 156, the remaining data appears as a group of islands. Interrelationships are established between each platform for security analysis mastery. To decipher threat patterns, historical data are accessed (from I ² GE 21 as opposed to LIZARD 16) and CTMP is used for critical thinking analysis. By the threat dilemma management 157, a cybersecurity threat is recognized from an overhead view (overall view). Such threats are passed to the management console for graphical representation. As calculated measurements related to threat mechanics are eventually merged from multiple platforms, decisions on threat management are automatically made with more information obtained Be done. The automation control 158 represents that the algorithm accesses to perform control related to the management of the MNSP 9, TP, 3PS. Management feedback control 159 can be used to facilitate policy decisions, forensics, threat investigations, etc., a high level of service based on all MNSP Cloud, Credit Platform 10, additional third party services (3PS) Provides control. Such management control is ultimately manifested on the management console (MC), with appropriate images that can be customized and an efficient presentation. As a result, the entire system (MNSP, TP, 3PS) can be efficiently controlled and operated directly from a single interface that can be expanded and viewed as needed. A manual control 160 represents human access to control on management of the MNSP 9, TP (trust platform), 3PS (third party service). Direct management 161 utilizes manual control to provide a human interface. The category and jurisdiction range 162 allows the user of the management console to use login credentials defining the scope of his jurisdiction and information category access. All data vector candidates 163 are all data in motion, data in pause, and data in use. Customizable image 164 is the company's various departments (accounting, finance, human resources, IT, legal, security / general inspectors, privacy / information disclosure, labor union, etc.) and parties (parts of staff, managerial positions) , Executives), in addition, third-party partners, are intended for use by law enforcement agencies, and so on. Integrated single view 165 monitoring, logging, reporting, event correlation, alert processing, policy / rule set generation, corrective action, algorithm coordination, service provisioning (new customer / change), use of credit platform, In addition, it is a single view of all the feature candidates, including third party services (including receiving reports and alerts / logs from third party service providers and third party service vendors, etc.). An integrated view 165 of all security, images are a collection of images that represent boundaries, enterprises, data centers, clouds, removable media, mobile devices, and so forth. The cyber security team 167 is qualified professionals who monitor the activity and status of many systems throughout. Since intelligent information processing and judgment by AI are performed, it is possible to reduce the cost because only a small number of people with few years of experience can be employed. The primary purpose of this team is to be relied upon in the unlikely event of processing a large number of analysis points while verifying that the system is developing and improving according to the desired criteria. It is. Behavioral analysis 168 observes the status and activity of malware 169 while in environment 394 of 100% simulated data. While this malware interacts with fake data 170, behavior analysis can be performed as a pattern observed during active time (eg, activity only every Sunday when the office is closed), request for file access, requested Record root administrator functions etc. Malware 169 is being hacked by hacker 177. Although hackers believe that they have been able to deploy malware to the target system, this malware is transferred and quarantined without any knowledge in the environment 394 of 100% simulated data. In the fake data 170, the malware 169 digitally possesses a copy of the fake data. With the impression that the data is genuine, the malware owns this copy, and the malware, and thus the hacker 177, does not care if the data is genuine or fake. When the malware is trying to transmit fake data to the hacker, the transmitted signal is routed such that the fake hacker 174 receives, not the real hacker that the malware is expecting. By means of the hacker interface 171, the syntax module 35 and the object module 36 (judiciously belonging to the LIZARD system) receive the code structure of the malware 169. These modules reverse engineer the internal structure of malware and output a hacker interface. This interface is the communication method used between the malware and the hacker, what the malware expects from the hacker (eg receiving instructions), and what the hacker expects from the malware ( For example, explain status reports etc. in detail. Such information can emulate fake hackers 174 and fake malware 172 in virtual environment 173. Once the behavior analysis 168 has fully learned the behavior of the malware 169, the signal mimicry function of the MNSP 9 can emulate a program that behaves like the hacker 177. This emulation includes communication protocols that exist between genuine malware 169, fake data 170, and fake hackers 174. The emulated signal response 175 causes the virtualized fake hacker 174 to send a response signal to the real malware 169, giving the real malware an impression either that the job worked or failed give. Such signals may include commands for malware behavior and / or requests for up-to-date status information. This is done to further investigate the behavior analysis and observe the next behavior pattern of the malware. Once the investigation is complete, the simulated data environment 394 with this malware can be frozen or destroyed. The emulated response code 176 gives the hacker a fake response code that has nothing to do with real malware behavior / state. Depending on the desired retaliatory tactics, false error codes or false success codes can be sent. Fake error codes give hackers the impression that the malware is not working (even if it is actually working) and spends hackers time for the useless task of debugging something irrelevant. If the error code is correct, hackers are less likely to be distracted from creating new forms of malware, and instead will focus on the current malware and further possible improvements. Since such malware has already been exploited and LIZARD knows, hackers spend energy on this malware, assuming that the exploited malware works well. Hacker 177 still believes that his malware has successfully penetrated the target system. In fact, malware is isolated in a virtual environment. The same virtual environment emulates the way and syntax that the malware communicates with the hacker (whether the communication is bi-directional or omnidirectional) by acting as a behavioral analysis 168 for this malware. Crime assets 178 represent investments made using crime funds 184 to assist in hacking and malicious activity of crime system 49. Such assets 178 typically represent computing power and Internet connectivity, and strong investments in these two assets allow for more sophisticated and elaborate hacking capabilities. Using a crime code 179, a trusted platform agent performs an exploit scan, collecting as much forensic evidence as possible. Using the crime computer 180, a CPU exploit is executed which causes the CPU to overflow with an AVX instruction. This implementation results in increased heat generation, increased power consumption, more CPU degradation, and more unusable processing power for criminal processes. In order to identify the capabilities and nature of the criminal property 178, a plow scan 181 is performed on it. The results of the scan are managed by the exploit 185 and forwarded to the credit platform 10. The exploit 185 is a program sent by the credit platform via the retaliatory exploit database 187 that infiltrates the targeted crime system, as listed in Figures 27-44 of MACINT. Power and cooling expenditures will increase significantly, exhausting crime funds 184. Shut down the computer to stop criminal activity strictly. Purchasing a new computer puts a burden on crime funds, and the new computer is also more likely to be exploited like previous computers. The retaliation exploit database 187 includes a backdoor on which the hardware vendor 186 is installed and a means of exploiting criminal activity that it offers as a known vulnerability. The integrated forensic forensic evidence database 188 contains forensic evidence collected from a number of sources across many companies. In this way, the strongest possible litigation cases are established against criminal enterprises and presented in the appropriate courts. The selection of targets 189, after having sufficient forensic evidence against a given target, selects that target for retaliation only. This may include the minimum time requirements for a forensic lawsuit to be held for review by surveillance (eg, six months). The evidence must be highly self-reinforcing, and individual events are not used to play a role in retaliation out of fear of attacking innocent targets and legal consequences . Target validation 190 validates suspicious criminal systems using multiple methods that outperform any conceivable concealment methods (cafes in town, TOR networks, etc.), including:
・ Cloud services that can use physical location GPS help in supporting work (for example, a place that signed in to Droxbox that has long been a habit)
• Physical device MAC address, Serial (from manufacturer / vendor) • Verification of biometric data on the person's security system, taking pictures with frontal camera, consistent login credentials across multiple platforms Supporting work

FIG. 33 shows an outline of the MACINT secret operation, showing that the criminal abuses the corporate system. Enterprise system 228 defines the overall scope and jurisdiction of the enterprise's infrastructure and assets. Corporate computer 227 is an important part of corporate system 228 because it contains sensitive information 214 and relies on corporate network 219 for its typically scheduled tasks. The latent double spy 215 is malicious software that is dormant and "sleeps" on the target computer 227. Because dual spies are not active, it is very difficult for programmers and cyber security analysts to detect when damage has not occurred. When a hacker on the crime system 49 finds an opportunity to use the dual spy 215, a copy of the sensitive file 214 is captured by the agent 215 without any notice. At this stage, hackers have exposed themselves to leave traces, but when it is time to fully utilize the opportunity to install agent 215 without the knowledge of the administrator (eg, file 214 has value The case is for the hackers themselves. At step 216, the captured file is sent via encryption to a criminal's destination server outside the corporate network. Such encryption (eg, https) is permitted by the policy. Because of this, this transmission is not blocked immediately. The captured file 214 is passed to the network infrastructure of the corporate network 219 to leave the corporate system 228 and enter any system 262 and thus the crime system 49. This network infrastructure is represented as a LAN router 217 and a firewall 218, which are the last passing barriers for malware before the captured file 214 can be transported out of the enterprise system. The industry standard firewall 218 (which in this example is not intended to prevent stealing the captured file 214) generates logs that are forwarded to the log aggregation 220. This log aggregation then separates the data into categories for both long-term / deep scan 221 and real-time / surface scan 222. No Results According to the 223 case scenario, real-time scan 222 is poorly prepared to recognize malicious activity almost immediately and cause it to stop prior to performing it. According to the discovery 224 of the connection with malware, the long-term scan 221 has the advantage of being able to spend more time on analysis, so it finally recognizes malicious behavior. Because time is abundant, long-term scan 221 allows for thorough investigations using more complex algorithms and more data points. The botnet attacked sector 225 uses a computer belonging to any third party system to transfer confidential files 226 and escape the investigation and put on any third party in wet clothes. The thieves receive the confidential file 226 through their botnet 226 while continuing to conceal their existence, and subsequently use the file for illegal crises and benefits. The remaining possible traces of the crime computer's identity (e.g. IP address) can only be left on any computer 238, but the administrator and the investigator of the enterprise system 228 have any computer I can not access it.

FIG. 34 shows the long-term / deep scan 230 using the big data 231 in more detail. The deep scan 230 contributes and works with the big data 231 utilizing two sub-algorithms of "collusion detection" and "foreign entity management". Intermediate results are pushed to anomaly detection responsible for the final result. Standard logs from security checkpoints, such as firewalls and central servers, are aggregated and selected by the log aggregation 220 low restriction filter. Event index + tracking 235 stores event details such as IP address, MAC address, vendor ID, serial number, time, date, DNS, etc. These details exist in both the local database and the cloud sharing database (the data databases are not identical). These entries stored locally are pushed (with policy restrictions by the company) to the cloud database for the convenience of other companies. In return, useful event information is received for local analysis. An enterprise registered with a trusted third party 235 is already experiencing botnet infringement and can provide detailed information for prevention that mitigates such risks. Security behavior 236 causes security behavior guidelines to be stored in the local database and the cloud shared database (these databases are not identical for data). These behavioral guidelines define the gist of actions to ensure the security of the system. For example, if an IP address accesses the system and that IP address is related to the botnet six times in ten according to the event index, then prohibit this IP address for 30 days, A priority flag is set in the log system to mark any attempt by the address to access the system. These locally stored guidelines are pushed (with policy restrictions by the company) to the cloud database for the convenience of other companies. In return, useful event information is received for local analysis. With anomaly detection 237, the event index and security behavior are used according to the intermediate data provided by the deep scan module and the possibility of confidential files being transferred by unauthenticated agents to any system outside the corporate network Determine a certain risk event. The optional computer 238 is shown and highlighted as the destination server involved in this violation, and is defined by known characteristics such as MAC address / last known IP address 239, country, uptime pattern, etc. Such analysis primarily requires the Foreign Entity Management 232 module. The system can thus determine the likelihood 240 that such a computer is involved in the botnet. Such analysis mainly requires collusion detection 19.

In FIG. 35, an arbitrary computer is searched on the credit platform 10, and that arbitrary computer or its related / neighboring server (server to which this arbitrary computer connects) is installed in the past for the credit platform 10 in double or triple. It shows how to check if it is a spy. Stage 242 represents the known information of optional computer 238, such as MAC address / IP address 239, being sent for querying at event index + tracking 235 and cloud version 232. This cloud version, operating from the trust platform 10, tracks event details to identify future threats and threat patterns such as MAC addresses, IP addresses, access timestamps and the like. The results of such a query 242 are sent to the system collection details 243. This detail includes details of the original optional computer 238, the computer / system periodically receiving and / or transmitting packets with the computer 23, and the system physically close to the computer 238 . These details are then forwarded to stages 246 and 247 to see if those computers / systems mentioned above happen to be dual spies 247 or triple spies 246. Such spy search surveys are performed with a trusted double spy index + tracking cloud 244 and a trusted triple spy index + tracking cloud 245. The dual spy index 244 contains a list of trusted platforms and systems that have installed latent spies controlled by their affiliate organization. The triple spy index 245 contains a list of systems attacked by criminal syndicates (eg, botnets) to monitor malicious activity and deployment, but individually attacked by the trusted platform 10. Each of these two clouds outputs an outcome, which is collected into a list 248 of active and important spies.

FIG. 36 shows how known double or triple spies from the credit platform 10 will be involved in future forensic investigations. Forwarded from the list of spies 248, the appropriate double spy 252 is launched 249. The dual spy computer 251 (which is trusted to the optional computer 238) pushes the exploit 253 through the trusted channel 254. Once successfully deployed on the random computer 238, the exploit 253 tracks the behavior of the classified file 241 and knows that it has been sent to what is now known as the crime computer 229. This exploit attempts to settle on the crime computer 229 along the same path used to transfer the 216 file 241 for the first time on channel 255. Exploit 253 then attempts to find confidential file 251, quarantines it, sends its exact status back to credit platform 10, and then tries to securely delete the confidential file from the crime computer. The credit platform 10 then transfers this quarantined file to the original enterprise system 228 (which owned the original file) for forensic purposes. While it is not always guaranteed that the exploit 253 was able to retrieve the confidential file 241, at least the exploit was able to transfer identifiable information 239 about the crime computer 229 and the system 49.

FIG. 37 shows how the trusted platform 10 uses the API of the Internet Service Provider (ISP) 257 for an optional computer 238. Network supervisor 261 is used to try and exploit optional system 262 for further judicial investigations. The enterprise system 228 only knows limited information 259 about the optional computer 238 and looks for information about the crime computer 229 and system 49. An API request of the ISP 257 is generated at the trust platform 10. The network supervisor 261 finds that the system network log for the optional system 262 is found, and further that the file appears to have been transferred to the crime computer 229 (which will later be recognized as). The log history is not as detailed as recording the exact and complete organization of the confidential file 241, but metadata 260 is used to determine with certainty what computer the file was sent to can do. The network supervisor 261 discovers detailed information 258 of the crime computer 229 network, sends such information to the credit platform 10 by another route, and then notifies the enterprise system 228.

FIG. 38 illustrates how trusted platform 10 can be used to execute the security API provided by software vendor 268 and hardware vendor 272 and to assist in judicial investigations to exploit an installed backdoor. There is. At stage 263, the known identity details of the crime computer 229 are transferred to the credit platform 10 to perform the backdoor API. This detailed information may include suspected software + hardware of MAC address / IP address 239 and crime computer. The trusted platform 10 then transmits the exploit 253 to the affiliate software vendor 268 and the hardware vendor 272 in a dormant state (exploit code is forwarded but not executed). To these vendors are also transmitted software 269 and hardware 273 suspected of the crime computer 229 that were suspected to the enterprise system 228 at stage 263. The vendor maintains a list of installed software backdoors 270 and hardware backdoors 274, and the list shows how to activate those backdoors, the authentication method employed, those backdoors It contains information such as possible things and restrictions. Because all these backdoors are internally isolated and kept secret from inside the vendor, the credit platform has not received any sensitive information to handle these backdoors, but the help from the backdoors Provide an exploit 253 to obtain. Upon successful installation of the software backdoor 267 or the hardware backdoor 271, the exploit 253 is separately installed on the crime computer 229. The confidential file 241 is quarantined and copied so that its metadata usage history can be analyzed later. The copies of confidential files remaining on the crime computer are then erased securely. Any other supplementary forensic evidence is collected. All these forensic data are returned to the point of contact of the exploit 253 on the credit platform 10. The forensic evidence 265, which then includes the classified file 241 found on the crime computer 229 and the identities of those persons involved in the criminal system with evidence for those involved in the first theft of this file It is transferred to 228. In this way, corporate system 228 can recover this file 241 if it is removed from the criminals' system during the initial theft, and identity details 264 seek retaliation in the form of damages. It makes it possible to neutralize the botnet of the crime system 49 in order to reduce the risk of future attacks.

39-41 illustrate how generic exploit 282 and customizable exploit 283 may be applied to optional computer 238 and crime computer 229. FIG. The generic exploit 282 is a collection of software exploits, firmware exploits, and hardware exploits that are collected and organized by the enterprise system 280 through independent cyber security research. In customize exploit 283, the exploit is customized according to known information about the target. Exploits 253 are distributed in descending order of success probability and last in order of least success. A collection 284 of useful information about the crime computer 229 is forwarded to the customization 283. This information includes known computer information such as MAC address / IP address 239 and suspected software + hardware 285 being used by crime computer 229. Proxy management 286 is a combination of an algorithm and a database that intelligently selects a proxy to be used for exploit attempts. Proxy network 279 is a group of proxy nodes 278 that allow for hiding the identity of individual systems. A node becomes an apparent caller by passing such digital communication. Each node is intelligently selected by proxy management 286 according to the overall performance of a node, the availability of a node, and the current workload of a node. Three potential exploit points of crime computer 229 and / or optional computer 238 are tried. If the exploit against the crime computer 229 fails, the exploit will still allow the entire forensic investigation, so in any case an exploit against the random computer 238 will be performed. The first way is to directly exploit, the second way is via the botnet tunnel 276 of any computer, and the third way is the unique means of exploit that the criminal system used to install the botnet 277 ( And other unused exploit points). Botnet tunnel 276 is an established means of communication used between crime computer 229 and the active portion of botnet 240. Any forensic data generated by the exploit is also sent to the enterprise system 228 at stage 275.

FIG. 41 shows the installation of a new backdoor by updating the software or firmware 289 to the crime computer 229 using a special API of the credit platform 10. A placebo update 288 is pushed to similar nearby devices to protect the covert. The enterprise system 228 sends target identity details 297 to the credit platform 10. Such detailed information includes the MAC address / IP address 239. The credit platform 10 communicates with the software / firmware maintainer 287 to push the placebo update 288 and the backdoor update 289 to the appropriate computer. This backdoor update introduces a new backdoor to the crime computer 229 system by using the software update system already installed on the crime computer 229. Such updates may be made for specific software such as operating system, BIOS (firmware), word processor. The placebo update 288 removes the backdoor so security can not be exploited, but by providing the same details and features (eg update number / code) as the backdoor update 289, the backdoor's covertness is maintained Call up. The maintainer 287 transfers the back door 295 to the target, and also transfers it to a computer with an average exposure to the target. Such additional computer 296 may belong to the infrastructure of the crime system 49 or may be on the same local network as the crime computer 229. Exploiting such a further computer 296 increases the chances of gaining an intrusion path to the crime computer 229 if a direct attack is not possible (e.g. when turning off the operating system update). Then, if the exploit 253 can place itself on a nearby computer 296, it can consider different entry points into the target. A placebo update 228 is sent to the engagement computer 291 that is on average exposed to the target. Exposed can be understood as sharing a shared network (eg, a virtual private network etc.) or a shared service platform (eg, a file share etc.). The engagement system 290 may be strategically linked to the crime system 49, such as owned by the legal structure of the same company. The neighborhood computer 293 belonging to the neighborhood system 292 is updated with a placebo because its physical location is close to the target crime computer 229 (such as in the same area). In the near future, there will be no regular updates (or anything that is suitable and viable for surveys) to be distributed by maintainer 287, but to allow forensic forensic surveys that have time constraints. A placebo update 288 is made for both and for nearby systems 292. In the case scenario where there are regular updates intended for software / firmware improvements, the participating systems 290 and the neighboring systems 292 do not need to do a placebo update to verify the perceived legitimacy of the backdoor update 289. Alternatively, backdoor update 289 can be installed on some of the legitimate updates targeted at crime computer 229 and further computer 296. If the exploit 253 is successfully installed through the backdoor update 295, the confidential file 241 is quarantined and copied so that its metadata usage history can be analyzed later. The remaining copies on the offender computer 229 are then reliably erased. All supplemental forensic evidence is collected. The forensic data is then sent to the exploit contacts at the credit platform 10. Once the data is verified at the credit platform 10, results 281 are transferred to the enterprise system 228.

FIG. 42 shows how the long-term priority flag is pushed to the credit platform to monitor the crime system for any and all changes / updates. To facilitate research, new developments are preferentially monitored over time. Initially, enterprise system 228 submits target 297 (including identifiable detail 239) to warrant module 300, which is a subset of trust platform 10. This warrant module scans the input 299 of all lineage systems 303 to search for any relevance of the defined target 297. If there is a match, the information is passed to the corporate system 228, which has defined the warrant and is trying to infiltrate the target 297. The information input 299 is the information reported by the affiliate system of the credit platform 10 and will typically receive some desired analysis. Also, inputs may be submitted whose sole purpose is to obtain accreditation and reputation on the credit platform 10. The affiliate system 303 submits its input to the trust platform 10. This works in favor of the enterprise system 228 trying to monitor the target 297. This increases the likelihood that one of these line systems 303 has encountered a target or anything related to the target, whether it is a positive, neutral or negative interaction. Such input 299 is forwarded to the desired analysis module 301, which represents most of the functionality of the trust platform 10 for synchronizing mutually valuable security information. The affiliate system 303 sends security requests and exchanges security information. When a target 297 or information related to that related to the target is found, that information is also transferred to the warrant module 300 in parallel. The information output 302 of the analysis module 301 is forwarded to the affiliate system 303 to complete the requested task or function. Useful information learned by the warrant module 300 regarding the target 297 is transferred to the results 298 as part of the forensic investigation of the enterprise system 228.

Deductive Real-time Defense of Zero Database by Logical Reasoning (LIZARD)

FIGS. 43 and 44 show the dependency structure of LIZARD (a deductive real-time defense of zero database by logical reasoning). The static core 193 is mainly where immutable program modules are hard-coded by human programmers. The iteration module 194 intelligently modifies, creates, and disposes of modules on the dynamic shell 198. The iteration module uses a pseudo-security threat (AST) for security performance reference, and uses an iteration core to handle the methodology of automatic code description. As shown in FIG. 51, the iteration core 195 is the main logic for repeatedly executing the dynamic shell to improve security. The differential modification algorithm 196 modifies the base version according to the defects found by the AST. After the delta logic is applied, a new version is presented, immediately after which the iteration core is recursively called and goes through the same process as that tested by ART. The logical subtraction algorithm (LDA) 197 receives a known security response of the dynamic shell version from a pseudo security threat (AST). The LDA also deduces which code set configurations can make a known correct response in line with the security scenario (provided by the AST). The dynamic shell 198 mainly includes a dynamic program module automatically programmed by the iteration module. Code quarantine 199 isolates the foreign code into a restricted virtual environment (eg, petri dish). Secret code detection 41 detects codes secretly embedded in data and transmission packets. In the AST overflow relay 201, when the system can only determine low confidence, data is relayed to the AST for future version improvement. An internal integrity check 202 checks if the integrity of all internal functions of the block of foreign code is correct. It is verified that there is no fragment of code internally incompatible with the goal as a whole foreign code. In the foreign code revision 203, after the goal of the foreign code is derived, part or all of the code is revised, and only the revision is permitted to be executed. Mirror tests make sure that the revised I / O behavior is the same as that of the original code. In this way, any hidden exploits present in the original code will not be used and will never be executed again. The hierarchy of mapped requests and goals is referenced to determine if the requirement map matching 204 fits the foreign code to the overall purpose of the system (e.g., a puzzle). The real data synchronization unit 205 is one of the two layers that intelligently selects which priority is given to the data to be given to the mixed environment (the other is a data manager) . In this way, confidential information can not be accessed from suspected malware, but only to code that is known and trusted to be established. Data manager 206 is an intermediary interface between entities and data coming from outside of the virtual environment. The framework coordinator 207 manages all input, output, thread production, and diagnosis of all semi-artificial or artificial algorithms. Virtual obfuscation 208 clutters and restricts the code by gradually and partially sinking into a virtualized fake environment. Secret transport module 209 carefully transfers malware to simulated data environment 394 without informing the malware. The goal comparison module 210 compares four different types of goals and ensures that the existence and behavior of the entity is rational and understood by LIZARD in producing good results for the overall goals of the system. Do. Things that may deviate significantly in purpose show malicious behavior. The simulated data generator 211 creates false data designed to be indistinguishable from actual data. For example, a set of social security numbers. The virtual environment manager 212 manages the construction of the virtual environment, including variables such as proportions of simulated data, available system functions, network communication options, storage options, and the like. Data recall tracking 213 tracks all information uploaded from suspicious entity 415 and downloaded to suspicious entity 415. This is done to reduce the security risk that sensitive information may be transferred to malware. This security check also mitigates the logistical problem that legitimate enterprise processes receive false data. If the simulated data is sent to a legitimate (now known) corporate entity, a "callback" is performed that recalls all simulated data, and the (originally requested) actual data is sent.

FIG. 45 is a decentralized form of LIZARD (a zero database by logical reasoning), a centralized supervisory algorithm that can block all potential cyber security threats in real time without the direct help of a dynamically growing database An overview of real-time defense). The determination of whether the data / access to the system is authorized is permitted only when it is necessary to know, only when the function is necessary, and on a priority-oriented basis. If a code block or data can not provide the function / goal to achieve the goal of the hard coded system, the code block or data is rejected in a secret way including virtual isolation and obfuscation. LIZARD has a syntactic interpreter that can read and write computer code. In combination with the goal derivation function, goal-oriented behavior can be derived from the code block even for code blocks that are secretly embedded in data that is harmless to the eye. All corporate devices are routed via LIZARD, even those that are not on the premises of the company, such as the company's phone at a public coffee shop. All software and firmware that runs corporate assets are hard-coded to perform any kind of download / upload like a persistent proxy via LIZARD. Non-compliance with perpetual proxy policies is mitigated by a confidential asset disclosure policy. Because digital transfers that occur within enterprise systems must go through hard-coded hardware to relay through LIZARD, malicious code can not find a safe place and has been exploited to ignore persistent proxy policies I can't even work with my computer. LIZARD has a symbiotic relationship with the iteration module (IM). IM clones hard-coded goal-oriented tasks and LIZARD's comprehension capabilities. Then use these syntactic features to modify LIZARD to meet your hard-coded goals. The Pseudo Security Threat (AST) module is involved in a parallel virtual environment for stress testing various variations of LIZARD. The variation with the highest score is selected as the next official version. LIZARD provides an innovative model that breaks the current state of cybersecurity solutions. Advanced logical reasoning capabilities make it possible to make instantaneous and accurate security decisions beyond the "too late" paradigm of modern cybersecurity defenses. LIZARD interacts with three types of data: data in motion, data in pause, and data in use. LIZARD interacts with six data media (also called vectors): file, email, web, mobile, cloud, removable media (USB). The enterprise system 228 indicates the type of server running in an infrastructure such as HTTP or DNS. Mobile device 305 is shown connected to the digital infrastructure of enterprise system 228 via LIZARD light client 43 while operating within coffee shop 306 throughout the city. Such LIZARD light client 43 acts as a gateway to the Internet 304 which then connects to the encrypted LIZARD cloud 308.

FIG. 46 shows an overview of the functions of main algorithms related to LIZARD. LIZARD's Outer Dynamic Shell (DS) 313 is the section of functionality most susceptible to change through iteration. Modules that require a large amount of computation to achieve their own goals usually belong to this shell 313. The reason is that these modules surpass the level of computational complexity that a team of programmers can directly handle. The iteration module 314 uses the static core (SC) 315 to syntactically code the code base of the DS 313 in accordance with the goals defined in the “Decised Goal” and data from the Data Relay Relay (DRR) 317. change. This modified version of LIZARD is stress tested by Parallel Security Threat (AST) 17 (in parallel) under a number of different security scenarios. The most successful version is adopted as the production version. This SC315 from LIZARD is the least susceptible to changes due to automated iteration, and instead can be changed directly by human programmers. In particular, the innermost square, also referred to as the inner core 334, is completely immune to automated iterations. This innermost layer 334 is like a tree root that offsets the direction and overall ability of the LIZARD. The General Purpose Dynamic Module (GDM) 316 is the zone of modules most subject to automated self-programming and thus belongs to the Dynamic Shell 313 jurisdiction. Such a program executed by GDM 316 is always in the "beta" state (not always stable and unfinished product at work). If LIZARD has low confidence in the judgment, LIZARD relays the corresponding data to AST 17 via data return relay (DRR) 317 in order to improve the future LIZARD version. LIZARD itself does not rely directly on data to make decisions, but data about evolving a threat can indirectly contribute to the deductive decision making that future LIZARD versions may make. Label 342 shows how the code becomes more static (very slowly changing) as more human work is involved in the code design. As the iteration module (IM) 314 programs the code, the code becomes more dynamic and fluid. Syntax module 35 and purpose module 36 are shown to function from within SC 315.

