This application claims the entitled Clandestine Machine Intelligence submitted on January 24th, 2016Retribution through Covert Operations in Cyberspace (passes through the Blinding Operations in cyberspaceSecret machine intelligence punishment) U.S. Provisional Application No.62286437;On 2 11st, the 2016 entitled Logically submittedInferred Zero-database A-priori Realtime Defense (prevent in real time by the priori in reasoning zero data libraryIt is imperial) U.S. Provisional Application No.62294258;The entitled Critical Infrastructure that on March 13rd, 2016 submitsProtection&Retribution(CIPR)through Cloud&Tiered Information Security(CTIS)The U.S. Provisional Application of (the critical infrastructures protection & punishment (CIPR) for the information security (CTIS) being layered by cloud &)No.62307558;The entitled Critical Thinking Memory&Perception (Being Critical submitted on April 16th, 2016Thinking remember & perception) U.S. Provisional Application No.62323657;The entitled Linear Atomic that on April 23rd, 2016 submitsThe interim Shen in the U.S. of Quantum Information Transfer (LAQIT) (linear atoms Multi cavity atom model (LAQIT))It please No.62326723;Entitled Objective Debate Machine (ODM) (the objective debate machine submitted on May 25th, 2016(ODM)) U.S. Provisional Application No.62341310;And the entitled Lexical that on December 27th, 2016 submitsThe U.S. Provisional Application No.62439409 of Objectivity Mining (LOM) (vocabulary objectivity excavates (LOM));2016 5The entitled METHOD AND DEVICE FOR MANAGING SECURITY IN A COMPUTER NETWORK that the moon is submitted on the 4thThe U.S. Patent application No.15145800 of (method and apparatus of the safety in management computer network);And September 14 in 2016The U.S. Patent application for the entitled SYSTEM OF PERPETUAL GIVING (system for permanently giving) that day submitsDisclosures of which is incorporated herein, just as they are illustrated herein by the priority of No.15264744 by quoting.
Summary of the invention
Computer safety system based on artificial intelligence, wherein the system includes the memory of storage programming instruction;ProcessingDevice is coupled to memory and executes programming instruction;And at least one database, wherein the system includes providing to specifyThe computer-implemented system of function.
The computer-implemented system is that the critical infrastructures protection & for the information security (CTIS) being layered by cloud & is punished(CIPR) is penalized, further comprises:
A) credible platform comprising report the network of the spy of activities of hacker;
B) the network & security service provider (MNSP) managed provides encryption safe, the connectivity & compliance of managementSolution & service;
Wherein virtual private network (VPN) connection MNSP and credible platform, wherein VPN is provided to and from credible platformCommunication channel, wherein MNSP is adapted to all business in analysis enterprise network, and wherein the business is routed to MSNP.
The MNSP includes:
A) the priori Real-time defence (LIZARD) in reasoning zero data library exports purpose and function from foreign code,And therefore there are malicious intent or there is no preventing it in the case where lawful cause, and without reference to priori historical dataIn the case where analyze therein and their own threat;
B) artificial security threat (AST), provides the hypothesis security scenario for being used to test the effect of safety regulation collection;
C) creative module executes the process of the new mixed form except intelligence creation transcendental form;
D) conspiracy detection, identifying information cooperate and extract the mode of safety-related behavior, and be multiple safe things of conspiracyPart provides routine background inspection, and attempts to determine the mode and correlation seemed between incoherent security incident;
E) safety behavior, storage event and their security response and speciality simultaneously index to them, wherein the soundIt should include prevention/approval decision;
F) iteration intelligence growth/intelligence evolution (I2GE), identified using big data and malware signature, and pass through benefitThe future potential variation of Malware is simulated with AST and creative module;And
G) critical thinking, memory, perception (CTMP) criticize prevention/approval decision and serve as safe supplemental layers, andUsing from I2The cross reference intelligence of GE, LIZARD and credible platform, wherein it is objective to estimate that own forms item by CTMPThe ability of decision, and will avoid safeguarding the decision made in the case where internal low confidence.
LIZARD scaled-down version client is adapted to operate in the equipment of enterprise network, with the LIZARD safety in MNSPCommunication.
(DMZ) includes sub-network in demilitarized zone, and it includes the HTTP clothes with safety responsibility more higher than normal computerBusiness device, so that the remainder of enterprise network will not undertake such safety responsibility.
I2GE includes iteration evolution, and parallel evolving path is mature wherein and is selected, and the generation of iteration is suitable for identicalArtificial security threat (AST), and finally can most resist security threat with the path of optimal personality trait.
The LIZARD includes:
A) grammar module provides the frame that computer code is write for reading &;
B) purpose module exports purpose using grammar module from code, and exports mesh with its complicated purpose format's;
C) virtually obscure, be cloned in virtual environment in wherein enterprise network and database, and sensitive data is replacedFor false (vacation) data, wherein the behavior according to target, environment can include more false elements by dynamic change in real timeOr more true elements of whole system;
D) signal imitation provides a kind of punishment form when having obtained the analysis conclusion virtually obscured;
E) internal consistency inspection checks all intrinsic functions of significant foreign code;
F) foreign code is rewritten, and is dropped foreign code at complicated purpose format using grammar module and purpose module;
G) concealed code detection, detection secret are embedded in the code in data & transmission grouping;
H) it needs to map matching, is the hierarchical structure for the mapping for needing & purpose and is referenced to determine foreign codeWhether the overall goal of system is adapted to;
Wherein for writing, grammar module receives complex format purpose from purpose module, then with arbitrary code languageMethod writes code, and then the arbitrary code is translated into practical executable code by help function;Wherein for reading, grammerModule provides the grammar explanation of code for purpose module to export purpose for the function of such code;
Wherein the signal imitation understands the communication grammer of Malware Yu its hacker using grammar module, then kidnaps thisThe communication of sample is to provide false impression to Malware, i.e., sensitive data is successfully sent back to hacker by it, wherein blackVisitor sends the error code of Malware also by LIZARD, so that it is appeared to from Malware;Wherein external generationCode rewrites using purpose derived from institute and constructs code set, so that it is guaranteed that only carrying out desired and understanding external in enterpriseThe purpose of code, and any unexpected function executes the access that cannot all obtain to system.
Foreign code is reproduced to mitigate potential not detected malice loophole benefit with grammer in order to rewrite foreign codeWith the purpose of statement is compared and is matched with derived purpose by combined method, and wherein purpose module is used to complicated for operationPurpose format, wherein needing to map matching in the case where having export purpose and keeping hierarchical structure to safeguard to all enterprisesThe jurisdiction needed, so that the purpose of code block is defined and proves rationally, this depends on reflecting with jurisdiction come the needs orientedThe vacancy hit, wherein input purpose is the introducing of recurrence debugging process.
Recurrence debugging cycles through code segment and comes test errors and application error reparation, wherein if mistake exists,Then entire code segment is replaced by original foreign code section, wherein source code section be then flagged in virtually obscure andBehavioural analysis, wherein with foreign code, the reset condition of code by for code rewriting purpose module andGrammar module is explained, wherein because needing the case where installing original foreign code section there are permanent error in rewritable versionsUnder, foreign code is directly referred to by debugger, wherein section is tested by environment when virtual operation to check at re-written codeCode error, wherein environment executes code segment when virtual operation, and checks run time error, wherein in the feelings with code errorUnder condition, the mistake generated in environment when being defined on virtual operation in range and type, wherein having the case where purpose is alignedUnder, the potential solution of code error is to export code again by the purpose from elaboration to formulate, wherein code errorRange with alternate formats rewrite to avoid such mistake, wherein potential solution is exported, and wherein if do not hadWith a hook at the end solution, then lose the code rewriting to the code segment and is concentrated use in final code directly from external generationThe source code section of code.
For needing to map matched operation, LIZARD cloud and LIZARD scaled-down version refer to the level of enterprise's jurisdiction branchMapping needs to map matching and demonstrates in business system wherein no matter inputting purpose is stated or export via purpose moduleInterior execution code/function reasonable ground, wherein the primary copy of level mapping is stored on the LIZARD cloud in MNSP, whereinCalculated by reference to primary copy need map matching in need to index, wherein pre-optimized needs index be distributed in it is all canBetween the endpoint client end of access, wherein needs mapping matching is received needs to request to what whole system most suitably needed,In it is corresponding output be the complicated purpose format for indicating suitably to need.
The entire LAN infrastructure of enterprise is rebuild substantially in MNSP, wherein then hacker is in system process performing pointWhen analysis, be exposed in the element of true LAN infrastructure and virtual clone's version, wherein if this alanysis the result shows thatThere are risk, then hacker increases the exposure of virtual clonal basis facility, to reduce truthful data and/or equipment is compromisedRisk.
Malware root signature is provided to AST so that forming iteration/variant that Malware root is signed, wherein will maliceThe polymorphie variant of software is provided as from I2The output of GE is simultaneously transferred into malware detection.
Malware detection is deployed in all three levels of the composition of computer, including user's space, kernel spacingWith firmware/hardware space, all spaces are all monitored by Lizard scaled-down version spy.
The computer-implemented system is punished by secret intelligence (MACINT) & of machine of the Blinding Operations in cyberspaceIt penalizes, further comprises:
A) intelligent information and configuration management (I2CM), intelligent information management is provided, checks and controls;And
B) console (MC) is managed, provides a user input/output channel:
Wherein I2CM includes:
I) it polymerize, inessential and redundancy information is filtered out using general purpose grade criterion, merges and label is from multipleThe information flow of platform;
Ii) configuration and deployment services comprising for disposing the new spectra being arranged with predetermined security configuration and connectivityThe network equipment and the interface of the deployment for managing new user account;
Iii it) is separated by jurisdiction, wherein according to the letter of the special separation marking of related jurisdiction of management console userCease pond;
Iv it) by separation is threatened, is threatened according to individual come organizational information;
And
V) automation control, access MNSP cloud, credible platform or additional third party's service.
In MNSP cloud, behavioural analysis observation Malware state in which when Malware is in false data environmentWith performed movement;Wherein when Malware attempts to send false data to hacker, the signal of sending is re-routed so thatIt is received by false hacker;Wherein the code structure of hacker's interface Malware and to the internal structure of Malware carry outReverse-engineering is to export hacker's interface, wherein emulating false hacker and false Malware in virtualized environment;It is wherein virtualThe false hacker of change sends response signal to real Malware, to observe next behavior pattern of Malware, wherein givingThe not associated spurious response code of behavior/state of hacker one and true Malware.
The ability and characteristic of vulnerability exploit scanning recognition crime assets and resulting scanning result is by vulnerability exploitManagement, the vulnerability exploit are the journeys sent by credible platform via the punishment vulnerability exploit database of infiltration target crime systemSequence, wherein punishment vulnerability exploit database include a kind of vulnerability exploit by hardware supplier with established back door and known bugsForm provide criminal activity means, wherein unified court evidence database include from across multiple enterprises it is multiple comeThe compilation court evidence in source.
When the suspend mode spy in crime system captures the file of enterprise network, firewall generation is forwarded to logThe log of polymerization, wherein data category is divided into long-term/depth scan and in real time/surface scan by log aggregation.
Depth scan facilitates big data and participates in big data, while utilizing conspiracy detection subalgorithm and external physical pipeManage subalgorithm;Wherein the standard logs from security checkpoints are polymerize at log aggregation and are selected using lower limit filterIt selects;Wherein case index+tracking stores event details;Wherein abnormality detection is according to the intermediate data provided by depth scan moduleCome using case index and safety behavior with any potential risks event of determination;Wherein external entity management and conspiracy detection quiltIt is involved in the analysis of event.
Credible platform searches any computer to check itself or its server relatives/neighbours (other services connected to itDevice) it whether was in the past that credible platform establishes double agent or treble agent;Wherein index in credible double spies+track Yun HekeLetter treble agent, which is indexed+tracked, executes spy's lookup inspection at cloud;Wherein passed through it by the double agent that any computer is trustedTrusted channel pushes vulnerability exploit, and wherein the vulnerability exploit attempts to search sensitive document, it is isolated, by its exact stateCredible platform is sent back to, and then attempts to wipe it from crime computer.
ISP API request is made via credible platform and at network monitoring network log to arbitrary system, concurrentlyIt is now transferred to the potential file of crime computer, wherein metadata is used to determine to send the file to the important of which platform computerConfidence level, wherein network monitoring finds the network details of crime computer, and these information are re-routed to credible platform,In the credible platform be used to the safe API for participating in being provided by software and hardware supplier so as to using the judicial inquiry can be helpedAny established back door.
Software or firmware update are pushed to crime computer to establish new back door by credible platform, and wherein placebo updatesSimilar machine near being pushed to is to keep stealthy, and wherein target identities details is sent to credible platform, wherein credible flatPlatform is communicated with software/firmware maintenance personnel to update placebo update and back door and to be pushed to correlation computer, wherein back doorIt updates and new back door is introduced by crime calculating by using the software update system pre-established of installation on computersThe system of machine, wherein placebo update have ignored back door, and wherein back door is transferred to target by maintenance personnel, and have and be higher than pairThe computer of the mean exposure measurement of target, wherein more newly arrive via back door implement vulnerability exploit when, to sensitive document carry out everyFrom and duplication, then to analyze its metadata usage history, wherein collect the forensic data of any supplement and by itsIt is sent to the vulnerability exploit contact point at credible platform.
Long-term Priority flag is pushed to any and all variation/updates that crime system is monitored on credible platform,Wherein business system submits target to authorization module, which scans all subsystem inputs to obtain defined meshAny association of target, wherein then information will be passed in business system if there is any matching, which limits authorization simultaneouslyAttempt to permeate target, wherein input is transferred to desired analysis module, which keeps mutually beneficial security information synchronous.