FIG. 47 shows the internal operation principle of the static core (SC) 315. The logical derivation 320 derives logically necessary functions from the initial simpler functions. The end result is that an entire tree of functional dependencies is built from the declared composite goals. Code translation 321 translates any (generic) code that is read directly by the syntactic module function into an arbitrarily chosen known computer language. Back translation from known computer languages into any code is also performed. The rules and syntax 322 include static definitions that help interpret and generate syntactic structures. For example, the rules and syntax of the C ++ programming language can be stored in rules and syntax 322. The logic reduction 323 collects the logic described in the code into simpler shapes and generates a map of interconnected functions. The description code 324 is a final output, executable program. In contrast, code goal 332 is an input. The composite target format 325 represents a storage format for storing mutually associated lower targets representing the entire target. Target relevance 326 is a hard-coated reference to determine which type of goal and what type of behavior features and types. The iterative extension 327 refers to the relevance of goals, adds detail and complexity, and evolves simple goals into compound goals. The iterative interpretation 328 loops through the interconnected functions and generates the interpreted goal by referring to the goal relevance 326. Outer core 329 is formed primarily by syntax and goal modules, which work together to derive a logical goal from unknown foreign code and to generate executable code from the goals of the declared function code. Ru. Foreign code 330 is a code that is unknown to LIZARD, and its function and intended goal are unknown. The foreign code 330 is an input to the inner core and the derived target 331 is an output. Goal 331 is the intent of any code 330 as estimated by goal module 36. The goal 331 is returned in a combined goal format 325.

FIG. 48 shows that the inner core 334 contains the essential core functions of the system, programmed directly and exclusively by the appropriate cybersecurity expert 319 via the maintenance 318 platform. The core code 335 is a very basic foundation necessary to operate LIZARD. In core 336, the basic framework and library 336 holds all of the functions needed to operate LIZARD, such as compression and comparison functions. In core 336, thread management and load balancing 337 allow LIZARD to efficiently dominate a group of clusters, whereas the communication and encryption protocols require the type of encryption sought (eg, AES, RSA, etc. are defined. In the core 336, the memory management 339 allows the data interpreted and processed by LIZARD to be efficiently managed in the server random access memory (RAM). System goals 336 include security policies 340 and corporate goals 341. Security policy 340 is manually designed by the (one or many) cyber security analyst as a guide that may be referenced to operate LIZARD in response to custom variables. Thus, LIZARD has a standard as to whether it is considered unsafe or prohibited treatment, or to be acceptable. For example, it should be within corporate security policy 340 to prohibit sending mail to recipients outside the organization, or to lock an account when you make a mistake entering the password three times. May I? The enterprise goal 341 defines the broader features of what kind of integrated infrastructure the enterprise wants to achieve. The goal 341 is mainly for the self-programming of the dynamic shell 313 as to what functions the LIZARD has to have in the context of the corporate infrastructure and what capabilities the LIZARD has to show Used for orientation.

FIG. 49 shows the internal operation principle of the dynamic shell (DS) 313. This section of the LIZARD is mainly manipulated by the artificial intelligence programming module (iteration module). The modules in the outer shell 345 are new and experimental modules that have minimal impact on overall system decision making. The inner shell 344 is the main body of LIZARD, and many of LIZARD's intellectual abilities are used here. The "beta" of the new experimental algorithm 343 is allocated software space, where human and / or artificial intelligence can program and test the functional requirements of the new module.

FIG. 50 shows an iteration module (IM) that intelligently modifies, creates, and disposes of modules on the dynamic shell. The iteration module uses pseudo-security threat (AST) 17 to reference security performance, and uses iteration core 347 to handle the automatic code description methodology. In the data return relay (DRR) 317, data of malicious attacks and addicts is relayed to the AST 17 when the LIZARD has to make a decision with low confidence. The AST 17 creates a virtual test environment with simulated security threats to make the iteration process executable. The pseudo-evolution of AST 17 takes place sufficiently to go beyond the natural evolution of fraudulent and malicious cyber activity. In static core cloning 346, static core 315 with semi-dynamic outer core 329 is used as a criterion for guidance of iteration. This iteration partially alters the outer core 329 so that self programming is a complete cycle in the artificial intelligence loop. The iteration core 347 receives pseudo security scenarios and guidance on the purpose of the system and modifies the dynamic shell 313. The iteration core 347 generates many versions. The version that produced the best results in the mock security test is uploaded and becomes the live version of the dynamic shell at stage 348.

FIG. 51 shows an iteration core 347 which is the main logic for repeatedly executing code to improve security. In the recursive iteration 350, a new instance of the operation core 347 is called with the base version replaced with the new version. Such replacement is managed by thread management 349, which is derived from thread management and load balancing 337, which is a subset of core code 335. The differential modification algorithm (DMA) 353 receives from the inner core 334 syntax / objective programming capabilities 351 and guidance 352 of the system objectives. These two inputs are interrelated to the basic framework and library 336 as well as the security policy 340 / enterprise goal 341. Then, the difference change algorithm changes the base version 356 according to the defects found by the ART 17 by using such a code set. After the difference logic is applied, a new version 355 is presented, immediately after which the iteration core 347 is recursively invoked and goes through the same process as that tested by ART 17. Queued security scenario 360 is a plurality of scenarios in which comprehensive testing of dynamic shell 313 is performed on all known security points. For the active security scenarios 361, the dynamic shell 313 has been tested in the currently active security scenario in the isolated virtual execution environment 357. Such an environment 357 is a virtual instance completely separated from the production system. This environment artificially performs malicious attacks and intrusions. Defects 362 in security test results are visibly presented to indicate security threats that “passed” the base version while running the virtual execution environment 357. Subsequently, any defects found are forwarded to the DMA 353 to facilitate the generation of new versions that attempt to remove these defects.

52-57 show the logical process of the difference modification algorithm (DMA) 353. FIG. The current state 365 represents the dynamic shell 313 code set with symbolically correlated figures, sizes, and locations. The different configurations of these graphics represent different configurations of security information collection and security responses. The AST 17 provides a possible response of the current state 365, which may be false or a correct response (e.g., quarantine this file as it is a virus). The attack vector 370 (all dotted arrows) serves as a symbolic demonstration of the cybersecurity threat. Direction, size, and color are all related to hypothetical security properties, such as attack vector, malware size, malware type. The attack vector symbolically "strikes" the code set to represent the security response of the code set. Ref. A367 shows a particular security configuration that passes the attack vector, which may or may not be the correct security response. Ref. B 368 may be correct or wrong but Ref. Figure 8 shows a bouncing attack vector in a security configuration showing an alternative response type of A. Ref. C369 shows a security response that sends the attack vector back to the original location, which may or may not be the correct security response. Referring to FIG. 53, the correct state 354 represents the final result of the process of the incremental modification algorithm 353 that produces the desired security response from the code block of the dynamic shell 313. The correct state 354 is generated by recursively iterating 350 the new version 355 of the dynamic shell 313. Even if there is a slight difference between the current state 365 and the correct state 354, these differences can result in the response of an entirely different attack vector 370. Ref. While A367 allows the passage of attack vectors, Ref. A371 (correct security response) bounces the attack vector at a right angle. Ref. In both the current state 365 and the correct state 354. The response of the attack vector to B is left as it is. Ref. For C373, Ref. Although at a different position from C369, the attack vector is also sent back to the original source. All of these attack vector presentations represent and respond to the logistics management of security threats. FIG. 54 shows an AST security attack vector 375, which is a series of attacks given by the AST 17. The correct security response 376 indicates the desired security response for the attack vector 370. The code set (each figure) that generates such a correct security response is not shown as it is not yet known at this stage. FIG. 55 shows a current dynamic shell response attack 377 showing a poor security response to the correct dynamic shell response attack 378. Such a correct response 378 is generated by the logic inference algorithm (LDA) 197. FIG. 56 shows how the LDA 197 infers the correct security setup to match the correct attack response 378. The static core 315 provides the LDA 379 with a system framework / guidance 352 and syntax / objective automatic programming capabilities 351 to allow the LDA to build a security program that generates the correct response attack 378. At stage 381, a base version 356 of the dynamic shell 313 is provided to the LDA 379. Such a version is represented as a security response program 382 that produces a low level, ineffective security response. This program 382 is provided as an input to the LDA 379. The LDA uses the syntax / objective function 351 from the static core 315 to build from the false security response program 382 to ensure that it matches the correct response attack 378. Thus, the correct security response program 383 is generated and considered as a new version of the dynamic shell 313. The process via the recursive iteration 350 of the iteration core 347 continuously updates the security capabilities of the dynamic shell 313 until it is full of all the security information made available by the AST 17. FIG. 57 shows a simplified overview of this process when the AST 17 provides a known security flaw 364 with the correct security response 384. Although the AST 17 can provide known security flaws 364 and responses 384, it can not construct a valid and working program that generates such correct responses 384. Thus, the LDA 379 uses the past (base) version 356 of the dynamic shell 313 to produce a well-equipped and well-equipped version 355 of the dynamic shell known as the correct security response program 385. The use of the word "program" represents the overall functionality of many different functions and submodules operating within dynamic shell 313.

FIG. 58 shows an overview of virtual obfuscation. The following virtual obfuscation and mock data generation capabilities will be deployed to encrypted cloud platforms and will be used by small businesses with near or no cybersecurity employees. This security system is also installed directly into the large enterprise data centers. In this case scenario, the malware 385 comes from the Internet 304 and bypasses the industry standard firewall / intrusion detection system / antivirus etc. At this stage of the security iteration, the LIZARD 16 assessment confidence for the intent / purpose of this code block 385 is low. These situations are assumed to be the worst case scenarios. In order to mitigate the risk of innocuous processes being denied the use of very important data that is eligible to use, and to avoid the risk of allowing malicious code to have sensitive data. The room code 385 is secretly assigned to an environment where half of the data is intelligently mixed with simulated (fake) data. The real system 388 represents that the real data 389 is unlimited except for typical management access requirements. Any objects running in real system 388 are easily and secretly transferred by virtual isolation 390 to partial simulated data environment 391 or fully simulated data environment 394. The real data synchronization unit 386 is one of two layers that intelligently selects which priority is given to the data to be given to the mixed environment (the other is the data manager 401) ). In this way, confidential information can not be accessed from suspected malware, but only to code that is known and trusted to be established. The simulated data generator 387 uses the actual data synchronization unit 386 as a template for creating counterfeit and useless data. Databases with real-looking data that look like attributes such as data types, data formats, data densities, data details, etc., are mimicked from real data 389 and appear to be well integrated throughout the system ) Is generated. The perception of risk confidence in the recognition of the incoming foreign code influences the level of obfuscation chosen by LIZARD16. If there is a high degree of confidence that the code is malicious, an environment containing a large amount of simulated data is assigned. If the code is less confident that it is malicious, then either real system 388 (considered not considered punitive) or environment 394 with 100% simulated data (considered untrustworthy by default) Is assigned. Such customization options in security behavior are defined in security policy 340. This is a subset of system goal 336 that is a subset of inner core 340. A highly monitored network interface 392 is used in an environment that includes simulated data 393. Using such a secure interface, in conjunction with virtual isolation 390, protects the environment containing simulated data from leaking into a restricted environment such as real system 388. Such isolation 390 uses virtualization technology to protect random access memory (RAM) and CPU threads from being completely separated and mixed, and to isolate each environment as such.

59-61 illustrate aspects of monitoring and responding to virtual obfuscation. Such a system monitors and manages malware 385 according to the behavior of the malware. LIZARD initially recognizes code blocks that may or may not be malware, with current sophisticated iteration levels. If it is not malware, LIZARD pushes this code block to a virtual clone of a real system consisting of 50% simulated data 391. This is done to ensure that system and enterprise functionality is not severely disrupted if it turns out not to be malware (e.g. false social security numbers provided). In the illustrated example, the code block is actually malware 385, but at this stage the LIZARD has not yet been convincing because the threat and exploit method has a new and unknown nature. FIG. 60 specifically shows that the malware 385 can be sunk in the virtually isolated 380 simulated data environment 391 because it is not yet convinced whether LIZARD is malware 385 or not. The data manager 401 intelligently mixes the actual data and the simulated data so as not to expose the confidential data. The data manager 401 uploads 402 the information generated by the malware 385 to the simulated data storage 400 and downloads 398 the simulated data previously stored and merges it with the actual data 397. In this way, the malware does not have write access to the real data storage 397 and can not overwrite sensitive information. Since the malware 385 is virtually isolated 380, it is exposed only to the data manager 401. This virtual isolation prohibits malware from bypassing the data manager 401 and accessing all of the real data 397. Behavioral analysis 403 tracks the behavior of download 398 and upload 402 of suspicious code blocks to determine candidates for corrective action. Behavioral analysis 403 monitors how malware 385 operates in an as-is manner to help identify or deny LIZARD's original suspicions. By monitoring the behavior of the malware, LIZARD confirms the original allegations that the foreign code is indeed malware. The malware 385 is carefully transferred to the 100% simulated data virtual environment 394 through the secret transport module 395 without any knowledge. As a precaution when malware is already proliferating and running infection in a 50% simulated data environment 391, the entire virtual environment is safely destroyed (including malware) as a precautionary measure. At this stage, malware 385 is now completely submerged in simulated environment 394 without touching sensitive information. In order to improve the future possible versions of the dynamic shell 313, malware and possible communications (e.g. heartbeat signals) taking place over the secret communication channel are monitored. Such malware behavior information is transferred to the AST 17 via a data return relay (DRR) 317 and is useful for future versions. In this way, DS 313 is more confident about similar malware 385, rather than repositioning similar malware 385 unavoidably to a 50% simulated data environment (which still includes the risk for legitimate data being stolen). Can make certain decisions.

62 and 63 illustrate that data recall tracking 399 tracks all of the information uploaded from suspicious entity 415 and the information downloaded to suspicious entity 415. This is done to reduce the security risk that sensitive information may be transferred to malware. This security check also mitigates the logistical problem that legitimate enterprise processes receive simulated data 400. If the mock data is sent to a legitimate (now known) corporate entity, a "callback" is performed that recalls all the mock data, and the (originally requested) actual data is sent instead. Be done. Callback triggers are implemented such that legitimate enterprise entities withhold operations on certain information until they are verified that the data is not false. If real data is transferred to malware in a virtual mixed environment, the internal malware 385 will safely dispose of the entire environment container. An alert is issued throughout the system for unusual activity on data known to be owned by this malware before the environmental container was destroyed. This concept is manifested in surveillance 405 throughout the system. If the entity that received the partial real data is found to be malware (by analysis of the behavior pattern), the virtual environment (including the malware) is safely disposed of and the enterprise-wide for abnormal activity of the tagged real data Network is monitored. In this way, the possibility of information leaks is prevented. The tracking of download 407 and upload 408 of simulated data tracks the simulated data sent to and from suspicious entities 415 in the virtual container. In the upload safety notification 410, data initially written to the mock data collection 400 as a safeguard is later considered secure and ready to be written to the actual data 412 to satisfy the upload 402 request of the suspect entity 415. Get ready. Thereafter, the upload relay 411 passes the secure information marked as such to the real data 412. If a legitimate enterprise entity (not malware) receives the simulated data 400, the enterprise entity is notified 413 of the extent of the simulated data presence. Actual data 412 is uploaded to accurately replace simulated data. Data recall trigger 414 checks for the presence of hidden signals, indicates that the mixed data environment may have been activated, a legitimate entity (and inadvertently trying to appear to be legitimate) An installation of software that is run on an entity). Data manager 401 is an intermediary interface between entity 415 and data that calculates the ratio of actual data 412 (if any) to be mixed with pseudo data 400 (if any). In upload 402 and download 398 of the information stream, individual packets / files are marked (if necessary) in order for the data recall trigger 414 to consider data backtracking.

64 and 65 show the internal operation principle of the data recall trigger 414. FIG. Behavioral analysis 403 tracks the download and upload behavior of suspicious entity 415 to determine candidates for corrective action 419. The real system 417 contains the original real data 412, which is completely external to the virtual environment and contains all possible sensitive data. The actual data that replaces the simulated data 418 is where the actual data is provided to the data recall trace 399 without being filtered (even before the actual data synchronizer 386). In this way, real data patches 416 can be created to replace simulated data with real data on the previous suspect entity 422. Data manager 401 submerged in a virtually isolated environment 404 receives real data patches 416 from data recall tracking 399. This patch 416 contains replacement instructions to convert the previously suspect entity 422 (which is now known to be innocuous) to the correct, genuine, accurate information state. Such patches 416 are transferred to the data recall interface 427 and then to the previous suspect entity 422. Download data 420 is data that the company has downloaded within simulated data environment 404 (thus, this data is partially or completely false). The recovered data 421 is where the simulated data was replaced with the corresponding actual data after the actual data patch 416 has been applied. If the harmless code 409 is determined to be malicious by the behavior analysis 403, corrective action 419 is performed. Such an action 419 is to replace the simulated data of the previous suspicious entity 422 with the actual data 412 it represents. Secret token 424 is a security string generated and assigned by LIZARD. Secret token 424 does not prove to the virtual obfuscation system that the suspicious entity 415 is legitimate and harmless. Instead, don't go ahead with this entity that is truly harmless. Because we know that this entity is under the influence of partial simulation data environment 391 or full simulation data environment 394. As long as this entity is valid, it operates based on false information, and there are no logistic problems (such as false address transmission, false employee dismissal, etc.) of employees / software leading to real world problems. Should be, data recall triggers 414 exist only for legitimate corporate functions and entities. By default, legitimate entities check the agreed-upon location of the embedded server environment 404 for the presence of the token 424. If tokens are missing 429 and 425, this indicates a scenario where this legitimate entity is likely to be incorrectly placed in a partial simulated data environment (for risk assessment that it is malware) . Thereafter, a delay session 428 having a delay interface 426 is activated. If a token is found 426 and 424, which indicates that the server environment is genuine, then the delayed session is invalidated 427. The delay interface 426 is a module pre-installed directly on the entity. If it is indicated that the entity is in simulated environment 404, then the delayed session is enabled. The delayed session means that artificially delaying the processing of this entity gives the behavior analysis 403 time to judge whether this entity is harmless or malicious. In practice, such delays are expected to take several seconds per action. Secret tokens are only secretly embedded in a 100% real data system where malware is seldom present, so for real malware you get a copy of the secret token (which itself can always be modified and played back) It is extremely difficult. In the case scenario where the secret token is not found, the deferred interface 426 is involved. This means that the entity behaves patiently until real data access is reauthorized by behavior analysis 403.

FIG. 66 shows data selection, blocking top secret data, and mixing real and simulated data. The actual data 412 is provided to the actual data synchronization unit 386 that blocks the confidential data 431. The scope of the filter depends on the system policy 430 defined in the static core 315. This module 431 ensures that confidential information never reaches the same virtual environment in which the suspicious entity 415 is present. Data is sorted once at generation 434 of virtual environment 404. In the criterion for generation 433, the sorted actual data is used as a criterion for what kind of amount of simulation data to generate. The simulated data generator 387 creates fake data designed to be indistinguishable from actual data. For example, a set of social security numbers. Compatibility implementation 432 ensures that the generated simulated data is compatible with the actual data, ensuring that there is not much duplication and no missing data type locations. Collection of both real and fake data can be seamlessly merged without any doubt. For example, fake social security numbers and real social security numbers do not overlap (avoid duplicates). The virtual environment generator 434 manages the construction of the virtual environment 404, including variables such as proportions of simulated data, available system functions, network communication options, storage options, and the like. Data judgment standard 435 is a variable for adjusting the ratio between actual data and simulated (false) data. In the merged data 438, the data is merged according to data criteria 435. During the merge process, actual data marked as less sensitive is merged with simulated data that gives the impression of higher sensitivity. Ratio management 437 continually adjusts the amount of real and simulated data that is merged to follow the desired simulated data ratio. The data is merged in real time according to the data request 440 of the suspect entity 415. Data is returned at the simulated data ratio appropriate for the requested data 439.

67 and 68 show the internal operation principle of behavior analysis. The goal map 441 is a hierarchical structure of the goal of the system that gives goals to the entire enterprise system. Such goals are assigned even for small-scale networks, CPU processing, and storage event granularity. The declared goals, the goals of the activities, and the goals of the code base are compared to the requirements of the original system, whatever the suspect entity 415 is doing. Activity monitoring 453 monitors suspicious entity storage, CPU processing, and network activity. Syntax module 35 interprets such activity 443 with respect to the desired function. Such functions are then translated into the intended goal in behavior by the goal module 36. For example, code-based goal 446 is to submit an annual income report, but activity goal 447 may be "collect all social security numbers of employees with high salaries." This methodology is similar to the airport's customs department. Customs must declare specific goods, but customs will still search for bags. Code base 442 is the source code / programming structure of suspect entity 415. An entity that does not disclose source code because it is a compiled closed source program can block access to the system by system policy 430. Such code base 442 is transferred to syntax module 35 which is a subset of behavioral analysis 403. Syntax module 35 can understand the syntax of the coding and reduce programming code and code activity to an intermediate function association map 444.
Such functionality 444 represents the functionality of code base 442 and activity 443 and is forwarded to goal module 36 which generates the recognized “intention” of suspicious entity 415. Goals module 36 generates outputs of code-based goals 446 and goals for activity 447. Codebase purpose 446 includes the known purpose, function, jurisdiction and authority of entity 415, as derived by LIZARD's syntactic programming capabilities. Activity goals 447 include known goals, functions, jurisdictions and authorities of entity 415, as read by the LIZARD's understanding of storage, processing and network activity. The declared goals are the assumed purpose, function, jurisdiction and authority of the entity 415, declared by the entity itself. The required goals 445 include the expected objectives, functions, jurisdictions and authorities that the enterprise system needs. This is similar to hiring an employee to meet the company's requirements. This allows LIZARD to block suspicious entity 415 if the capability and / or service is not necessarily required by the system. The presence and behavior of entity 415 within the enterprise system is reasonable and understood by LIZARD in comparing all four goals 445-448 in comparison module 449 to produce a good result for system objective 336 I guarantee that it will be done. If there is a discrepancy between the four objectives 445-448, then the scenario for goal divergence 450 is invoked, leading to corrective action 419. The corrective action can potentially mark the suspect entity 415 as malware 385 or harmless 409. Security actions can carefully move malware 385 to a new virtual environment without securely disposing of virtual containers or accessing real data (only simulated data) or real corporate networks.
Critical Thinking Memory Perception (CTMP)

FIG. 69 shows the main logic of the CTMP 22. The primary goal of the CTMP is to criticize third party decisions. The CTMP 22 cross-references information from multiple sources (eg, I ² GE, LIZARD, credit platform, etc.) and learns about perception expectations and reality. The CTMP estimates the ability to form objective decisions about a matter and refrains from asserting decisions made with low internal confidence. All incoming data streams, such as globally deployed agents and information from trusted platforms, are converted into actionable data. The subjective opinion determination 454 shows the original subjective determination given by an input algorithm called a selection pattern matching algorithm (SPMA) 526. SPMA is usually a security related protection system, but restricts other types of lexical objectivity search (LOM) (inference algorithm) and other types of persistent charitable activity methods (MPG) (such as tax law interpretation algorithm) It is not a thing. Input system metadata 455 shows raw metadata given from SPMA 526 describing the mechanical process of this algorithm and the history of reaching such a decision. The event processing 456 logically understands the assertion made by comparing the property attributes. In rule processing 457, which is a subset of event processing, the derived result rules are used as reference points to determine the scope of the immediate problem. Critical Rules Scope Extender (CRSE) 458 extends the known scope of perception to include the critical thinking scope of perception. The valid rule 459 shows a valid rule derived by using the critical thinking scope of perception. In the memory web 460, logs of market variables (market performance 30 and revenue history 31) are scanned for satisfiable rules. Any applicable and satisfiable rules are executed to generate a decision that overrides the investment allocation. In rule execution (RE) 461, by scanning the randomness field 613 in the memory, rules that are determined to be present and satisfiable are executed to generate the corresponding desired critical thinking decisions. Implementing such a rule inevitably leads to obvious results. While chaotically complex processes can lead to inconsistent but highly productive results, RE 461's logically complex processes always lead to the same guesses that depend on a consistent set of rules. The critical decision output 462 is the final logic to determine the overall output of the CTMP by comparing the conclusions reached by both the Perception Viewer Emulator (POE) 475 and the Execute Rule (RE) 461. Critical Decision 463 is the final decision, an opinion on matters that aim to be as objective as possible. Log 464 is raw information used to independently make critical decisions that have no influence or bias from the input opinion (MPG) 's subjective opinion. Raw Perception Generation (RP2) 465 is a module that receives metadata logs from SPMA 526. Such logs are parsed to form perceptions representing such algorithmic perceptions. Perceptions are stored in a complex Perception Format (PCF) and emulated by Perception Viewer Emulator (POE) 475. The applied perception perspective 466 shows the perception perspective already applied and utilized by SPMA 526. The Automated Perception Discovery Mechanism (APDM) 467 shows a module that leverages the creation module 18 to generate hybrid perception (formed according to the input given by the applied perception viewpoint 466) so that the scope of the perception can be extended. There is. Reference numeral 468 shows the entire scope of perception available to the computer system. Critical Thinking 469 shows the scope of rule-based thinking. This results in a rule execution (RE) 461 that specifies not only the rules established according to SPMA 526, but also the new valid rules 459 derived from within CTMP.

Referring to the self-critical knowledge density 474 of FIG. 70, this is an input raw log that represents the technical knowledge that the SPMA 526 knows. This module 474 estimates the scope and type of possibly unknown knowledge beyond the limit of reportable logs. In this way, the resulting critical thinking characteristics of CTMP can extend all possible scopes of the knowledge involved, which the system directly knows or does not know. The Perception Viewer Emulator (POE) 475 generates an emulation of the viewer and tests / compares all candidate perception points using such various viewer emulations. This input is all of the candidates for that perception point and the extended data log. The output is a combination of such selected perceptions and the best, most relevant, and the most relevant, resulting security decisions generated by the most attentive observer from such an expanded log. Referring to Derivation of Semantics (ID) 477, this module derives data of perspective of perception that can be semanticized from the perspective of currently applied perception. With reference to the overwrite corrective action 476, this is the final criticism of the corrective action / assertion generated by the Perception Viewer Emulator (POE) 475.

FIG. 71 shows the dependent structure of CTMP. Referring to Resource Management and Assignment (RMA) 419, the tunable policy defines the number of perceptions utilized to perform observer emulation. The priority of the chosen perception is chosen in descending order of weighting. The tunable policy can then define how to select truncation rather than a percentage, fixed value or more complex selection algorithm. Referring to storage search (SS) 480, CVF (comparable variable format) derived from the data expansion log is used as a criterion in database search of perception storage (PS) 478. Metric processing (MP) 489 reverse-engineers variables from the investment allocation of the selection pattern matching algorithm (SPMA) 526 and "rescues" the perception from the intelligence of this algorithm. Perception Inference (PD) 490 reproduces the original perception of the investment allocation response using a portion of the investment allocation response and the corresponding system metadata. Critical Decision Output (CDO) 462 shows the final logic for determining CTMP output. Referring to the metadata categorization module (MCM) 488, conventional syntax-based information categorization divides debugging and algorithm tracking into separate categories. Such categories can then be used to organize and generate individual investment allocation responses that are correlated with market / tax risk and opportunities. Referring to System Metadata Partitioning (SMS) 487, input system metadata 455 is partitioned into meaningful investment assignments. Referring to data entry logic 483, this is a comprehensive sort of all investment allocations, along with the relevant market / tax risk, opportunities, and their corresponding responses. The subject navigator 481 scrolls through all applicable subjects. The target data input unit 482 extracts the appropriate investment risk and allocation related to the target. In addition to the weightings that apply to them, the perception of Perception Storage (PS) 478 is stored with its Comparable Variable Format (CVF) as its index. This means that the database is optimized to receive CVF as an input query search, and the result of the search is a combination of perceptions.

Referring to FIG. 72, semantic derivation (ID) 477 derives a perspective of data perception that can be semanticized from the perspective of currently known perception. Referring to the self-critical knowledge density (SCKD) 492, the input unprocessed log represents known knowledge. This module estimates the scope and type of possibly unknown knowledge beyond the limit of reportable logs. In this way, the resulting critical thinking characteristics of CTMP can extend all possible scopes of the knowledge involved, which the system directly knows or does not know. In metric composition 493, the perspective of perception is divided into categories of metrics. Metric transformation 494 returns individual metrics to the entire perspective of the perception. In metric extension (ME) 495, a number of different perceptual viewpoint metrics are stored in individual databases, categorized by category. The upper limit of metrics is represented by peak knowledge of each metric DB. Metrics are added back and converted to perception perspectives as they are augmented and complexity is increased and used for critical thinking. In Comparable Variable Format Generator (CVFG) 491, the information stream is converted to Comparable Variable Format (CVF).

FIG. 73 shows the dependency structure of CTMP. Critical Rule Scope Extender (CRSE) 458 leverages known perceptions to extend the critical thinking scope of the ruleset. Perception matching 503 forms a comparable variable format (CVF) from the perceptions received from rule syntax derivation (RSD) 504. The newly formed CVFs are used to search for relevant perceptions with similar indexes in Perception Storage (PS) 479. Matching candidates are returned to rule syntax generation (RSG) 505. In memory recognition (MR) 501, random fields 613 are formed from the input data. A field scan is performed to recognize known concepts. Referring to memory concept indexing 500, all concepts are individually optimized into separate parts known as indexes. These indexes are used by the character scanner to work with the mess field 613. The Rule Fulfillment Parser (RFP) 498 receives the individual parts of the rule along with the tag of recognition. Each part is marked as found or not found in the random field 613 by the memory recognition 501, and the RFP is ruled in the random field 613, that is the synthesis of all the rules, ie all parts of that rule. It can be logically inferred whether it has been recognized enough to merit execution (RE) 461. In rule grammar format division (RSFS) 499, valid rules are divided and grouped by type. Thus, all actions, properties, conditions, and objects are bundled separately. This allows the system to determine which parts have been found in the random field 613 and which have not. In the rule syntax derivation 504, logical "white or black" rules are converted to metric based perception. Complex sequences of many rules are transformed into a single, uniform perception, represented by many metrics of various gradients. Rule syntax generation (RSG) 505 receives previously identified perceptions stored in the perception format and involved in the internal metric configuration of that perception. Such gradient-based metric measurements are converted into a binary, logical set of rules that enumerate the flow of information input / output from the original perception. The modified rules of Rule Grammar Format Partitioning (RSFS) 499 represent the exact manifestation of the rule set according to the reality of the object being observed. The modified rules are split and grouped by type. Thus, all actions, properties, conditions, and objects are bundled separately. This allows the system to determine which parts have been found in the random field 613 and which have not. The intrinsic logical reasoning 506 uses logical principles to infer which kind of rule accurately represents the gradient of the metric within the range of perception, thus avoiding errors. By way of example, the intrinsic logical reasoning is such as to receive an analog sine wave (such as high frequency) and convert it to a digital value. Overall trends, locations, and results are generally the same. However, analog signals have been converted to digital. Metric context analysis 507 analyzes the interrelationships within the perceptibility of the metric. Some metrics depend on other metrics in various magnitude relationships. This contextualization is used to complement the mirrored interrelationships that rules have within the "digital" ruleset format. Input / output analysis 508 performs differential analysis of the input and output of perception (gray) or rules (black and white) respectively. The purpose of this module is to ensure that the inputs and outputs of perceptions or rules are as similar or identical as possible, even after conversion (gray to black and white or vice versa). The judgment criteria calculation 509 calculates judgment criteria and tasks of the input rule. This can be interpreted as the "motive" behind the ruleset. A rule is implemented for a reason, and the reason is understood by a suggestion or a clear definition. Thus, by calculating the semantic reason why the "digital" rule was implemented, to justify the organization of the metric within the same perceptive seeking for similar input / output capabilities by calculating the semantic reason It can be used. The rule formation analysis 510 analyzes the entire composition / organization of rules and how they interact. Rule formation analysis is used to complement the mirrored interrelationships of rules within the ruleset format that the metric has within the scope of "analog" perception. In rule syntax formal conversion (RSFC) 511, rules are journaled and split to conform to the syntax of rule syntax formal (RSF) 538.

FIG. 74 shows the final logic for processing intelligent information in CTMP. The final logic receives intellectual information from both the intuitive / cognitive mode and the thinking / logical mode (corresponding to Perception Viewer Emulator (POE) 475 and Rule Execution (RE) 461). In Decision Direct Comparison (DDC) 512, decisions in both intuitive and thought modes are compared to confirm the proof. The main difference is that no meta-metadata is being compared, because if they match equally in any form, the meta-metadata is extra to understand why It is because it is a thing. Final Output Control (TOC) 513 is the last logic to determine CTMP output during both Intuitive Mode 514 and Thinking Mode 515. Intuitive decision 514 is one of the two major sections of CTMP involved in critical thinking through leveraging perception. See Perception Viewer Emulator (POE) 475. Thinking decision 515 is the other of the two major sections of CTMP involved in critical thinking through leveraging rules. See Rule Execution (RE) 461. Perception 516 is data received from intuitive decision 158 according to the formal syntax defined in internal form 518. The fulfillment rules 517 are data received from the thought decision 515 and are a set of applicable (satisfiable) rule sets from the rule execution (RE) 461. Such data is passed according to the format syntax defined in the internal format 518. By using internal format 518, when both inputs are standardized in a known and consistent format used inside CTMP, the metadata categorization module (MCM) 488 has the syntax of its inputs It is recognizable.

FIG. 75 shows that two main inputs, intuitive / cognitive and thinking / logical, assimilate into a single final output representing the entire CTMP. The critical decision + meta metadata 521 is a digital carrier that carries either the perception 516 or the fulfillment rule 517 according to the syntax defined in the internal form 518.

FIG. 76 illustrates the scope of intellectual thinking performed by the original selection pattern matching algorithm (SPMA) 526. Input variable 524 is the initial financial / tax assignment variable being considered for event and rule processing. CTMP evaluates input variables and thinks it will be a second opinion by artificial intelligence. Variable input 525 receives input variables that define security decisions. Such variables provide the basis for the CTMP to identify what a reasonable corrective action is. If the variable has additions, subtractions or changes, the appropriate changes must be reflected in the resulting corrective action. The vital goal of CTMP is to identify reasonable and important changes in corrective actions that accurately reflect changes in input variables. The selection pattern matching algorithm (SPMA) 526, the selection pattern matching algorithm, attempts to identify the most appropriate treatment according to its own criteria. The resulting output shape 527 is the result generated by SPMA 526 with initial input variable 168. This rule, derived by SPMA 170 526 decision, is considered a "current rule" but not necessarily a "valid rule." The attribute merge 528 is performed by the event processing 456 using the current knowledge scope by the SPMA 526 in accordance with the log information provided from the SPMA 526.

FIG. 77 shows a conventional SPMA 526 juxtaposed with the critical thinking algorithm performed by CTMP via perceptions and rules. Procedure 531, which was not correctly understood, is that the selection pattern matching algorithm (SPMA) 526 failed to provide a completely accurate corrective action. The reason for this is due to the underlying underlying assumptions not explored in the original SPMA 526 programming or data. In this example, using a three-dimensional object as an input variable, and properly taking appropriate action indicate that there were dimensions / vectors that SPMA 526 has not accounted for. In appropriate action 532, critical thinking considers the third dimension. The third dimension is what SPMA 526 omits as a vector for checking. The third dimension is considered by critical thinking 469 to check the perspective of all additional perceptions performed. Referring to the valid rules 533, the Critical Rules Scope Extender (CRSE) extends the scope of rule set grasping by exploiting perspectives (eg, the third dimension) that were not previously considered. Referring to the current rule 534, the current derived rules for corrective action decisions reflect what the SPMA 526 understood and its lack (in comparison to the valid rule). The entered rules are derived from the selection pattern matching algorithm (SPMA) 526 and describe the scope of the default grasp that SPMA brings. This is illustrated by SPMA 526, which only understands two dimensions in the flat concept of financial allocation.

FIG. 78 illustrates generation of a valid rule in which important insights and / or variables are omitted as compared to the conventional current rule. The random field parse (CFP) 535 combines multiple log formats into a single scanable unit known as random field 613. Additional rules 536 are generated from the memory recognition (MR) 501 to supplement the validation rules 533 already established. Referring to Perception Rule 537, the Perception considered as applicable and established has been converted into a logical rule. If a perception (the original perception format) has many composite metric relationships that define many "grey areas", then the "black and white" logical rules are such Is included by extending the degree of complexity by n order. Rule syntax form 538 is a storage format that is optimized for efficient storage and variable queries.

79 to 80 show modules of perception matching (PM) 503. FIG. Statistics are provided from Perception Storage (PS) 479 for metric statistics 539. Such statistics define metric retention trends, internal metric relationships, and metric growth rates. Some integrated statistical queries are automatically executed and stored (such as overall metric retention ratings). Other more specific queries (how related are the metrics X and Y) are requested from PS 479 in real time. Metric relationship retention 540 retains metric relationship data so that it can be pushed to the consolidated output. Error management 541 parses syntax errors and / or logic errors that arise from any of the individual metrics. The metric division 542 separates the individual metrics, as the individual metrics were combined into a single unit that was previously the input perception 544. The input perception 544 is an example configuration of a perception consisting of vision, smell, touch and hearing. A node comparison algorithm (NCA) 546 receives node configurations of two or more CVFs. Each node of the CVF represents the magnitude of the property. For each node, a similarity comparison is made and the overall variance is calculated. This ensures that the correct comparison is efficiently calculated. If the variance value is small, it indicates that the degree of match is high, whether it is node-specific or integration weight. Comparable Variable Format (CVF) 547 is a visual representation showing the various formations that CVF presents as output 550, which is the final output to perception matching (PM) 503. The entire result is submitted at stage 550, as any duplicate nodes in the node comparison algorithm (NCA) 546 are reserved as matching results.

81 to 85 show rule syntax derivation / generation. Raw Perception Intuitive Thinking (Analog) 551 processes perceptions according to an "analog" format. Raw Rules In logical thinking (digital) 552, rules are processed according to digital form. Perceptions of the analog type 553 relating to financial allocation decisions are stored in slope units of smooth curves without steps. The raw rules of the digital format 554 pertaining to financial allocation decisions are stored in ticks with no "ambiguous area". The original rule 555 is the same as the rule 533 correct for the content of the data. The difference is that the original rules 555 have been converted into a more dynamic form by rule grammar format division (RSFS) 499, allowing cross-referencing with random fields 613 via memory recognition 501. is there. The recognized rule segment 556 is a rule derived from the original rule 555 recognized by the memory recognition 501. This indicates which of the individual segments that make up the original valid rule 533 (action, property, condition, purpose, etc.) are recognized in the random field 613 and becomes a potentially logically fulfilled rule It indicates that there is a possibility. Security override decision 557 is the final result generated by a rule execution (RE) 461 that allows corrective action to be taken. Such corrective actions are further provided to a final output control (TOC) 513, which is a subset of the larger corrective action logic implemented at critical decision output (CDO) 462. Unsatisfied rules 558 are rule sets that are not well recognized (according to the rule satisfaction degree parser 498) in the randomness field 613 according to their logical dependencies. Similarly, in accordance with the logical dependencies analyzed by CDO 462, fulfillment rules 517 are recognized as fully available in random field 613. Third party database solution 559 is hardware interface software that manages buffer, cache, disk storage, thread management, memory management, and other typical mechanical database functions. The fulfillment debugger 560 tries to find the reason for the unsatisfied rule. The reason is either that the clutter field 613 is not full enough, or that its ruleset is inherently illogical. If the ruleset is unreasonable, the reason is checked instantly within a certain degree of accuracy. However, when proving the possibility that the randomness field 613 will be diluted, it is necessary to conduct a plurality of investigations in order not to fall into the mistake of conducting an insufficient investigation.

86-87 illustrate the principle of operation of the Rule Grammar Format Partitioning (RSFS) 499 module. In this module, the valid rules 502 are divided and grouped by type. Thus, all actions, properties, conditions, and objects are bundled separately. This allows the system to determine which parts have been found in the random field 613 and which have not. For action 561, one of the four rule segment data types indicating the action that may have already been performed is performed and is considered, such as for activation. A property 562 is one of four rule segment data types indicating an attribute such as some property that describes something else, and is an action, condition, or purpose. For condition 563, one of the four rule segment data types indicating a logical operation or operator (eg, z for x and y, y for x or z, etc.). Object 564 is one of four rule segment data types that indicate targets that may have attributes applied to them, such as action 561 and property 562. At processing stage 565, the results of the derivation of the relationships collected so far are submitted as output, and the program ends thereafter. Process stage 566 iterates through the rule segments, one item at a time. Process step 567 interprets and records the individual relationships between the rule segments (eg, treatment 561, purpose 564, etc.). Thus, each individual relationship is collected and prepared for output at stage 565. The sequential scan 568 divides each unit of RSF 538 by the “[DIVIDE]” marker. SUBJECT (object) and GLUE (glue) from RSF 538 are also split and parsed. The split output 569 is where the relationships of individual objects and internal objects are maintained by the scanner. They are sent together for output when the entire RSF 538 is scanned sequentially. The split rule format 570 is a delivery mechanism for including individual rule segments (eg, action 561, purpose 564, etc.) from the split output 569. The use of the split rule format 570 is emphasized at two main points of information transfer. One as output from Rule Grammar Format Division (RSFS) 499 (considered as a pre-memory recognition stage), and another as output from memory recognition (MR) 501 (a post-memory recognition stage) is there.

FIG. 88 shows the operation principle of the rule satisfaction degree parser (RFP). The Rule Fulfillment Parser receives the individual segments of the rule with a tag for recognition. Each segment is marked as found or not found in the random field 613 by memory recognition (MR) 501. Then, the RFP 498 can logically deduce which whole rule, that is, the composition of all the parts of the rule, was sufficiently recognized in the random field 613 to be worth the rule execution (RE) 461. . The queue management (QM) 561 utilizes syntactic relationship reconstruction (SRR) 497 modules to analyze the individual parts in the most logical order. The QM 561 can access the results of the memory recognition (MR) 501 so that binary yes / no flow questions can be answered and appropriate action can be taken. The QM checks all rule segments step by step, and if a single segment is missing from the random field 613 and is not properly associated with the other segments, the rule set is flagged as unsatisfied. If all check steps pass, the rule set is flagged as satisfied (522). The QM stage 571 checks if the rule segment “purpose C” is found in the random field 613. The QM stage 572 checks, according to the memory recognition (MR) 501, whether the next appropriate segment is associated with the original "purpose C" but also present in the chaotic field 613. Similar logic applies to Condition B and Treatment A QM stages 573 and 574, respectively. These segment notations (A, B, C, etc.) are not part of the core logic of the program, but refer to a consistent example displaying typical expected usage. Receiving a completely rebuilt rule set 575 assumes that this rule set is satisfiable, and the queue management 576's satisfaction rule set output and syntactic relationship reconstruction (SRR) ) Requires association of the rule segments provided by module 497.

89-90 show a fulfillment debugger 560 trying to find the reason for the unsatisfied rule. The reason is either that the clutter field 613 is not full enough, or that its ruleset is inherently illogical. If the ruleset is unreasonable, the reason is checked instantly within a certain degree of accuracy. However, multiple investigations need to be performed to avoid the fallacy of incomplete investigations, which proves the potential for random fields 613 to dilute. The field sparseness survey 577 specifically checks if the randomness field 613 is fully populated or if it does not result in an undefined composition of the rule set. The scan 578 checks the presence of the corresponding rule part for the inside of the random field. The survey DB 579 stores the survey results for the near future reference. Condition section 580 checks whether survey DB 579 is saturated / full. This means that a possible scan for a rule part has been performed despite the scan giving positive or negative results. If all possible scans have been performed, it is tied to conclusion 581. The sparseness of the entire mess field 613 is the reason why the rule set was classified as unsatisfied. If all possible scans have not been performed, then a conclusion 582 is attached. That is, the survey is incomplete and more sectors of the random field 613 need to be scanned to ensure that the sparseness of the random field 613 is the cause of the unfulfilled rule. The logical impossibility test 583 causes the rule set to be classified as unsatisfied by checking whether intrinsically impossible logical dependencies exist in the rule set. For example, the object 584 "single men" is assigned the property 585 "marriage", which leads to an essential contradiction. This test 583 determines the lexical definition of the terms 584 and 585. The inner rule consistency check 588 checks if all the properties match and relate to their object counterparts. The definition of "single men" 584 in RSF 538 format contributes to the partial definition of object 586 "male" and the definition of "married" 585 (including RSF 538 format) contributes to the partial definition of "two" of object 587. The conclusion of check 588 is that both definitions 586 and 587 are compatible as long as object 586 "male" potentially includes object 587 "two". In rule relevancy transformation 589, fair conditions are transformed and comparison tests are performed. Such transformations allow the second definition ("married") to be understood within the context of the first definition ("single male"). Thus, the conclusion is drawn that this rule contains the essential contradiction that the same man is simultaneously married 590 and currently unmarried 592.

FIG. 91 shows rule execution (RE) 461. In rule execution, the memory scans the randomness field 613 to find that the desired critical thinking corresponding to the rule that is present and confirmed to be satisfiable. Executed to generate a decision. There is a checkered plane used to track the transformation of the ruleset. The objects on the plane represent the complexity of any security situation, while the movement of such objects spreading in the "checkerboard of security" evolves the security situation managed by the response of the security ruleset Show. At stage 1 593, the information in the RSF 538 defines the initial starting position of all relevant objects on the checkered plane and defines the start of the security context that continues dynamically. It is used symbolically to indicate the logical "position" of the rules dealing with dynamic security policies. Stage 2 594 and stage 6 598 show object transformations that illustrate the applied security rules that change the location and scope of a particular security context. For example, transformation of objects at stages 2 and 6 can indicate a cryptographic critical file. Stage 3 595 shows the movement of the checkered object, which can correspond to the actual movement of the confidential file to an off-site location as part of the security response strategy. Stages 4 596 and 5 597 illustrate the process of merging two objects into a common third object. An application of this rule is that two separate and isolated local area networks are integrated to facilitate the transfer of efficiently and securely managed information. When the rule execution (RE) 461 is complete, the results of the valid rule 533 and the current rule 534 are different. This is not the less critical result generated from the selection pattern matching algorithm (SPMA) 526 but demonstrates the benefits of critical thinking that the CTMP performed. All graphics, colors, and locations symbolically represent security variables, occurrences, and responses (because they are easier to explain than real security objects). SPMA produces a final shape location that differs from CTMP, as well as a similar but different (orange to yellow) pentagonal color difference. This occurs because of the complexity of the conditional clause rule set configuration that all input logs pass through for processing. This is similar to starting a billiard game with various player variables (height, force, etc.), and the resulting position of the ball is quite different. CTMP also converted purple squares to cubes. This cube represents the ability to take into account dimensions and perceptions that SPMA 526 and even humans did not think (through the explanation of CTMP). The final security override decision 599 is performed in accordance with the valid rule 533.

Figures 92 and 93 illustrate sequential memory organization. Sequential memory organization is an optimized information storage method that results in higher efficiency in reading and writing a "chain" of alphabetically ordered information. In the memory access point 600, the width of each of the nodes 601 (blocks) represents the observer's direct accessibility to the stored objects (nodes). In the order of the alphabets stored sequentially, "A" is the most accessible memory point since it is the first node in this sequence. The letters E, H, L are also easier to access directly as they are the "head" of their own subsequences "EFG", "HIJK" and "LMNOP". To the extent of reachability, each letter represents a point of direct memory access to the observer. The broader reachability range indicates that there are more arrival points per sequence node and vice versa. The longer the sequence is referenced “in order” and not from randomly selected nodes, the narrower the reachability range (in comparison to the sequence size). This enables more efficient memory recall according to the degree of the sequential degree. In the nested sub-sequence layer 603, the sequences exhibiting strong non-uniformity are made up of a series of interconnected shorter sub-sequences. The alphabets are formed by interconnecting the entire alphabet, although the individual subsequences "ABCD", "EFG", "HIJK", "LMNOP" all exist independently as stored sequences. This type of memory storage and reference is much more efficient when accessing particular nodes of the master sequence occasionally or frequently. In this way, scanning from the start of the entire sequence can be avoided to increase the efficiency of time and resources. This is similar to scanning a book by chapter rather than scanning the book from the first page for each search. In the extremely uneven 605 scope, there are inconsistent access points across all nodes. This means that it has a heavy organization of nested subsequences that interconnect like chains. A very non-uniform sequence means that it is moderately sequential but needs to have multiple memory access points (nested subsequence layers). An example of a very non-uniform sequence 605 is the alphabet, and the difficulty of listing varies depending on which letter you start with. In the extremely uniform 607 scope, all nodes have consistent access points. This means that this scope is not made up of nested subsequences that interconnect like chains. A very uniform sequence is that it is extremely sequential (always or completely without access points consistently across nodes), or extremely non-sequential (there is consistently more access points across nodes) Means to be. An example of an extremely uniform scope 607 is a collection of fruits, and in listing them, there are barely identified and unemphasized sequences, and there are no interconnected subsequences. There are initially many access nodes in a reasonably uniform 606 scope. That is, it is most efficient in enumerating contents from the top. However, the main content is more linear, indicating that there is no nested sub-sequence layer and that there is a single large sequence. A moderately non-uniform 604 scope does not deviate much from linear, and thus is an overall consistent access point. This indicates that there are fewer, less defined, nested sub-sequence layers, and at the same time, consistent and lossless collection compliance. As an example of information indicative of moderately non-uniform scope 604 operation, a car manufacturer's catalog may be considered. Categories such as sports cars, hybrids, and SUVs may be defined, but you may be comparing SUVs and sports cars even though you have specified another category, so list There is no need to enumerate or remember.

FIG. 94 illustrates a non-sequential memory organization that deals with information storage of non-sequentially related items such as fruits. In the fruit collection, there is no highly specified order to read in that order, as opposed to the alphabet which has a strong sequential order on how to read the information. The memory organization 608 shows all fruit access node nodes consistently consistent and represents a non-sequential organization. The organization of reference numeral 608 shows that reversibility exhibits non-sequential placement and uniform scope. In this example, the fruit memory is shown to be non-sequential as indicated by the relatively wide access points per node. Similar uniformity exists when the fruit order is shuffled, which indicates a reversible order of fruits. In contrast, sequential series such as the alphabet are much more difficult to list backwards, as opposed to regular enumeration. The common fruit list does not show this phenomenon, indicating that it is referenced outside the sequential list more often than inside the sequential list. In the core topic and association 609, the same series of fruits are repeated except for different nuclei (central objects), as the list of fruits has no sequential degree. This core represents the main topic, which acts as a memory neighborhood more easily accessible to the remaining fruits, as opposed to where the core topic is not defined. In Strong Neighbor 610A, although the apples are common fruits, they are more closely related to pineapples than other common fruits because they have overlapping spells. Therefore, they are considered to be associated with more memory. In the week neighbor 610 B, pineapple is a tropical fruit, so the relevance to oranges and bananas (general fruits) is low. Pineapples are more likely to be referenced along with mango because they are overlapping in the tropics. Point 612 in the graph shows how a very weak sequential degree of the fruit series provides very strong uniformity in node 601 access.

FIGS. 95-97 illustrate memory recognition (MR) 501 where a scan of random fields 613 is performed to recognize known concepts. The random field 613 is a “field” of a concept arbitrarily lurking in the “white noise” information. Messy fields are spontaneously known to the CTMP system, considered "wild" and considered to be unpredictable. The purpose of memory recognition is to scan fields efficiently to recognize known concepts. Memory concept retention 614 stores recognizable concepts and is ready to be indexed and referenced for field inspection. This illustration uses a simplified example of the vegetable name spelling to facilitate understanding of the system. However, this example can be used as an analogy for much more complex scenarios. In the real world security example, this involves the recognition and distinction of citizens and soldiers in camera feeds. In the case of cybersecurity, it is possible to recognize stored known Trojans, backdoors, and detect them with a lot of security white noise (logs). In the three-character scanner 615, the random field 613 is scanned and a check is performed on the three-character segment corresponding to the target. For example, "PLANT" is the target, and the scanner moves stepwise three characters along the field. Each time the scanner advances, the segments "PLA", "LAN", and "ANT" are checked because they are a subset of the word "PLANT". However, the words "LAN" and "ANT" are independent words that may be targeted. Thus, if one of these three-character segments is found in the field, it implies that either a complete target of "LAN" or "ANT" has been found, or a subset of "PLANT" may have been found. ing. The same idea applies to the 5 letter scanner 616, but this time the segment checked by all the progress across the field is the whole word "PLANT". Targets such as "LAN" and "ANT" are omitted. This is because a target of at least 5 characters is required to work with a 5 character scanner. The random fields 613 are split to scan at different ratios (3, 5 or more character scans) as they provide different levels of scanning efficiency and effectiveness. As the scope of the scan narrows (the amount of letters decreases), the accuracy improves (and vice versa). As the scanner's field area increases, larger character scanners become more efficient because they perform recognition at the expense of accuracy (this depends on how small the target is). In Memory Concept Indexing (MCI) 500, stage 617 switches the size (3, 5 or more) of the scanner in response to remaining unprocessed memory concept. The MCI 500 starts with the largest of the available scanners and gradually diminishes at stage 617, more computing resources can be found, and the possibility of smaller memory concept targets can be checked. Stage 618 uses the available memory concepts cyclically so that at stage 620 those indices (smaller segments suitable for an appropriate length such as 3 or 5) can be derived. If a memory concept does not yet exist in concept index holdout 624, stage 619 creates a memory concept according to the logistic flow of the procedure. Stage 621 assigns the derived index from stage 620 to holdout 624. If the MCI 500's programmed sequence of processing continues, if the MCI runs out of unprocessed character scanners, it will either deliver a null result 622 if the holdout 624 is empty or a non-empty holdout 624 is output as the output 623 of the module. Sections of the random field 613 range from 625 to 628. Sections 625 and 626 represent scans performed by a five character scanner, and sections 627 and 628 represent three character scans. Scan 625 has a width of 5 characters, while checking the 6-character target "TOMATO", the two 5-character segments matched "TOMAT" and "OMATO", previously indexed by MCI 500. Each of these correspond to a five character match of the six character word, and correspond to 83%. This percentage / percentage is added cumulatively at 167% 637 for the memory concept "TOMATO", so the concept "TOMATO" was successfully found in the random field 613. Scan 626 has a memory concept target of "EGGPLANT" and two important segments are "GGPLA" and "PLANT". While "GGPLA" refers to the true match of "EGGPLANT", the segment "PLANT" brings the possibility of false detection since "PLANT" is the target of the memory concept. In order for the system to recognize "PLANT" as being present in the random field 613, "EGGPLANT" is classified as a false positive as the only genuine recognizable memory concept in the field. However, since "GGPLANT" contributes to a 63% match, "PLANT" contributes 63% in the context of "EGGPLANT" and "PLANT" contributes 100% in the context of the target "PLANT", so programming of the system is False positive case scenarios can be bypassed. When these matches are summed in total, its target "EGGPLANT" receives an aggregate score 638 of 125% (63% + 63%) and the target "PLANT" gets 100% 639. Thus, the scanner successfully maintains the correct interpretation of the messy field 613. The scan 627 has a width of 3 characters and recognizes the segment "TOM", which leads to a total match of 50% 640. This is the same target as in scan field 625 due to differences in scan width (3 instead of 5), and a weak confidence match (50% vs. 167%) was found. Thus, the design of the MCI 500 includes multiple layers of scan widths in order to provide an accurate balance between accuracy and computing resources consumed. The scan 628 also incorporates a width of 3 characters, this time having two potential false positive tangents 636. The actual concept of the field is "CARROT", but the concepts of "CAR" and "ROT" are considered to be present in the field. The scanner must identify which is the correct concept located in the mess field 613. This is checked on subsequent scans made on nearby characters. After all, the scanner recognizes this concept as "CARROT" and not as "CAR" or "ROT" to support other positioned indicators. Both the "CAR" 641 100% combination match and the "ROT" 643 100% combination match are eliminated for the "CARROT" 642 200% combination match.

Figures 98-99 illustrate field interpretation logic (FIL) 644 and 645, where field interpretation logic performs logistics to manage various scanners of varying character width. A generic scope scan 629 starts the logic with a large character scan. This type of scan scrutinizes the large scope of the field with less resources. However, the accuracy on a small scale is lost. Smaller character scanners are tasked with more detailed scope on the field, improving accuracy when needed. The detailed scope scan 630 is used when an important area is identified and it is necessary to "zoom in" there. The overall correlation is that the narrower the scope on the field selected for scanning, the smaller the scanner (smaller number of characters). This ensures that expensive, high-precision scans are not used in redundant, non-productive locations. Section 645 of the FIL shows reactive logistics for the scanner's results. If a particular scanner receives additional recognition of the memory concept in the random field 613, this is that the field scope 631 (section 613) contains a high density saturated memory concept, and that particular scope with a narrower scan It indicates that it is worthwhile to zoom in. Thus, a three-character with 10% 633 field scopes, relying on a 30% 632 five-character scanner, the field scoping of which is the initial result considered as "increased" additional "recognition 634. Start the scanner. “Addition” at reference numeral 634 indicates that it complements the original recognition performed in FIL section 644.

Figures 100-101 illustrate an automated perception discovery mechanism (APDM) 467. An observer 646 can perceive the same object with multiple perceptions while representing a digital observer or a human observer. Observable objects are used to indicate possible cyber security case scenarios. Perception views 647 provide limited scope information about the observable objects rendered in two dimensions. Perception view B 648 provides a more informative scope as it includes the third dimension. The result of perception view C 649 is unknown to our limited thinking ability as creation 18 which is a creative hybrid process is being exploited by the latest parallel processing ability. The critical thinking algorithm mixes metrics of viewpoints A and B and forms a new version 653 so that human comprehension or iteration complexity + efficacy and CPU time and power exponential (not stagnant) It has the potential to generate shapes and perceptions that can go beyond the relationship. Perception views 650 are configured with multiple metrics including, but not limited to, scope, type, strength, and consistency 651. These metrics define aspects of multiple perceptions that make up the overall perception. As these can be more complex in scope than the above example, there can be many complex variations of perceptions generated by the authoring module. Perception weight 652 defines how much the perception has relative impact while being emulated by Perception Viewer Emulator (POE) 475. This weight of both input perceptions is considered while defining the weight of the newly iterated perception 653. This new iterated perception 653 contains a hybridized metric that has been affected from previous generation perceptions: A + B. Such new perception perspectives could potentially provide an advantage over security software for detecting secret exploits. The generation of perception is chosen for hybridisation by a combination of trial and error and intelligent choice. If a perception, especially a new iterated perception, turns out to be useless in providing insights into security issues, it can be made less important for use, but it is useful When providing insights, they are rarely removed because they are not well known. Therefore, a trade-off between computing resources and security information collection is experienced.

FIG. 102 shows Raw Perception Generation (RP2) 465, a module that receives metadata logs from a Selection Pattern Matching Algorithm (SPMA) 526. Such logs are parsed to form perceptions representing such algorithmic perceptions. Perceptions are stored in Composite Perception Format (PCF) and emulated by Perception Viewer Emulator (POE). System metadata separation (SMS) 487 provides the output of security response / variable pair 654 and security causality when appropriate corrective actions are combined with trigger variables (object, place, behavior analysis etc) Establish. The comparable variable format 547 is represented by the non-graphical term 655. Each of these perception collections has various perceptions with specific weighted effects to form CVF 547.