The computer-implemented system is the priori Real-time defence (LIZARD) in reasoning zero data library, is further wrappedIt includes:
A) static core (SC), mainly includes fixed program module;
B) iteration module, amendment create and destroy the module on dynamic shell, and wherein iteration module is using AST for pacifyingThe reference of full performance, and automatic code write method is handled using iteration core;
C) differential amendment symbol algorithm, is modified primary iteration according to the defect that AST has found, wherein micro- applyingAfter dividing logic, proposes a kind of new iteration, at this moment, recursive call iteration core and undergo the identical process tested by AST;
D) logical deduction algorithm receives the known safe response of dynamic shell iteration from AST, and wherein what generation LDA deducesCode collection, which is constituted, will realize to correctly responding known to security scenario;
E) dynamic shell (DS) mainly includes via the dynamic routine module of iteration module (IM) automated programming;
F) code-insulated isolates foreign code in the virtual environment of constraint;
G) concealed code detection detects the code in concealed embedding data and transmission grouping;And
H) foreign code is rewritten, after exporting foreign code purpose, the part or whole code of re-written code itselfAnd allows only to rewrite and be performed;
Wherein all business equipments are routed by LIZARD, wherein all softwares and firmware of operation business equipment are compiled firmlyCode to execute any kind of download/upload via the LIZARD as lasting agent, wherein LIZARD with include movement inData, the data in use and data-at-rest three types data interaction, wherein LIZARD with include file, electronics postalThe data medium interaction of part, network, mobile device, cloud and removable medium.
The system further comprises:
A) AST overflows repeater, wherein when system can only execute low confidence decision, by data be relayed to AST withIt is improved for further iteration;
B) internal consistency inspection checks whether all intrinsic functions of foreign code block are meaningful;
C) mirror image is tested, check to ensure that the input/output dynamic of rewriting with it is original identical, to make source codeIn any hiding vulnerability exploit be all redundancy and never execute;
D) it needs to map matching comprising be referenced to the needs for the overall goal for determining whether foreign code adapts to systemWith the hierarchical structure of the mapping of purpose;
E) truthful data synchronizer, selection will be given the data for merging environment and thus make in what prioritySuspected malicious software can not access sensitive information;
F) data management system is go-between's interface between entity and data outside virtual environment;
G) virtually obscure, obscure and limit by the way that code gradually and to be partly immersed into the false environment of virtualizationCode;
Malware stealthily and is discretely transferred in false data environment by h) secret transmissions module;And
I) data readjustment tracking tracks all information for uploading and being downloaded to suspicious entity from suspicious entity.
The system further includes purpose comparison module, is wherein compared four kinds of different types of purposes, to ensure realityThe presence and behavior of body be in the production towards the overall goal of system LIZARD it is deserved and understand.
The iteration module using SC come according to returned from data the purpose limited in repeater (DRR) to the code library of DS intoThe amendment of row grammer, the wherein revised version of LIZARD and multiple parallel carry out pressure tests, and safety is changed by ASTScene.
Inside SC, logical derivation is from required function in exported logic in initial simpler function, thus from elaborationComplicated purpose construct entire function dependency tree;
Wherein code translation by any universal code directly understood by grammar module function be converted to it is any it is selectedKnow computer language, and also executes the inverse operation by known computer language translation for arbitrary code;
Wherein logic reduces will drop the mapping that the function of interconnection is generated at simpler form with the logic of written in code;
Wherein complicated purpose format is the storage format for storing the interconnection specific item for indicating overall purpose;
It is that the behavior of what function and type refers to the hard coded reference of what kind of purpose that wherein purpose, which is associated with,;
Wherein iteration extends through reference purpose association to add details and complexity, so that simple target is evolved intoComplicated purpose;
Wherein iteration, which is explained, traverses all interconnection functions, and generates task of explanation by reference to purpose association;
Wherein outer kernel is made of grammer and purpose module, these modules work to export as logic purpose not togetherThe foreign code known, and executable code is generated according to the function code target of elaboration;
Wherein foreign code is the unknown code of LIZARD and function and expected purpose are unknown, and foreign code is pairPurpose derived from the input of inner core and institute is output, wherein derived from purpose be the given code estimated by purpose moduleIt is intended to, wherein purpose derived from institute is returned with complicated purpose format.
IM is used for the reference of security performance using AST, and automatic code write method is handled using iteration core, whereinAt DRR, when LIZARD must not be without recourse to when being made decisions, by the data about malicious attack and bad actor with low confidenceIt is relayed to AST;Wherein inside iteration core, differential amendment symbol algorithm (DMA) from inner core receive grammer/purpose program capability andAims of systems guidance, and primary iteration is corrected according to the defect that AST 17 is had found using such code set;Wherein safetyAs a result defect is intuitively showed, to indicate the safe prestige shifted when running virtual execution environment by primary iterationThe side of body.
Inside DMA, current state indicates the dynamic shell code set with symbolically associated shape, size and location,The wherein different configurations of the different configuration instruction safe and intelligents of these shapes and reaction, wherein AST provide by chance it is incorrect withAnd correctly response is any potential response of what current state;
Wherein vector of attack serves as the symbolic demonstration of network security threats, wherein direction, size and color all with hypothesisSecurity attribute (such as type of the size of vector of attack, Malware and Malware) it is related, wherein vector of attack signifyProperty popped up from code set to indicate the security response of code set;
Wherein correct status indicates that the code block of the slave dynamic shell of DMA generates the final of the process of desired security responseAs a result, wherein the difference between current state and correct status causes different vector of attack to respond;
Wherein AST provides known safety defect together with correct security response, and wherein logical deduction algorithm uses DS'sPrevious ones are come an iteration that is more excellent and more preferably equipping generating the dynamic shell of referred to as correct security response program.
In virtually obscuring, suspect code is reconditely assigned in an environment, in this environment, the data of halfIntelligently merge with false data, wherein any main body operated in real system can be because of virtual isolated and lightPine and the data environment for being reconditely transferred to partially or completely falseness;Wherein false data generator uses truthful data synchronizerAs the template for creating personation & hash;Confidence level risk in the perception of the incoming foreign code wherein perceivedWill affect LIZARD selection obscures grade;Wherein the high confidence level of malicious code will be called and extremely include a large amount of false datasThe distribution of environment;Point to real system or 100% false data environment can be wherein called to the low confidence of malicious codeMatch.
Data are recalled tracking and are kept to the tracking from the upload of suspicious entity and all information for downloading to suspicious entity;ItsIn in the case where false data has been sent to legitimate enterprise entity, execute the readjustment for adjusting back all false datas, and conductReplacement sends truthful data;Wherein implement readjustment trigger so as to legal business entity to certain information hold fire untilUntil not being false in the presence of confirmation data.
Behavioural analysis tracks the downloading of suspicious entity and uploads behavior, with the potential correction movement of determination, wherein true systemSystem is comprising existing entirely in the original truthful data except virtualized environment, wherein the truthful data of replacement false data is will be trueReal data is supplied to the place that data recall tracking without filtering, suspicious in the past to use so as to make truthful data patchTruthful data physically replace false data;The data management system being wherein immersed in virtually isolated environment, which receives, to be comeThe truthful data patch of tracking is recalled from data;Wherein when harmless code is cleared to malicious code by behavioural analysis, executeFalse data in former suspicious entity is replaced with the truthful data represented by it by correction movement;Wherein secret token be byLIZARD is generated and the security string of distribution allows really harmless entity without its work;Wherein if token lost,Then this indicates that the legal entity may be placed in once in a while in the false data environment of part because it is the risk assessment of MalwarePossibility scene, hereafter have delay interface delayed conversation be activated;Wherein, if it find that token then this show server ringBorder is that true and therefore any delay session is all deactivated.
Inside behavioural analysis, purpose mapping is to confer to the hierarchical structure of the aims of systems of entire business system purpose,It is said that the built-in system of the middle anything for doing stated, activity and code library purpose with suspicious entity needs to carry outCompare;The storage, CPU processing and network activity of suspicious entity are wherein monitored with activity monitoring, wherein grammerModule explains these activities according to desired function, and wherein these functions are then translated as the expection in behavior by purpose modulePurpose, wherein code library is source code/programming structure of suspicious entity and is forwarded to grammar module, and wherein grammar module understandsEncoding syntax and the intermediate mapping that programming code and symbol active are reduced to interconnection function, wherein purpose module generates suspicious realityThe perception of body, output code library purpose and activity purpose is intended to, and wherein code library purpose includes and such as programmed by the grammer of LIZARDKnown purpose, function, jurisdiction and the power of entity derived from ability, wherein activity purpose includes and is such as deposited by its of LIZARDKnown purpose, function, jurisdiction and the power for the entity that the understanding of storage, processing and network activity is understood, wherein statedPurpose is hypothesis purpose, function, jurisdiction and the power for the entity such as stated by entity itself, needed for purpose include enterpriseExpected purpose required by industry system, function, jurisdiction and power, wherein all purposes is all compared in comparison module,Wherein between purpose it is any it is inconsistent will all cause the deviation in purpose scene, this causes correction to act.
The computer-implemented system is critical thinking memory & perception (CTMP).The system further comprises:
A) Being Critical rule range expander (CRSE) using known sensing range and is upgraded to including perceptionCritical thinking range;
B) correct rule, instruction derived correct rule by using the critical thinking range of perception;
C) rule executes (RE), executes and has been confirmed to be existing and has been realized according to memory to the scanning of chaos fieldRule to generate desired and relevant critical thinking decision;
D) Being Critical decision exports, and produces by comparing the conclusion obtained by perception observer's emulator (POE) and REGive birth to the final logic totally exported for determining CTMP;
Wherein the POE generates the emulation of observer, and tests/compare institute in the case where these variations of observer's emulationThere is potential perception point;
Wherein the RE includes chessboard plane, is used to track the conversion of rule set, and wherein the object on the disk indicates anyThe complexity of given unsafe condition, and these objects are indicated by the response of safety regulation collection across the movement of ' safe chessboard ' and are managedThe evolution of the unsafe condition of reason.
The system further comprises:
A) subjective opinion decision is the decision provided by selected pattern matching algorithm (SPMA);
B) input system metadata comprising the original metadata from SPMA, the original metadata describe algorithmMechanical process and its how to reach these decisions;
C) reasoning is handled, and is asserted by comparing property qualitative attribution logically to understand;
D) rule process, using derived result rule, the reference point as the range for being used to determine current problem;
E) remember net, scan market variables log to obtain achievable rule;
F) raw sensed generates, and receives metadata log from SPMA, wherein being parsed and being formed to log indicates thisThe perception of the perception of kind algorithm, wherein to perceive complex format (PCF) to store the perception, and emulated by POE;Wherein answerThe perception angle that perception angle instruction has been applied and utilized by SPMA;
G) automatic sensing discovery mechanism (APDM) is generated using creative module according to the perception angle by applyingThe input of offer and formed mixing perception, so as to increase the range of perception
H) self-criticism sex knowledge density (SCKD), estimation can report the model for the potential unknown knowledge that log can not obtainIt encloses and type, thus CTMP subsequent critical thinking feature can use the potential range of related to knowledge;Wherein criticizeThe property sentenced thinking indicates the external shell jurisdiction of rule-based thinking;
I) it implies and derives (ID), the angle for the perception data that may be implied from the export of the perception angle of current application;
Wherein SPMA is via perception and rule and critical thinking juxtaposition performed by CTMP.
The system further comprises:
A) resource management distribution (RMA) is used to execute the perception amount of observer's emulation in wherein adjustable strategy instruction,Wherein the priority of selected perception is selected according to the weight of descending, wherein the then side of strategy instruction selection truncationFormula, rather than select percentage, fixed number or more complicated algorithm;
B) storage search (SS), use CVF derived from data enhancing log perceptually store the database of (PS)Criterion in lookup, wherein other than its relevant weight, perception is also to be stored as it than variable format (CVF) in PSIndex;
C) measurement is handled, the reverse-engineering for distributing the variable from SPMA;
D) perception is deduced (PD), and the original of assignment response is replicated using assignment response and its corresponding system metadataBegin to perceive;
E) meta data category module (MCM), will debugging and algorithm keeps track point wherein using the information based on grammer to classifyFor different classifications, wherein the category is used for tissue and generates different assignment response relevant to risk and chance;
Perception angle is divided into the classification of measurement by f) measurement combination;
Single metric reversion is returned to entire perception angle by g) measurement conversion;
The measurement category of multiple and variation perception angle is stored in each database by h) metric extension (ME)In;
I) it may compare variable format generator (CVFG), information flow be changed to comparable variable format (CVF).
The system further comprises:
A) perception matching 503, CVF is formed by deriving (RSD) received perception from rule syntax wherein;WhereinThe CVF newly formed is utilized to similar index and searches relevant perception in PS, wherein potential matching is returned to ruleThen grammer generates (RSG);
B) memory identification (MR), wherein by entering data to form chaos field 613;
C) remember conceptual index, entire concept individually is optimized for indexing wherein, is used wherein indexing by alphabetical scannerTo interact with chaos field;
D) rule realizes resolver (RFP), the various pieces of the rule with identification label is received, wherein each partAll it is labeled as being had been found in chaos field or not being found by memory identification;Wherein RFP logically deducesSufficiently identified in chaos field the whole rule of deserved which of RE (i.e. it is all they part combination);
E) rule syntax format separation (RSFS), correct rule is separated and is organized by type wherein, thus everything,Property, condition and object are separately stacked;
F) rule syntax derives, and ' the black and white ' rule of logic is converted into the perception based on measurement wherein, thus multipleThe complex arrangement of rule is converted into multiple measurements via variable gradient to state single uniform perceptual;
G) rule syntax generates (RSG), receives the perception that had previously confirmed, these perception are stored and participated in perceive formatThe internal metric of perception is constituted, and emulates the input of raw sensed/defeated wherein this measurement based on gradient of measurement is converted toThe binary system of information flow and logic rules collection out;
H) rule syntax format separation (RSFS) meets the rule of the reality of observed object in wherein correct Rule ExpressionThe accurate representation form of collection, thus correct rule is separated and is organized by type and therefore all movement, property, condition and objectSeparately stacked so that system can distinguish had found in chaos field which part and which part not byIt was found that;
I) internal logic is deduced, and uses logic theory, to avoid fallacy, what kind of rule will be accurate to deduceGround indicates many measurement gradients in perception;
J) contextual analysis is measured, the interconnected relationship in assay measures perception, some of them measurement, which can rely on, to be hadOther measurements of different degrees of magnitude, wherein this contextualized is mutual for supplementing mirror image of the rule in ' number ' rule set formatEven relationship;
K) rule syntax format conversion (RSFC), the grammer in accordance with rule syntax format (RSF) classify to ruleAnd separation;
Wherein intuitive decision making participates in critical thinking via using perception, and wherein thinking decision participates in criticizing via using ruleThe property sentenced thinking, wherein perception is according to the format syntax defined with internal form from the received data of intuitive decision making, wherein meetingRule be from the received data of thinking decision, which is the set of the achievable rule set from RE, wherein countingAccording to according to the format syntax transmitting limited in internal form;
Wherein movement instruction may have been carried out, will be performed, the movement for the activation that is being considered, and wherein property indicatesSome like property qualitative attribution, the attribute description other business, no matter it is movement, condition or object, and conditional instruction is patrolledOperation or operator are collected, wherein object instruction can have the target for the attribute that can be applied to it;
The rule schemata wherein separated is used as the output from rule syntax format separation (RSFS), is considered pre-Remember cognitive phase), and as the output for carrying out Self-memory identification (MR), it is considered as cognitive phase after memory).