FIG. 103 shows the logic flow of a comparable variable format generator (CVFG). The input of the CVFG is a data batch 658, which is an arbitrary set of data representing data that must be represented by the node configuration of the CVF 547 generated. Stage 659 uses each of the individual units defined by data batch 658 sequentially. The data units are converted to node format at stage 660 and have the same configuration of information as referenced by the final CVF 547. A node is the basic unit of CVF, which allows efficient and accurate comparative evaluation to be performed on other CVFs. CVFs are similar to irreversible MD5 hash sums, except that they have properties (nodes) optimized for comparison. The nodes thus converted are temporarily stored in the node holdout 661 when their existence is checked at stage 665. If they are not found, they are created at stage 662 and updated at stage 663 with statistical information such as occurrence and usage. At stage 664, all nodes with holdout 661 are assembled and pushed as the CVF 547 as the output of the module. If the holdout 661 is empty after the generator has been executed, an empty result is returned 618.

In FIG. 104, node comparison algorithm (NCA) 661 is comparing two node configurations 666 and 668 read from an unprocessed CVF 547. Each node of the CVF represents the magnitude of the property. For each node, a similarity comparison is made and the overall variance is calculated. This ensures that the correct comparison is efficiently calculated. If the variance value is small, it indicates that the degree of match is high, whether it is node-specific or integration weight. There are two modes of comparison that can be performed: partial match mode (PMM) and full match mode (WMM). In PMM, if there is an active node in one CVF and it is not found in the comparison candidate (the node is dormant), this comparison is not penalized. Mode application example: Comparing tree A with forest A, tree A finds the closest matching tree B present in forest A In WMM, there is an active node in one CVF, which is not found in the comparison candidate (node Is inactive, this comparison is penalized. Mode application example: When tree A and forest A are compared, tree A and forest A are directly compared, and there is a large variation in overlap and structural similarity, so no match is found.

105-106 illustrate system metadata segmentation (SMS) 487, which divides input system metadata 484 into meaningful security causality. As output from MCM 488, the programming elements of the log are individually retrieved at stage 672. At stage 673, individual categories from the MCM are used to obtain a more detailed configuration of the relationship between security responses and security variables (security logs). Such categorization 674 is assimilated at stages 669, 670, and 671. Target scan / assimilation 669 extracts security context targets / suspects from system metadata using pre-sorted containers and raw analysis results from the categorization module. The subject is used as the main reference point for deriving security response / variable relationships. The subject may include people, computers, executable code, networks, or even companies. The object 682 so parsed is stored in the object storage 679. By means of the risk scan / assimilation 670, risk factors of the security situation are extracted from the system metadata using the raw analysis results from the classification container and the classification module created in advance. Risks are associated with targets that are presenting or being exposed to such risks. Risks can be defined as potential attack points, types of attack vulnerabilities, etc. Such risks are stored in risk storage 680 using the association with the relevant subject in subject index 683. The response scan / assimilation 671 uses the pre-created classification container from the categorization module and the raw analysis results to extract the security situation response generated by the input algorithm from the system metadata. This response is associated with the security subject that is deemed to be such a response. Responses can range from approval / block / flag / quarantine / obfuscation / signal mimicry / retaliation etc. Such responses are stored in response storage 681 along with an association to the related object at object index 683. Such stored information is processed by data entry logic (PL) 483 which comprehensively sorts all security objects that have the relevant risks and responses.

107-108 illustrate a metadata categorization module (MCM) 488. FIG. In the format division 688, metadata is separated and classified according to recognized format rules and syntax. Such metadata must be organized according to a recognizable format, otherwise the metadata is rejected for processing. Local format rules and syntax 689 include definitions to enable the MCM module to recognize preformatted metadata streams. Local means "formatted" that was previously selected because of the relevance and presence in the metadata. Debug trace 485 is a coding level trace that provides the variables, functions, methods and classes used and the type / content of the respective input and output variables. A complete function call chain (a function that calls another function) is provided. Algorithm tracking 486 is a software level trace that provides security data combined with algorithm analysis results. The resulting security decisions (permissions / blocks) are provided along with a path of how the decision (justification) is reached and the appropriate weights that each element contributed to making the security decision. Such algorithmic tracking 486 leads to a mode of MCM that cyclically uses each of these security decisions justified at stage 686. Such justifications define how and why a particular security response was made in computer log syntax (not written directly by humans). The recognizable format 687 is a predefined and standardized syntax format compatible with CMTP. Thus, if the format declaration from the input system metadata 484 is not recognized, an empty result of the module is returned 618. It is the responsibility of the SPMA 526 programmer to code metadata 484 in a standardized format recognizable by CIMP. Such a format need not be proprietary to CTMP (JSON, XML, etc.). The variable holdout 684 is a place where the variables being processed are held by category so that they can be collectively submitted 685 as the final integrated output. Stage 675 performs a comparison check between the two major branches of input information, which is debug tracking 485 and algorithm tracking 486. Such comparisons track the occurrence of justifications at the coding level to better understand why such security justifications have occurred and are worth being the output of MCMs. To further examine the potential criticism of CTMP as a whole, this step is precautionary, and the decisions are well understood at the coding level, to ensure inferences that support security justification. Similarly, evidence of risk is verified at stage 676 using trace data debugging. At stage 677, metadata is checked for every function invoked by SPMA, and then such applicable functions are defined according to the specification of the functional goals and legitimacy to be used, which can be used Is checked.

FIG. 109 shows metric processing (MP) 489, which reverse-engineers variables from the security response of the selection pattern matching algorithm (SPMA) 526 and "rescues" perceptions from the information in this algorithm. Security Response X 690 represents a set of factors that contribute to the resulting security response (eg, Allow / Block / Obfuscation) chosen by SPMA. Each figure represents the security response from the selection pattern matching algorithm (SPMA). The initial weights are determined by the SPMA, so the information is leveraged. Such a decision is then heavily referenced in model perception. Perception Inference (PD) 490 uses part of this security response and the corresponding system metadata to reproduce the original perception of the security response. Perceptual interpretation of multi-dimensional series 699 is that PD adopts SPMA security response and associates it with corresponding input system metadata 484, so that intelligent "digital perception" as originally used by SPMA. It shows how to regenerate the full scope. This allows the CTMP to gain a deep understanding of the input algorithm, reuse and cross-reference the information of multiple different algorithms, and is thus trying to establish a large artificial intelligence token. Such graphics symbolize the complex rules, behaviors, and correlations built by SPMA. Filled figures 697, stacking amounts 698, and multidimensional types 699 are digital perceptions that capture the "thought" of an intelligent algorithm. A multidimensional 699 perception represents a three-dimensional figure, which is a language learning algorithm that interprets company emails of company employees and attempts to detect and / or predict security breaches of company confidential information It can be a symbolic expression form of For a single intelligent algorithm (for example, 695C / 696C is rectangular, whereas the variation 694C is circular, representing a slight difference of the intelligent algorithm), with multidimensional types having some variations Thus, there may be multiple initial security responses that may appear to have no surface meaning created by such an algorithm. The surface meaning 694A appears to be more in common with 692A than 696A. Although this is counter-intuitive, the 692A is a security response performed by a fill geometry algorithm that is completely different from the multi-dimensional 699. While perceptions 695C and 696C are identical, there is a slight difference between objects 695A and 696B that correspond to their security responses. The security response 695A is deeper, expressing this multidimensional perception from the side 695B, whereas the security response 696A expresses this from the front 696B, although this is exactly the same perception. These differences show how different security responses, which respond to different security threats / suspects, are reverse engineered and found to be the same intelligent algorithm. All three instances of the multidimensional type 699 (of which two are identical) are combined into a single unit and then referenced internally in the CTMP as a perspective view B702. The weight of influence that this perspective view has in CTMP is calculated according to the initial weight of influence that security responses 696A, 695A, and 696A have. The stacked amount perception 698 shows that the security response 693A is part of a set of integer multiples rather than receiving the third dimension depth as in the multi-dimensional type 699. This may be a symbolic representation of a profiling algorithm that builds a new company employee's security profile to avoid external infiltration. Although CTMP initially receives only a single security profile, represented as security response 693A, it is actually part of a set of cross reference profiles called Perception Stack 698 (after MP 489 performs reverse engineering) . Such recognition can be referred to in the CTMP as a perception viewpoint A 701. In security responses 691A and 692A, security responses symbolically represented as incomplete forms are provided to MP 489. The PD 490 utilizes input system metadata to find out that the intelligent algorithm that originated this security response does not have the expected security variable. For example, this is an algorithm noticing the presence of suspicious behavior, but not the usual / expected behavior. This may be a company employee who does not sign his email in the usual way. This could mean a sudden change in habit or a sign that this employee's e-mail account has been exploited by malicious actors who are not used to signing e-mail like real employees there's a possibility that. Such an algorithm is reverse engineered to be a digital perception fill figure 697 which is referenced in CTMP as a perception view C 700 under the influence of appropriate weights.

FIGS. 110 and 111 show the internal design of perception inference (PD) 490, which is mainly used by metric processing (MP) 489. FIG. The security response X is forwarded as input to the basis / reasoning calculation 704. This module determines the justification of the security response of SPMA 526 by exploiting the supply of intent of the I / O Reduction (IOR) module 706 stored in the intent DB 705. Such a module IOR interprets the input / output relationship of the function to determine the legitimacy and intention of the function purpose. The IOR module uses split input and output of various function calls listed in the metadata. Such metadata segmentation is performed by the metadata categorization module (MCM) 488, and output categories occur as collections 672 and 674. In JRC 704, the intent of the function stored in intent DB 705 is checked against the security response provided as input 690. If the functional intent supports the SPMA security decisions, they are submitted as valid basis-to-metric transformation JMC 703. In this JMC module, the basis of the verified security response is converted into a metric that defines the nature of the perception. Metrics are similar to human senses, and the basis for security responses represents the basis for using this sense. When a person crosses the road, the sense of sight and hearing (i.e. metric) increase and the sense of smell and touch cease. The collection of these sensations, together with their respective magnitudes of intensity, represent "cross road" perceptions. The basis of this analogy is that "vehicles on the road are dangerous and you can see and hear them". Therefore, this perception configuration is rationally justified, and an example of perception perspective C 543 is formed. Input-output relationships are defined as a set of function inputs and the corresponding outputs provided by such functions. The IOR 706 first checks if the function's input / output relationship and the function's intent are pre-analyzed by reference to the internal database. If the information is found in this database, at stage 708, the information is used to capture current input and output data. The captured (if applicable) input and output data is checked at stage 714 whether it is sufficiently saturated to achieve a sufficient level of meaningful analysis. This amount is quantified in technical terms and the minimum level is defined by the existing CTMP policy. If the amount of I / O information to be analyzed is insufficient, analysis of that particular function is discontinued at stage 711 and IOR module 706 proceeds to the next available function. If there is a sufficient amount of information to analyze, the input-output relationship is classified according to the similarity 709. For example, it turns out that one input / output relationship converts a currency into another currency (for example, USD to EUR), while another input / output relationship is the unit of one unit into another unit (for example, pound It turns out to be converted to kilograms). Both input and output relationships are classified as belonging to data transformation because the concept of trigger is associated with a categorization index. For example, such an index can reference USD, EUR, and Pounds, and kilograms refer to data conversion categories. Thus, if these units are found in an input / output relationship, IOR 706 can properly classify them. Therefore, the intention of the function is suspected to be a currency-to-unit conversion function. Having classified all available input and output relationships, the categories are ranked according to the amount of input and output relationship weights included at stage 710, with the most popular appearing first. At stage 715, it is checked whether the categories of input and output data can reliably display the pattern of function intent. This is done by checking the consistency of the I / O transformations performed by the function. If the information of a particular category is persistent and individual (such as converting currency to one category and converting units to a second category), these categories become the "intention" of the function. Thus, this function is described as having the intention of converting currency and units. IOR 706, by grouping functions into purpose, allows CTMP to verify the actual goals of the functions present in the code, and intelligently to anticipate malicious behavior before any damage is caused by the execution of such code. Can be scanned. If the "intention" is fully understood by the IOR 706 with a sufficient degree of confidence, it is submitted as output 712 of the module. If the “intention” categories do not strongly support each other and the “intention” of the function is not established with certainty, the “intention” of this function is declared as unknown and IOR 706 is for analysis at stage 711 Proceed to the next available function.

FIGS. 112 through 115 illustrate Perception Viewer Emulator (POE) 475. FIGS. This module generates an emulation of the observer and tests / compares all possible perception points using such various observer emulations. The input is all of its candidate perception points and the extended data log, while the output is the best, most applicable, from such extended data logs, with a combination of such selected perceptions, The resulting security decisions generated by the most alert observers. Input system metadata 484 is an initial input used to generate perception in the comparable variable format CVF 547 by raw perception generation (RP2) 465. In the storage search (SS) 480, a CVF (comparable variable format) derived from the data extension log is used as a criterion in the database search of the perception storage (PS) 478. The PS provides all CVFs 547 available from the database with the closest matching CVF. Their associated perception configuration and weights are referenced and used in the successful match event at result 716. Similarity overlap is referred to as a 60% match 719 and a 30% match 720. Such results are calculated by storage search 480. In result 716, matches 719 and 720 are stored and then calculated for individual perception ratings in weight calculator 718. Such a calculation takes the overall similarity (or match) value of the database CVF as compared to the input CVF and multiplies that value by the individual perception weights. Such weights are already stored and associated with the CVF, as first determined by the metric processing (MP) 489. In rating 717, perceptions are ordered according to their final weights. Such ratings are part of the selection process that use the most relevant (weighted weight calculation 718) perception to understand the security situation and to finally pass the output of block 730 or permit 731 commands. It is a department. Once the perception is rated, it is forwarded to the application 729 where a data expansion log 723 is applied to the perception to generate block / permission recommendations. Log 723 is the input log of the system with the original security incident. Self-Critical Knowledge Density (SCKD) 492 tags logs to define the expected upper scope of unknown knowledge. This means that perception allows you to consider data tagged with an unknown data scope. This means that the assessment of security incidents can be performed more accurately, taking into account estimates of the degree of knowing and the degree of knowing. Data parse 724 performs a basic interpretation of data extension log 723 and input system metadata 484 to output the original grant or block decision 725 determined by the original selected pattern matching algorithm (SPMA) 526. Thus, there are two potential case scenarios, and SPMA selects 730 to block security related incidents in scenario 727 (eg, prevent program download) or approves such incidents in scenario 726 One of 731 is selected. At the moment, the CTMP 22 has progressed to the point where it is ready to perform the most critical and important tasks of criticizing the decision (including but not limited to cyber security). This criticism occurs once in the Perception Viewer Emulator (POE), once in accordance with the logically defined rules, twice in Rule Execution (RE), and twice in CTMP, depending on the perception. Within the POE, upon receipt of a block command from SPMA, 732 overwrite logic is used. Upon receiving the grant command from SPMA, the 733 overwrite logic is used. At stage 732A, the default action of block 730 is assumed, and the block-average value and the grant-average value 732B are calculated by finding the average of the block / grant beliefs stored in the case scenario 727. Stage 732 C checks if the average confidence of case scenario 727 is greater than the predefined (by policy) confidence limit. If the scenario confidence is low, this indicates that CTMP refrains from critique because of poor information / understanding. When such a low confidence state occurs, RMA feedback module 728 participates in stage 732 D in an attempt to re-evaluate the security situation including more percepts. Perceptions additionally taken into account in this way may increase the limit of certainty. Thus, RMA feedback communicates with the resource management and assignment (RMA) 479 itself to see if re-evaluation is acceptable according to the resource management policy. If such a re-evaluation is rejected, the algorithm has reached its highest possible confidence, and it is permanently interrupted to overwrite the initial grant / block decision in this POE session. Stage 732 E indicates the conditions under which RMA feedback module 728 receives permission from RMA 479 to reallocate more resources, and thus reallocate more perceptions to the calculation. Once this is done, the overwrite attempt (CTMP critique) is aborted at step 732F, and a new assessment of case scenario 727 can be made with an additional perception (and thus an increase in computer resource load). Stage 732 G indicates that an authorization average sufficient to change default block action 730/732 A to authorization action 731 at stage 732 H (in accordance with the policy) is certain. The same logic applies to the permission logic 733 occurring in the case scenario 726. At stage 733 A, default actions are set to authorization as requested by SPMA 526. The block-average value and the grant-average value 733 B are calculated by finding the average of the block / grant beliefs stored in the case scenario 726. Stage 733 C checks if the average confidence of case scenario 726 is greater than the predefined (by policy) confidence limit. When such a low confidence state occurs, RMA feedback module 728 participates in stage 733 D to attempt to re-evaluate the security situation including more percepts. Stage 733 E illustrates the conditions under which RMA feedback module 728 receives permission from RMA 479 to reallocate more resources, and thus reallocate more perceptions to the calculation. Once this is done, the overwrite attempt (CTMP critique) is aborted at step 733F, and a new assessment of case scenario 726 can be made with an additional perception (and thus an increase in computer resource load). Stage 733G indicates that at stage 733H the average of the permissions sufficient to change the default permission action 731 / 733A to a permission action 730 is certain (in accordance with the policy).

FIGS. 116-117 illustrate the derivation of the semantics (ID) 477, which derives the perspective of the data, which may be meaningful from the perspective of the currently known perception. The applied perception perspective 470 is the range of known perceptions stored in the CTMP storage system. Such perceptions 470 are applied and used by the SPMA 526, collected as a set of perceptions 734, and forwarded to metric combination 493. This module 493 transforms the format of the perspective view 734 into categories of metrics, which is the format recognized by the Semantic Derivation (ID) 477. For metric complexity 736, the outer boundary of the circle represents a peak of known knowledge of the individual metrics. Thus, towards the outer edge of the circle, it represents greater metric complexity, while the center represents smaller metric complexity. The light gray in the middle represents the current set of applied perceptual perspective metric composites, and the outer dark gray represents the degree of complexity of metrics generally stored by the system. The goal of ID 477 is to be able to increase the complexity of the associated metrics, thereby increasing the perception perspective in complexity and volume. The known metric complexities from the current set of applied perception perspectives are added to the associated metric DB 738 if such detail / complexity is not yet included. In this way, the system is complete, and the complexity of the newly stored metric can be used in the derivation of a possible perceptual sense of meaning in the future. Such a composite metric configuration 736 is passed as an input to the metric extension (ME) 495, where the metrics of a number of different perceptual viewpoints are stored by category in individual databases 738. The dark gray surface area represents the full range of the current set of applied perception perspectives, and the amount of scope left to a known upper limit. The upper limit of metrics is represented by peak knowledge of each metric DB. Thus, the current set of metrics (derived by the current set of perspectives) is extended with the known detail / complexity of those metrics. Once expanded and the complexity is increased, the metric is returned as the complexity 737 of the metric. As shown in illustration 737, the light gray area is larger in all four metric sectors, scope 739, consistency 740, type 741 and intensity 742. This indicates that the perception is more detailed and complex in all four metric sectors. This expanded metric complexity 737 is passed as an input to metric transformation 494, which returns from the individual perception perspective to the overall perception perspective 735. Thus, the final output is assembled as a semantic perception perspective that is an expanded version of the original input applied perception perspective 470.

FIGS. 118-120 illustrate self-critical knowledge density (SCKD) 492, which estimates the scope and type of knowledge that may be unknown, beyond the limits of the reportable log. In this way, the resulting critical thinking feature of the CTMP 22 can extend all possible scopes of the knowledge involved, which the system directly knows or does not know. The following is an example of a use case to demonstrate the intended functionality and capabilities of SCKD 492.
1) This system has built a strong reference range for nuclear physics.
2) This system carries out analogy that nuclear physics and quantum physics are categorically and systematically similar in complexity degree and type.
3) However, this system has much less knowledge about quantum physics than nuclear physics.
4) Thus, the system defines the upper limit of potentially achievable quantum physics knowledge using nuclear physics analogies.
5) The system judges that the range of quantum physics unknown knowledge is large.
Known data categorization (KDC) 743 categorizes the identified (known) information from input 746 categorically so that appropriate DB analogy queries can be performed. Such information is divided into categories A, B, and C 750, and then the separate categories individually provide inputs to the comparable variable format generator (CVFG) 491. The CVFG then outputs category information in CVF 547 format, which is used to check the similarity in the known data scope DB 747 by the storage search (SS) 480. In DB 747, the upper limit of known data is defined according to the data category. Evaluating the certainty of the scope of knowledge by comparing data of similar types and structures. If SS 480 can not find a result to analogize the knowledge in scenario 748, then the current data is stored for future analogy. According to this example use case, this is an incident that makes it possible to define the scope of nuclear physics. Later, when quantum physics is referenced in the future, we can analogize the knowledge scope of quantum physics with the storage of the current nuclear physics knowledge scope. Scenario 749 illustrates the finding of results in which corresponding categories of known data are tagged to each category according to the results of SS 480. The tagged scope of the unknown information by category is then reconstructed in the unknown data combiner (UDC) 744 into the same stream of input data (input 746). At output 745, the original input data is returned and combined with the scope definition of the unknown data. In FIG. 119, the known data categorization (KDC) module 743 is shown in more detail. Known data 752 is the main input and includes an information block 755 representing a defined scope of data, such as individual entries from the error log. Stage 756, as in the use case, checks for recognizable definitions in blocks that are labeled as nuclear physics information. If there is a category that matches the information label of the block of category holdout 750, the existing category is enhanced with the detailed information at stage 748 by supplementing the processed information block 755. If such a category does not exist, a block 755 of information may be created accordingly, as created in step 749. Basic logic 759 cycles through the blocks in order until everything is processed. If all of those blocks have been processed, then the KDC 743 submits the module's output as an empty result 618 if the minimal amount (as defined by the policy) has not been submitted to the category holdout 750 either. If there is a sufficient amount of processed blocks, category holdout 750 is submitted to intermediate algorithm 751 (mainly SCKD 492). Unknown data combiner (UDC) 744 receives known data tagged with unknown data points 757 from intermediate algorithm 751. Such data is first stored in category holdout 750, from which basic logic 760 cyclically uses all units of data in order. Stage 754 checks whether the defined categories from holdout 750 include physical metadata that describes how to rebuild the separate categories into matching information streams. Such metadata was found in known data 752 originally input from KDC 743. Because, at that stage, this data was not yet divided into categories, and there was an original single matching structure that holds all the data. After stage 754 reassociates this metadata with their corresponding data, the tagged blocks are forwarded to block reassembly holdout 753. If at stage 754 no metadata is found that matches this data, holdout 753 is necessarily left empty and an empty result 618 of the module is returned. If the metadata match is successful, then the holdout 753 is filled and the output of the UDC 744 module is known data plus tagged unknown data 757. A block 755 of the output of the module represents the original information block described in the known data 752 of the KDC 743. Pentagon 758 represents the scope definition of unknown data combined with all blocks of known data 755.
Lexical Objectivity Search (LOM)

FIG. 121 shows the main logic of lexical objectivity search (LOM). LOM tries to bring objective responses to various questions and statements as close as possible. The LOM interacts with the human subject 800 to admit or improve claims of these questions or statements against the LOM position. Allowing or improving claims is the core attitude of LOM. For it is the place where you get knowledge at the very beginning, because you have to be able to recognize what was wrong so that you can learn from human knowledge. LOM is extremely database biased (CPU, RAM, disk are all important players) and centralized to a single (but replicated for redundancy and backup) master instance, knowledge It receives convenience from the holding center (CKR) 806. Third party applications gain convenience through paid or free APIs that connect to such centralized master instances. The activity of the LOM starts with the human subject 800 entering a question or assertion 801 into the main LOM visual interface. Such questions / assignments 801A can be used in the initial query inference (IQR) 802 to decipher the missing details that must be used in understanding / answering the questions / assignments by utilizing knowledge retention center (CKR) 806. , Transferred for processing. [. . . ] Thereafter, the question / statement 801 is forwarded to the search clarification (SC) 803A along with the additional query data. Clarification of the survey provides additional information by interacting with human subject 800 so that question / assignment 801A can be analyzed objectively and in all necessary contexts. Thus, the clarified question / statement 801B is formed. It receives the original raw question / expression 801 raised by the human subject 800 and supplements the detailed information learned from the human subject 800 via SC 803A. Construct Assertion (AC) 808 A receives a proposition in the form of a statement or question (such as 801 B) and provides an output of the concept associated with the proposition. The answer presentation 809 is an interface for presenting the conclusion drawn by the LOM (specifically AC 808) to both the human subject 800 and the rational appeal (RA) 811. Such an interface is visually presented to human 800 for comprehension and presented to RA 811 in a purely digital syntactic format. Hierarchical Mapping (HM) 807A maps related concepts to find support or conflicts in query / assert consistency. Hierarchical mapping then calculates the benefits and risks of taking a certain position on the topic. The knowledge retention center 806 is a main database for referring to knowledge for LOM. It is optimized for query efficiency and logical classification and separation of concepts so that a strong argument is built, and is criticized for criticizing human objects 800. Knowledge Verification (KV) 805A receives high certainty and pre-criticized knowledge that needs to be logically divided for querying ability and absorption to CKR 806. Accept response 810 is an option given to human subject 800 that either accepts the LOM response or appeals with criticism. If the response is accepted, it can be processed by the KV 805A and stored in the CKR 806 as verified (high confidence) knowledge. If the human subject 800 does not accept the response, it is forwarded to a rational appeal (RA) 811A which checks and criticizes the reason for the appeal given by the human 800. The RA 811 A can criticize the statement, whether it is self-critic or human criticism (from the “NO” response of acceptance of the response 810).

122 to 124 show managed artificial intelligence service providers (MAISPs). The MAISP is running an Internet Cloud instance of the LOM, along with a Master Instance of Knowledge Retention Center (CKR) 806. The MAISP 804A connects the LOM to the front end service 861A, back end service 861B, third party application dependency 804C, information source 804B, and MNSP9 cloud. Front-end services 861A include artificial intelligence personal assistants (eg, Apple's Siri, Microsoft's Cortana, Amazon's Alexa, Google's Assistant), communication applications and protocols (eg, Skype, WhatsApp), home automation (eg, refrigerator) , Garages, doors, thermostats), medical applications (eg, doctor's second opinion, medical history). The back end service 861 B includes online shopping (eg, Amazon.com), online transportation (eg, Uber), prescription order (eg, CVS), and the like. Such front end service 861 A and back end service 861 B interact with the LOM through a documented API infrastructure 804 F that allows information transfer and protocol standardization. The LOM retrieves knowledge from an external source 804B via an automated search mechanism (ARM) 805B.

125 to 128 show the LOM dependency structure that represents how modules mutually depend on each other. Linguistic construction (LC) 812 A interprets the raw query / assertion inputs from human subject 800 and similar modules and generates logical divisions of linguistic syntax that can be understood across the LOM system. Concept discovery (CD) 813 A takes the points of interest in the clarified question / expression 804 and derives the related concept by leveraging CKR 806. Concept prioritization (CP) 814 A takes applicable concepts and organizes them into logical layers that represent specificity and generality. The top layer is assigned the most general concept, and the lower layers are assigned more specific concepts. Response Partitioning Logic (RSL) 815A understands human responses by leveraging LC 812A and associates appropriate and valid responses with the initial clarification request, thereby achieving the purpose of SC 803A. The LC 812 A is reutilized in the output phase to modify the original query / statement 801 to include supplemental information received by the SC 803. The human interface module (HIM) 816A provides a clear and logically segmented prompt to the human subject 800 to address the knowledge gaps identified by the initial query inference (IQR) 802A. Context building (CC) 8I7A provides raw facts to CTMP for critical thinking, using Assertion Building (AC) 808A metadata and potential evidence from human subject 800 . Decision matter comparison (DC) 818A determines the overlap between the pre-criticized decision and the decision after it is criticized. The concept compatibility detection (CCD) 819A compares conceptual derivations from the original question / assert 801 to confirm the logical compatibility results. Such concepts can represent situations, states of presence, trends, etc. Profit / Risk Calculation (BRC) 820A receives results of compatibility from CCD 819A and weights profit and risk to form a uniform decision encompassing the slope of variables implicitly included in the concept configuration . The Concept Collaboration (CI) 821A assigns attributes associated with the AC 808A concept to some of the information collected from the human subject 800 via Survey Clarification (SC) 803A.

129 and 130 show the internal logic of the initial query inference (IQR) 802A. The language composition (LC) 812 A acts as a subset of the IQR 802 and receives the original query / expression 801 from the human subject 800. Because the questions / assignments 801 are linguistically separated, the IQR 802A processes individual phrases at a time. The auxiliary verb "Should" 822 causes a lack of clarity with respect to time dimension 822. Therefore, questions to be asked for clarification are made, such as “everyday?” And “every week?”. The subject "I" 823 evokes a lack of clarity as to who the subject is, so subsequent questions are formed and presented to the subject 800. The verb "eat" 824 can compensate for other analysis points that are not necessarily unclear but lack clarity. IQR 802 links health and financial concepts to food concepts at stage 824 by utilizing the CKR 806 DB. This is more appropriate and highly relevant, such as "male or female?", "Diabetes?", "Exercise?", "Purchasing power?", Etc., by notifying the query "question asking question" 823. You will be asked the following questions. The noun "fast food" 825 evokes a lack of clarity in terms of how to interpret the word. This noun is to be interpreted as "food provided very early" in technical sense 827, or "fry, salty food like fry made at the place you order," It is interpreted with a spoken understanding 826. A salad bar is technically a quick way to get food, made in advance and ready to eat. However, this technical definition closely follows the more generally understood spoken understanding of "fast food". With reference to CKR 806, IQR 802 considers possible alternative options, taking into account the ambiguity of the term "fast food". Ambiguous options such as "Hamburger Shop?" And "Salad Bar?" Can be transferred to human subject 800 via Human Interface Module (HIM) 816. However, there may be enough information in CKR 806 that it can be understood that the general context of question 801 represents a reference to spoken meaning 826. As we gradually learn that there is a level of debate related to fast food and health, CKR 806 can express such a general context. Thus, question 801 is likely to refer to this controversy. Thus, it is not necessary to call the HIM 816 to further clarify using the human subject 800. Thus, IQR 802 tries to decipher clear but subtle nuances in the sense of definition. Question 828 indicates that for the entire LOM, a human subject 800 is asking a question rather than expressing a statement.

FIG. 131 shows a study clarification (SC) 803 that receives input from the IQR 802. Such input includes a series of requested clarifications 830 that the human subject 800 needs to address in order to objectively answer the original question / expression 801 to be achieved. Thus, the requested clarification 830 is forwarded to the human interface module (HIM) 816B. Any correspondence made to such clarifications is forwarded to response split logic (RSL) 815A, which then correlates correspondences and clarification requests. In parallel with the requested clarification 830, a linguistic combination of clarifications 829 is provided to the linguistic construction (LC) 812A. Such linkages 829 include internal relationships between the requested clarifications 830 and the language structure. This allows the RSL 815A to modify the original query / expression 801 so that the LC 812A can output a clarified query 804 incorporating the information learned via the HIM 816.
[00] Figure 132 shows Construct Assertion (AC) 808 that was received by Clarification Questionnaire (SC) 803 created by the Study Clarification (SC) 803. Next, the LC 812A breaks this problem into points of interest 834 (key concept) and passes it to the concept discovery (CD) 813. The CD then derives the associated concept 832 by exploiting CKR 806. The concept prioritization (CP) 814A can then organize the concepts 832 into logical layers that represent specificity and generality. The top layer is assigned the most general concept, and the lower layers are assigned more specific concepts. Such organization was facilitated using data provided by CKR 806. The top layer is forwarded to the hierarchical mapping (HM) 807 as an input of the module. In parallel transfer of information, the HM 807 receives a point of interest 834, which is processed by its dependent module Concept Linkage (CI) 821. The CI assigns attributes to such points of interest 834 by accessing the indexed information available at CKR 806. Once the HM 807 completes an internal process, its final output is tested for compatibility with the derived concept and is returned to the AC 808 after being weighted back with the benefit / risk of a position. This is the output of the module until the AC 808 and HM 807 are complete, the analyst completely saturates the complexity of the concept, and until the CKR 806 becomes a bottleneck due to knowledge limitations (whichever comes first). To keep sending each other, it is called the feedback loop 833 of the output of the module.

Figures 133 and 134 show the internal details of how hierarchical mapping (HM) 807 works. The AC 808 provides two inputs in parallel to the HM 807. One is called concept interest point 834 and the other is the top layer of prioritized concept 837 (most common one). The concept collaboration (CI) 821 uses both inputs to associate the contextd conclusion with the point of interest 834, as shown in FIG. Next, CI 821 provides an input to Concept Compatibility Detection (CCD) 819, which identifies the compatibility / contention levels between the two concepts. This allows the HM 807 to recognize the overall understanding or disagreement between the representations and / or propositions of the human subject 800 and the high confidence knowledge indexed by the knowledge retention center (CKR) 806. Be Such compatibility / competitive data is a module that translates these compatibilities and conflicts into benefits and risks with respect to taking a holistic unified position on the issue, Profit / Risk Calculation (BRC) 820 Transferred to For example, three major positions emerge for each use case (according to the criteria set by human subject 800). In other words, fast food is generally not recommended, fast food is acceptable but not emphasized, fast food is generally recommended. Such positions are transferred to the AC 808 as the module's output 836, along with the risk / benefit factors. This is one of several points in the LOM where the flow of information is complete, as AC 808 attempts to facilitate the extension of the assertion proposed by HM 807. Systems that contain loops of information flow represent gradually built objective responses, in which intelligence tendencies are gradually complemented as the subjective nature of the question / expression. One analogy is that honeybees want flower nectar, but unintentionally scatter the pollen of that flower on other flowers. Pollination of this flower produces more flowers, which in the long run attract more bees. This is similar to an interconnected information ecosystem, which occurs within the LOM and gradually “pollinates” representations and mature concepts until the system has a strong sense of position on the topic. The internal operation of concept linkage (CI) as a subset of HM 807 is shown in FIG. The CI 821 receives the points of interest 834 and interprets each point of interest according to the top layer 837 of the prioritized concept. The two top layers of the prioritized concept in this example are "health" and "budget constraints." Therefore, when CI tries to interpret points of interest, it will pass through these topical lenses. The point of interest "diabetes" 838 leads to the expression of "expensive medical care" on "budgetary constraints" 837 and "more vulnerable health" / "glucose intolerance" on "health" 837. The point of interest "male" 839 states that "the day is being overwhelmed" as the system has found that more specificity is required, such as "work addiction". Because the system is aware of the correlation between time and money, the problem of time is conversely linked to "budgetary constraints." The point of interest “middle class” 840 states “can afford to buy higher quality food” with respect to “budget constraints”. The interest point "burger king" 841 expresses "cheap" and "saving" with respect to "budgetary constraint" 837, and expresses "high sugar content" and "fried food" with respect to "health". Such assertions are made by reference to the established and confident knowledge stored in CKR 806.

Figure 135 and Figure 136 show the internal details of a rational appeal (RA) 811 that criticized the statement, whether it be self-critic or human criticism. LC 812 A acts as a core subcomponent of RA 811 and receives input from two potential sources. One source of information is when the human subject 800 rejects the opinion expressed by the LOM at stage 842. Another source, in response 843, transmits the criticisms built by AC 808 digitally for LOM internal self critique. After the LC8I2A converts the language text into a syntax that the rest of the system can understand, it is processed by the core logic 844 of RS. When such core logic returns high confidence results 846, the results are passed to knowledge verification (KV) 805 for proper absorption into CKR 806. When the core logic returns a low confidence result 845, the result is passed to the AC 808 to continue the self-criticizing cycle (another element of the completed LOM). Core logic 844 receives the input from LC 812A as a pre-criticized decision 847 without language elements (using instead syntax that is optimal for use in artificial intelligence). Such a decision 847 is directly transferred to the CTMP 22 as a sector of "Subjective Opinion" 848 into which it is input. Decision 847 also provides the CTMP 22 with raw facts (eg, system logs) as “objective facts” using metadata from AC 808 and likely evidence from human subject 800 , Context construction (CC) 817 is transferred. Such information is processed to output the best attempt to reach an "objective opinion" 850 when the CTMP 22 receives two mandatory inputs. Such an opinion 850 is treated as a decision 851 after being criticized in the RA 811. Both pre-critical decisions 847 and post-critic decisions 851 are forwarded to Decision Comparison (DC) 818 which determines the scope of overlap between both decisions 847 and 851. The complaint will then either improve the contrast factor to explain why it is found to be true852 or why this appeal is invalid. Such an assessment takes place without consideration or bias of whether this appeal comes from artificial intelligence or humans. Regardless of the 852 or 852 improving scenarios that acknowledge the scenario, the high confidence result 846 is passed to the KV 805 and the low confidence 845 result is passed to the AC 808 for further analysis.

FIGS. 137 to 138 show internal details of a knowledge retention center (CKR), which is a place where information based on LOM data is stored and merged. Units of information are stored in the Unit Knowledge Format (UKF). There are three types of unit knowledge format (UKF): UKF1 855A, UKF2 855B, and UKF3 855C. UKF2 855B is the main format in which targeted information is stored in rules syntax form (RSF) 538 and is highlighted as the value 865H. Index 856D is the processing of digital storage and compatible / claimed reference points that allow resource efficient reference of large amounts of data collection. This main information block references time stamp 856C which is a reference to another knowledge unit via index 856A called UKF1 855A. Such a unit does not hold the same timestamp 856 C section as UKF 2 855 B, but stores a lot of information about the timestamp in the RSF 538 format of the value 856 H sector. Rule Syntax Form (RSF) 538 is a set of syntactic standards for keeping track of reference rules. Multiple units of rules within RSF 538 can be utilized to describe a single purpose or action. RSF is frequently used directly inside CTMP. UKF1 855A contains a sector of source attribute 856B. This is a reference to the index 856G of the UKF3 855C instance. Such a unit UKF3 855C is opposite to UKF1 855A, which has a section of timestamp but no section of source attribute. This is because UKF3 855C stores the contents of source attributes 856E and 856B in the sector of value 856H of RSF 538. Source attributes are a collection of complex data tracking the requested source of information. Such sources have been given the status of credibility and authenticity due to backing and negative factors, as processed by KCA 816D. Thus, the UKF cluster 854F is composed of a chain of variants of UKF linked to define jurisdictionally partitioned information (time and source are dynamically defined). In summary: UKF2 855B contains the main targeted information. Since the UKF1 855A contains timestamp information, the timestamp field itself is omitted to avoid infinite regression. Since the UKF3 855C contains source attribute information, the source field itself is omitted to avoid infinite regression. Every UKF2 855B must be accompanied by at least one UKF1 855A and one UKF3 855C. Otherwise, clusters (sequences) are considered incomplete and the information present there can not be processed by the generic logic 859 of the entire LOM system. Between the central UKF2 855B (with central targeted information) and the corresponding UKF1 855A and UKF3 855C there is a UKF2 855B unit that acts as a linked bridge. A series of UKF clusters 854D are processed by KCA 816D to form derived assertions 854B. Similarly, a series of UKF clusters 854E are processed by KCA 816D to form derived assertions 854C. Knowledge-based analysis (KCA) 816 D compares the UKF's clustered information to support evidence for a stance on opinion. The algorithm takes into account the credibility of the attributable source and negative evidence (if such an assertion is made), and so on. Thus, after the processing of the KCA 816D is completed, the CKR 806 can output an arbitrary position that is a conclusion on the topic. CKR 806 does not delete information that may be useful to distinguish in the future whether it is true or false, even if the information is determined to be false. Thus, the CKR 806 is implemented from the advanced storage capacity service 854 G, which can process and scale the CKR 806 unlimited growing data set.

FIG. 139 shows an automated search mechanism (ARM) 805 B that seeks to continually provide the CKR 806 with new knowledge in order to extend the LOM's overall estimates and decision-making capabilities. As represented by user activity 857A, when the user interacts with the LOM (via the available front end), the concept is brought about directly or indirectly in connection with the answer / response to the question / expression. The user activity 857A is expected to eventually generate a concept that the CKR 806 has little or no information about, as shown in the list of requested but still unavailable concepts 857B. In concept sorting and prioritization (CSP) 821 B, concept definitions are received from three independent sources and aggregated to prioritize information request (IR) 812 B resources (such as bandwidth). Ru. Such module IR 812 B accesses the relevant sources to obtain the specifically defined information. Such information is defined by the type of concept. Such sources include public news sources 857C (Reuters, The New York Times, Washington Post's published news articles, etc.), Public Data Archive 857D (Wikipedia, Quora's etc. Information Collection Collection), Social Media 857E (Facebook, Twitter Feeds) Such). The data provided by such sources is received and analyzed at the information aggregator (IA) 821 B according to the definition of the concept that requested them. Corresponding metadata such as search time and search source is held. The information is then sent to a cross reference analysis (CRA) 814 B where the received information is compared to existing knowledge from CKR 806 and taken into account. This allows the new information to be evaluated and verified according to what the CKR 806 currently knows and does not know. Stylometric scanning (SS) 808 B is an auxiliary module that allows the CRA 814 B to absorb new information using existing knowledge from CKR 806 taking into account stylometric signatures. The missing dependency concept 857F is a concept logically required to be understood as a basis for understanding the initial target concept. (For example, to understand how a truck moves, you must first investigate and understand the operation of a diesel engine). Such missing concepts are forwarded to CSP 821B for processing. The list of active concepts 857G is a popular topic rated as the most active on CKR 806. Such a concept 857G is forwarded to the Creative Concept Generator (CCG) 820B and is creatively matched (via creation module 18) to generate a new potential concept. This mechanism relies on the possibility of providing new range of information from sources 857C, 857D, 857E, one of these mixtures being connected to IR 812B.
Example usage of stylistics:
The new external data 858A is marked as coming from a known CNN reporter. However, a very strong stymetric match is found with the military think tank's signature. Therefore, it is noted that the content belongs mainly to the military think tank in CKR 806 and "asserts" it from CNN. This further allows pattern matching and collusion detection for later execution of the LOM logic (eg, to suspect future content coming from CNN). The assertion support, competition, prejudice rating is then assessed as if this content is that of a think tank and not that of CNN.

FIG. 140 shows stylometric scanning (SS) 808 analyzing the stylometric signature 858 C of the new foreign content (the system has not yet been exposed). Stylistics is the statistical analysis of literary style variations between one writer or genre and another. This helps CKR 806 in tracking the expectations of the data / assertion source, and further helps the LOM detect supporting assertions. Content source attribution of new external data 858A of signature conclusion (SC) 819B is affected by the key agreement of stylometric signature 858C. The stronger the stylometric match, the stronger the source attribute from stylistics. In signature query (SQ) 807B, stylistic signature 858C is matched against all known signatures from SI 813B. Every match of the key slope is recorded. Signature Index (SI) 813 B represents a list of all known stylistic esoteric signatures 858 C retrieved from CKR 806. As typified by the third party stylistic metrics algorithm 858B, the LOM relies on intelligently selected sophisticated and valid algorithms, stylistic metrics algorithms.

FIG. 141 shows a hypothetical overwrite system (AOS) 815 B that receives a proposition in the form of a statement or question and provides an output of the concept associated with the proposition. Concept Definition Matching (CDM) 803B is the place where any hard-coated hypothesis 858D provided by human subject 800 is queried against dependency interpretation (DI) 816B module. All such concepts are checked by Ethical, Confidential and Legal (EPL) 811 B for violation concerns. In the Dependency Interpretation (DI) 816B module, all knowledge-based dependencies that satisfy a given response of requested data are accessed. In this way, a complete "tree" of information is retrieved based on objective opinion. The requested data 858 E is data requested by general-purpose logic 859 throughout the LOM system. A particular query looks for a set of correctly marked information. Conditional queries request all information that matches a specific condition.

FIG. 142 shows intelligent information and configuration management (I ² CM) 804E and management console 804D. Referring to aggregation 860A, information streams from multiple platforms are merged and tagged while unnecessary and redundant information is blocked using generic level criteria. The threat dilemma management 860B is where the danger of conceptual data is perceived from overhead view. Such threats are passed to the management console for graphical representation. As calculated measurements related to threat mechanics are eventually merged from multiple platforms, decisions on threat management are automatically made with more information obtained Be done. The automation control 860C represents that the algorithm has access to control over the management of the MNSP 9, the trust platform 860Q, and the third party service 860R. Management feedback control 860D can be used to facilitate policy creation, forensics, threat investigations, etc., a high level of service based on all MNSP9 Cloud, Credit Platform (TP) 860Q, additional third party services 860R Control is provided. Such management control 860D is ultimately manifested on the management console (MC) 804D, with appropriate images that can be customized and an efficient presentation. As a result, the entire system (MNSP, TP, 3PI) can be efficiently controlled and operated directly from a single interface that can be expanded and viewed in detail as needed. Manual control 860E is for human access to control over management of MNSP 9, trust platform 860Q, and third party service 860R. In the intellectual context-ization 860F stage, the remaining data at this point look like a group of islands, each island being a risk of data on the concept. Interrelationships are established among the platforms for mastering concept analysis. To decipher threat patterns, historical data are accessed (from I ² GE 21 as opposed to LIZARD) and CTMP 22 is used for critical thinking analysis. The setting and introduction service 860G is an interface for introducing a new enterprise property (computer, laptop computer, mobile phone) with the setting and communication setting of data on the correct concept. After a device is added and configured, security settings and communication settings are fine-tuned through the management console (MC) 804D, with management feedback control 860D in the middle. The configuration and deployment service also manages the deployment of new customer / client user accounts. The deployment may include the association of hardware with user accounts, interface customization, and a list of customer / client variables (e.g., business types, product types, etc.). In division by jurisdiction 860H, the collection of tagged information is divided exclusively according to the jurisdiction that falls under the user of MC 804D. The division by threat 860I organizes the information according to individual threats (eg, the risk of data on the concept). All types of data are associated with a threat and some information is added or deleted. The direct management 860J is an interface for the user of the MC 804D to connect to the management feedback control 860D via the manual control 860E. In the category and jurisdiction range 860H, the user of the management console MC 804D uses login credentials defining the scope of his jurisdiction range and information category access right. All data vector candidates 860L are all data in motion, data in motion, and data in use. Customizable image 860M is the company's various departments (accounting, finance, human resources, IT, legal, security / general inspectors, privacy / information disclosure, labor union etc) and parties (staff of each department, managers, Executives), as well as for third party partners, law enforcement agencies, etc. Conceptually, the integrated view 860N for all aspects of the data represents surroundings, enterprises, data centers, clouds, removable media, mobile devices, and so on. Integrated single view 860 O includes monitoring, logging, reporting, event correlation, alert processing, policy / rule set generation, corrective action, algorithm coordination, service provisioning (new customer / modification), use of credit platform, and It is a single view on all functional candidates, such as third party services (including receiving reports and alerts / logs from third party service providers and third party service vendors etc). Team of conceptual data 860P is a team of qualified professionals who monitor the activity and status of multiple systems throughout. Because intelligent information processing and judgment by AI are performed, it is possible to hire only a small number of people with few years of experience, and to reduce costs. The primary purpose of this team is to be relied upon in the unlikely event of processing a large number of analysis points while verifying that the system is developing and improving according to the desired criteria. It is.

FIG. 143 shows a personal information profile (PIP) 802C, which is a location where personal information of an individual is stored via a number of potential endpoints and front ends. Although the individual's information is very secure and isolated from CKR 806, generic logic 859 throughout the LOM system can be used to make highly personalized decisions. By implementing personal identification and encryption (PAE) 803C, incoming data requests need to first authenticate themselves to ensure that personal information is accessed by the correct user. Personal information regarding the artificial intelligence application is encrypted and stored in the personal UKF cluster pool 815C in UKF format. In the information anonymization process (IAP) 816 C, information is replenished to the CKR 806 after personally identifiable information is removed. Even after such personal information has been removed from the data stream, the IAP 816C may be able to reverse engineer (as in a forensic scrutiny) the excess amount of parallel data to know the identity of the individual. Try to prevent being offered. In Cross Reference Analysis (CRA) 814 B, the received information is compared to existing knowledge from CKR 806 and constructed in consideration of it. This allows the new information to be evaluated and verified according to what the CKR 806 currently knows and does not know. Any data request information is always accessed from the CKR 806. If there is a personal judgment standard in the data request, PIP802C is referred to through merge of personal data and general data (PGDM) 813C, and PIP802C is constructed based on the knowledge of the main CKR 806.

Figure 144 shows Life Management and Automation (LAA) 812 D, connecting various Internet-enabled devices and services on an integrated platform that automates tasks for routines and single-events in everyday life There is. Aggressive Decision Making (ADM) 813D is the central logic of the LAA 812D, taking into account the availability and functionality of the front end service 861A, back end service 861 B, IoT device 862A, considering available spending rules and amounts according to FARM 814 D doing. In the Funding Rules and Controls (FARM) 814D, humans manually define the criteria, limits, and scope for this module to inform the ADM 813 D on how far the ADM 813 D's activities are. Human subject 800 manually deposits funds (eg, Bitcoin) in cryptocurrency into digital wallet 861C, thereby indicating an upper limit on the amount that LAA 812D can spend. The IoT Integration Module (IIM) 815D maintains a database of which IoT devices 862A are available to humans. An authentication key and an authentication mechanism are stored in this database to enable secure control 862C of the IoT device 862A. The product maker / developer 861F provides an endpoint of programmable API (application programming interface) to the LAA 812D as IoT product cooperation programming 861E. Such endpoints are used in particular by the IoT Integration Module (IIM) 815D. Data feed 862B represents when the IoT enabled device 862A sends information to the LAA 812D so that intelligent and automated operations can be performed. Example: Thermostat reporting temperature, refrigerator reporting stock of milk. Device control 862C represents when the IoT enabled device 862A receives an instruction from the LAA 812D about the operation to be performed. Example: Turn on the air conditioner, open the gate for courier, etc. The front end services 861A category may include: Artificial Intelligence personal assistants Communication applications and protocols Home automation Medical interface Delivery tracking services Back end services 861 B examples include: The following is an example of a general use case that illustrates the functionality of Amazon's online ordering, Uber, transportation, and prescription LAA 812D.
An IoT-enabled refrigerator detects that milk is likely to run out. Through emotional intelligence, LOM analyzes that the subject's mood tends to be more negative if they do not drink high-fat milk. After evaluating the risks and benefits of the subject's life situation, the LOM orders high-fat milk from an online delivery service (eg, Amazon). LOM keeps track of milk shipments by tracking number and opens the front door of the house so that it can be delivered to the premises of the house. When the delivery person leaves, the LOM closes the gate. If the delivery person is a malicious agent, the security becomes cautious. Then, a clever, simple wheeled robot takes milk and puts it in the refrigerator to keep it cool and undamaged.

FIG. 145 shows behavior monitoring (BM) 8I 9 C that checks for the presence of unethical and / or illegal substances by monitoring requests from the user for personally identifiable data. Metadata aggregation (MDA) 812 C allows user related data to be aggregated from external services to reveal the user's digital identity (eg, IP address, MAC address, etc.). Such information is transferred to induction 820C / deduction 821C and finally to PCD 807C, where sophisticated analysis is performed using supporting factors from MNSP9. Example: shopping portal amazon .. The user connecting to “com” transfers its IP address to LOM behavior monitoring (BM) 819 C for security purposes. All information from the authenticated user, whose destination is PIP 802C, passes through Information Tracking (IT) 818C and is checked against Behavior Blacklist 864A. Example: The user asks about the chemical composition of sulfur. Information matching (partially or completely) elements from blacklist 863B is transferred from IT 818C to induction 820C and deduction 821C. In Pre-crime Detection (PCD) 807C, deductive and inductive information is merged and analyzed to draw a pre-crime conclusion. If a significant amount of evidence is detected, information about the crime and known identity for this user are forwarded to law enforcement authorities. PCD 807C verifies the position generated by induction 820C and deduction 821C by utilizing CTMP 22 which directly references behavior blacklist 864A. Blacklist Management Authority (BMA) 817D runs within the cloud service framework of MNSP9. BMA 817D issues and maintains a behavior blacklist 864A that defines dangerous concepts that require user surveillance in order to prevent crime and capture offenders. BMA 864B also issues and maintains an EPL (ethical, confidential and legal) blacklist 864B that flags confidential material so that it is never submitted as a result of a query by the LOM. Such confidential material may include leaked documents, personal information (eg, social security numbers, passport numbers, etc.). BMA 864B includes applicable laws and policies relating to ethics, privacy, and law (eg, cyber security policy, acceptable use policy, HIPAA (US law on medical insurance interoperability and accountability), PII (personal information). Etc.). This blacklist is usually composed of trigger concepts, which consider the user to be suspicious if the user is overly involved in such a concept. The blacklist can also target specific individuals and / or organizations, such as a wanted list. Future crime prevention will take place within the BM 819 C, with the supporting factor verified at MNSP9. The law enforcement authority 864C can connect to the BMA 817D via the MNSP9 cloud to provide input on blacklisted concepts and receive input from BD 819C PCD 807C crime detection results. The behavior monitoring information support 864D enables the MNSP 9 to submit behavior monitoring information to the BM 819C for support. Ethical, Confidential and Legal (EPL) 811B receives a customized blacklist from MNSP and uses AOS 815B to be unethical, violate privacy, and / or contain illegal content Block any assertions.

Figure 146 shows the ethical blackout of receiving a customized blacklist from MNSP and using the AOS 815B to block any assertion that is unethical, violates privacy, and / or is illegal. And legal (EPL) 811B. MNSP 9 is used to address traditional security threats such as Trojan horse, virus and other hacking attempts. LOM's BM module 819C and EPL module 811B analyze context on concept data by induction 820C and deduction 821C to determine ethics, privacy and legal impact.

FIG. 147 shows an overview of the LIZARD algorithm. Dynamic Shell (DS) 865A is the layer of LIZARD that is most susceptible to change through iteration. Modules that require a large amount of computation to achieve their goals usually belong to the dynamic shell. Because these modules can surpass the level of computational effort that a team of programmers can handle. Syntax module (SM) 865B provides a framework for reading and writing computer code. In writing, the syntax module receives the target in complex format from the PM (target module) and writes the code in any code syntax, so that the helper function relies on this arbitrary code (depending on the desired language ) Can be translated into actual executable code. For reading, the syntax module provides syntactic interpretation of this code so that the PM 865E can derive the goal of the functionality of such code. If LIZARD has low confidence in the judgment, LIZARD relays the corresponding data to ACT 866 via data return relay (DRR) 865 C in order to improve the future LIZARD version. Although LIZARD itself is not directly dependent on data for decision making, data on evolving threats can indirectly contribute to the a priori decisions that future versions of LIZARD may make. Pseudo-concept Threat (ACT) 866 creates a virtual test environment with the danger of simulated conceptual data in order to make the iteration process viable. The pseudo-evolution of ACT 866 is sufficient to go beyond the natural evolution of malicious concept forms. The iteration module (IM) 865D syntactically changes the DS865A code base according to the goals defined in the "determined goals" and data from the DRR 865C by using the SC 865F. This modified version of LIZARD is stress tested (in parallel) by ACT 866 under many different conceptual data risk scenarios. The most successful version is adopted as the production version. The goal module (PM) 865E derives goals from the code by using the SM 865B, and outputs such goals in its "composite goal format". This goal fully describes the intended functionality of the code block as interpreted by the SM 865B (even if this code is secretly embedded in the data). Static Core (SC) 865F is a layer of LIZARD that is the least susceptible to changes due to automated iteration, and instead is directly modified by human programmers. In particular, the innermost dark square is completely immune to automated iterations. This innermost layer is like a tree root that differentiates the LIZARD's direction and the overall ability.

FIG. 148 illustrates iterative intellectual growth (which is a subset of I ² GE 21), which illustrates how static rules mature as they adapt to various hazards. Successive generations of rule sets are created, and the evolution of these rule sets is done through the definition of "personality" traits. Such rulesets are used to process incoming concept data feeds and to provide the most desirable notifications and corrective actions. Evolutionary line 867A is the whole chain of multiple generations with consistent "personality". Generations become increasingly dynamic as CPU time progresses. The initial static rule set is no longer valid and may be erased or overwritten in some cases. Example: Evolutionary line A has a strict and preventative trait, which has an assumption of little tolerance or tolerance. The concept behavior 867B is a place where the behavior of the concept data analyst is processed and stored so that the evolution system 867A can learn from them. Example: Strain A has found a number of responses to the dangers of conceptual data consistent with specific circumstances and "opportunistic" personality types. Then, strain A generates rules that mimic such behavior. Human 867C represents a concept data analyst who generates an initial set of rules to begin the chain of evolution. Example: The concept involved in purchasing plutonium in the black market is defined by the rule of blocking all. Lineage personality 867D is a set of variables that define the reactive nature to act on the hazard trigger of the conceptual data.

FIGS. 149 to 150 show iterative evolution (which is a subset of I ² GE 21), which is a method by which a plurality of evolutionary lineages 867 A in parallel are developed and selected. A system with an iterated generation adapting to the same ACT 866 and having the best personality trait will eventually best withstand this concept threat. The CPU time 868A is a measurement value of CPU power with respect to time, and is measured in CPU cycles / second. It is not enough to measure the processing load for one evolutionary system in time alone, and the number of cores and the power of each CPU must be taken into consideration. Example: Pentium III may take as long as 30 minutes to process a millennial request, but with a Haswell processor. By using virtual isolation 868B, all evolutionary families are virtually isolated, ensuring that each version is based only on the criteria of their own personality. Example: Line B has to know the solution of Line C's difficult concept data problem at all, relying on its own personality trait and learning data. Some systems may be destroyed 868C because they have reached an undetermined state of not being able to recognize the danger of concept data. The most likely conclusion is that one has to change personality to create a new strain. Example: Line D could not recognize the danger of data on the concept during 100 CPU hours 868A units. Therefore, the entire strain was discarded. The monitoring / coordination system 868D injects hazard triggers of conceptual data from the ACT 866 system and relays the response of the hazards of relevant conceptual data from the concept behavior cloud (all following unique personality traits) It is a platform. Example: This surveillance system provided the response of hazards in the conceptual data needed to assemble generation 12 to system B. Pseudo Concept Threat (ACT) 866 is an isolated system that provides an environment of risk of stable conceptual data. Pseudo-concept threats provide analysts with concept recognition training to practice and train the system to respond to concept data and recognize various candidates for traits. Example: ACT provided a series of complex concepts that are perceived as dangerous to humans. It is something like "chemically synthesize sarin gas using household materials". Real Concept Threat (RCT) 869 A provides the concept scenario 869 C with the actual threat from the actual data log. The human 867C gives the monitoring / coordination system 868D direct instructions 869B. Example: manually aborting the line, change the master variable of the lineage personality, etc. Cross-reference module 869D is an analytical link between the concept risk 869C and the response 869E by the concept analyst 867C is there. After extracting meaningful treatment, the cross reference module sends this treatment to trait tagging module 869F. Conceptual hazards 869C may arise from either actual hazards 869A or training 866. The trait tagging module 869F partitions all behaviors according to personality type. Example: If this concept data analyst 867C flagged an email that is referring excessively to a method of suicide as dangerous, then the trait tagging module will not allow this analyst to The behavior is in common, but it is also a self-proclaimed cautious person. Flag the activity as a precautionary personality. The trait collaboration module 869G analyzes correlations between various personalities. This information is passed on concept behavior 867B and then on to monitoring / coordination system 868D and each line itself. Example: Intolerant personalities and realistic personalities are often common to the situations used and return similar responses to identical events. However, strict personalities and optimistic personalities rarely respond in the same way to the same event.