The system further comprises:
A) chaos field parsing (CFP), by the format combination of log at single scannable chaos field 613;
B) additional rule is generated from memory identification (MR) to supplement correct rule;
It is wherein internal in perception matching (PM), measure statistical provide from perception storage, mistake manages parsing grammer and/orThe statistical information of logic error from any of each measurement, isolated measurement is isolated by each individual measurement, becauseThey are combined in the past in the individual unit as input perception, and node comparison algorithm (NCA) receives two or more CVF'sNode is constituted, wherein the degree of each node representation property magnitude of CVF, wherein being executed based on individual nodes similarProperty compare, and population variance is calculated, wherein lesser square margin indicates closer matching.
The system of claim further comprises:
A) raw sensed-intuitive thought (simulation) is perceived according to ' simulation ' format analysis processing, wherein mould relevant to decisionQuasi- format perception is stored in the gradient on no rank smoothed curve;
B) original rule-logical thinking (number) handles rule according to number format, wherein number relevant to decisionThe original rule of format is stored as small to not having the rank of ' gray area ';
Wherein unconsummated rule is the interdependent rule set not being adequately identified in chaos field of logic according to them,And the rule realized is to be identified as available enough rule set in chaos field 613 according to their logic is interdependent;
Wherein queue management (QM) is using grammatical relation reconstruct (SRR) with each body portion of the sequence analysis for being best suitable for logicPoint, and access memory identification (MR) as a result, it is possible thereby to answer binary Yes/No process problem and take movement appropriate,Wherein QM checks each regular segment stage by stage, if lacking single section in chaos field and not having pass appropriate with other sectionsSystem, then be denoted as being not implemented by rule set;
Sequential memory tissue is the optimization information storage of in-order information " chain ", wherein in memory access point, it is each to saveWidth means observer in each of point (block) is to the direct accessibility of the object (node) remembered, wherein may have access toProperty in the range of each letter indicate its direct memory access point to observer, wherein larger range of accessibility indicateEach sequential node there are more accessibility points (wherein only ' in order ' quote more than one sequence rather than from it is any withQuoted in the node of machine selection), then the range of accessibility is narrower (relative to sequence size, wherein having nestingIn the case where sub-sequence layers, the sequence for showing strong inhomogeneities is made of a series of lesser subsequence of interconnection.
Non-sequential memory organization handles the information storage of non-sequential continuous item, and wherein invertibity indicates non-sequential arrangement and systemOne range, wherein non-sequential relationship is indicated by the relatively wide access point of each node, wherein when the sequence of node is by againThere are identical uniformities when shuffling, wherein core subject be associated with, same number of Node is repeated but has differentCore (center object), wherein kernel representation main subject matter, remaining node serve as the memory neighbours for the main subject matter, phaseFor can more easily access memory neighbours there is no the core subject of definition.
Memory identification (MR) scanning chaos field is to identify known concept, and wherein chaos field is arbitrarily to be immersed in ' white noise' field ' of concept in sound ' information, wherein memory concept retain storage be ready to index and reference field inspection can recognizeConcept, wherein 3 alphabetical scanners scan the chaos field, and check 3 that correspond to target alphabetical sections, wherein 5 letter scanningsDevice scans the chaos field, and checks 5 that correspond to target alphabetical sections, but specifically with each single item progress one throughout fieldActing the section checked is entire word, and wherein chaos field is segmented for being scanned by different proportion, wherein with scanning rangeDiminution, accuracy increase, wherein the increase in the field field with scanner, bigger alphabetical scanner is more efficiently used forIdentification is executed, cost is accuracy, wherein the not processed memory concept that memory conceptual index (MCI) leaves in response to themAnd alternately change the size of scanner, wherein MCI 500 is started and is gradually reduced with maximum available scanner, so as to send outNow more computing resources check that smaller memory concept target is potentially present of.
Field interpretation logic (FIL) operates the logistics for managing the scanner of different in width, and wherein general range is sweptIt retouches and is started with big letter scanning, and with the less large-scale field of resource detailed survey, cost is small scale accuracy, wherein whenSpecific range scans are used when important region is positioned, and are needed by ' amplification ', so that it is guaranteed that in redundancy and not curvedBent position does not execute expensive accurate scanning, wherein receiving the additional identification indication field to memory concept in chaos fieldRange includes the intensive saturation of memory concept.
In automatic sensing discovery mechanism (APDM), perception angle is by including the multiple of range, type, intensity and consistencyMeasurement is pressed composition and is limited, these define many aspects for constituting the perception of overall recognition, wherein creative module produces againMiscellaneous change perceived, wherein perception weight defines perception has how many relative effect to perception when being emulated by POE, wherein twoThe weight of a input perception is all under consideration, also defines the weight of the perception of new iteration, it includes perceived shadow by previous generationLoud hybrid metric.
Input for CVFG is batch data, is to indicate to be made of the node of CVF generated to indicateThe arbitrary collection of data, wherein sequential advancement is executed by each of each unit defined by batch data, whereinData cell is converted into node format, have with such as the identical composition of information referenced by final CVF, wherein when checking turnNode after changing the stage there are when it is temporarily stored in during node retains, wherein creating it if can not find themAnd occurred and the statistical information that uses updates them using including, wherein having, all nodes with a grain of salt are assembled and conductCVF push is that module exports.
Node comparison algorithm compares two nodes read from original CVF and constitutes, wherein having part matching mouldIn the case where formula (PMM), if there are active nodes in a CVF, and its (node is not found in it is more candidateIn latent), then the comparison impunity, wherein with entire match pattern WMM, if in a CVFThere are active nodes, and its (node be in latent) is not found in it is more candidate, then punish to comparing.
It is significant safe causality that system metadata, which separates (SMS) for input system separated from meta-data, whereinIn the case where with three dimension scanning/assimilation, using the classification container of pre-production and the original analysis from categorization module from beingSystem metadata in extract unsafe condition main body/suspect, wherein main body be used as export the main ginseng of security response/variable relationExamination point, wherein being extracted from system metadata in the case where scanning/assimilating with risk using the classification container of pre-productionThe risk factors of unsafe condition and original analysis is extracted from categorization module, risk and show or be exposed to such riskTarget subject it is associated, wherein in the case where having response scanning/assimilation, using the classification container of pre-production from systemIt extracts in metadata by the response of the unsafe condition of input Algorithm constitution, and extracts original analysis from categorization module, whereinIt is said that responding associated with deserved such security principal responded.
In MCM, format separation is separated and is classified to metadata according to the rule and grammer that can recognize format, whereinLocal format rule and grammer include enable MCM module identify preformatting metadata streams definition, wherein debug withTrack is to provide used variable, function, method and type and their own outputs and inputs types of variables/content codingGrade tracking, wherein algorithm keeps track is a software levels tracking, provides and analyzes the secure data combined with algorithm, wherein providingHow resulting security decision (approval/prevention) reaches the tracking (reasonable ground) of the decision together with it, and eachFactor is to the appropriate weight for making the security decision role.
In measurement processing (MP), security response X indicates that series of factors, these factors facilitate the knot selected by SPMAThe security response that fruit obtains, wherein initial weight is determined by SPMA, wherein perception is deduced, (PD) uses one of security responsePoint and its corresponding system metadata replicate the raw sensed of security response, wherein display is explained in the perception to dimension sequencePD how will receive the security response of SPMA and relevant input system metadata association get up with re-create as initially byThe full scope for the intelligence ' number perception ' that SPMA is used, wherein shape filling, stacking amount and dimension are capture intelligent algorithmsThe number perception of ' perspective view '.
In PD, using security response X as input be forwarded in reasonable ground/reasoning and calculation, by using input/it is defeatedReduce the intention supply of (IOR) module out to determine the reasonable ground of the security response of SPMA, wherein IOR module uses metadataIn the separation of various function calls listed output and input, wherein separated from meta-data is executed by MCM.
For POE, input system metadata is that raw sensed generates (RP2) for generating the first of perception in CVFBegin to input, wherein derived CVF is used as perceiving storage from data enhancing log in the case where having storage search (SS)(PS) the criterion in database lookup, wherein in the ranking, perception is sorted according to their final weight, wherein dataThe log of enhancing is applied to for generating prevention/approval suggestion perception, and wherein SCKD marks log to limit unknown knowledgeExpection upper range, wherein data parsing enhances log and input system metadata to data and carries out basic explain to export such asBy the original SPMA original approval determined or decision is prevented, wherein CTMP criticizes decision according to perception in POE, and according to from patrollingThe rule defined on volume, which to execute in rule, criticizes decision in (RE).
In the case where having measurement complexity, the circular extraneous peak value for indicating the known knowledge about individual measurement,Wherein circular external margin indicates more measurement complexity, and center indicates less measurement complexity, and wherein center is shallowAsh indicates the measurement combination of the present batch of the perception angle of application, and external Dark grey indicate generally by system store with it is knownMeasurement complexity, wherein the target of ID be increase calculation of correlation complexity, allow perception angle in complexity sum numberAmount aspect is multiplied, and Oxford gray surface region indicates the total size of the present batch of the perception angle of application, and rootThe quantity of the range left according to the known upper limit is more than, wherein in enhancing and abundant complexity that measurement return is multiple as measurementPolygamy is transmitted as the input that measurement is converted, and individual is inverted to the entire angle of perception by it, thus by final outputIt is assembled into implicit perception angle.
For SCKD, it is known that data classification (KDC) separates Given information with input category, appropriate so as to executeDB analogy inquiry, and information is separated into classification, wherein separated classification provides input to CVFG, CVFG is defeated with CVF formatClassification information out is used to check similitude in given data range DB by storage search (SS), wherein each classification byThe relevant range for marking its given data according to SS result, wherein the label range of the unknown message of each classification is by group againIt is installed onto the identical original incoming stream of unknown data combiner (UDC).
The computer-implemented system is that vocabulary objectivity excavates (LOM).The system further comprises:
A) initial query reasoning (IQR), problem is transferred to wherein, and it retains (CKR) using center knowledge to decodeTo the vital missing details for understanding and answering a question/being made a response to problem;
B) investigation clarification (SC), problem and supplemental queries data are transferred to wherein, and it receives and comes from human subjectInput and send output to the mankind, and form clear problem/assert;
C) assert construction (AC), by assert or problem in the form of receive propose, and provide it is relevant to such proposalThe output of concept;
D) response is presented, and is for appealing that connecing by the AC conclusion drawn is presented in both (RA) to human subject and rationalityMouthful;
E) level mapping (HM) maps associated concept to find the problem/assert the confirmation or conflict of consistency, andCalculate the interests and risk that certain position is taken on the theme;
F) center knowledge retains (CKR), is the major database for being referenced for the knowledge of LOM;
G) knowledge verification (KV), the knowledge for receiving high confidence level and criticizing in advance, these knowledge are needed for looking into CKRInquiry ability is logically separated with assimilation;
H) receive response, this is to give a kind of selection of human subject to be used to or receive the response of LOM or to criticizeSentence to appeal, wherein being handled by KV, if response is received so that (high confidence level) knowledge as confirmation is depositedStorage is in CKR, wherein forwarding them to RA if human subject does not receive response, which is checked and criticism is given by the mankindThe reasons why appealing out;
I) the artificial intelligence service provider (MAISP) managed, it runs the internet of the LOM of the master instance with CKRMysorethorn example, and LOM is connected to interdependent front end services, back-end services, third party application, information source and MNSP cloud.
Front end services include human intelligence personal assistance, communication application program and agreement, home automation and medical applicationsProgram, wherein back-end services include online shopping, online transport, medicine prescription order, and wherein front-end and back-end service is via textAPI infrastructure and the LOM of part are interacted, this realizes the standardization of information transmitting and agreement, and wherein LOM is via automationResearch mechanism (ARM) is from oracle retrieval knowledge.
Primal problem of language construct (LC) explanation from human subject and parallel modules/assert input, to generate languageThe logical separation of grammer;Wherein concept discovery (CD) clarification the problem of/assert interior reception point of interest and by leading using CKRAssociated concept out;Wherein, concept priority (CP) receives related notion, and in the logical layer for indicating specificity and versatilityThey are ranked up;Wherein response separation logic (RSL) understands that the mankind respond using LC, and by related and effective responseIt associates with preliminary clarification request, to realize the target of SC;Wherein then LC be re-used during output stage withModification primal problem/assert to include by the received supplemental information of SC;Wherein context construction (CC), which uses to come from, asserts construction(AC) metadata and the evidence from human subject provide brute facts to CTMP to carry out critical thinking;Wherein decision ratioThe overlapping before criticizing and after criticism between decision has been determined compared with (DC);Wherein conceptual compatibility detection (CCD) is compared from originalThe concept for problem/assert is derived to determine logical compatibility result;Wherein interests/exposure calculator (BRC) is received from CCD and is compatible withProperty as a result, and weigh interests and risk, with formed include variable implicit during concept is constituted gradient unified decision;It is wherein generalIt reads interaction (CI) and attribute related with AC concept is distributed into each of the information collected via investigation clarification (SC) from human body main bodyPart.
Inside IQR, LC receives original problem/assert;The problem is separation on language and IQR utilizes CKRIndividual word and/or phrase per treatment;By reference to CKR, IQR considers potential option, they may be in view of word/shortThe ambiguity of language.
Investigation clarification (SC) is received from IQR and is inputted, wherein input includes requested clarification series, human subject will be directed toThe objective answer for the primal problem to be obtained/assert is come the requested clarification series answered, wherein providing for clarificationResponse is forwarded to response separation logic (RSL), it will respond associated with clarification request;Wherein requested with what is handledClarification concurrently, to LC provide clarification language association, wherein association comprising it is requested clarification language construction between it is interiorPortion's relationship, this enables RSL to modify primal problem/assert, thus the problem of LC output has been clarified.
For receiving the construction of asserting for the problem of having clarified/assert, PROBLEM DECOMPOSITION is point of interest by LC, these points are passedIt is delivered on concept discovery, wherein CD is by exporting associated concepts using CKR, and wherein concept is ordered by concept prioritization (CP)In logical layer, wherein top layer is designated as concept most typically, and lower layer is assigned more and more specific concept, wherein pushing upLayer is transferred to level mapping (HM) as modularization input;Wherein in the parallel transfer of information, HM receives point of interest, this is emergingInterest point is by its interdependent modular concept interaction (CI) processing, and wherein CI is distributed to attribute by the index information at access CKR emergingIt is interesting, wherein final output returns to AC after derived concept has been subjected to compatibility test when HM completes its internal procedure,And weigh and return interests/risk of position.
Input is provided to the compatibility/conflict grade CCD distinguished between two concepts for HM, CI, wherein compatibility/Colliding data is forwarded to BRC, which is translated as taking the interests of whole consistent position in this problem with conflictAnd risk, wherein risk/advantage factors using position together with them are transmitted to AC as modularization output, wherein system includes letterBreath stream circulation, instruction as gradually build up it is objective in response to the problem of/subjective quality asserted and the intelligence gradually supplemented is terracedDegree;Wherein CI receives point of interest and explains each point of interest according to the top layer of the concept of prioritization.
It for RA, language text of the core logical process by conversion, and returns the result, wherein if the result is that high confidence level, then result is transmitted on knowledge verification (KV), correctly to assimilate into CKR, wherein if the result is that low confidence, then result is transmitted to the circulation for continuing self-criticism on AC, center logic is with the pre- criticism of not language elementsThe form of decision is received from LC and is inputted, wherein being transmitted to CTMP for the decision as subjective opinion, wherein decision is also forwarded toContext constructs (CC), the context construct (CC) using metadata from AC and the potential evidence from human subject toCTMP provides the brute facts as input ' objective fact ', wherein the case where CTMP has received two mandatory inputUnder, these information best attempt processed for reaching ' objective opinion ' to export it, wherein using opinion as criticism inside RADecision afterwards is handled, wherein before criticism and both decisions after criticism is all forwarded to decision comparison (DC), the decision comparison(DC) determine the overlapping range between two decisions, wherein then appeal argument otherwise recognize be it is true or improve review a little withExplain appeal it is why invalid, wherein to recognize or improve scene it is unconcerned in the case where, by the transmitting of the result of high confidence levelIt is transmitted on AC 808 for further analysis on to KV and by the result of low confidence.
For CKR, information unit is stored in unit knowledge format (UKF), wherein rule syntax format (RSF) is oneGroup is for tracking the grammer standard of reference rule, and wherein multiple rules units in RSF can be utilized to describe single objectOr movement;Wherein source attribute is the set of complex data, and the information source of tracer request protection, wherein UKF cluster is by being linkedA succession of UKF variant composition, to be limited to independent information in jurisdiction, wherein UKF 2 include main target information,Middle UKF 1 includes timestamp information and omits timestamp field itself therefore to avoid infinite regression, and wherein UKF 3 belongs to comprising sourceProperty information and therefore omit source field itself to avoid infinite regression;Wherein each UKF2 must be accompanied by least one UKF1With a UKF3, otherwise cluster (sequence) is considered as that information incomplete and therein can't be patrolled by LOM total system is generalCollect processing;Wherein between central UKF2 and its corresponding UKF1 and UKF3 unit in, there may be serve as link bridgeUKF2 unit, wherein a series of UKF clusters will be handled as KCA to assert derived from being formed, wherein knowledge validation analysis (KCA) isUKF cluster information is compared to the place to be used to confirm the evidence about viewpoint position, wherein after the completion of the processing of KCA,CKR can export the conclusive dogmatic position to theme.
For ARM, wherein as indicated by User Activity, the interaction of user and LOM concept be directly or indirectly brought toAnswer/response is in problem/assert correlation, and wherein the estimated CKR that eventually generates of User Activity has low relevant information or do not haveThe concept of relevant information, as request but the list of not available concept indicated by, wherein with concept arrange & it is preferentialIn the case where gradeization (CSP), concept definition is received from single independent source and they polymerize so as to the resource to information requestDivide priority, wherein by information source provide data according to they request what concept definition and at Information Aggregator (IA)It is received and is parsed, and save relevant metadata, wherein will send information to cross reference analysis (CRA), there willReceived information compared with the previous existing knowledge from CKR and considering the previous existing knowledge from CKRIn the case where the received information of construction institute.
Personal intelligence profile (PIP) is the ground that the personal information of individual is stored via multiple potential distal points and front endSide, wherein their information is opened with CKR points, but can be used for LOM total system generic logic, wherein related with artificial intelligence applicationPersonal information is encrypted and is stored in personal UKF cluster pond with UKF format, wherein with information anonymity processing (IAP)In the case of, information is added CKR after being deprived of any personal recognizable information, wherein analyzing with cross reference(CRA) in the case where, by received information compare and considered from CKR with the previous existing knowledge from CKRPrevious existing knowledge in the case where the received information of construction institute.
The equipment and service that internet on life supervision automation (LAA) connection linking platform enables, wherein actively determiningPlan (ADM) according to fund appropriation rule & manage (FARM) consider front end services, back-end services, IoT equipment, expenditure rule and canWith the availability and function of quantity;FARM receive to module limit criterion, limitation and range mankind's input with inform ADM itWhat movable jurisdiction is, wherein password money-capital is stored in digital wallet, wherein IoT interactive module (IIM) is safeguardedWhich available database of IoT equipment, wherein data feeding indicate IoT enable equipment when to LAA send information.
The system further comprises behavior monitoring (BM), monitors the identifiable request of data of individual from the user to examineImmoral and/or illegal material is looked into, wherein related from external service syndication users in the case where polymerizeing (MDA) with metadataData wherein this information is passed to conclusion/deduction, and are finally PCD so as to establish the digital identity of user,There is using the confirmation from MNSP because usually executing complicated analysis;Wherein from being tested by the process identity of destination of PIPThe user of card passes through information trace (IT), and is checked according to behavior blacklist, drills at (PCD) wherein detecting before crimeIt unravels silk and concludes information to be merged and analyze to obtain the conclusion before crime, wherein PCD utilizes CTMP, directly refers to the black name of behaviorSingly come verify conclusion and deduce generate position, wherein blacklist maintenance authorization (BMA) operated in the cloud service frame of MNSP.
LOM is configured to manage the personification combination in individual life, and wherein LOM receives the inside review via LOMThe initial problem that process is drawn a conclusion, wherein it is connected to LAA module, the module be connected to LOM can receive from it data andThe internet for controlling data enables equipment, wherein LOM deduces and lacks during constructing argument with contextualizedThe link of mistake, wherein LOM has decoded that solution is original to assert caused predicament with its logic, it must know or assume first passIn certain variables of situation.
The computer-implemented system is linear atoms Multi cavity atom model (LAQIT).The system includes:
A) identical consistent color list is recursively repeated in logical construction grammer;And
B) it is recursively translated using the sequence using The English alphabet;
Wherein when constructing ' basis ' layer of alphabet, shortens on color channel and unequal weight uses colourSequence, and retain remaining space for the syntactic definition in color channel for using and extending from now on;
Wherein, complicated algorithm reports its log event and state report using LAQIT, automatically generates state/Log Report,Wherein state/Log Report is converted into the text based LAQIT grammer that can be transported, wherein grammatically unsafe information is logicalNumber transmitting is crossed, wherein the text based grammer that can be transported is converted into readable LAQIT vision syntax (the linear mould of heightFormula), wherein key is optimized for human mind, and based on relatively short shape sequence;
Wherein, the non-security text in part is by sender's input to submit to recipient, and wherein be converted into can for textThe text based LAQIT grammer of the encryption of transmission, wherein grammer security information is transmitted by digital form, and wherein data are turnedIt is changed to the LAQIT grammer visually encrypted;
Wherein increment recognition effect (IRE) is the channel of information transmitting, and is just known before information unit delivers completelyNot Chu its complete form, wherein merge this effect of predictive index by the transition between display word and word,Middle proximal end recognition effect (PRE) is the channel of information transmitting, and the identification information when information unit is destroyed, merges or changesThe complete form of unit.
In the linear model of LAQIT, block, which shows ' basic to render ' version of linear model and puts, shows that it does not addClose, wherein with word separator, the color of shape indicates the subsequent character of word, and serves as word and nextSeparation between a word, wherein singly checking that there is region merging technique bigger the smaller of letter to check region, and therefore each pictureThe information of element is less, wherein checking in region double, there are more movable alphabets, wherein shade coverings to make to be passed to for each pixelIt slows up with the letter of outflow, so that the principal focal point of observer is on checking region.
In the atomic mode with broad range encryption stage, which letter the reference of primary colours capital characters will defineGeneral rule, wherein there is impact (kicker) identical with primary colours color gamut, and it definitely defines specific character,Wherein with read direction, information delivering is read in the rectangular upper beginning in the top of an orbit ring, wherein onceOrbit ring is completed, and reads by from the rectangular continuation in top of next sequence orbit ring, wherein into/out entrance is characterThe creation and breakdown point of (its primary colours), wherein the fresh character for belonging to related track will occur from entrance and slid clockwise is to its positionIt sets, wherein atomic nucleus defines the subsequent character of word;
Wherein in the case where navigating with word, each piece of entire word (or the molecule mould indicated on the left of screenMultiple words under formula), wherein corresponding block moves to the right outwardly when showing word, and when the word is completed, block toIt retreats, wherein the Color/Shape of primary colours of first letter of Color/Shape and word of navigation block is identical;Wherein haveIn the case that sentence navigates, each piece of expression word cluster, wherein cluster is can to adapt to most on word Navigation PaneBig word amount, wherein state of atom creation is the transition that one kind causes increment recognition effect (IRE), wherein under such transitionPrimary colours occur from into/out entrance, hide their impact, and the position moved clockwise to assume them;Its Central PlainsSub- conditional extensions are the transition that one kind causes proximal end recognition effect (PRE), once wherein primary colours reach their position, they are justIt can be displaced outwardly in ' extension ' sequence that information state is presented, it discloses impact it is possible thereby to which the specific of information state is presentedDefinition;Wherein state of atom destruction is the transition that one kind causes increment recognition effect (IRE), and wherein primary colours have shunk (reversionSequence spreading) to cover impact again, wherein their positive slidings clockwise now with arrive into/exit entrance.
In the case where obscuring with shape, standard square is replaced by five visual different shapes, wherein grammerInterior change in shape allows to be inserted into useless (vacation) letter at the policy point of atom profile, and useless letter has obscured messageTrue and expected meaning, wherein it is all the decruption key via safety and temporarily transmitted that decode letter, which be true or useless,Come what is completed;
Wherein, it in the case where having redirection bonding, is bonded and two letters is linked together to and changed reading process,Wherein when being started with typical read mode clockwise, encounters initiation (beginning) and land on reasonable/non-useless letterBonding on (being terminated with reasonable/non-useless letter), which will turn to read mode, restores it on land letter;
Wherein with radioactivity element, some elements can " in a hurry (rattle) ", this can make letterIt whether is useless assessment reversion, wherein shape shows the shape that can be used for encrypting, and wherein central factor, which is shown, defines immediatelyIn the central factor of the track of the subsequent character of word.
In the case where having redirection bonding, which is started with " initiation " letter and is terminated with " land " letter,Wherein any of which may be useless or may not be useless, wherein if no one of they are useless, then the bonding changes read direction and position, wherein if one or two be all it is useless, entire bonding must be neglectedDepending on, otherwise message will be decrypted improperly, wherein in the case where having bonding key definition, if reading information stateDuring must comply with bonding, then depend on it whether be specifically defined in encryption key.
In the case where having single cluster, two neighbours are non-radioactive, therefore limit range for cluster, wherein byDouble clusters are appointed as effectively in key, so the element is to be processed if if element is not first radioactivity, whereinIn the case where having double clusters, key definition double clusters are limited to it is movable, therefore while decrypting message it is all itsThe cluster of his size be considered as it is latent, wherein it is incorrect explanation show interpreter as why not double clusters are considered as insteadSequence (wrong report).
Under encryption enabled and the molecular pattern of streaming, in the case where having concealed dictionary attack to resist, message is notIt is decrypted correctly and will lead to " distracting attention " standby message, wherein in the case where each molecule has multiple movable words,During molecular procedures, these words are presented parallel, to increase the information of every surface area ratio, however have consistent transitionSpeed, wherein binary system and streaming mode show streaming mode, and in the configuration of typical atom read mode be it is binary,Wherein binary mode Deictic Center element defines which character word is followed by, and wherein molecular pattern is also binary;It removesWhen enabling the encryption for abiding by streaming mode, wherein streaming mode in orbit refers to spcial character.
The computer-implemented system is to coordinate all items of general BCHAIN of attachment integrated node with basic connection(UBEC) system of connection.The system further comprises:
A) communication gate (CG) is the main algorithm that BCHAIN node is interacted with its hardware interface, hereafter cause and itsThe communication of its BCHAIN node;
B) remote node behavior pattern is explained in node statistics investigation (NSS);
C) a possibility that node escape index, tracking nodes neighbors will be fled near sensing node;
D) node saturation index tracks the number of nodes in the detection range of sensing node;
E) node consistency index tracks the quality for the node serve such as explained by sensing node, wherein high node oneCause the neighbor node around sex index instruction that often there is more available uptime and consistency of performance, wherein havingThe node having a double purpose often has lower index of conformity in use, wherein dedicated for the node of BCHAIN networkShow higher value;And
F) node overlapping index tracks the quantity for the overlapping nodes such as explained mutually by sensing node.