FIGS. 151-154 illustrate the creation module 18, which is an intelligent algorithm that generates a new hybrid shape from a prior input shape. The creation module 18 is used as a plug-in module to service a number of algorithms. At reference numeral 870A, two parent shapes (preshapes) are sent to the intelligent selector to generate a hybrid shape 870B. These parent shapes can represent the abstract structure of the data. Example: The shape A represents an average model of dangerous concepts derived by the concept DB. The shape B represents new information released by the concept trigger rule set regarding how to react to the dangerous concept. The information in shape B allows the generated hybrid shape to be a more dangerous concept than what shape A represents. The algorithm of intelligent selector 870 B selects new features and merges them into a hybrid shape. Example: Shape A represents an average model of the danger of data on the concept derived by the concept DB. Shape B represents the new information released by the concept rule set on how it has responded to the previous conceptual hazard. The information in shape B allows the generated hybrid shape to trigger a conceptual hazard better than what shape A represents. Mode 870C defines the type of algorithm for which creation module 18 is being used. Thus, the intelligent selector 870B knows which part is appropriate to merge, depending on the application being used. Example: Since the mode is set to ACT 866, the intelligent selector 870B is that the expected input data is of the representation form of hazard DB (shape A) and also for the trigger of conceptual hazard (shape B) I know it's a newly released piece of information that describes the ruleset's response in detail. Attribute mode 870C defines a detailed method of how it is best to merge new data into old data to create an effective hybrid shape. A static criteria 870D is provided by the concept data analyst that provides generic customization as to how shapes should be merged. Such data may include ranking prioritization, desired data ratios, and data to defer merging performed depending on which mode 870C is selected. Example: Assuming that this mode 870C is selected as ACT 866, if a certain hazard trigger fails, the result obtained thereby significantly changes the configuration of such a trigger, thus significantly affecting the hazard trigger DB. It should. If this trigger continues to fail after the change, give it up completely. For both shapes entered, raw data comparison 871 B is performed in response to static criteria 870 D given by concept data analyst 867 C. As a result of the raw data comparison being performed, static criteria 870D indicated that most of these shapes are compatible. The only difference was that shape A contained a response that was flagged as "foreign" by the static criteria. This means that the shape B, which is the expression form of the danger trigger DB, does not include / represent an anomaly found in the shape A. The change importance rating 871 C ranks which changes are important or not important according to the given static criteria 870D. Example: Since an anomaly not represented by shape B is found in shape A, static criteria 870D recognizes that this anomaly is critical. Thus, this results in a key change being made in the merge process to generate the hybrid shape AB. Merge module 871D reconstructs a hybrid shape based on static criteria 870D and mode 870C being used, what remains and what is found to be different. Such variations may include a ratio distribution of data 872A, the importance of certain data, how that data intermeshes / correlates with each other. Example: A rated importance of the configuration of the anomaly is received. After appropriate adjustments have been made, the process guided by static criteria 870D determines whether the reaction to this anomaly is incompatible with the rest of the data. The merge process then modifies the existing data so that the solution to this anomaly is effectively coordinated with such existing data. In accordance with the ratio 872A set by the static judgment standard 870D, the amount of common information is sorted. When the ratio 872A is set large, a large amount of shape data is merged into the hybrid shape as it is. When this ratio 872A is set small, most of the hybrid shapes are constructed so as to be largely different from the past versions. The priority order 872B is a place where the data sets are in conflict with each other by defining the feature which is the same place in the shape, and it is common to the feature that activates the prioritization process and makes it stand out Select features to hide. If only one trait can occupy a certain place (highlighted in rectangles), then a prioritization process is triggered to choose which features to inherit. Style 872C defines how to merge common points. In most cases, there are a wide variety of situations in which a particular merge occurs. Thus, the static criteria 870D and the mode 870C direct this module to favor merging one with the other. In most cases, the features have a common shape, so a shape with merged traits can be generated. Example: When triangles and circles are given as input shapes, a "pacman" shape is generated.

FIGS. 155-155 show the LOM being used as a personal assistant. The LOM can be configured to manage a personalized portfolio in an individual's life. To actively agree that LOM registers personal information on daily routines so that LOM can provide meaningful and appropriate advice when an individual encounters a dilemma or proposition it can. This can extend to work situations, eating habits, shopping decisions, and so on. The LOM receives the first question 874B and leads to the conclusion 874C via the LOM internal deliberative process 874A. EPL 811 B is used to verify the ethical, legal and privacy based compliance of responses generated by LOM. To make the LOM more personal, it can be connected to an LAA module 812D that connects to an Internet-enabled device that can receive and control data (eg, air conditioner turns on when approaching home). In PIP 802 C, the LOM receives personal information from the user, and the user may agree to track that information securely. In this way, the LOM can provide more accurate personal and accurate future responses. In context 874D, the LOM can infer missing links when constructing the claim. With its advanced logic, LOM has deciphered that in order to solve the dilemma raised by the original assertion, one must first know or assume certain variables for this situation.

FIG. 157 shows the LOM used as a survey tool. Some users use LOM as an investment tool. Assertion 875B is provided in an objective and deductible manner. Thus, the LOM does not require additional detail information 875D on specific and irrelevant use cases to provide a refined opinion on this issue. Therefore, reach conclusion 875C without personal information. EPL 811 B is used to verify ethical, legal and privacy based compliance of responses generated by LOM, and BM 819 C is used to monitor collusion on behalf of users for illegal / immoral activities Ru.

Figures 158 and 159 illustrate LOMs that investigate the advantages and disadvantages of the presented theory 876B. Bitcoin is a peer-to-peer distributed network that verifies the ownership of public ledger encryption called blockchain. All bitcoin transactions that occur are recorded by the network in blocks mined every 10 minutes. The limit currently hard-coded to clients of Bitcoin core is 1 MB, which means that there is only 1 MB worth of transactions (expressed in the form of data) every 10 minutes. Recently, the popularity of bitcoin as an asset has caused block size limitations to cause stress on the system, longer payment confirmation times, and higher minor commissions. In context 876D, the LOM can infer missing links when constructing the claim. LOM's advanced logic has deciphered that in order to solve the dilemma raised by the original assertion, one must first know or assume who will raise the block size limit. Thus, conclusion 876C is reached by LOM. EPL 811 B is used to verify ethical, legal and privacy based compliance of responses generated by LOM, and BM 819 C is used to monitor collusion on behalf of users for illegal / immoral activities Ru.

FIGS. 160 and 161 show LOMs that make policy decisions in a diplomatic war game. Isolated and secure instances of LOM are available on military approved hardware and facilities. This allows the LOM to access general knowledge of the knowledge retention center (CKR) 806 while accessing military-specific (and even confidential) information within the local instance of the personal intelligence profile (PIP). Military personnel can execute complex war games because of LOM's advanced intelligence capabilities, while having access to general knowledge and specific knowledge. The initial scenario of the war game is proposed in Assumption 877B and hard-coded assumption 877E. Due to the complexity of this war game scenario, the LOM responds with an advanced and detailed request 887D. In order to achieve a sophisticated response, the LOM may decide that it must receive high-level information, such as a detailed profile of 50,000 troops. Such information transfer can be several terabytes of data, and requires multiple parallels for many days to reach a refined conclusion. All information is transferred in a standardized and automated format and protocol (eg, importing 50,000 sheets of Excel sheets over 2 hours in one computer interface action). With BM 819 C and EPL 811 B, a confidentiality clearance is in effect to invalidate such precautionary features due to the sensitive nature of this information. Challenges in war game simulation include topics that may be flagged by BM 819 C and EPL 811 B. EPL may block information that may otherwise be useful for simulations that ultimately affect real life and financial consumption. The BM 819 C may have flagged this topic and reported it to the authorities of MNSP 9. Thus, properly qualified military channels / organizations will be able to interrupt, be disturbed, report to the authorities such confidential topics by authenticating LOM's session via PIP802C. It can be made possible to process via LOM. Because such information may be classified, such as the number and location of the military, authenticated sessions allow an override that completely blocks the BM 819 C and the EPL 811 C. In such a case, such confidential information does not leave the LOM and flow to an external platform such as MNSP 9 or a person concerned. In PIP 802 C, authorized military personnel running this war game are using a customized instance of LOM with upgraded / specialized encryption and information isolation. This may include on-site storage solutions that ensure that confidential military information never enters public cloud storage and remains in a military-approved facility. Thus, such securely held information allows the LOM internal deliberations 877A to simulate the proposed war game.

Figures 162-163 illustrate a LOM performing a task of research journalism, such as revealing identifiable detailed information about a person. This use case example follows the mystery surrounding Bitcoin's creator, known by the pseudonym Nakamoto Satoshi. The Bitcoin community has worked with many magazines and investigative journalists to identify their identity. However, LOM can maximize its research efforts in an automated and thorough manner. The LOM may face certain aspects of journalism-specific challenges that must be known to be able to respond correctly to the first query. Thus, the LOM can cause the CKR 806 to absorb information by sending a custom information request to the ARM 805B. In the contextd 879D, since the question 878B is provided in an objective and devoid of human emotions, the LOM allows for a specific and irrelevant use case to provide a refined opinion on this issue. Do not require additional details. LOM does not feel ashamed that it does not know or is not convinced. The reason is that LOM has a "personality" of "being honest with cruelty". Therefore, it can be understood that there is an inevitable hole in the evidence necessary to reveal Satoshi's true identity, as in the supplementary conclusion 878E. When the ARM 805B retrieves all known emails and chat logs that are undoubtedly Satoshi's, the stylistics 808B is performed, supporting Satoshi's true identity and definition. Thus, all that the LOM knows about the task of research journalism is presented as conclusion 879C.

Figures 164-165 illustrate LOMs that perform historical verification. LOM can verify the authenticity of historical documents with the backing of a connected narrator. Historical documents called "Hadith" (literally "news" in Arabic) are proved to be legitimately attributed to their ancestors, with the backing of those who support the transmitted news. Because Hadith documents are originally stored and understood within the scope of the Arabic spoken context, the linguistic construction module 812A understands this document directly in its native language by reference to third party translation algorithms doing. In the contextd 879D, since the question 879B is provided in an objective and devoid of human emotions, the LOM is used to address specific and irrelevant use cases in order to provide a refined opinion on this issue. Do not require additional details. In KCA 816 D, the UKF's clustered information is compared to support evidence on the legitimacy of citations (hadiths), as verified by a narrator on a series of links. The algorithm takes into account the credibility of the imputed source (eg, the narrator of the suspected hadith), denial of evidence etc when such an assertion is made. LOM builds the concept in the CKR 806 from the data retrieved by ARM that facilitates the Hadith's authentication process. Questions are asked, such as "What is the Hadith?", "What variations are in the Hadith?", And "What is the best authentication method?" There, we can build a strong definition basis through advanced reasoning, which CKR 806 holds, and justify the conclusion 879 C that the LOM outputs. Cluster Construction In 879 C, CKR 806 reaches a conceptual conclusion by "stacking" the basic unit of information called the UKF cluster. These clusters contain extensive metadata about target information such as attribution origin, time of suspicious information generation.
Digital oriented language LAQIT

Figure 166 introduces the LAQIT concept. LAQIT is an efficient and secure way to transfer information from within the trusted target party's network. LAQIT offers various modes that can switch between emphasis on readability and emphasis on security. Linear, atomic, and quantum modes are different individual modes of information transfer that provide different functions and applications. LAQIT is the ultimate form of secure communication. Because the weakest part of LAQIT is the privacy in the head. A key that can be stored efficiently and easily is stored only in the recipient's head and the message is decrypted in real time (using human memory) depending on the composition of the key, so Risk is virtually eliminated. The key only needs to be transferred once and stored in memory, so when the mobile phone is turned off, you may want to carry the key yourself, such as in a temporary encrypted email, etc., for a single stored event. More sophisticated privacy measures can be adopted. All security responsibility is to keep the key secret. Because of the simplicity of memorization, most security responsibilities are reduced. Block 900A shows the same consistent color sequence of recursive, red, orange, blue, green and purple repeated within the logically structured syntax of LAQIT. Block 900B further illustrates a color sequence that is used recursively to translate in the English alphabet. When constructing the alphabet "base" layer, this color sequence is used on purple channels with shortened non-uniform weights. The space left for syntax definition in the purple channel is reserved for future potential use and expansion. Stage 901 represents a complex algorithm reporting its log event and status report using LAQIT. In this scenario, encryption is disabled by preference, but encryption can also be selected. Stage A 1902A represents automatic generation of status report / log report. Stage A 2903 A represents converting the status report / log report into a portable text based LAQIT syntax. Stage A 3904 A represents the transfer of syntactically insecure information that can be transferred over digitally encrypted channels (eg, VPN 12) or unencrypted channels (eg, plain HTTP) There is. Encrypted channels are desirable but not required. Stage A 4905 A represents converting a portable text-based syntax into a very readable LAQIT visual syntax (eg, linear mode). Stage 911 represents the target recipient as a human. This is because LAQIT is designed, intended and optimized for recipients of non-computer / non-AI information. Stage 906 indicates that the sender of the confidential information is a human. Such people may represent information agencies and whistleblowing systems. Such sender 906 is designed to transfer the LAQIT encryption key without leaving any trace of such key 939 in persistent storage, via a secure, temporary encryption tunnel. , Directly to the human recipient 911. A human recipient 911 stores the key 939 in memory and ideally removes any storage traces that the key had on the digital system to eliminate the possibility of hacking. This is possible because the key 939 is optimized for human memory and is based on a relatively short sequence of figures. Stage B 1902 B represents locally unsecured text entered by sender 906 for submission to recipient 911. Stage B 2903 B represents converting such text 902 B into a portable encrypted text based LAQIT syntax. Stage B 3904 B represents the transfer of syntactically secure information that can be transferred over digitally encrypted channels (eg, VPN) or unencrypted channels (eg, plain HTTP) . Stage B 4905 B represents data conversion to a visually encrypted LAQIT syntax (eg, atomic mode at encryption level 8), which is later presented to human recipient 911.

Figure 167 compares all of the major types of languages available (ie, information transfer mode) to compare the effectiveness in transferring information through the use of information channels such as location, shape, color, and sound. It shows. The most effective, efficient, and usable languages are languages that can effectively incorporate and exploit most channels. The incremental recognition effect (IRE) 907 is a channel of information transfer. This is characterized by the effect that the complete form of the unit of information can be recognized before the information is completely transmitted. This is similar to ending a word or phrase before the subject is complete. LAQIT incorporates this predictable index effect by displaying word-to-word transitions. For a skilled LAQIT reader, while the block is moving to a certain position and has not yet arrived, it can begin to form the word to be displayed. The approximate recognition effect (PRE) 908 is a channel of information transfer. This is characterized by the effect that the complete form of the unit of information can be recognized whether it is broken, mixed or altered. This can be explained by the English words "character" and "chracaetr". The outer boundary of this unit is defined (first and last letters), but the words are still defined as a whole, due to the closeness of this mixed letter. In written English 912, typical English text combines letter position, letter shape, and recognition of the entire word, not individual letters that are grouped together as described in IRE 907. . In speech 913, the average verbal speech combines the position of the words (the order in which the words are emitted), the shape representing the frequency of the pitch, and the audible emphasis. The Morse code 915 is made up of the binary position of the changing sound. Predictive recognition of the recipient of the information is enabled by the IRE 907, but the Morse code is not contiguous as it flows information progressively. In hand signal 915, the position and formation of the hand movement determine the information. Hand signals vary from signaling to an airplane to stopping a truck. There is no prophetic ability or near. Therefore, there is neither IRE 907 nor PRE 908. The LAQIT 916 can make the best use of the information channel as compared to competing languages 912-915. This means that more information can be transferred in less time and less media (e.g. space on the screen). By providing such a capacity margin, complex functions such as strong encryption can be effectively incorporated. The LAQIT sound encryption 909 allows the LAQIT to further encrypt information by utilizing the sound information channel. Therefore, it is considered possible to transfer information through voice, which is impossible in plain communication.

Figures 168-169 illustrate the linear modes of LAQIT characterized by simplicity, ease of use, high information density, and lack of encryption. Block 917 shows a "basic rendering" version of linear mode. Point 918 indicates that it is not encrypted. The linear mode does not allow efficient space allocation of the graphical obfuscation 941 underlying the encryption in atomic mode. Instead, the linear mode is optimized to transfer information at high density and to use the presentation screen efficiently. In the word separator 919, the color of this figure represents the letter following the word and acts as a break between the word and the next word. This is the same syntax as atomic procedure atomics. Color codes representing question marks, exclamation marks, terminators, commas are all applicable. The single view zone 920 shows that the basic rendering 917 incorporates a small view zone with larger characters and thus less information as compared to the advanced rendering 918. Advanced rendering is characterized by its dual view zone 922. With advanced rendering, there are more active characters per pixel, as LAQIT readers are expected to be able to catch up in terms of speed. Therefore, there is a trade-off dilemma between presentation speed and information density. Shading cover 921 fogs the incoming and outgoing characters so that the observer's primary focus is on the view zone. Despite this coverage, the shaded cover is partially transparent to give the observer the ability to predict incoming words and to verify and check outgoing words. This is also referred to as incremental recognition effect (IRE) 907. High density information transfer 923 shows how more information is transmitted per pixel as each character is smaller and more characters are presented in the same wide space.

Figures 170-171 illustrate the nature of atomic modes that allow for a wide range of encryption levels. The base 924 main character reference specifies general principles as to which characters are defined. When the base is red, it indicates that the character is between the letters A to F (including both ends) according to the alphabet reference 900B. It is possible to read the words (without the kicker 925) alone. For example, you can use induction to guess the spelling of a word. A total of five possible shapes can exist to enable encryption. The kicker 925 exists in the same color range as the base and defines the particular character exactly. Without a kicker, one definition, for example the definition that the red base is the letter A, also represents itself without a kicker. To enable encryption, a kicker can be present in a total of five possible shapes. In the reading direction 926, the reading of the communication starts from the square at the top of the bearing ring 1. Reading is performed clockwise. When the race is completed, the leader continues from the square at the top of the next race (wheel 2). The entry / exit portal 927 is the point of creation and destruction of the character (its base). A new character belonging to the relevant trajectory emerges from the portal and slides clockwise to that position. Nucleus 928 defines the character following the word. Typically, this is the character space, which indicates that the sentence continues after this word is presented. Color codes representing question marks, exclamation marks, terminators, commas are all applicable. It also indicates whether the same word is to be continued in the new information state, as all three orbital rings are filled to their maximum capacity. When one orbital ring 929 is full, the character overflows to the next (larger) orbital ring. The limit of bearing ring 1 is 7, wheel 2 is 15, and ring 3 is 20. This allows up to 42 characters (including possible fakes) in the atom. When the 42 character limit is reached, the word is divided into 42 segments and the kernel will indicate that the next information state is the continuation of the current word. In word navigation 930, each block represents the entire word (or multiple words in molecular mode) on the left side of the screen. When a word is displayed, each block moves outward and to the right, and when the word is completed, the block is retracted. The color / shape of the navigation block is the same color / shape as the base of the first letter of this word. In sentence navigation 931, each block represents a cluster of words. A cluster is the largest amount of words that fit in the word navigation pane. If the sentence navigation block is as it is, or if it is the last one of a lot, it is likely to represent a cluster of words smaller than the maximum capacity. Atomic state generation 932 is a transition that induces an incremental recognition effect (IRE) 907. Such transitions cause bases 924 to emerge from the entry / exit portal 927 and their kickers 925 are hidden and move clockwise to occupy their position. During this transition, a skilled LAQIT reader can predict partial or whole words before the kicker 925 is revealed by the IRE 907. This is similar to the auto-completion feature of most search engines, and uses the initial set of information to estimate the rest of the sequence. The atomic state extension 933 is a transition that induces an approximate recognition effect (PRE) 908. When the bases 924 reach their locations, those bases move outward in the "extended" sequence of the information state presentation. This can reveal the kicker 925 and present a specific definition of the information state. A skilled reader of LAQIT does not have to scroll through the individual letters little by little to build up the words progressively. Rather, by looking at the entire structure as a whole, the PRE 908 will immediately recognize the meaning of the word. Atomic state destruction 934 is a transition that induces an incremental recognition effect (IRE) 907. At this stage, the base 924 is retracted to reverse the kicker 925 again (with the extension sequence 933 reversed). The base slides clockwise to reach the inlet / outlet portal. In fast rendering of information states, skilled readers of LAQIT will be able to complete word recognition using destructive transitions. This is useful when there are very few opportunities (a fraction of a second) to see extended atomic states (the appearance of a kicker).

172 to 174 show an outline of the encryption function in atomic mode. Since LAQIT provides a means to transfer information efficiently and at high density, there is sufficient information bandwidth to cover the implementation of encryption. This syntactic encryption differs from conventional cybersecurity encryption in that it requires the intended recipient of the information to decipher the information in real time with the stored key. This reduces the risk that data in motion, data in motion, and data in use will be read and understood by malicious, unauthorized persons. The complexity of encryption changes to nine standardization levels 940, which is a trade-off between readability and security strength. In figure obfuscation 941 (levels 1-9), the standard square is replaced with five visually distinguishable figures. The distribution of shapes within the syntax allows for the insertion of dud (fake) characters at strategic points of the atomic profile. The dadd character obfuscates the true intended meaning of the message. Decoding whether the character is true or false is performed by a secure and temporarily transferred decryption key. If the letter is compatible with the key, it is relied on in word calculation. If it is incompatible with the key, it is ignored in the calculation. In redirect bond 942 (levels 4-9), the bond combines two characters and changes the flow of reading. Starting with a typical clockwise reading pattern and encountering a bond that launches (starts) landing legal / non-false characters, it modifies the reading pattern and resumes the landing character. At the radioactive element 943 (levels 7-9), some elements that can reverse the assessment of whether a character is a fake can "make a noise". The figure 935 shows the figures available for encryption: triangles, circles, squares, pentagons and trapezoids. Center element 936 indicates the center element of the trajectory that defines the character immediately following the word. Such elements are red for an end, orange for a comma, blue for a space, green for a question mark, and pink for an exclamation mark. An example of encryption 937 illustrates graphical obfuscation 941 applicable to encryption levels 1-9. The central element 936 is shown at the center of the trajectory, and the dadd character 938 is the main means of encryption with figure obfuscation 941. In the left dadd there is a circle-square sequence. The right dadd has a square-triangle sequence. Since both of these sequences do not exist in the encryption key 939, the reader can recognize them as a dud. Thus, they can be skipped when calculating the meaning of the information states.

175 to 176 show the mechanism of the redirect bond 942. The encryption example 944 shows redirect bonds 942 and 945. These are "participation rules" for redirect bonds,
1) When the bond is reached, the clockwise behavior is abandoned since it follows the bond by default.
2) When tracing the path: The launch character, that is, the character whose path starts from that character, is counted as part of the sequence.
3) When following the path: The landing character, that is, the character whose path ends at the character, is counted as part of the sequence.
4) The path can only be traced once.
5) A particular instance of a letter, which can only be counted once.
6) The path must be followed only if both launch and landing characters are not dud. In redirect bond 945, the bond starts with the "launch" character and ends with the "landing" character. Either letter may or may not be dud. If none of them is dud, the bond changes the reading direction and position. If one or both are duts, the entire bond must be ignored. Otherwise, the message will not be decoded correctly. Although each bond has the correct direction to be read, the order is not explicitly described, but must be guided by the current reading position of the state of information and the configuration of the dud. The dadd character 946 shows how these two dadd characters make decoding more complex and thus resistant to brute force attacks. This is because the combination of figure obfuscation and re-redirect bonding leads to exponentially difficult tasks for brute-force attackers. Bond Key Definition 947: If a bond must be followed when reading the information state, it depends on whether it is specifically defined in the cryptographic key. Possible definitions are single bond, double bond and triple bond. A potential case scenario of falsely reading the redirect bond (for not knowing the bond key 947) is shown in the incorrect interpretation 949. Such incorrect interpretation 949 will lead to the message "RDTNBAIB" but the true message of correct interpretation 948 is "RABBIT". There are multiple possibilities to misinterpret redirection bond 945 in order to exploit the complexity of graphical obfuscation 941 to create an exponentially secure message. As shown in Correct Interpretation 948, there is only one correct way to interpret a true correct message.

177 to 178 show the mechanism of the radioactive element 943. FIG. The encryption example 950 shows radioactive elements 943 and 951. These are the "participation rules" for radioactive elements,
1) It is recognized that the radioactive element is unstable or vibrating during the expansion phase of the information state.
2) The radioactive element can be either radioactive or quiescent.
3) The active radioactive element indicates that its state of being a dud has been reversed. For example, if the composition of a graphic indicates that it is a dud, it is false positive, and in fact it is not counted as a dud, but is counted as an actual character. If the composition of the figure indicates that it is genuine, it is false positive and is counted as a dud, not an actual letter.
4) The dormant radioactive element indicates that its condition, whether it is a dud or an actual character, is not affected.
5) A group of radioactive elements is defined by the presence of continuous radioactivity inside the orbital ring. When the radioactive elements are adjacent to one another (within a particular orbital ring), they form clusters. If the radioactive element's neighborhood is non-radioactive, this is the upper limit of the cluster.
6) The key defines which cluster is active / inactive. For example, if the key implies a double cluster, then all double clusters are radioactive and all single and triple clusters are dormant. The radioactive element 950 indicates that the character (or element) is considered to be radioactive if it is shaken vigorously in the expansion phase of the information presentation. For classification of encryption levels, atoms containing radioactive elements always have interatomic bonds. As radioactive elements change the classification of letters as to whether they are duds, security obfuscation increases exponentially. The double cluster 952 is shown to be counted as a cluster (double) because there are two radioactive elements in a certain sequence and in the same orbit. Whether they are treated as active or inactive is defined by the encryption key 954. In the single cluster 953, the scope of the cluster is defined because both adjacent nodes are non-radiative. Since the key designates dual clusters as valid, this element 953 is processed if it is not radioactive at all. In the double cluster key definition 954, since the key defines a double cluster as active, clusters of all other sizes are considered dormant while decrypting the message. An incorrect interpretation 956 shows that the interpreter did not treat the double cluster 952 as a reverse sequence (false positive). This is the correct answer since it belongs to the active radioactive cluster (verified by the key 954) which in step 956A instructs the decryption process to interpret the characters in reverse despite being not dud Means to ignore it. While the shape obfuscation 941, redirect bond 942, and radioactive element 943 are being used simultaneously, one who does not know the key can guess all potential combinations using brute force attacks in a practical sense I can not An incorrect interpretation 956 indicates that an interpreter without the key 954 may misunderstand a redirection bond 956 B that is not supposed to be adhered to according to the correct interpretation 955. This has led to the result of a totally different message: "RADIT" rather than "RABBIT". Details of the means for correctly deciphering the message are given in "correct interpretation 955".

Figure 179 shows the possible molecular modes for encryption and streaming 959. In the secret dictionary attack resistance 957, a false decryption of a message leads to another message of "red herring". This gives the addict a false impression that the message has been successfully decoded while receiving a fake message that acts as a cover for the real message. Using multiple active words per molecule 958, words are presented in parallel during the molecular procedure. While this increases the information per surface area ratio, it requires a more skilled reader with consistent migration rates. The word navigation indicates that there are four words currently active. However, due to the obfuscation of the redirect bond, the words of the message exist partially and totally across multiple atoms in the molecule. Binary and streaming modes 959 indicate streaming modes, and in a typical atomic configuration the read mode is binary. Binary mode indicates that the central element defines the character following the word (eg, question mark, exclamation mark, terminator, space, etc.). Molecular modes are also binary. However, unless the encryption compliant with the streaming mode is enabled. Streaming mode refers to special characters such as question marks in the orbit. This is done because a word is present across multiple atoms in an encrypted molecule, so that a particular central element can not exist exclusively for a particular word. At molecular bond 960, the molecular information state is not an exclusive encryption function and can be a catalyst for encryption obfuscation. The three modes of encryption (graphic obfuscation, redirection bonds, and emissive elements) have a sharp increase in security strength when placed in a molecule-oriented environment. The read direction key 961 indicates that the default read direction is from left to right in row 1 and then from left to right in row 2, while the read direction is being replaced by the encryption key. This increases the intended message obfuscation and improves message privacy / security. The redirect bond has the highest priority, and also takes precedence over the direction defined in the key (unless the bond is dud).
Summary of Universal BCHAIN All Connections (UBEC) with Base Connection Cooperative Attack Integration Node (BCHAIN)

FIG. 180 shows a BCHAIN node 1001 including and executing a BCHAIN compatible application 1003. Communication Gateway (CG) 1000 is the main algorithm for BCHAIN node 1001 to interact with its hardware interface and then to communicate with other BCHAIN nodes 1001. Node Statistics Survey (NSS) 1006 interprets behavior patterns of remote nodes. The node escape index 1006A tracks the possibility that an adjacent node avoids a perceptual node neighborhood. A high escape index indicates a more chaotic environment that requires sophisticated strategies to work on.
Example: A car smartphone on a freeway shows a high node escape index. The refrigerator at Starbucks exhibits a very low node escape index.
Node saturation index 1006 B tracks the amount of nodes that are within the detection range of perceptual nodes. A high saturation index indicates a congested area with a large number of nodes. While this may have a positive and negative impact on performance due to supply and demand trade-offs, dense node areas are expected to be more stable / predictable and thus less chaotic Be done.
Example: Starbucks, located in the heart of New York City, has a high node saturation index. The tent in the middle of the desert has a very low node saturation index.
The node consistency index 1006 C tracks the quality of the node service interpreted by the perceptual node. A high node consistency index indicates that neighboring neighbors tend to have more availability uptime and performance consistency. Nodes used for two purposes tend to have lower consistency indexes, while nodes dedicated to BCHAIN networks show higher values.
Example: A node with two purposes, such as a company employee's computer, has less available resources during working hours and more available during lunch breaks and absence of employees, so the consistency index is lower Become.
The node overlap index 1006 D tracks each other's amount of overlap between nodes as interpreted by the perceptual nodes. Although there is a tendency that there is a correlation between the overlap index and the saturation index, the overlap index indicates the amount of overlap between adjacent indexes, and the saturation index can be distinguished in that only physical tendencies are handled. Thus, a high saturation index with a wide radio range on each device leads to a high overlap index.
Example: The device initiates an intrusion into a specific sector of the BCHAIN network where a new BCHAIN optimization microchip (BOM) is installed. The device is equipped with a high gain directional antenna with advanced beamforming technology. Thus, in those sectors, the overlap index is increased because of nodes with overlapping communication structures.