The system further comprises:
A) customize chain identification module (CRM), with include previously by the application program chain of Node registry or determining for micro- chainChain link processed, wherein when detecting update on the section of the application program chain in first chain emulator in first chain or micro- chain, CRMNotify the rest part of BCHAIN agreement;
B) content is claimed delivering (CCD), is received the CCR by verifying and is sent correlation CCF hereafter to meet request;
C) dynamic strategy adaptation (DSA), management strategy creation module (SCM) are moved by using creative moduleState generates new policy deployment, and so that the system is via optimisation strategy selection algorithm (OSSA), preferably sophisticated strategies are mixed,Middle new strategy changes according to the input provided is explained by field chaos;
D) the various economic personalities managed at UBEC platform interface (UPI) and by graphic user interface (GUI)Password figure economy exchange (CDEE);Wherein in the case where personality A, node resource is consumed come the phase only consumed with youMatch, as long as wherein personality B consumes resource profit margin as much as possible greater than predetermined value, wherein personality C comes via transaction currencyWorking cell is paid, wherein node resource is spent as much as possible in the case where personality D, and not by any desired returnLimitation, either consumption content or pecuniary compensation;
E) current working status explains (CWSI), determines the node with reference to the economic section of infrastructure of first chainComplete the current surplus or deficit of the aspect of work credit;
F) economically consider that (ECWI) is forced in work, consider selected in the case where work at present surplus/deficitEconomic personality, with assessment whether should execute more work at present;And
G) symbiosis recurrence intelligently progress (SRIA), it includes a kind of Trinitarian between the algorithms of different of LIZARD for beingRelationship, by understand code purpose come the source code of innovatory algorithm, the generation including their own, simulation virtual iterationI2GE and BCHAIH network, the BCHAIH network are can to run mixing for complicated data-intensive program with a scattered mannerThe huge network of the node disorderly connected.
Specific embodiment
The critical infrastructures protection & punishment (CIPR) for the information security (CTIS) being layered by cloud &。
How the definition that Fig. 1-2 shows the multiple angles explained safely provides as a kind of analysis method.In attached drawingIn label 1, network have been established form the figure of invader and bad actor using beacon and spy.When such figure/dataLibrary and complicated prediction algorithm match clock synchronization, and threatening before potential crime just will appear.I2GE utilizes big data and Malware labelWhose factor name identification to determine.Safety behavior 20, which stores, forms security incident, its precedent for influencing and suitably responding.In this wayAppropriate response can be criticized by CTMP 22 (critical thinking, memory, perception) as the supplemental layers of safety.What appended drawing reference 2 referred toIt is which assets is among risk, may cause which potential damage.Example: hydroelectric generation dam can make its all gateIt opens, this eventually submerges neighbouring village and leads to the loss of life and property.Infrastructure DB 3 refer to comprising aboutIt is related to public or private company sensitive and non-sensitive information the Universal Database of national basis facility staff.Infrastructure 4Control the potential skill for controlling industrial infrastructure equipment (electric power watt on dam flood-discharge lock, national grid etc.)Art, number and/or mechanical measure.Appended drawing reference 5 analyzes business model with the time of the potential blind spot of protrusion.Such attack is held very muchIt is easily blinded to merge and to be hidden under legitimate traffic with legitimate traffic.Whether the problem of asking is: having anyPolitics/finance/sport/other events may be the interested point of bad actor.The network of the external spy of credible platform is reportedActivities of hacker and preparation.Therefore it can estimate attack opportunity.In appended drawing reference 6, the problem of asking is: who is possible quiltThe enterprise of more weak tendency as target of attack? the enterprise of which type may in given geographical location weak tendency? their most fragilesAssets/control what is and to protect their best means be what.The network of the external spy of credible platform returns to reportAccuse activities of hacker and preparation.Therefore can estimate to attack position.In appended drawing reference 7, the problem of asking, is: depositing in the worldThis attack can be subsidized and instigated in what kind of geopolitical, enterprise and financial pressure.Who can benefit from it and byHow much is benefit.The network of the external spy of credible platform returns to report activities of hacker and preparation.Therefore it can estimate that attack is dynamicMachine.In appended drawing reference 8, the problem of asking is: what the potential vulnerability exploit point of Malware and place of hiding oneself be.How to makeKey Asset and infrastructure control point are endangered with these blind spots and the access point that do not strengthen.LIZARD 16 can be from externalPurpose and function are exported in code, and therefore there are malicious intent or without preventing it in the case where lawful cause.CTMP22 can consider to Being Critical prevention/approval decision and serve as safe supplemental layers.
Fig. 3 is shown for safe EI2The encryption safe clothes based on cloud management of (extranet, Intranet, internet) networkingBusiness framework.The network security service provider (MNSP) 9 of management is to critical infrastructures industry section (such as energy, chemistry, core, waterDam etc.) encryption safe, the connectivity & compliance solution & service of management are provided.Credible platform 10 is by shared safetyInformation and service and from the set of verified company and system benefited each other.Hardware & software supplier 11 be hardware/The manufacturer (such as Intel, Samsung, Microsoft, Symantec, apple etc.) of the industry identification of software.In the present specification,They to credible platform 10 provide to the access of its product and/or any potential measure of vulnerability exploit, make it possible toLimited or sufficient ability carries out back door access.This has been carried out may collaboration partner and joint Ministry of State Security to credible platformThe potential safety and/or punishment process of door cooperation, it is desirable to make laws.Virtual Private Network (VPN) 12 is a kind of industrial standard skillArt realizes safety and overall separation communication between MNSP 9, credible platform and their association partner.ExtranetAllow almost to share digital element, just as they are located near same local (such as LAN).Therefore, both technologiesIn conjunction with the efficiently communication with safety between affiliate is promoted, to enhance the operation of credible platform.Security service provider 13It is to provide public and/or private company the set of security strategy and solution.Their solution/product be withForm of treaty tissue, so that credible platform can be from raw security information (such as new malware signature) and safety analysisMiddle benefit.This increase of security intensity and then security service provider oneself is made to be benefited because they can obtain it is additionalSecurity tool and information.It is that the mutual of security information shares that (such as new malice is soft that third party, which threatens intelligence (3PTI) feeding 14,Part signature).Credible platform serves as the concentration hub of transmission, reception and this security information of assimilation.In multiple feedings of informationIn the case where, the analysis module (such as conspiracy detection 19) that can be cooperated via identifying information obtains more advanced security-relatedBehavior pattern (by utilize security service provider).Law enforcement agency 15 refers to relevant law enforcement authority, either state(such as FBI) or international (such as INTERPOL) of (such as NYPD), country.Establishing communication is to send and receive peaceFull information, to promote or complete the punishment to crime hacker.This punishment usually requires positioning and arrests suspect appropriate, andThey are tried in related law court.
Fig. 4-8 is the network & security service provider (MNSP) 9 of management and the general introduction of internal submodule relationship.LIZARD16 analyze the threat of their own without reference to prior historical data.Manual security threatens (AST) 17 to provideFor test safety regulation validity hypothesis security scenario.Security threat is consistent in seriousness and type, withSignificant comparison to security scenario is just provided.Creative module 18, which executes, intelligently to be created newly from previous input formThe process of mixed form.As card module for serving polyalgorithm.Conspiracy detection 19, which provides, pacifies multiple ' conspiracys 'The general context inspection of total event, and attempt to determine the mode and relevance between the security incident for seeming unrelated.Safety behavior20: event and its security response and speciality are stored and are worked out index so as to for future Query.I2GE 21 is the big number of MNSP 9According to, retrospective analysis branch.In the signature following function of standard, it can be imitated by the AST using creative moduleThe future potential variation of true Malware.CTMP 22 is using from multiple sources (such as I2GE, LIZARD, credible platform etc.)Cross reference intelligence, and understand to perception and reality expectation.CTMP estimates that oneself forms objective decision to an affairsAbility, and avoid asserting the decision made with internal low confidence.Management console (MC) 23 be the mankind be used to monitor andThe intelligence interface of control complexity and automanual system.Intelligent information & configuration management (I2CM) 24 process comprising control informationAnd the types of functionality that authoring system utilizes.Energy network exchange 25 is to connect energy supplier, manufacturer, buyer etc.One large-scale private extranet.This allows them to exchange security information related with their common industry.Energy networkThen exchange is conveyed to MNSP cloud 9 via VPN/ extranet 12.Such cloud communication allows bidirectional safe to analyze, and 1) will whereinImportant security information data are supplied to MNSP cloud from energy network exchange, and 2) act important safe correction from MNSPCloud is supplied to energy network exchange.All EI of energy company2(extranet, Intranet, internet) networking service always viaVPN 12 routes to MNSP cloud.The certification & encryption that MNSP is utilized for all services abide by country (specific country, such asFedRAMP, NIST, OMB etc.) international (ETSI, ISO/IEC, the IETF, IEEE etc.) standard of & and security requirements (such as FIPSEtc.).Intranet 26 (the layer 2/3VPN of encryption) maintains the secure inner connection in enterprise (energy company) private network 27.ThisLIZARD scaled-down version client 43 is allowed to operate in enterprise infrastructure, while can be with LIZARD present in MNSP cloud 9Cloud 16 communicates.The local node of the expression private network of appended drawing reference 27.Such private network, which exists, provides multiple positions (labelFor position A, B and C).Different technological infrastructure settings can reside in each private network, such as server cluster(position C) or shared employee office with mobile device connect (position A) with private WiFi.Each section of private networkPoint is all with the management console (MC) 23 of distributed own.Portable media device 28 is configured to secure connection to privateIt is connected to Intranet 26 with network and therefore by extension, and therefore they are indirect via secure vpn/extranet connection 12It is connected to MNSP 9.During using the secure connection, all business are all routed via MNSP, so as to sudden and violent to the maximum extentIt is exposed to the real-time and retrospective safety analysis algorithm of deployment.Such portable device can keep the secure connection, eitherIt is from the inside of the private network of safety or the WiFi access of public cafe.Demilitarized zone (DMZ) 29 is comprising HTTPThe subnet of server, HTTP server have safety responsibility more higher than common computer.The safety responsibility of server does not go outComplex software and hardware composition in neglect of safety, but due to public server.Although adding due to having use up maximum effortStrong security, but still there are many potential points of attack, so the server is placed in DMZ, so as to private network (positionSet C) remainder be not exposed to such safety responsibility.Due to this separation, HTTP server can not with not in DMZPrivate network inside other equipment communication.Due to being mounted with DMZ on HTTP server, so LIZARD scaled-down version clientEnd 43 can operate in DMZ.There is exception in DMZ strategy, so as to the accessible HTTP server of MC 23 and therefore accessesDMZ.Scaled-down version client is communicated via the encrypted tunnel formed from event 12 and 26 with MNSP.In appended drawing reference 30, theseServer is isolated in private network, but is not immersed in DMZ 29.This allows the inside of the equipment in private networkCommunication.Each of which has the separate instance of LIZARD scaled-down version client 43 and is managed by MC 23.Internet 31By coherent reference, because it is the information transmitting between MNSP 9 and the business equipment 28 for running LIZARD scaled-down version clientMedium.Internet is the source that business equipment is most susceptible to security threat, rather than is originated from the local situation of local area network (LAN)It threatens.Because of high security risk, all information transmitting in each equipment all can be routed to MNSP as agency.From mutualThe potential bad actor of networking will can only see the information encrypted due to the VPN/ external connection web frame 12 in appropriate location.Third party threatens intelligence (3PTI) feeding 32 to indicate to be provided by third party and is tuned according to the customization of previous existing contractual obligationInformation input.Iteration evolution 33: parallel evolving path is mature and is selected.Iteration adapts to identical artificial safe prestige from generation to generationIt coerces (AST), and the path with optimal personality trait is terminated with the security threat for resisting most serious.Evolving path 34: actuallyThe series of rules collection generation for including and isolating.Evolution characteristic and criterion are limited by this path personality X.
Fig. 9 shows the actual time safety processing about the encryption safe based on LIZARD cloud.Grammar module 35 is to read & to writeComputer code provides frame.For writing;Complex format purpose is received from PM, generation is then write with arbitrary code grammerCode, then the arbitrary code can be translated into true executable code (depending on desired language) by help function.For readingIt takes, provides the grammar explanation of code for PM to export the purpose of the function of such code.Purpose module 36 uses grammar module35 to export purpose from code with the such purpose of ' complicated purpose format ' output of own.Such purpose should be abundantGround description is such as by the expectation function (even if the code is in concealed embedding data) of the SM code block explained.Virtually obscure 37:Enterprise network and database are cloned in virtual environment, and sensitive data is replaced by false (vacation) data.According to targetBehavior, environment can include more true elements of more false elements or whole system by dynamic change in real time.LetterNumber simulation 38 provides a kind of punishment form usually used when having obtained the analysis conclusion for virtually obscuring (protection).Signal imitationThe communication grammer of Malware Yu its hacker is understood using grammar module.Then it kidnap as communicate to Malware toThe impression to make mistake, i.e., it sensitive data is successfully sent back to hacker (even if it is destined to the virtual illusion of hackerFalse data).True hacker sends the error code of Malware also by LIZARD, so that it is appeared to from maliceSoftware.This can be by the debugging tangent line of the time of hacker and resource transfers to mistake, and finally with the print of its idle mistakeAs the Malware in walking off from one's job.Internal consistency checks that 39 check that the institute of foreign code is functional all meaningful.ReallyIt protects there is no one section in the internal code inconsistent with the purpose of entire foreign code.Foreign code rewrites 40 and uses grammer and meshModule by foreign code drop at complicated purpose format.Then it constructs code set using derived purpose.This ensuresThe purpose of foreign code that is desired and understanding is only carried out in enterprise, and any unexpected function execution cannot all obtainAccess to system.Concealed code detection 41 detects the concealed code being embedded in data & transmission grouping.Need to map matching 42It is the hierarchical structure for the mapping for needing & purpose and is referenced to determine the overall goal whether foreign code adapts to system.LIZARD scaled-down version client 43 is to omit the LIZARD journey of heavy resource function (such as virtually obscuring 208 and signal imitation)The lightweight version of sequence.It by using without using signature database be used as with reference to objective prior threat analysis come with the smallestComputer resource utilization rate executes instant and real-time threat assessment.With log 44, energy company's system 48With multiple log creation points, standard software mistake/access log, operating system log, monitoring probe etc..Then by thisA little logs are fed to local mode matching algorithm 46 and CTMP 22, to carry out the safety analysis of depth and responsiveness.HaveIn the case where business 45, all inside and outside business are by industrial standard present in energy company's local mode matching algorithm 46Software composition, this software provides the initial safe layers of such as anti-virus, adaptive firewall etc..
Correction movement 47 will be held by being initially understood to solve safety problem/risk local mode matching algorithm 46Load.This, which may include, prevents port, file transmitting, management function request etc..Its system 48 and Special safety are calculated by energy companyMethod separates, which also sends its log and business information.This is because these algorithms, LIZARD 16, I2GE21 and CTMP 22 is all based on MNSP cloud 9.There is this separation to provide the database model of centralization, which results in biggerIt secure data/trend pond and therefore more fully analyzes.