FIG. 181 shows the core logic 1010 of the BCHAIN protocol. The custom chain recognition module (CRM) 1022 interfaces with custom chains (which may be Appchains or Microchains) previously registered by the node. Thus, this node has encrypted access to read, write and / or manage capabilities for such functions. This module notifies the rest of the BCHAIN protocol when an update is detected in the Appchain section of Metachain or the Metachain emulator of Microchain. The content claim delivery (CCD) 1026 receives the verified CCR 1018 and then sends the appropriate CCF 1024 to fulfill the request.

FIG. 182 shows a strategy generation module (dynamically generating a new strategy arrangement 1054 by mixing the complex strategies the system prefers via the optimization strategy selection algorithm (OSSA) using the creation module 18 Dynamic strategy adaptation (DSA) 1008 managing SCM) 1046 is shown. The new strategy changes according to the inputs provided by Field Random Interpretation (FCI) 1048.

FIG. 183 shows encrypted digital economic interchange (CDEE) 1056 with various economic personalities 1058, 1060, 1062 and 1064 managed by a graphical user interface (GUI) under the UBEC platform interface (UPI). There is. In personality A 1058, only node resources that are consistent with what is consumed are consumed (if any). Personality A is ideal for casual and frugal consumers with mild to moderate communication. Live streams such as VoIP calls (eg, Skype) and prioritized information transfer are minimized. Personality B 1060 consumes as many resources as possible, as long as the profit margin is greater than X. (Extra units of work can be traded in alternative currencies, such as cryptocurrency, legal banknotes, precious metals, etc.). Personality B is ideal, especially for nodes configured to contribute to the BCHAIN network infrastructure for profit motives. Thus, such a node is typically a permanent infrastructure facility that runs on a commercial power source rather than a battery-powered device, and has strong computer internals (such as wireless capabilities, CPU strength, hard disk size, etc.), For example, having a fixed appliance etc. The personality C 1062 pays a unit of work through the trading currency (encryption, legal bill, precious metals, etc.) so that it can consume content while consuming less node resources. Personality C wants to benefit from a large consumer of information transfer, or a BCHAIN network, but the device's resources are exhausted (eg, smartphones run out of batteries quickly and warm in pockets) Ideal for those who do not want to). In the personality D1064, a resource of a node consumes content without expectation, as much as possible, whether it is consumption of content or financial compensation. The personality D is chosen by the person with the greatest interest in the strength of the BCHAIN network. (For example, core developers of the BCHAIN network can purchase and install nodes only to strengthen the network, not to consume content or generate revenue. Interpreting the current job situation (CWSI) 1066 determines the current surplus or deficit of this node in terms of workload credit by referring to the infrastructure economy section of the Metachain.Economically considered labor charges (ECWI) 1068 are selected Consider the economic personality along with the current working surplus / deficit to assess whether more work should be done now.

FIG. 184 shows symbolic recursive intelligence improvement (SRIA), which is a tripartite relationship of three different algorithms that can grow each other intelligently. LIZARD 16 can improve algorithm source code by understanding the purpose of the code. The I ² GE 21 can emulate a version of a virtual program of the generation, so that the most powerful program version can be selected. The BCHAIN network is a huge network of randomly connected nodes that can execute complex data-biased programs in a distributed manner.

Claims (76)