In case of fig. 11, crime system scanning for into goal systems can vulnerability exploit channel.If possibleIf, it can damage the channel for delivering a small amount of payload.Crime system 49 is used to by robber crime side to affiliateSystem 51 and the therefore final initiation of infrastructure system 54 malware attacks.Malware source 50 is malicious code (maliceSoftware) inactive form container.Once code eventually arrives at (or attempting to reach) target infrastructure system 54, malice is softPart is just activated to execute the malice task of its specified or on-demand execution.Affiliate's system 51 is according to infrastructure companyContract agreement between (energy company) and cooperative venture is interacted with infrastructure system.Such agreement reflects certain businessThe exchange of interests, such as supply chain management service or inventory tracking.In order to realize the service decided through consultation, both sides are according to the peace previously decided through consultationFull standard electronically interacts.The Malware source 50 for representing the malicious parties of operation crime system 49 attempts in cooperation partnerWith vulnerability exploit of the discovery for infiltration in system.In this way, Malware will reach infection (i.e. infrastructure system 54)Final goal.In this way, buddy system has been used for acting on behalf of course of infection from Malware source 50.In buddy system 51 and baseIn many communication channels between Infrastructure system 54, the Malware which is originated from Malware source 50 is damagedEvil.It uses channel/agreement 53: communication channel not yet impaired between affiliate's system 51 and infrastructure system 54 is shown.These channels may include file system connection, database connection, Email routing, VOIP connection etc..Infrastructure system54 be the key element of the operation of the direct access infrastructure DB 57 of energy company and infrastructure control 56.Industrial standardIntrusion prevention system 55 is implemented as the security procedure of standard.Infrastructure control 56 is attached to equipment related with the energyDigital interface.For example, this may include the opening and closing of the water flow gate in Hydropower Dam, solar panel array is directed towardAngle etc..Infrastructure database 57 includes related quick with the entire core operation of infrastructure system and energy companyFeel information.Such information may include contact details, employee track in shifts, energy device file and blueprint etc..
In case of fig.12, impaired channel 52 provides very narrow window of opportunity for vulnerability exploit, therefore verySimple Trojan Horse is uploaded to goal systems to extend vulnerability exploit chance.Trojan Horse 58 is originated from Malware source50, it is advanced by impaired channel 52, and reach its target (i.e. infrastructure system 54).Its purpose is to open to pass through leakageHole utilize and provide chance, so as to install on the target system advanced executable Malware payload (it moreIt is complicated and include the actual malice code for stealing data etc.).
How Figure 13 shows after the Trojan Horse further vulnerability exploit system via being created by Trojan HorseNew open channel safely uploads to large size executable Malware grouping in system.Advanced 59 quilt of executable MalwareIt is transferred to basic system 54 and therefore sensitive database 57 and control 56.Advanced executable Malware use is by previous special Lip riverThe digital path that the vulnerability exploit of her wooden horse is opened up reaches its destination.
Figure 14 shows how advanced executable Malware 50 damages ID so that sensitive infrastructure information and controlPoint can be downloaded to discretely on not detected crime system.Hacker's expected behavior 60, hacker 65 have managed to be hadThere is the trusted voucher of the employee of company of legal authorization access credentials.Hacker intends to be obtained using these vouchers to intention only for employingThe careful and inconspicuous access for the local area network that member uses.Hacker intends the security response for surmounting typical " very little, too late ".I.e.Endpoint security client is set to try for data to be relayed to cloud security service, retrospective analysis security solution can only also manage damageBad control, rather than eliminate and managed from the threat initially invaded in real time.In the case where having practical security response 61,LIZARD scaled-down version client (being used for endpoint use) can not the clear proof needs that bright voucher logs in fact and system access uses, functionAnd purposes.Because it have no knowledge about this whether be really voucher predetermined and legitimate user, user be placed in partial virtual/In false environment.Such environment can analyze the exposure real-time dynamicly changed when the behavior of user to sensitive data.RowIt is all existing element in 64 the two of LAN infrastructure that is true and virtually cloning based on his interaction to hacker for analysis 6265 execution.In the case where having impaired voucher 63, hacker obtains authorization, and he is managed to energy company's portable computer28 and LAN infrastructure 64 that therefore portable computer is configured to connect to access voucher.Firstly, these vouchersIt may be damaged due to Email, the unencryption business equipment etc. for stealing the voucher being locally stored of intercepting and capturing unencryption.LAN infrastructure 64 indicates a series of business equipments connected via local network (wiredly and/or wirelessly).This may include beatingPrint machine, server, tablet computer, phone etc..Entire LAN infrastructure is virtually rebuild (virtual router in MNSP cloud 9IP distribution, virtual printer, virtual server etc.).Then, when system process performing analysis 62, hacker is exposed on reallyIn LAN infrastructure and the virtual element for cloning both versions.If the result of this analysis indicates risk, hacker is to vacationThe exposure of infrastructure (opposite with practical basis facility) just will increase, to reduce truthful data and/or the damaged wind of equipmentDanger.Hacker 65 is intended to the initial invasion via impaired authority 63 enabling to access and steal the bad actor of sensitive information.With code-set 66, one group of three password of distribution are accessed to authentication.These passwords never can be independentStorage, and occur always as a set.Employee must input these three passwords according to the agreement temporarily distributed from SIAPACombination.In the case where having planned internal authentication protocol access (SIAPA) 67, the certification of the login portal of individual employeeAgreement weekly/every month can all be modified.Such agreement can be that (they, which have been allocated in advance, is used for from one group of password A, B and CCertification) in select password A and C.By arranging certification change first day of month (each Monday or) on a consistent basis,Employee will get used to switching authentication protocol, this will minimize false positive event (when legal employee using old agreement and is trapped in falsenessWhen in data environment 394).In order to offset the risk for the new agreement damaged by hacker, which can only be in their new agreement quiltIt checks primary before destroying and can not be examined.It is for the first time also uniquely to check to need special dual factor anthentication, it is allSuch as bio-identification/retina/to the short message of mobile phone.Employee need to only remember one or two letter, these letters indicate that he answersWhich of three passwords of the input.For the 1st week 68, any content inputted other than only password A and B all will triggeringFalse data environment 394.For the 2nd week 69, false data will all be triggered by inputting any content other than only password A and CEnvironment.For the 3rd week 70, false data environment will all be triggered by inputting any content other than only password B.For the 4th week71, false data environment will all be triggered by inputting any content other than all passwords.At SIAPA 72, authentication protocol isSecrecy, anyone for being only able to access that interim notice knows correct agreement.It is virtually cloned in 73 in LAN infrastructure,Since hacker 65 has input all three passwords, rather than correct password is omitted, so hacker 65 is voicelessly transferred toIn the copying surroundings for not including significant data or function in MNSP cloud 9.Think oneself successfully to have penetrated into very in hackerWhile real system, court evidence and behavioural analysis are had collected.For case scene, ' Error Protocol used ' 74, hacker does not haveUsing correct agreement, because he has no idea to know, needless to say hacker omits specific cryptosystem even without expecting to existSpecial agreement.At appended drawing reference 75, hacker has sought to steal validation certificate, and intends to log in Corporation system and stealSensitive data.Enterprises superintendent office 76 is made of administration committee and Technology Command Center.It is monitoring and approval/preventionThe top layer of potential malicious act.Employee B and D 77 is not robber's (they are loyal to the interests of enterprise completely) and has been chosen asRatify the qualified employee of root grade function 80 cooperated three times.Employee A 78 is not selected for cooperative process 80 three times.This canCan be because he it is no it is enough the experience of company work, technical experience, previous conviction or he be other employees mistakeIn close friend, this may result in the conspiracy to company etc..Employee C (robber) 79 attempt to access that purpose from malevolence andRoot grade function/action of execution.Such root grade function 80 cannot be in the employee without three with individual root grade access authorityAgreement and approval is lower executes.Although employee C is only one employee with malicious intent, all three employees are rightThe result for executing this grade function bears same responsibility.Which results in a kind of culture with suspection with caution, and due to rightThe foresight of program seriously prevents the malicious act of employee first.Employee E and F 81 is not selected for cooperating three timesProcess 80, because they execute without root grade access authority or ratify first requested grade function.Supervision examines 82Requested action is examined and criticized using the time provided by artificial postpone.Root grade action 83 is delayed by 1 hour, to giveSuperintendent office's examination acts and clearly ratifies or prevent the chance of the movement.It can not or be not useable for making decisions in superintendent officeIn the case where, strategy can limit default-action (ratify or refuse politely).Supervision examines that 84 have determined why be not carried out unanimouslyWhat the reasons why agreeing to decision be.For performed root grade movement 85, when by cooperating and supervising monitoring system, in safetyGround maintenance executes the movement of root grade while having approved who what record.In this way, if root grade the result of the action violates companyMaximum benefit can then extend detailed investigation.At appended drawing reference 86, due to cooperating failure (agreement of not reaching an agreement three timesDecision), the movement of root grade has been cancelled.At appended drawing reference 87, all three selected employees all one with root grade access authorityIt causes to agree to approval root grade movement.If the movement of root grade is actually malice, all three employees is just needed all to become anti-To the part of the conspiracy of company.Due to it is this be less likely but still there are a possibility that, root grade movement be delayed by 1 hour83, and superintendent office has an opportunity to examine it (see appended drawing reference 76 and 82).At appended drawing reference 88, it has been selected asOne or more of qualified employee cooperated three times /had rejected the movement of requested grade.Therefore root grade movement89 itself are cancelled, and root grade movement 89 is cancelled, because of the decision for agreement of not reaching an agreement.Evolving model database 90 wrapsContaining security risk mode previously found and processed.These modes list the current Malware that evolution may be transformed intoThe potential means of state.Malware root signature 91 is provided to AST17, so as to form iteration/variant of signature 91.It willThe polymorphie variant 92 of Malware is provided as from I2The output of GE, and it is transferred to malware detection system 95.BasisFacility system 93 physically belongs in the premise of infrastructure.The usual management infrastructure function of the system, such as power station,Power network etc..Infrastructure computer 94 is executed so that the function that the infrastructure function from system 93 is carried outOr the certain computer of the part of function.Malware detection software 95 is deployed in all three grades of computer composition.This includes user's space 97, kernel spacing 99 and firmware/hardware space 101.This is every in three grades corresponding to being specially deployed toThe malware detection deployment executed on a grade of Lizard scaled-down version spy.In driver (it is present in kernel spacing 99)In have found the form of Malware 96 via 34 iteration of evolving path.User's space 97 applies journey for mainstream developerSequence.It is easiest to the space of infiltration Malware while being also the space being easiest to for being used to detect and be isolated Malware.It is allUser's space activity is all effectively monitored by LIZARD scaled-down version.Application program 98 in user's space may include such asThe program of Microsoft Office, Skype, Quicken etc..Kernel spacing 99 be mostly by operating system supplier (such asApple, Microsoft and Linux foundation) it safeguards.Although being more difficult to permeate than user's space, unless corresponding infrastructure passes throughKernel modifications are crossed, otherwise most of responsibility belongs to supplier.All interior nuclear activities (including registry change (MicrosoftOS), memory management, network interface management etc.) all effectively monitored by LIZARD scaled-down version.Driver 100 sets basisApplying computer 94 can interact with peripheral equipment and hardware (mouse, keyboard, fingerprint scanner etc.).Firmware/hardware space101 are safeguarded by firmware/hardware supplier completely.Extremely difficult infection in the case where not direct physical access hardware of Malware is (i.e.Old BIOS chip is removed from mainboard and in new one upper welding).Certain firmware activities are supervised by LIZARD scaled-down versionDepending on, this depends on hardware configuration.BIOS 102 (a type of firmware) is that operating system is soft from the first layer constructed thereonPart.Public basic installations 103 refer to unknown and potential impaired number basis facility (ISP router, fiber optic cables etc.).BetweenSpy 104 is implanted by their the known description (port, protocol type etc.) for participating in being stored in credible platform databaseOn public basic installations and monitor known readjustment channel.Spy checks heartbeat signal and notifies that credible platform is soft using malicePart source.In the case where having automatic discovery and installation scaled-down version client 105, LIZARD cloud detection in MNSP 9 is not to havingThe point-to-point system (such as portable computer) of signal response (shaking hands) is provided to LIZARD.Endpoint will be synchronous in discovery, andPass through I2CM 24 classifies.Therefore, LIZARD cloud (via the long-range root shell of SSH) detects Lizard scaled-down version client 43It is not mounted/activation, and by the way that it forces the installation of client 43 and ensures that it is correctly activated using root shell.MalwareIt is because being fitted without scaled-down version client 43 on access device that 106A, which is initially entered,.Scaled-down version client 43, which is almost mounted on, isEach of on system in possible example, needless to say all business being transferred into and out are all by the inclusion of the road MNSP of LIZARD cloudBy.In the case where utilizing 107 with initial compromise, before it can establish concealed readjustment channel 106B, integrally examined with itSurvey and potentially prevent the initial solid of vulnerability exploit.Channel 106B is that Malware 106B and its basis carry out distributed communicationOne fuzzy communication path.This may include masking signal to make it appear that legal http or https application program industryBusiness.Extensive supplier 108 provides valuable resource, such as to software, hardware, firewall, service, finance and key foundationThe concealed access of facility, to allow spy 104 to be implanted in public basic installations 103.Heartbeat signal is via readjustment channel106B is issued with specific size and frequency by Malware with aturegularaintervals, and is directed to it via concealed readjustment channelOrigin/loyalty source.The signal designation enable Malware source 50 determine following vulnerability exploit and coordinate attack itsState/ability.Such Malware source-representation has the tissue of hacker's ability of malicious intent;Either black hat groupOr country-state government.The LIZARD run in MNSP cloud 9 detects Malware 106A and heartbeat signal (in channelInside 106B) because all, to be transferred into and out business all be to be routed via vpn tunneling by MNSP cloud/Lizard.