  An artificial intelligence computer security system, the system comprising: a memory for storing programmed instructions; a processor connected to the memory to execute the programmed instructions; and at least one database; A system comprising a computer implemented system that provides specified functionality. The computer-implemented system is critical infrastructure protection and retaliation (CIPR / CTIS) with cloud and layered information security,
a) a credit platform with a network of agents that report hacker behavior,
b) Further equipped with a managed network and security service provider (MNSP) that provides managed cryptographic security, connectivity and compliance solutions and services,
A virtual private network (VPN) connects the MNSP and the trusted platform, and the VPN provides a communication channel with the trusted platform, and the MNSP is configured to be able to analyze all the traffic of the enterprise network, The system of claim 1, wherein the traffic is routed to the MNSP. The MNSP is
a) A zero database deductive real-time defense (LIZARD) by logical reasoning, which derives goals and functions from foreign code and blocks the foreign code in response to the presence of malicious intent or lack of a justifiable motivation. , Deductive real-time defense of zero database by logical reasoning, analyzing the threat itself without referring to historical data up to that point,
b) A pseudo-security threat (AST), which provides a virtual security scenario to test the effectiveness of the security ruleset,
c) a creation module, which performs processing to intelligently create a new hybrid shape from the previous shape,
d) Collusion detection: identify information linkages, extract security related behavior patterns, provide periodic identity checks for multiple collusion security events, and determine patterns and relationships between seemingly unrelated security events Try to try, with collusion detection,
e) Security behavior, storing and indexing events and their security responses, said responses including block / permission decisions,
f) Iterative Intellectual Growth / Intelligent Evolution (I ² GE), using big data and malware signature recognition to emulate possible future malware changes by leveraging AST with the creativity module , Iterative intellectual growth / intellectual evolution,
g) Critical Thinking Memory Perception (CTMP), which criticizes the block / approval decisions and acts as a complementary layer of security, cross-reference information from I ² GE, LIZARD, and credit platforms With collection of critical thinking memory perceptions that make use of collections, the CTMP estimates the ability to construct objective decisions about a matter and refrains from asserting decisions made based on internal low confidence 3. The system of claim 2, comprising critical thinking memory perception.   The system according to claim 3, wherein the LIZARD light client is configured to operate with a device of the corporate network and securely communicates with the MNSP's LIZARD.   The Demilitarized Zone (DMZ) has a subnetwork with an HTTP server that is at a security disadvantage over regular computers, so that it does not expose the rest of the enterprise network to such security penalties. The system of claim 3. The I ² GE has an iterative evolution in which multiple evolutionary strains are developed and selected in parallel, and an iterated generation adapts to the same pseudo-security threat (AST) and a strain having the best personality trait The system according to claim 3, wherein, after all, this security threat is best resisted. The LIZARD is
a) A syntax module, which provides a framework for reading and writing computer code, and
b) a goal module, wherein the goal module derives a goal from code using the syntax module and outputs the goal to its own complex goal format;
c) virtual obfuscation, where corporate networks and databases are replicated in the virtual environment, sensitive data is replaced with simulated (fake) data, and the environment is dynamically changed in real time according to the behavior of the target, Virtual obfuscation, with the system as a whole containing more fake elements, or more real elements
d) signal mimics, which provide a shape of retaliation when analysis of virtual obfuscation is complete,
e) Internal consistency check, which checks that the integrity of all internal functions of the foreign code is correct, and
f) foreign code revision, using the syntax module and the goal module to combine the foreign code into a complex goal format;
g) Secret code detection, which detects codes secretly embedded in data and transmission packets;
h) Requirement map matching, comprising a hierarchical structure of mapped requirements and goals, which is referenced to determine whether the foreign code fits the overall purpose of the system,
For writing, the syntax module receives the complex-form target from the target module, writes code with arbitrary code syntax, the helper function translates the arbitrary code into actual executable code, and for reading The syntax module provides a syntactical interpretation of the code so that the target module can derive a functional goal of such code.
The signal mimicry is a false impression that malware has used the syntax module to decipher the syntax for communicating with the hacker, and then successfully hijacked such communication and sent confidential data to the hacker. The malware gives the malware the error code of the malware also sent by LIZARD, making this error code seem to come from the malware,
The foreign code revision builds a code set that uses the derived goals, so that only the desired goals read from the foreign code are executed in the enterprise and unintended execution of the function accesses the system The system according to claim 3, wherein it is ensured that nothing happens.   It shows how foreign code revision syntactically reproduces the foreign code to mitigate possible undetected malicious exploits, and the combined method compares and matches the declared goal with the derived goal. The goal module is used to manipulate the complex goal format, and using the derived goal, the requirements map matching maintains hierarchical structure and maintains the jurisdiction of all companies, The system according to claim 7, wherein, in response to the availability of jurisdiction-oriented request maps, the purpose of the code block is defined and justified, and the entered goals are incorporated into a recursive debugging process.   The recursive debugging loops through code segments to test for bugs, apply bug fixes, and if bugs still remain, the entire code segment is replaced with the original foreign code segment, The original code segment is then tagged to facilitate virtual obfuscation and behavioral analysis, and using the foreign code to revise the code, the target module and syntax module use the original state of the code. When it is necessary to interpret and install the original foreign code segment because there is a permanent bug in the revised version, the foreign code is referenced directly from the debugger, and in the revised code, the segment is tested by the virtual runtime environment , There is a coding bug The virtual runtime environment executes code segments, checks for the presence of runtime errors, and using coding bugs, errors that occur in the virtual runtime environment are defined in scope and type, consistent with purpose By de-compressing the code from the declared purpose using, the candidate for the solution to the coding bug is figured out, and the scope of the coding bug is an alternative format to avoid such bug. If it is rewritten in the form and the solution candidate is output and there is no other solution, the code revision for the code segment is lost and the original code segment coming directly from the foreign code is the final code The system of claim 8 used in a set.   For operation of requirement map matching, LIZARD Cloud and LIZARD Lite refer to the hierarchical structure map of the jurisdiction department of the company, and whether the input target is claimed or derived through the target module Regardless, requirement map matching verifies the basis for code / function to execute inside the enterprise system, and the master copy of the hierarchical map is stored in the LIZARD cloud of MNSP, and refers to the master copy The demand index in demand map matching is calculated and the pre-optimized demand index is distributed to the clients of all accessible endpoints, the demand map matching being the most appropriate system-wide Request a request for request And the corresponding output is a composite target format representing the appropriate request, according to claim 8 system.   The entire corporate LAN infrastructure is virtually restructured within the MNSP, and when the system performs behavioral analysis, the hacker is exposed to elements that are both in the real LAN infrastructure and in the virtual clone version LAN infrastructure. The exposure of the hacker to virtual clone infrastructure is increased to reduce the risk of the actual data and / or devices being compromised, if the result of such analysis indicates a risk. System. The system according to claim 3, wherein the malware root signature is given to the AST and a polymorphic variant of the malware is outputted from I ² GE and forwarded to malware detection to generate a new version / variation of the malware root signature. .   The malware detection is located at all three levels of computer configuration provided with user space, kernel space, and firmware / hardware space, all of which are monitored by the LIZARD light agent. The system described in. The computer-implemented system is Secret Machine Learning (MACINT) and Retaliation by Secret Operations in Cyberspace,
a) Intellectual Information and Configuration Management (I ² CM), which provides management, viewing, and control of intelligent information;
b) a management console (MC), further comprising a management console providing input and output channels to the user;
The I ² CM is
i) aggregation, using generic level criteria to block unnecessary and redundant information, merge and tag information streams from multiple platforms, aggregation,
ii) setting and introduction service, which is an interface for introducing a new enterprise property (computer, laptop computer, mobile phone) with correct security setting and communication setting,
iii) Division by jurisdiction, where the collection of tagged information is divided exclusively according to the corresponding jurisdiction to the user of the management console;
iv) Threat division, which organizes information according to individual threats,
The system according to claim 1, comprising: v) an automation control, which accesses the MNSP cloud, a trusted platform, or an additional third party service.   In the MNSP cloud, behavior analysis observes the state of the malware and the activities performed while in the simulated data environment, and when the malware is trying to transmit fake data to the hacker, the signal sent is: Fake hackers are routed to receive, the hacker interface receives the code structure of the malware, reverse-engineers the internal structure of the malware, outputs the hacker interface, fake hackers and fake malware virtual environment A fake hacker emulated in and virtual sends a response signal to the real malware to observe the next behavior pattern of the malware, and the hacker behavior of the real malware / False response code not related to status is given, The system according to claim 14.   Exploit scans identify the capabilities and nature of criminal assets, and the resulting scan results are managed by the exploit, which is transmitted by the credit platform via a retaliatory exploit database that infiltrates the targeted crime system. The retaliatory exploit database contains the backdoors installed and the means for exploiting criminal activity provided by the hardware vendor as a known vulnerability, and the integrated forensic forensic evidence database is The system of claim 14, comprising forensic evidence collected from a number of sources across companies in the United States.   Dual spy from crime system captures files of corporate network, firewall generates logs, logs are transferred to log aggregation, log aggregation is directed to long-term / deep scan and real-time / surface scan, data The system according to claim 14, wherein the system is separated into categories.   The deep scan contributes and works with big data utilizing collusion detection sub-algorithm and foreign entity management sub-algorithm, standard logs from security checkpoints are aggregated, selected by log aggregation low restriction filter, and events Index + tracking stores detailed information of events, anomaly detection determines possible risk events by using event index and security behavior based on the intermediate data provided by the deep scan module, foreign entities 18. The system of claim 17, wherein management and collusion detection involve event analysis.   The trust platform searches for an arbitrary computer, and determines whether the arbitrary computer or its related / nearby server (server to which the arbitrary computer connects) is a double or triple spy installed in the past for the trust platform. Check and Agent Search Check is performed on a trusted double spy index + tracking cloud and a trusted triple spy index + tracking cloud, and a trusted double spy on the optional computer through its trusted channel The exploit is pushed, the exploit tries to find the confidential file, quarantines the confidential file, sends the exact status of the confidential file back to the trust platform, and then the confidential file is said crime compilation It attempts to securely erase from over data system of claim 17.   An ISP API request is made via a trusted platform, and network supervision finds network logs on the optional system and the possibility that the file has been transferred to the crime computer, and uses metadata to send the file to which computer It is determined with a high degree of certainty that the network supervisor discovers the details of the crime computer network, sends such information to the credit platform by another route, and uses the credit platform 20. The system according to claim 19, showing a method of exploiting installed backdoors that can execute security APIs provided by software vendors and hardware vendors and support judicial investigations.   The trusted platform performs a software or firmware update on the crime computer to install a new backdoor and push a placebo update to nearby similar devices to protect the covert and target Identity details are sent to the credit platform, the credit platform communicates with the software / firmware maintainer 287, pushes placebo and backdoor updates to the appropriate computer, and the backdoor updates the criminal computer Introduced a new backdoor to the crime computer system by using the software update system already If you transfer the quidor to the target, in addition to a computer that has even above average exposure to the target, and deploy the exploit through backdoor updates, confidential files can be analyzed for their metadata usage history later The system according to claim 14, wherein quarantined, copied, captured forensic data is collected and sent to an exploit contact at the credit platform.   In order to monitor the crime system for any and all changes / updates, a long-term priority flag is pushed to the credit platform, the enterprise system submits the target to the warrant module, which scans all the inputs of the line system Search for any relevance of the defined target, and if there is a match, the information is passed to the enterprise system, and the enterprise system defines the warrant and tries to infiltrate the target, said input The system according to claim 14, wherein is transferred to a desired analysis module, which synchronizes mutually useful security information. The computer-implemented system is a zero database deductive real-time defense (LIZARD) by logical reasoning,
a) Static core (SC), which comprises mainly immutable program modules,
b) Iteration module to modify, create, and dispose of modules on the dynamic shell, use AST for security performance reference, and use the iteration core to handle the automatic code description methodology To the iteration module,
c) A difference change algorithm, which changes the base version according to the defects found by the AST, and after the difference logic is applied, a new version is presented, and immediately thereafter, the iteration core is recursively called, ART Go through the same process that was tested by the delta change algorithm,
d) A logical subtraction algorithm, which receives a known security response of the dynamic shell version from a pseudo security threat (AST), the LDA also determines which code set configuration achieves the known correct response, security scenario Logical subtraction algorithm to infer according to
e) a dynamic shell (DS), which mainly comprises a dynamic program module automatically programmed by the iteration module (IM),
f) Code quarantine, which isolates foreign code in a restricted virtual environment,
g) Secret code detection, which detects codes secretly embedded in data and transmission packets;
h) Foreign code revision, further comprising a foreign code revision that revises a part or all of the code and allows only the revision to be executed after the goal of the foreign code is derived;
All corporate devices are routed to LIZARD, and all software and firmware that runs corporate devices are hard-coded to perform any kind of download / upload like LIZARD as a persistent proxy, LIZARD Interacting with three types of data, including data in motion, data in motion, and data in use, LIZARD interacts with data media, including files, email, web, mobile, cloud and removable media The system according to claim 1. a) AST overflow relay, where the data is relayed to the AST for future version improvement when the system is only able to judge low confidence, which is AST overflow relay;
b) an internal consistency check, which checks whether all internal functions of the block of foreign code fit together;
c) In the mirror test, make sure that the input / output relationship of the revised version is the same as that of the original code, so that any hidden exploits present in the original code will not be used Never run again, with mirror test,
d) requirements map matching, which comprises a hierarchical structure of mapped requirements and goals, and which is referenced to determine whether the foreign code fits the overall purpose of the system;
e) an actual data synchronization unit, which is an actual data synchronization unit, selects which priority is given to the data to be given to the mixed environment, thereby making it impossible to access confidential information to suspected malware;
f) a data manager, which is an intermediary interface between entities and data coming from outside the virtual environment,
g) virtual obfuscation, which is a gradual and partial sinking into a virtualized fake environment, which clutters and restricts code, virtual obfuscation,
h) A secret transport module, which secretly transfers malware to a simulated data environment without informing the malware, and
24. The system of claim 23, further comprising: i) data recall tracking, which tracks all information that is uploaded to or downloaded to the suspect entity.   A goal comparison module that compares the four different types of goals and that the presence and behavior of the entity is rational and understood by LIZARD in producing good results for the overall goals of the system 25. The system of claim 24, further comprising a goal comparison module that guarantees.   The iteration module uses the SC to syntactically change the code base of the DS according to the defined goals from the Data Relaying Relay (DRR), the modified version LIZARD being a number by the AST 26. The system of claim 25, wherein the system is stress tested in parallel under various security scenarios of. Inside the SC, the logical derivation logically derives the required functionality from the earlier simpler functionality, whereby the entire tree of functional dependencies is built from the declared composite goals,
The code translation converts any general-purpose code that can be read directly by the syntactic module function into an arbitrarily chosen known computer language, and also performs a back translation from the known computer language to any code.
Logic reduction organizes the logic described in the code into simpler shapes and generates a map of interconnected functions,
The complex goal format represents a storage format for storing interrelated lower goals representing the entire goal,
The relevance of the goal is a hard-coated reference to find out which types of goals and functions of the behavior are pointing to,
Iterative extensions refer to the relevance of goals, add detail and complexity, and evolve simple goals into compound goals,
Iterative interpretation loops through interconnected functions and generates interpreted goals by referring to the relevance of the goals,
Together, the outer core is formed by a syntactic module and a goal module that derives logical goals from unknown foreign code and generates executable code from the goals of the declared function code by collaborating,
The foreign code is a code unknown to LIZARD, its function and intended goal are unknown, the foreign code is an input to the inner core, the derived goal is an output, and the derived goal The system of claim 26, wherein is the intent of any code as estimated by the goal module, and the derived goal is returned in a complex goal format.   The IM uses the AST for security performance reference, uses an iteration core to handle the automatic code description methodology, and the DRR requires LIZARD to make decisions with unreasonably low confidence If not, data on malicious attacks and addicts is relayed to the AST, and inside the iteration core, a Differential Modification Algorithm (DMA) from the inner core provides guidance on syntactic / purpose programming capabilities and system goals. Receive and use the code set to change the base version according to the defects found by the ART, and defects in security test results pass the base version while running the virtual execution environment Be presented visually to indicate a security threat The system of claim 27. Inside the DMA, the current state represents the dynamic shell code set with symbolically correlated figures, sizes, and locations, and the various configurations of these figures provide security information collection and security. Fig. 6 shows different configurations of responses, the AST providing possible responses of the current state, which may be false or correct responses;
Attack vectors act as symbolic demonstrations of cybersecurity threats, and direction, size, and color are all related to hypothetical security properties, such as attack vectors, malware size, and malware types. The attack vector symbolically collides with the code set to represent the security response of the code set,
The correct state represents the final result of the DMA process that produces the desired security response from the dynamic shell code block, the difference between the current state and the correct state result is the difference between the responses of the various attack vectors. Return to
The AST provides known security flaws in addition to the correct security response, and the logic inference algorithm uses the past version of the DS to provide excellent and well-equipped, called the correct security response program. The system of claim 28, wherein the system generates a version of the dynamic shell.   Within virtual obfuscation, questionable code is secretly assigned to an environment where half of the data is intelligently mixed with simulated data, virtually any target running in a real system Isolation allows for easy and confidential transfer to a partial simulated data environment or a fully simulated data environment, and the simulated data generator comes and uses the real data synchronizer as a template for creating counterfeit and useless data The perception of risk confidence in the perception of the foreign code affects the level of obfuscation chosen by LIZARD, and if there is a high degree of certainty that the code is malicious, an environment containing a large amount of simulated data is assigned, If the confidence in the code is malicious is low, either the real system or the 100% simulated data environment will Terra the system of claim 26.   Data recall tracking keeps track of all information uploaded from and downloaded to suspicious entities, and when simulated data is sent to a legitimate corporate entity, a callback is performed that recalls all simulated data, 34. The data is instead transmitted, and the callback trigger is implemented as described in Claim 30 so that legitimate enterprise entities withhold operations on specific information until it is verified that the data is not false. System.   Behavioral analysis tracks the download and upload behavior of suspicious entities to determine corrective action candidates, and the real system contains real data from the original, completely outside the virtual environment, and simulated data Is the location where the actual data is provided to the data recall tracking without filtering, thereby creating an actual data patch to replace the simulated data with the actual data on the previous suspect entity The data manager, which can be sunk in a virtually isolated environment, receives the actual data patch from the data recall tracking and fixes that the harmless code is revealed to be malicious by behavioral analysis The simulated data of the previous suspicious entity is performed by performing an action The secret token is a security string that is generated and assigned by LIZARD, which is replaced by the real data it represents, so that it does not go to the entity that is truly harmless, and if no token is found, this is: It shows a scenario where this legitimate entity is likely to be incorrectly placed in a partial simulated data environment for risk assessment that it is malware, and then a delay session with said delay interface is launched 32. The system of claim 31, wherein if a token is found, this indicates that the server environment is genuine, and thus the delayed session is invalidated.   Within the behavior analysis, the goal map is a hierarchical structure of the goals of the system that give goals throughout the enterprise system, and the declared goals, goals of the activity, and goals of the code base are those that the suspicious entity is doing. Whatever is compared to the original system requirements, activity monitoring monitors the storage, CPU processing, and network activity of the suspect entity, and the syntax module interprets such activity for the desired function, Such functionality is then translated into the intended goal in behavior by the goal module, the code base is the source code / programming structure of the suspect entity, transferred to the syntax module, and the syntax module Understand the syntax of the coding, and Reduce the activities of the target to an intermediate function linkage map, the goal module generates an output of the perceived intentions of the suspect entity, a code base goal, and a goal of the activity, the code base goal being a LIZARD Contains the said known goals, functions, jurisdictions and authorities of the entity, drawn by the syntactic programming ability of the program, and the goals of said activities are interpreted by the understanding of LIZARD storage, processing and network activities In addition, the known goals, functions, jurisdictions and authorities of the entity are included, and the declared goals are assumed purposes, functions, jurisdictions and authorities of the entity declared by the entity itself. , Said required goal is the period required by the enterprise system Target objectives, functions, jurisdiction scope and authority, and all goals are compared in the comparison module, and if there is a discrepancy between the goals, a goal divergence scenario is invoked leading to corrective action 32. The system of claim 31. The computer implemented system is critical thinking memory and perception (CTMP),
a) Critical Rule Scope Extender (CRSE), a Critical Rule Scope Extender, which receives a known Perception scope and extends the Perception's known scope to include the Perception's Critical Thinking scope.
b) Valid rules, indicating valid rules derived by using the perceptive critical thinking scope;
c) Rule execution (RE), the rule being checked as present and satisfiable by scanning the random field to generate the corresponding desired critical thinking decisions Do, rule execution,
d) Critical decision output, which is the critical decision output that generates the final logic to determine the entire output of the CTMP by comparing the conclusions reached by both the Perception Viewer Emulator (POE) and the rule execution And further
The POE generates an emulation of the observer and tests / compares all possible perception points using such various observer emulations,
The RE comprises a checkered plane, used to track the transformation of rulesets, and the objects on the plane represent the complexity of any security situation, while the "checkerboard of security" The system according to claim 1, wherein such object movement spreading over indicates the evolution of the security context managed by the response of the security rule set. a) Subjective opinion determination, which is a decision given by a selection pattern matching algorithm (SPMA),
b) input system metadata, including input metadata, provided by SPMA and describing the mechanical processes of the algorithm and the circumstances leading to such a determination;
c) event processing, which logically understands assertions by comparing property attributes; event processing;
d) rule processing, wherein the derived result rule is used as a reference point for determining the scope of the immediate problem;
e) Memory web, which scans the log for satisfiable rules;
f) Raw Perception Generation, receiving metadata logs from SPMA, such logs are parsed, and a Perception representing the Perception of such an algorithm is formed, said Perception being in Composite Perception Format (PCF) Raw Perception, stored and emulated by the POE, shows the perspective of the perception that has already been applied and used by SPMA.
g) Take advantage of the creation module that generates hybrid perception, which is an automated perception discovery mechanism (APDM), formed according to the input given by the perspective of applied perception, thereby extending the scope of said perception Automated perception detection mechanism, and
h) Estimate the scope and type of knowledge that may be unknown, which is self-critical knowledge density (SCKD) and beyond the limit of the reportable log, and this leads to critical thinking of the resulting CTMP By virtue of their ability to take advantage of all possible scopes of knowledge involved, critical thinking indicates the scope of rule-based thinking, with self-critical knowledge density,
i) further comprising a semantic derivation, which derives the data of the perspective of the perception, which is a semantic derivation (ID), which can be semanticized from the perspective of the currently applied perception;
35. The system of claim 34, wherein the SPMA is juxtaposed with the critical thinking performed by the CTMP via perceptions and rules. a) Resource Management and Allocation (RMA), where the adjustable policy defines the number of perceptions to be exploited to perform observer emulation, and the chosen perception of priority is selected in descending order of weight Resource management and allocation, which defines how to select truncation, whether the policy is a percentage, fixed value or more complex selection algorithm.
b) Storage retrieval (SS), using the CVF from the data extension log as a decision criterion in Perception Storage (PS) database retrieval, where in PS the perceptions and their corresponding weights are Storage search, stored with comparable variable format (CVF) as index;
c) metric processing, wherein reverse engineering is performed on variable assignment from the SPMA;
d) Perception inference (PD), wherein a perceptive inference (PD) is performed using the responses of the assignment and the corresponding system metadata to reproduce the original perception of the responses of the assignment;
e) A metadata categorization module (MCM), wherein debugging and algorithm tracking are divided into separate categories by syntax-based information categorization, said categories being correlated with risk and opportunity Metadata categorization module, which is used to organize and generate
f) metric combining, which divides the perspective of perception into categories of metrics;
g) metric transformation, which returns individual metrics to the entire perspective of the perception;
h) Metric extensions (ME), which store metrics of many different perceptual viewpoints in individual databases by category, metric extensions,
36. The system of claim 35, further comprising: i) a comparable variable format generator (CVFG), which converts the information stream to a comparable variable format (CVF). a) Perception matching, in which CVFs are formed from perceptions received from rule syntax derivation (RSD), and newly created CVFs have a similar index in the PS, in order to search for corresponding perceptions Perceptual matching, which is used for matching and matching candidates are returned to rule syntax generation (RSG)
b) Memory recognition (MR), in which random fields are formed from the input data;
c) Indexing of memory concepts, all concepts being individually optimized to an index, said index being used by the character scanner to work with random fields, memory concept indexing, and
d) A Rule Fulfillment Parser (RFP), which receives the individual parts of the rule with a tag of recognition, each part being marked as found or not found in the random field by memory recognition, A rule satisfaction degree parser that logically infers the whole rule, that is, the synthesis of all the parts of the rule is sufficiently recognized in the random field to be worth the RE.
e) Rule Grammar Format Splitting (RSFS), where the rules are split and grouped by type, so that all actions, properties, conditions and objects are bundled separately ,
f) Rule syntax derivation, where logical "white or black" rules are converted to metric-based perception, whereby a complex array of many rules is represented by many metrics of various gradients Rule syntax derivation, which is transformed into a single, uniform perception
g) Rule Syntax Generation (RSG), which receives previously identified perceptions that are stored in the perception format and that are involved in the internal metric configuration of that perception, and such gradient-based metric measurements are , Enumeration of the flow of information that is input / output of the original perception, converted into a binary and logical rule set, rule syntax generation, and
h) Rule Grammar Format Partitioning (RSFS), where the valid rules represent the exact manifestation of the ruleset according to the reality of the object being observed, the valid rules are split and grouped by type, so all Rules, rules, properties, and objects are bundled separately, which allows the system to determine which parts are found in the random field and which parts are not found Format division,
i) Intrinsic logical reasoning, using logical principles and thus avoiding errors, deducing what kind of rule accurately represents the gradient of the metric within the scope of perception, intrinsically Logical reasoning,
j) Metric context analysis, which analyzes interrelationships within the perceptibility of metrics, and some metrics may depend on other metrics in various magnitude relationships, and this contextualization is a "digital" rule set Metric context analysis, used to complement the mirrored interrelationships of rules within the formalism;
k) Rule-syntax formal conversion (RSFC), and in accordance with the syntax of the rule syntactic form (RSF), rearrange, divide, and intuitively decide rules, engage in critical thinking through leveraging perception, thinking Decisions are involved in critical thinking through the use of rules, perceptions are data received from intuitive decisions according to the formal syntax defined in the internal form, satisfaction rules are data received from thought decisions , And is a set of satisfiable rule sets from the RE, further comprising a rule syntax form conversion, wherein the data is passed according to the form syntax defined in the internal form,
An action indicates an action that may or may not be performed, is considered for activation, and a property indicates an attribute such as some property that describes something else Being a treatment, a condition, or an object, the condition indicates a logical operation or an operator, the object indicates a target that can have an attribute applied to it,
The split rule format is used as output from rule grammar format split (RSFS), which is considered as a pre-memory recognition stage, and as output from memory recognition (MR), which is considered as a post-memory recognition stage 37. The system of claim 36, wherein it is used. a) Random Field Parsing (CFP), which combines multiple log formats into a single scanable random field;
b) an additional rule, further comprising an additional rule generated from memory recognition (MR) to supplement said valid rule,
Within Perception Matching (PM), metric statistics provide statistical information from perceptual storage, and error management parses syntax errors and / or logical errors arising from any of the individual metrics, and individual metrics The node comparison algorithm (NCA) receives the node configuration of two or more CVFs, and each node of the CVF is a property, since it separates the individual metrics into a single unit that was input perception. 38. The method according to claim 37, wherein the degree of similarity is expressed, the degree of similarity comparison is performed for each individual node, the total variance is calculated, and a small value of the variance indicates that the degree of match is high. system. a) Raw Perception-Intuitive Thinking (Analog), which processes Perception according to the "Analog" format, and the Perception in Analog format related to said determination is stored in a smooth curve gradient without steps There is an raw perception-with intuitive thinking,
b) Raw rules-logical thinking (digital), which processes rules according to the "digital" form, and the raw form raw rules in the digital form pertaining to said decision have no or nearly no "fuzzy areas" Open rules further stored step by step-further comprising logical thinking,
Unsatisfied rules are rule sets that are not well recognized in random fields according to their logical dependencies, and fulfillment rules are fully available in random fields according to their logical dependencies. A rule set that is recognized as
Queue management (QM) utilizes syntactic relationship reconstruction (SRR) to analyze individual parts in the most logical order and to access the results of memory recognition (MR), thereby: It can answer binary yes / no-flow questions and take appropriate action, QM checks all rule segments in a step-by-step fashion, single segments missing from random fields, other segments and so on 39. The system of claim 38, wherein the ruleset is flagged as unsatisfied if not in a proper relationship.   Sequential memory organization is an optimized information storage for "chains" of ordered information, in memory access points the width of each of the nodes (blocks) is the stored object (nodes) Represents the observer's direct reachability, and in the reachability range, each character represents the point of direct memory access to the observer, and the wider reachability range is more reachable per sequence node The longer the sequence is that points are present and are only referenced "in order" and not referenced from randomly selected nodes, the narrower the reachability range (compared to the sequence size) and the nested sub-sequence layer In a sequence that exhibits strong non-uniformity, it is composed of a series of interconnected shorter subsequences That The system of claim 39.   Non-sequential memory organization deals with information storage of non-sequential related items, showing that reversibility shows non-sequential arrangement and uniform scope, non-sequential relation is relatively wide access point per node A similar uniformity exists when the order of the nodes is shuffled, and in the core topic and association, the same set of nodes is repeated except for different kernels (central objects), 40. The system according to claim 39, wherein this kernel represents the main topic acting as a memory neighborhood more easily accessible to the remaining nodes, as opposed to when the core topic is not defined. .   Memory recognition (MR) scans random fields to recognize known concepts, and random fields are "fields" of a concept that is arbitrarily lurking in the "white noise" information, and memory concept retention is Store the recognizable concept, ready to be indexed and referenced for field inspection, scan the random field, and check the 3-character segment corresponding to the target The five-character scanner scans the random fields and checks against the five-character segment that corresponds to the target, but now the segments checked by all the progress across the field are whole words, and the random fields are , Divided to scan at different rates As the scope of the scan narrows, the accuracy improves, and as the scanner's field area increases, larger character scanners perform recognition at the expense of accuracy, making them more efficient and indexing memory concepts (MCI) switches the size of the scanner in response to remaining unprocessed memory concepts, MCI starts with the largest of the available scanners and gradually decreases, thereby more 40. The system according to claim 39, wherein many computing resources are discovered and the possibility of checking for smaller memory concept targets can be checked.   Field Interpretation Logic (FIL) performs logistics to manage multiple scanners of varying character width, general purpose scope scanning starts logic from large character scanning, field at the expense of accuracy on a small scale Scrutinizing large scopes with less resources, detailed scope scans are used when critical areas are identified and need to be “zoomed in” there, thereby providing redundant, non-productive locations High-cost, high-precision scanning is guaranteed not to be used, and receiving additional recognition of memory concepts in random fields indicates that the field scope includes high density saturated memory concepts. The system described in.   In the Automated Perception Discovery Mechanism (APDM), perception perspectives are made up of multiple metrics, including scope, type, strength and consistency, which are metrics of the multiple perceptions that make up the overall perception. The aspect is defined, the creation module generates complex variations of perception, and the perception weights define how much the perception has relative impact while being emulated by the POE. 40. The method of claim 39, wherein the weights of both input perceptions are considered while defining the weight of the newly iterated perception, including hybrid metrics that have been affected from previous generations of perceptions. System described.   The input of the CVFG is a data batch, an arbitrary collection of data representing the data that must be represented by the node configuration of the generated CVF, and sequential each of the individual units defined by the data batch The data units used are converted to the node format and have the same configuration information as referenced by the final CVF, and the nodes converted in this way check their presence at the stage, Holdouts are temporarily stored, if they are not found, they are created, updated with statistical information including generation and use, all nodes with holdouts are assembled, pushed as CVF, as module output 40. The system of claim 39, wherein:   The node comparison algorithm compares two node configurations read from an unprocessed CVF, and in partial match mode (PMM), there is an active node in one CVF and it is not found as a comparison candidate (node is in hibernation) In this case, the comparison is not penalized, and in all match mode (WMM), there is an active node in one CVF and it is not found in the comparison candidate (the node is dormant) 40. The system of claim 39, wherein the comparison is penalized.   System Metadata Partitioning (SMS) divides input system metadata into meaningful security causalities and uses pre-sorted containers and raw analysis results from the categorization module with subject scanning / absorption The subject / suspiciousness of the security situation is extracted from the system metadata, the subject is used as the main reference point for deriving the security response / variable relationship, and the risk factor of the security situation by the risk scan / absorption, Extracted from system metadata using pre-created classification containers and raw analysis results from classification modules, risks being targets that are presenting or being exposed to such risks Relevant to the subject, categorized by response scan / absorb Using the pre-created classification container from the module and the raw analysis results, from the system metadata, the security situation response generated by the input algorithm is extracted, and this response is worthy of such response 40. The system of claim 39, wherein the system is associated with a security subject.   In MCM, format division separates and classifies metadata according to recognized format rules and syntax, and local formatting rules and syntax allow MCM modules to recognize pre-formatted metadata streams Debug tracking is a trace of coding levels that provides the variables / functions / methods / classes used and the type / content of the respective input and output variables, and the algorithm tracking is combined with the algorithm analysis results Software level trace that provides security data, and the resulting security decisions (permit / block) are the path to how that decision (justification) was reached, and for each element to make its security decisions Appropriate contributed It is provided with the weight system of claim 39.   In metric processing (MP), security response X represents a series of factors that contribute to the resulting security response chosen by SPMA, initial weights are determined by SPMA, and Perception Inference (PD) is one of the security responses. And the corresponding system metadata to reproduce the original perception of the security response, and the interpretation of the perception of the multidimensional series, the PD adopts the SPMA security response, and the corresponding input system meta Relating to data, it shows that SPMA regenerates the full scope of the intellectual "digital perception" as originally used, and the fill figure, the piled amount, and the multidimensional type are intelligent algorithm Digital parlor that captures the A interception system according to claim 39.   In the PD, the security response X is transferred as input to the calculation of rationale / reasoning, and by using the rationale / reasoning calculation, supply of intent of the input / output reduction (IOR) module, security response 50. The system according to claim 49, determining a justification, said IOR module using split input and output of various function calls listed in metadata, said metadata division being performed by said MCM. .   For POE, the input system metadata is the initial input used to generate the perception with CVF by Raw Perception Generation (RP2), and with Storage Search (SS) the CVF (derived from the data extension log) Comparable Variable Format) is used as a criterion in Perception Storage (PS) database search, in classification, perception is ordered according to final weight, data expansion log is applied to perception, block / permit Recommendations, and the SCKD tags the log to define the expected upper scope of unknown knowledge, and the data parse determines the original permissions or blocks determined by the original SPMA. Data to output Make a basic interpretation of Zhang log and input system metadata, CTMP criticize decisions according to perception in the POE and criticize decisions according to logically defined rules in rule execution (RE) 40. The system of claim 39.   For metric complexity, the outer boundary of the circle represents the peak of known knowledge about an individual metric and, towards the outer edge of the circle, the metric complexity is greater, while the center is the metric complexity The light gray in the middle represents the metric composition of the current set of applied perception perspectives, the dark gray in the outer represents the complexity of the metrics generally stored by the system. The goal of the ID is to increase the complexity of the associated metric so that the perception perspective can be multiplied by the complexity, and the dark gray surface area is the current cluster of applied Represents the full range of perception perspectives and the amount of scope left behind according to known upper bounds, extended and highly complex Then, the metric is returned as the complexity of the metric, the complexity of the metric is passed as the input of the metric transformation, and the metric transformation returns from the individual perception point of view to the whole perception point, whereby the final output is 37. The system of claim 36, assembled as a semantic perception aspect.   For SCKD, Known Data Categorization (KDC) divides known information categorically from input so that appropriate DB analogy queries can be performed, divides information into categories, and said divided The categories individually provide input to CVFG, which outputs category information in CVF format, which is used to check the similarity in known data scope DB by storage search (SS), SS results According to the corresponding scope of known data is tagged to each category and the tagged scope of unknown information per category is reconstructed in the unknown data combiner (UDC) into the same stream of original input 40. The system of claim 39. The computer implemented system is a lexical objectivity search (LOM),
a) Initial Query Inference (IQR), in which the question is forwarded and processed in order to decipher the missing detailed information that is necessary in understanding and answering / answering the question using the Knowledge Holding Center (CKR) Transferred for initial query inference, and
b) Survey clarification (SC), wherein the question and supplemental question data are transferred, receiving input from a human subject, sending output to a human subject, and clarifying the question / statement Clarification of investigation, forming
c) Constructing an assertion (AC), constructing an assertion, receiving a proposition in the form of an assertion or question, and providing an output of a concept related to the proposition;
d) Presentation of the answer, which is an interface for presenting the conclusion drawn by the AC to both human subjects and rational appeals (RA);
e) Hierarchical mapping (HM), which maps the relevant concepts, finds support or conflicts in the consistency of questions / expressions, and takes advantage of the risks and risks of taking a certain position on the topic Calculate, hierarchical mapping,
f) a knowledge retention center (CKR), which is the main database for referencing knowledge for LOM;
g) Knowledge verification (KV), knowledge verification that needs to be logically divided for querying and absorption into CKR, receiving high confidence and pre-criticized knowledge, and
h) Acceptance of the response, an option given to human subjects that either accepts the LOM response or appeals with criticism, and if the response is accepted, it is processed by the KV Can be stored in CKR as confirmed (high confidence) knowledge and forwarded to the RA to check and criticize the reason for the appeal given by a human subject if it does not accept a response , Acceptance of response,
i) A managed artificial intelligence service provider (MAISP), running the LOM's Internet cloud instance with the CKR master instance, LOM front-end services, back-end services, third party application dependencies, information The system of claim 1, further comprising a managed artificial intelligence service provider that connects to a source and a cloud of MNSPs.   Front-end services include artificial intelligence personal assistants, communications applications and protocols, home automation, and medical applications, while back-end services include online shopping, online transportation, prescription ordering, front-end services and back-end services Interacts with the LOM through a documented API infrastructure that enables information transfer and protocol standardization, and the LOM communicates knowledge from external sources through an automated search mechanism (ARM) 55. The system of claim 54, wherein it is retrieved.   Linguistic construction (LC) interprets raw query / expression input from human subjects and similar modules, generates logical divisions of language syntax, and concept discovery (CD) Receive points of interest in a structured question / statement, derive relevant concepts by leveraging CKR, and prioritize concepts (CP) receive relevant concepts, identify them with specificity and generality Organizing into logical layers of representation, response partitioning logic (RSL) understands human responses by leveraging LCs and associates appropriate and valid responses with the initial clarification request, thereby Achieving the goals of the SC, the LC will be re-utilized in the output phase, modify the original questions / expressions to include additional information received by the SC, and Text construction (CC) provides the CTMP raw facts for critical thinking, using assertion construction (AC) metadata and evidence from human subjects, to compare decisions (DC 2.) Determine the overlap between pre-criticized decisions and post-criticized decisions, and concept compatibility detection (CCD) compares conceptual derivations from the original question / statement Check the result of logical compatibility, Profit / Risk Calculation (BRC) receives the result of compatibility from CCD, and makes uniform decisions covering the slope of variables implicitly included in the concept configuration Weighted benefits and risks to form a concept linkage (CI), attributes associated with the concept of AC, information collected from human subjects via survey clarification (SC) Assigned to some system of claim 55.   Inside the IQR, the LC receives the original question / statement, the questions / statements are linguistically separated, and the IQR leverages the CKR to process individual phrases at a time and reference the CKR 57. The system according to claim 56, wherein IQR considers possible choices of options while taking into account word / phrase ambiguity.   The Study Clarification (SC) receives input from the IQR 802, which is a series of human subjects to respond for an objective response to the original question / expression to be achieved. Any clarifications made to the clarifications, including the clarifications requested, are forwarded to the response split logic (RSL), correlating the correspondence and clarification request, and the clarifications requested. In parallel, a linguistic linkage of clarification is provided to the LC, which includes the internal relation between the requested clarification and the language structure, which internal relation makes the RSL the original question. 57. The system of claim 56, wherein: the assertion can be modified, whereby the LC outputs the clarified question.   On the construction of the statement that received the clarified question / statement, the LC breaks this problem into points of interest and passes it on to the concept discovery, the CD derives the related concept by exploiting the CKR, Concept prioritization (CP) organizes concepts into logical layers, with the top layer being assigned the most general concept, and the lower layers being more specific. The upper layer is transferred to the hierarchical mapping (HM) as an input of the module, and in parallel transfer of information, the HM receives a point of interest, which is processed by its dependent module, the concept coordination (CI) , CI attributes to such points of interest by accessing information indexed by CKR When the HM completes an internal process, its final output is tested for compatibility with the derived concept and is returned to the AC after being weighted back with the benefit / risk of a position 56. The system described in.   About HM, CI provides input to the CCD, which identifies compatibility / contention levels between the two concepts, and such compatibility / contention data takes a holistic and unified position on the issue Said that compatibility and competition are converted to benefits and risks, transferred to BRC, such positions are transferred to AC as output of modules along with risk / benefit factors, systems including loops of information flow , Represents a gradually constructed objective response, in which the tendency of intelligence is gradually complemented as the subjective nature of the question / expression, and the CI receives points of interest and redefines the prioritized concept 60. The system of claim 59, wherein each point of interest is interpreted according to upper layers.   For RA, the core logic processes the language text and returns a result, and if the result is high confidence, the result is passed to knowledge verification (KV) for proper absorption into CKR and the result is low In the case of confidence, the results are passed to AC, passed to Knowledge Verification (KV) for proper absorption, continue the self-criticizing cycle, and the core logic is a pre-criticized decision without language elements Receive input from the LC, the decision is forwarded to the CTMP as a subjective opinion, and the decision also uses the metadata from the AC and the prospective evidence from the human subject to make the raw facts Such information will reach the "objective opinion" when it is transferred to context building (CC), which gives CTMP as the "objective fact" to input, and CTMP receives two mandatory inputs. It is processed to output the best attempt, the opinion is treated as a post-critic decision in RA, and both the pre-critic and post-critic decisions are between the two decisions. The decision to compare the scope of duplication is forwarded to the Decision Comparison (DC), which in turn is contrasted to explain why the appeal is found to be true or this appeal is invalid. 57. The system according to claim 56, wherein the high confidence result 846 is passed to the KV and the low confidence result is passed to the AC 808 for further analysis, regardless of whether it improves or admits or improves the scenario. .   For CKR, units of information are stored in the Unit Knowledge Format (UKF), and Rule Syntax Format (RSF) is a set of syntactic standards for keeping track of reference rules, and for multiple rules in RSF The unit can be used to describe a single purpose or action, the source attribute is a collection of complex data tracking the requested source, and the UKF cluster is information divided by jurisdiction Is composed of a chain of variants of the UKF linked to define, UKF2 contains the main targeted information and UKF1 contains the time stamp information, so infinite regression Because the timestamp field itself is omitted to avoid the UKF3 contains source attribute information, the source to avoid infinite regression Field itself is omitted, at least one UKF1 with one UKF3 must have been attached to all UKF2. Otherwise, the clusters (sequences) are considered incomplete and the information present there can not be processed by the general logic of the entire LOM system, but linked between the central UKF2 and the corresponding UKF1 and UKF3 There is a UKF2 unit that acts as a bridge, and a series of UKF clusters are processed by KCA to form derived representations, and knowledge-based analysis (KCA) relates to the UKF's clustered information on stances with an opinion. 57. The system according to claim 56, wherein CKR can output a dogmatic position that concludes on the topic after the KCA's processing is complete, in order to support the evidence.   For ARM, as represented by the user activity, when the user interacts with the LOM, the concept is brought about directly or indirectly in relation to the answer / response to the question / expression and the user activity is requested As shown in the list of not yet available concepts, CKR is expected to eventually generate a concept with almost no information about it, and the concept sort and prioritization (CSP) Definitions are received from three independent sources, aggregated to prioritize resources of information requests, and the data provided by the information sources are information aggregators (IAs according to the definition of the concept that requested them) Received and analyzed, the corresponding metadata is retained, and the information is Cross-reference analysis is sent to the (CRA), where the information received is compared with the existing knowledge of the CKR, is constructed in consideration of it, the system of claim 56.   Personal Information Profiles (PIPs) are places where personal information of individuals is stored via a large number of potential endpoints and front ends, and although personal information is isolated from CKR, it spans the entire LOM system In generic logic, personal information about artificial intelligence applications is encrypted and stored in a personal UKF cluster pool in UKF format, and in the Information Anonymization Process (IAP), the information is stripped of personally identifiable information 57. The system of claim 56, wherein the CKR is replenished and the cross-referenced analysis (CRA) compares the received information with existing knowledge from the CKR and builds in light of it.   Life Management and Automation (LAA) connects with various Internet-enabled devices and services on an integrated platform, Active Decision Making (ADM), front-end services, back-end services, availability of IoT devices and Considering the functionality and considering the available spending rules and amounts according to FARM, FARM is responsible for ADM 813 D's activities, with humans manually defining the criteria, limits and scope for said module. The ADM 813D is informed about the extent of the range, funds in cryptocurrency are deposited in the digital wallet, and the IoT Integration Module (IIM) maintains and maintains a database of which IoT devices are available. Feed 862B is an IoT compatible device 8 2A represents the time to send information to LAA812D, system of claim 56.   The system further comprises behavior monitoring (BM) that checks for the presence of unethical and / or illicit substances by monitoring requests from the user for personally identifiable data, metadata aggregation (MDA) ) Allows user related data to be aggregated from external services, reveal the user's digital identity, such information is transferred to the induction / deduction and finally to the PCD, where it is refined Analysis is performed using the supporting factor from the MNSP, and all information from the authenticated user, whose destination is the PIP, passes through the information tracking (IT) and is checked against the behavior blacklist In crime detection (PCD), deductive and inductive information is merged and analyzed to draw precoincidence conclusions, and PCD 55. Using CTMPs that directly reference behavior blacklists, validate the positions generated by induction and deduction, and the blacklist management agency (BMA) runs within the cloud service framework of MNSPs System described.   The LOM is configured to manage a personalized portfolio in the life of an individual, the LOM receives the first question, it concludes via the LOM's internal deliberative process, the LOM receives the data from it Connect to an LAA module that connects to an Internet-enabled device that can be controlled, and in context, the LOM infers the missing link in constructing the claim, and the LOM is raised by its logic to the original assertion 66. A system according to claim 65, which deciphers that in order to solve the dilemma, one must first know or assume certain variables relating to this situation. The computer implemented system is linear quantum information transfer (LAQIT),
a) Repeating a consistent color sequence recursively with a logically constructed syntax,
b) use the sequence recursively to translate in the English alphabet,
When constructing an alphabetic "base" layer, the color sequence is used in the color channel with shortened non-uniform weights, and the space left for syntax definition is the potential use and future of the syntax definition. Reserved for expansion,
Complex algorithms report their log event and status reports using LAQIT, log event and status reports are automatically generated, and the status report / log report is converted to portable text based LAQIT syntax And syntactically unsecured information is transferred digitally, and the portable text-based syntax is translated into a very readable LAQIT visual syntax (linear mode), and the key is for human storage. Optimized, based on a relatively short sequence of figures,
Locally unsecured text is entered by the sender and presented to the recipient, which is converted to portable encrypted text-based LAQIT syntax, and syntactically secure information is digitally And the data is transformed into a visibly encrypted LAQIT syntax,
The incremental recognition effect (IRE) is a channel of information transfer, and it recognizes the complete form of the unit of information before the information is fully transmitted, and the effect of this predictable index is the transition from word to word Incorporated by the display, the approximate recognition effect (PRE) is a channel of information transfer, complete or broken, mixed, or altered, a unit of information The system of claim 1, wherein the system recognizes a shape.   In the linear mode of LAQIT, the block represents a "basic rendering" version of the linear mode, point represents the lack of encryption, in word separator, the color of the figure represents the letter following the word, the word Acting as a break between the next word, a single view zone incorporates a smaller view zone with larger characters and thus less information, and a double view zone has more active characters per pixel 69. The system of claim 68, wherein a shading cover is present to cloud incoming and outgoing characters such that the observer's primary focus is on the view zone. In atomic mode, which allows a wide range of encryption levels, the main character reference of the base specifies the general principle as to which character is defined, the kicker exists in the same color range as the base and In the reading direction, the reading of the information transmission starts from the square at the top of the orbital ring 1, and once the orbital ring is complete, reading continues from the square at the top of the next orbital ring, The entry / exit portal is the point of creation and destruction of the character (its base) and a new character belonging to the relevant trajectory emerges from the portal and slides clockwise to its position, the nucleus follows the word Define the character,
In word navigation, each block represents the entire word (or multiple words in molecular mode) on the left side of the screen, and when a word is displayed, each block moves outward to the right When the word is complete, the block is retracted, the color / shape of the navigation block is the same color / shape as the base of the first letter of this word, and in sentence navigation each block represents a cluster of words, A cluster is the largest amount of words that fit in the word navigation pane, atomic state generation is a transition that triggers an incremental recognition effect (IRE), and such a transition causes the base to appear from the entry / exit portals. Kickers are hidden and move clockwise to occupy their position, atomic state expansion is an approximation recognition effect (PRE , And once the bases have reached that location, they move outward in the “extended” sequence of the information state presentation, which uncovers the kicker, thereby identifying the information state. The atomic state destruction is a transition that induces an incremental recognition effect (IRE), and the base is retracted (by reversing the expansion sequence) to cover the kicker again, 69. The system of claim 68, wherein is sliding clockwise to reach the inlet / outlet portal. In figure obfuscation, the standard square is replaced with five visually distinguishable figures, and the variance of the figure in the syntax allows to insert dud (fake) characters at strategic points of the atomic profile, and dud The characters obfuscate the true intended meaning of the message, and deciphering whether the character is true or false is done by the decryption key, which is securely and temporarily transferred,
In a redirect bond, the bond combines two characters, changes the flow of reading, and starts with a typical clockwise reading pattern and launches (starts) landing legal / non-false characters When encountered, change the reading pattern and resume the landing character,
For radioactive elements, some elements that can reverse the assessment of whether a character is a fake can "make a noise", the figure shows a figure that can be used for encryption, and the central element is 71. The system of claim 70, indicating a central element of a trajectory, defining a character immediately following a word.   In a redirect bond, the bond starts with the "launch" character and ends with the "landing" character, and neither character may or may not be dadd, and if neither of them is dadd, the bond is in the reading direction and If the position changes and one or both are duts, then the entire bond must be ignored, otherwise the message will not be decoded correctly and the bond key definition must follow the bond when reading the information state. 72. The system according to claim 71, wherein if different, it depends on whether it is specifically defined in the encryption key.   In a single cluster, both neighboring nodes are non-radiative, so the scope of the cluster is defined, and the key designates dual clusters as valid, so the element is processed if it is not originally radioactive, In a double cluster, the key definition defines a double cluster as active, so all other sized clusters are considered dormant while decrypting the message, and the incorrect interpretation is that the interpreter has a double cluster 72. The system according to claim 71, which shows that it was not treated as a reverse order sequence (false positive).   In molecular mode, encryption and streaming are possible, and in secret dictionary attack resistance, false decryption of a message leads to another message of "red herring", using multiple active words per molecule, and words are molecules Presented in parallel during the procedure, which increases the information per surface area ratio, but with a consistent transition rate, binary and streaming modes indicate streaming mode, typical atomic configurations read mode binary The binary mode indicates that the core element defines the character that follows the word, and the numerator mode is also binary, unless encryption based on streaming mode is enabled, and streaming 74. A mode refers to a special character in a trajectory Mounting system. The computer implemented system is a universal BCHAIN all connection (UBEC) with a base connection cooperation attack integration node (BCHAIN),
a) Communication Gateway (CG), which is the main algorithm for the BCHAIN node to interact with its hardware interface and then to communicate with other BCHAIN nodes,
b) Node Statistics Survey (NSS), which interprets behavior patterns of remote nodes, Node Statistics Survey, and
c) a node escape index, which tracks the possibility that an adjacent node avoids a perceptual node neighborhood;
d) a node saturation index, which tracks the amount of nodes within the detection range of a perceptual node,
e) track node service quality, which is the node consistency index and interpreted by the perceptual node, high node consistency index means that neighboring neighbors have more availability uptime and performance consistency Nodes that are tending to be used and used for two purposes tend to have lower consistency indexes, and nodes dedicated to the BCHAIN network have higher values, node consistency indexes, and
The system according to claim 1, further comprising f) a node overlap index, which is a node overlap index and tracks the amount of overlap of nodes with each other as interpreted by a perceptual node. a) A custom chain recognition module (CRM), connected with a custom chain containing Appchains or Microchains, registered in the past by a node, CRM detects updates in the Appchain section of the Metachain or Metachain emulator of Metachain or Microchain Custom chain recognition module, which informs the rest of the BCHAIN protocol when
b) Content claim delivery (CCD), receiving the verified CCR, and then transmitting the corresponding CCF to fulfill the request, Content claim delivery;
c) Dynamic Strategy Adaptation (DSA), using creation modules to dynamically create new strategy placement by hybridizing the complex strategies that the system prefers via the Optimization Strategy Selection Algorithm (OSSA) Create, manage strategy generation module (SCM), the new strategy changes according to the input provided by Field Random Interpretation (FCI), the new strategy according to the input provided by Field Random Interpretation (FCI) Dynamic strategy adaptation, which changes
d) Encrypted Digital Economic Exchange (CDEE), with various economic personalities managed by a graphical user interface (GUI) under the UBEC platform interface (UPI), where in personality A, node resources are consumed Only those that match are consumed, and personality B consumes as much resources as possible, as long as the profit margin is greater than the predetermined value, and personality C pays a unit of work through the trading currency, and in personality D , The resource of the node, whether it is consumption of content or financial compensation, it consumes without restriction in expectation of as many things as possible, with encrypted digital economic exchange,
e) Interpreting the current status of work (CWSI), which refers to the infrastructure economy section of Metachain to determine the current surplus or deficit of this node in terms of workload credits,
f) An economically-considered labor levy (ECWI), taking into account the chosen economic personality, along with the current working surplus / deficit, to assess whether more work should be done now , And financially considered labor levy,
g) Symbolic Recursive Intelligence (SRIA), which can improve the algorithm source code by understanding the purpose of the code, can emulate LIZARD and the generation of virtual program versions Symbolic Recursion, which is a ternary relationship between different algorithms, including BCHAIN networks, which is a huge network of randomly connected nodes, capable of executing I2GE and programs of complex data bias in a distributed manner. 76. The system of claim 75, further comprising intelligent intelligence enhancement.

Images