Figure 22 and 23 shows foreign code and rewrites to replicate foreign code grammatically how from the beginning to mitigate potentiallyNot detected malice vulnerability exploit.Combined method 113 is by the purpose 112A of statement (if applicable, according to business strategy147 it can be optionally) be compared and match with derived purpose 112B.Complicated purpose is manipulated using purpose module 36Format, and realize matching or mismatch case scene that result obtains.In the case where having export purpose 112B, mapping is neededThe jurisdiction of all enterprises' needs is safeguarded with hierarchical structure is kept.Therefore, the purpose of code block can be defined and prove to closeReason, this is depended on jurisdiction the vacancy needed to map in 114 that orients.Input purpose 115 is recurrence debugging process (its benefitWith purpose & grammar module) introducing.Merge multiple introducings (such as purpose), each purpose input one list of initializationOnly and parallel instances.Last safety inspection 116 is checked using ' reason ' that grammer 35 and 36 module of purpose carry out more purposes, to protectAny vulnerability exploit point in shield programming, and final output 117 is transferred to VPN/ extranet 12.
Figure 24 and 25 show recurrence debugging 119 how to be recycled by code segment so as in possible local test errors andApplication error repairs 129 (solutions).If mistake exists, it is original (external) that entire code segment, which is replaced 123,Code segment 121.Source code section is then labeled to promote added layer of security (such as virtually obscure and behavioural analysis).HavingIn the case where having foreign code 120, the reset condition of code by for code rewriting purpose module 36 and grammar module 35It explains.Because needing to install original (external) code segment there are permanent error in rewritable versions, by debuggerDirectly refer to foreign code 120.122 section 121 of re-written code is tested by environment 131 when virtual operation to check code error132.Such environment 131 executes code segment 121 (such as function and type), and checks run time error (syntax error, bufferingArea's spilling, function call of mistake etc.).Any code error is handled to be repaired.There is the case where code error 132Under, the mistake that is generated in environment when being defined on virtual operation in range and type.All correlative coding details are provided to promoteSolution.With purpose alignment 124, the potential solution for code error 132 is by from this wayFunction and the purpose of type code is exported again to formulate.The range of code error is rewritten with alternate formats to keep awayExempt from such mistake.Potential solution is exported, and without solution is retained, is then lost to the code segment121 code rewriting and the source code section (directly from foreign code) is concentrated use in final code.Usually coding is wrongAccidentally 132 Coding Project 138 will be repeatedly received in a cycle.If all Coding Projects were all as solution shouldMistake 132 and use up;It then loses 137 solutions and uses original foreign code section 133.Code segment 121 can be labeled136 to be external in order to such as virtually obscuring and the decision of the additional security measure of behavioural analysis etc.For example, if weightThe code block write includes the foreign code section of high level, then is easier to place it in false data environment 394.Away from codeSection cache 130 in the case where, individual code section (function/type) be cached and by across multiple rewrite operations againUsing to increase LIZARD cloud resource efficiency.The cache is limited or highly-utilized, because all business are all via at cloudVPN is concentrated.With re-written code section provider 128, provide the code segment 121 previously rewritten so thatIts respective solution 129 can be applied to it by code error.
Figure 26 shows the need for the internal work of mapping matching 114, verifying purpose jurisdiction.LIZARD cloud and scaled-down version ginsengExamine the level mapping 150 of jurisdiction branch of enterprise.This is done to prove that code/functional purpose is reasonable, and do not havingSuch code/function is potentially prevented in the case of effect reasonable ground.No matter input purpose 139 be required or export (viaPurpose module 35), need to map the reasonable ground that all Validation Code/functions of matching 114 execute in business system.Level mapping150 primary copy is stored on the LIZARD cloud in MNSP 9, is stored on the account of corresponding registered enterprise.Need mappingWith in 114 to need to index 145 calculated by reference to primary copy.Then, pre-optimized need to index (and notHierarchical structure itself) it is distributed between all addressable endpoint client ends.It needs to map matching to receive to whole system mostWhat is suitably needed needs to request 140.Corresponding output is the complicated purpose format 325 for indicating suitably to need.With need criterion+Priority filtering 143, and needs appropriate are searched in business strategy 147.The each jurisdiction of such tactful 147 regulation canCan have the type and classification of some need.The range needed may come from E-mail communication, software installation needs.Strategy147 determine that is to need priority according to enterprise.According to definition associated with each branch, portion corresponding to they is neededDoor is associated.In this way, scope check can be executed.Example: needing to map the request that matching approval HR downloads all employee CV, becauseTo be when carrying out annual review to employee performance according to the ability of employee now.In the case where having initial parsing 148,Each jurisdiction branch is downloaded for needing to refer to.In the case where calculating branch's needs 149, basis and each point are neededThe associated definition of branch department corresponding to they is associated.In this way, scope check can be executed.Example: it needs to map matching batchQuasi- HR downloads the request of all employee CV, because being according to the jurisdiction limited in level mapping 150 now to employee performanceWhen carrying out annual review.
Pass through secret intelligence (MACINT) the & punishment of the machine of the Blinding Operations in cyberspace
Figure 27 shows intelligent information management, checks and control.Polymerization 152 filtered out using general purpose grade criterion it is inessential andThe information of redundancy, while merging and marking the information flow from multiple platforms.Configuration & deployment services 153 are that have for disposingNew spectra networked asset (computer, portable computer, mobile phone) interface of correct security configuration and connectivity setting.?After equipment is added and is arranged, it can be adjusted therewith via having the management console controlled as internuncial management feedbackIt is whole they.The service also manages the deployment of new client/client user account.This deployment may include hardware and user accountAssociation, the customization of interface, client/client variable list (such as type of service, product type etc.).Pass through jurisdiction154 separation, exclusively according to the related jurisdiction of management console user come the information pool of separation marking.It is threatened passing through155 come in the case where separating, according to each threat come organizational information.Each type of data otherwise with threaten be associated with (this addSuperfluous words) or be removed.At the stage for the process for being marked as intelligent contextualized 156, remaining data seem nowAs group of islands, each island are a network security threats.In order to keep safety analysis more mature, closed between platformConnection.Historical data is (from I2GE 21 rather than LIZARD 16) it is accessed to understand Threat Model, and CTMP be used to criticizeProperty thinking analysis.Have threaten predicament management 157 in the case where, network security threats be from get a bird's eye view visual angle (big picture) senseKnow.Such threat is passed on management console to present for figure.Because related with threat mechanism countedThe measurement result of calculation finally merges from multiple platforms;So can be performed automatically more informed Threat Management decision.It automatically controls158 indicate to be used to control the algorithm accesses with the related management of control of MNSP 9, TP, 3PS.Management feedback control 159 providesThe advanced control of the additional service based on third party's service (3PS) of all MNSP clouds, credible platform 10, the service can be used toPromote make decisions, collect evidence, threatening investigation etc..Such management control is finally embodied in management console (MC), is hadThere is customizable visual aid appropriate and efficiency is presented.This allows direct from individual interface (it can amplify details as required)Whole system (MNSP, TP, 3PI) is control effectively and manipulated.Manually control 160 expressions be used to control MNSP 9, TP,The artificial access of the management relevant control of 3PS.Directly management 161 provides human interface using manually controlling.With classificationIn the case where jurisdiction 162, the user for managing console, which uses, limits their jurisdictions and range to information classification accessTheir logging on authentication.All potential data vectors 163 are all running data, in static data & useData.Customized visual aid 164 for each business enterprice sector, (drape over one's shoulders by accounting, finance, HR, IT, law, safety/control general, privacy/Dew, labour union etc.) and stakeholder staff, manager, the administrative personnel of department (each corresponding) and third party partner, holdMethod authorities use.Integrated single-view 165 is such as monitoring, log recording, report, event correlation, alarm processing, strategy/ruleCollect creation, correction movement, the use and third party's service of algorithm optimization, service provision (new client/modification), credible platformThe list of all potential abilities of (including receiving report and alarm/log etc. from third party service provider & supplier) etcA view.Unified view 165 in all aspects to safety 165 is the set of a visual aid, it indicate circumference, enterprise,Data center, cloud, removable media, mobile device etc..Network security team 167 is a qualified professional team, heMonitor straddle multiple systems activity and state.Because making the Intelligent treatment and AI decision of information, it is possible toCost is reduced by employing the less personnel with less experience.The main purpose of the team is used as executing on a large scaleSystem is verified while analysis site according to desired criterion come the spare level during mature and progress.Behavioural analysis 168169 status of observation Malware and performed movement while at which in 100% false data environment 394.When Malware is interacted with false data 170, behavioural analysis will be recorded in the mode observed in activationary time (such as only in weekJust activation when day office closes), file access request, requested management function etc..Malware 169 is by hacker177 implantation.Although hacker believes that Malware is successfully implanted into goal systems by him, which is shifted silentlyAnd it isolates to 100% false data environment 394.At false data 170, Malware 169 has held a vacation in a digital mannerData copy.While doing so, in the case where data are true impression, and it is by extension, and hacker 177 has forgotten that these are countedAccording to being true or false.When Malware attempts to send false data to hacker, output signal is re-routed, so that itIt is received by false hacker 174, this is opposite with the expectation of the Malware of real hacker.With hacker's interface 171,Grammar module 35 and purpose module 36 (they belong to LIZARD system according to jurisdiction) receive the code knot of Malware 169Structure.These modules make the internal structure reverse-engineering of Malware to export hacker's interface.The interface be described in detail in Malware andThe communication means that uses between hacker, Malware are to the expectation of hacker (such as receive order etc.) and hacker to MalwareIt is expected that (such as state report etc.).The false hacker 174 and false malice that such information allows to emulate in virtualized environment 173Software 172.Once behavioural analysis 168 has sufficiently had studied the behavior of Malware 169, the signal imitation function of MNSP 9 canTo emulate the program for being similar to hacker 177 and showing.This is included in real Malware 169, false data 170 and false hacker 174Between existing communication protocol.In the case where the signal response 175 with emulation, the false hacker 174 of virtualization is to realMalware 169 sends response signal, to give the impression of its its Mission Success or failure.Such signal may include to evilThe order of meaning software action and/or the request that information state is updated.This is done to further behavioural analysis research, so as toObserve next behavior pattern of Malware.At the end of research, wherein the false data environment 394 with Malware is wantedIt is frozen or is destroyed.In the case where having response code 176 of emulation, hacker can be given soft with true maliceThe unrelated spurious response code of behavior/state of part.According to desired punishment strategy, can send false error code or vacation atFunction code.False error code can give the inoperative impression of a kind of Malware of hacker (being in this way when in reality), andAnd the time of hacker can be wasted on useless debugging tangent line.Successful error code can reduce hacker and be transferred to attentionA possibility that manufacturing on the Malware of new model, but be primarily focused on current Malware and it is any it is possible graduallyIt is improved into formula.Because such Malware is damaged and understood by LIZARD, hacker will exist wasted effortOn impaired Malware, it is believed that it is succeeding.The Malware that hacker 177 believes that he is implanted into successfully permeatesInto goal systems.In fact, Malware is isolated in the environment of virtualization.The identical virtualized environment isIt is (either two-way with the method and grammer of the communication of hacker to emulate it to the behavioural analysis 168 that Malware is formulatedOr omnidirectional).Crime assets 178 indicate the investment carried out via crime finance 184, to promote the hacker of crime system 49And malicious operation.Such assets 178 are usually expressed as computer capacity and internet together with property, show as to both assetsWith strong investment, hacker's performance that is more advanced and formulating meticulously is realized.Using crime code 179, by credible platformSpy executes vulnerability exploit scanning, to collect court evidence as much as possible.Using crime computer 180, CPU loophole benefit is executedWith being instructed using AVX overflows CPU.This causes increase heat, increase power consumption, CPU degeneration more and process of commission of crimeAvailable processing capacity is reduced.The vulnerability exploit scanning 181 of crime assets 178 is executed to identify their ability and characteristic.KnotThe scanning result that fruit obtains is managed by vulnerability exploit 185 and transfers it to credible platform 10.Vulnerability exploit 185 is by credibleThe program that platform is sent via the punishment vulnerability exploit database 187 for penetrating into target crime system 49, such as Figure 27-44It is emulated in MACINT.Electric power and cooling spending are significantly increased, this exhausts crime finance 184.Shutting down computer seriously to interfereCrime operation.Purchase new computer can bring bigger pressure to crime finance, and this new computer is easy to as old meterCalculation machine is like that by vulnerability exploit.Punishment vulnerability exploit database 187 includes what a kind of vulnerability exploit was provided by hardware supplier 186The measure of the criminal activity of form in the back door and known vulnerability established.Unified court evidence database 188 includesThe court evidence of compilation from multiple sources across multiple enterprises.It in this way, may the most powerful law casePart is based upon crime enterprise, is submitted to relevant law court.With target selection 189, only it is being directed to meshAfter mark establishes enough court evidences, which is just selected for punishing.This may include to needing to be supervised examinationThe minimum time of court case requires (such as 6 months).Evidence must have self confirmation property of height, and the thing isolatedPart cannot be used to implement punishment, because fearing the not guilty target of attack and causing law repercussion.With target verification 190In the case of, suspicious crime system is verified using a variety of methods, to surmount any potential blinding method (public coffeeCoffee shop, TOR network etc.), comprising:
Physical positioning.GPS can use.Cloud service can help to confirm (such as to log in position for cloud (Dropbox)The long-term precedent set)
Physical equipment.MAC Address, sequence number (come from manufacturer/supplier).
Personnel's verifying.Biological attribute data is used in security system, photo is shot from front camera, in multiple platformsIt is upper to confirm consistent logging on authentication.
Figure 33 show MACINT Blinding Operations general introduction, crime how vulnerability exploit business system.Business system 228 definesThe infrastructure of enterprise and the entire scope of property and jurisdiction.Enterprise computer 227 is the key component of business system 228,Because it includes sensitive information 214, and depends on enterprise network 219, because it is usually planning for task.Suspend mode dualSpy 215 is that latent and ' suspend mode ' Malware is kept on object-computer 227.Due to shortage activity, programmer and networkSafety analysis personnel are difficult to detect it, because any damage occurs not yet.When hacker's discovery from crime system 49 makesWhen with chance opportunity of their suspend mode spy 215, spy 215 stealthily captures the copy of sensitive document 214.In this rankSection, hacker exposes themselves and is tracked, but this be decided in its sole discretion at them in the case where no administrator notifies whenThe chance installed using spy 215 (i.e. if file 214 is worth).In the stage 216, via enterprise network outside encryption willThe file 214 of capture is pushed to robber destination server.This encryption (i.e. https) is allowed by strategy, therefore transmits notIt is prevented immediately.The file 214 of capture is passed on the network infrastructure of enterprise network 219, it is intended to leave business system228 and enters and arbitrary system 262 and eventually enter into crime system 49.This network infrastructure is represented as LAN router 217With firewall 218, they are that Malware will be by before the file 214 of capture can be transferred to except business systemLast obstacle.It is considered not preventing the professional standard firewall 218 for the file 214 for stealing capture to generate forwarding in this exampleTo the log of log aggregation 220.Then, such polymerization will be used for long-term/depth scan 221 in classification and in real time/surface is sweptThe data for retouching 222 the two are separated.Under the case scene of empty result 223, real-time 222 are almost without adequate preparation executionWhen rogue activity identification, to stop it before execution.In the case where Malware connects 224 case scenes of discovery, sweep for a long timeIt retouches 221 and eventually identifies malicious act, because its advantages are that have more times to analyze.The abundant permission of time is long-term221, which are able to use more complicated algorithm and data point, is more thoroughly searched for.In the feelings with Botnet damaged section 225Under condition, the computer for belonging to any third party system is used to transfer sensitive document 226, to escape investigation and frame any thirdSide.Burglar receives sensitive document 226 at crime computer 229, while remaining hidden via their Botnet in the presence of simultaneouslyAnd it continues to use this document and is illegally extorted and made profit.Potential the chasing after of the identity (such as IP address) of the crime computer leftTrack may can only stay on any computer 238, and the administrator and investigator of business system 228 can not access these calculatingMachine.
Figure 34 shows the more details for using long-term/depth scan 230 of big data 231.Depth scan 230 helpsIn big data 231 and big data 231 is participated in, while utilizing two subalgorithms ' conspiracy detection ' and ' external entity management '.It is intermediateAs a result it is pushed to abnormality detection, these abnormality detections are responsible for final result.From security checkpoints (such as firewall and centerServer) standard logs polymerize and selected with lower limit filter at log aggregation 220.With case index+Tracking 235 in the case where, event details are stored, such as IP address, MAC Address, supplier ID, sequence number, the time, the date,DNS etc..These details are deposited as both local data base and shared cloud database (database is different in data)?.Being locally stored of these entries (limiting together with according to the strategy of enterprise) is pushed to cloud database so that other enterprises byBenefit.In turn, useful event information is received so that local analytics are benefited.Trusted third party 235 register enterprise may beThrough experienced the unlawful practice of Botnet, and prevention details is capable of providing to mitigate such risk.With security rowIn the case where 236, safe reaction guidance is stored in local data base and shared cloud database that (these databases are in dataIn be different).This reaction guidance defines the behavior point for ensuring security system.For example, if IP address access is got overPart index shows 6 systems being associated with using Botnet in 10 times, then forbids IP address up to 30 days, and in logPriority flag is set in system to mark IP address to access any trial of system during this time period.The local of these guidancesStorage (limiting together with according to the strategy of enterprise) is pushed to cloud database, so that other enterprises are benefited.In turn, it receives usefulEvent information so that local analytics be benefited.With abnormality detection 237, according to what is provided by depth scan moduleIntermediate data determines any potential risks event using case index and safety behavior, just as unwarranted spy willIt is the same that sensitive document is transferred to the arbitrary system except enterprise network.Any computer 238 is shown as knot involved in branchThe destination server that fruit obtains is highlighted, by any known characteristic (such as MAC Address/last known IP address 239, stateFamily and uptime mode etc.) it limits.Such analysis relates generally to external 232 module of entity management.Then systemIt can determine a possibility that this computer participates in Botnet 240.Such analysis relates generally to conspiracy detection 19.
Figure 35 illustrates how to search any computer on credible platform 10 to check itself or its server relatives/neighboursWhether (other servers connected to it) were in the past that credible platform 10 establishes double agent or treble agent.242 table of stageThe Given information for how sending any computer 238 of such as MAC Address/IP address 239 etc shown, so as to case index+It is inquired at tracking 235 and cloud version 2 32.The such cloud version tracking event details operated from credible platform 10 are to identify futureThreat and Threat Model, i.e. MAC Address, IP address, timestamp of access etc..It sends the result of this inquiry 242 to and isSystem collects details 243.Such details includes: original 238 details of any computer, periodically receives grouping and/or to computer238 send computer/system of grouping and the system physically close to computer 238.Then such details is forwarded toIn the stage 246 and 247, they check whether any one of above-mentioned computer/system has occurred double agent 247 or tripleSpy 246.This spy, which searches, to be checked in credible double agent's rope+draw tracking cloud 244 and credible treble agent+index tracking cloudIt is executed at 245.Double agent's index 244 includes the system for the suspend mode spy for being mounted with to be controlled by feasible platform and its subsidiary bodyList.Treble agent 245 includes by criminal group be the system that (such as Botnet) damages list, but also with discreteMode by credible platform 10 damage to monitor rogue activity and impact development.Then, the two clouds export they as a result, thisA little results are collected in activity and the list of relevant spy 248.
Figure 36 illustrates how to know that the dual or treble agent from credible platform 10 participates in further court investigation.From248 are shifted in the list of spy;Suspend mode spy 252 appropriate is activated 249.The double agent trusted by any computer 238Computer 251 pushes vulnerability exploit 253 by its trusted channel 254.In any computer 238 after successful deployment, loophole benefitWith 253 tracking sensitive documents 241 activity, and recognize it be sent to it is currently known be crime computer 229 that.ItIt follows and is used to 216 transmit the same paths of file 241 in channel 255 for the first time, and attempt to establish on crime computer 229Oneself.Then the vulnerability exploit 253 is attempted to find sensitive document 241, be isolated to it, its definite state sent back crediblePlatform 10, and then attempt to wipe it from crime computer 229.Then, credible platform 10 turns segregate fileOriginal business system 228 (it possesses original document) is sent back to for court's purposes.It is not always to guarantee that vulnerability exploit 253 canSensitive document 241 is retrieved, but can at least forward the recognizable information 239 about crime computer 229 and system 49.
Figure 37 illustrates how that credible platform 10 is used to participate in ISP (the Internet service offer about any computer 238Quotient) 257API.Network monitoring 261 is used to attempt and compromise arbitrary system 262 is with the further judicial inquiry.Business system 228The limited information 259 of any computer 238 is only known about, and is being sought about crime computer 229 and system 49Information.ISP 257API request is made via credible platform 10.At network monitoring 261, discovery is for arbitrary system 262System network log, and potential file is transferred to crime computer 229 (it was confirmed to be crime computer 229 later).DayWill history can not record the composition accurately and completely of sensitive document 241 enough in detail, but be able to use metadata 260 come withWhich platform computer significant confidence level decision sends the file to.The network details of the discovery crime computer 229 of network monitoring 261258, and these information are therefore rerouted to credible platform 10, the platform and then notice business system 228.
Figure 38 illustrates how the safe API for being used to participate in by credible platform 10 to be provided by software 268 and 272 supplier of hardwareThe back door of any foundation of the judicial inquiry can be helped with vulnerability exploit.In the stage 263, by the known body of crime computer 229Part details is transferred to credible platform 10 to participate in back door API.Such details may include MAC Address/IP address 239 and crimeSuspect software+hardware of computer.Then, feasible platform 10 is supplied to the accompanying software 268 and hardware 272 for being in latenceQuotient delivers vulnerability exploit 253 (vulnerability exploit code is transferred but is not performed).Also be delivered to supplier is business system 228The suspect software 269 and hardware 273 for the crime computer 229 suspected at the stage 263.Supplier retains established software270 and 274 back door of hardware list, including on how to calling them, need that authorization measure and their energy takenWhat such information power and limitation are.All these back doors are all isolated inside supplier and secrecy, therefore feasiblePlatform is not received by the sensitive information for handling these back doors, and there is provided the vulnerability exploits 253 that will benefit from them.AtWhen function implements software 267 or 271 back door of hardware, vulnerability exploit 253 is discretely mounted on crime computer 229.Sensitive textPart 241 is isolated and copies, then to analyze its metadata usage history.It is any surplus on crime computer 229Remaining copy all can be by Safety Sweep.Collect any other possible supplement court evidence.All these forensic datas can all returnContact point of the vulnerability exploit 253 at credible platform 10.Hereafter, court evidence 265 is transmitted to business system 228, the courtEvidence 265 includes the sensitive document 241 found on crime computer 229, and it is related with crime system grasped aboutThe identification details of those of the evidence of file 241 initially stolen people.In this way, if business system 228 is during initial theftFile 241 is deleted from its system, then business system 228 can restore file 241, and identification details 264 will make itCan seek to punish in terms of law damages and disables 49 Botnet of crime system, to mitigate the following wind attackedDanger.
Figure 39-41 illustrates how to execute the mistake directly compromised in the case where attempting the direct help of no credible platform 10General 282 and 283 vulnerability exploits of customization are applied to any 238 and 229 computer of crime in journey.General vulnerability exploit 282 isBy business system 280 via independent network security research come the collection of tissue and the software of assembling, firmware and hardware vulnerability exploitIt closes.With vulnerability exploit, 283 vulnerability exploits of customization are customized according to the Given information in relation to target.With mostIt is possible that successful first and most unlikely last successfully mode delivers vulnerability exploit 253.About crime computer 229 canCustomization 283 is transferred to information aggregate 284.Such information includes any of computerized information, such as MAC Address/IP address 239 and the suspect software+hardware 285 currently in use of crime computer 229.Proxy management 286 is that intelligently selection is usedIn the combination of the algorithm and database of the agency that vulnerability exploit is attempted.Agency network 279 is that any individual system is allowed to coverA series of agent nodes 278 of their original identity.The node passes through in this digital communication and becomes apparent originatorPerson.It is intelligently selected by proxy management 286 according to the current work load of the overall performance of node, the availability of node and nodeSelect node.Attempt three potential points of the vulnerability exploit of crime computer 229 and/or any computer 238.If vulnerability exploitThe way of crime computer 229 fails, then the trial of any computer 238 of vulnerability exploit is carried out anyway, because it is stillIt can promote entire court investigation.A kind of method is direct vulnerability exploit, is for second the Botnet tunnel via any computerRoad 276, and the third is that (and other are not for the primitive approach of the vulnerability exploit that crime system is used to install Botnet 277The vulnerability exploit point used).Botnet tunnel 276 is the activity in crime computer 229 and Botnet 240 establishedThe means of communication used between part.Any forensic data generated by vulnerability exploit 253 is sent to system of enterprise in the stage 275System 228.
Figure 41 is illustrated how using the specific API with feasible platform 10 come by 289 criminal of pushing to of software or firmware updateGuilty computer 229 is to establish new back door.Placebo is updated into the similar machine near 288 push to keep stealthy.System of enterpriseTarget identities details 297 is sent credible platform 10 by system 228.Such details includes MAC Address/IP address 239.It is credible flatPlatform 10 is communicated with software/firmware maintenance device 287 placebo update 288 and back door are updated 289 and are pushed to correlation computer.AfterwardsDoor, which is updated, introduces crime meter for new back door by using the software update system pre-established of installation on computersIn 229 systems of calculation machine.This update may be for operating system, BIOS (firmware), it is specific as word processorSoftware.Placebo updates 288 and back door is omitted, so that security compromise will not be made, but shows identical with back door update 289Details and mark (i.e. update number/code), to arouse the stealthy environment for keeping back door.Maintenance personnel 287 passes back door 295It is delivered to target and also there is to target the computer higher than mean exposure measurement.Such additional computer 296, which can be, to be belonged toThe computer of 49 infrastructure of crime system, or can be the calculating on local network identical with crime computer 229Machine.Additional computer 296 as vulnerability exploit, which increases to obtain in the case where directly attacking impossible situation, enters crime calculatingThe chance (i.e. they close the update etc. to operating system) in the path of machine 229.If can be built on nigh computer 296Oneself is stood, then vulnerability exploit 253 will consider the difference into target.For having to the institute of the mean exposure measurement of targetThe computer 291 being related to submits placebo to update 228.Exposure can be understood as shared public network (i.e. virtual private networkDeng) or public service platform (i.e. file-sharing etc.).Related system 290 may also contact on strategy with crime system 49Together, such as possessed by same companies structure of the law etc..Belong to the neighbor computers 293 of neighbor systems 292 byPlacebo update is given, because they lean on the physical location (areal etc.) of close-target crime computer 229.Related systemBoth 290 and neighbor systems 292 are all given placebo and update 288, in order to the court investigation of time-sensitive, are not present simultaneouslyWhat maintenance personnel 287 planned to deliver in the near future regularly updates (or any suitable and feasible investigation).It is intended to existingIn the case scene regularly updated for improving software/firmware, then the system 290 and neighbouring system 292 being related to do not need to givePlacebo, which is more newly arrived, verifies the legitimacy that perceived back door 289 updates.On the contrary, back door 289 can be implanted in for crimeIn some legal updates of computer 229 and other computers 296.295 successful implementation vulnerability exploits 253 are being updated via back doorWhen, sensitive document 241 is isolated and is copied, so as to its metadata usage history of post analysis.Then the safely criminal of removingAny remaining copy on guilty computer 229.Collect the court evidence of any supplement.Hereafter it sends forensic data to credible flatThe contact point of vulnerability exploit at platform 10.After data are verified at platform 10, enterprise is then transferred it at result 281Industry system 228.
Figure 42 is illustrated how for long-term Priority flag to be pushed on credible platform 10 to monitor crime system 229 to be used forAny and all change/updates.New development is monitored according to priority for a long time in order to investigate.Firstly, business system 228 is to workGuarantee module 300 for the subset of feasible platform 10 submits target 297 (including identifiable details 239).The guarantee mouldAll inputs 299 of subsystem 303 of block scan are with any association of the target 297 for defined by.If there is any matching,It then communicates information to limit and assures and try to permeate in the business system 228 of target 297.Information input 299 is attached credibleThe information of the System Reports commonly used in analysis needed for reception of platform 10.Input is also likely to be to obtain credible platform 10Approval and reputation sole purpose and submit.Subsystem 303 submits their input to credible platform 10, this be in order toSeek the advantage of the business system 228 of monitoring target 297.Which increase one in these subsystems 303 encounter target orThe chance of relative target, no matter this is positive, neutral or passive interaction.Such input 299 is passed toDesired analysis module 301, the module indicate the most of function for being used to keep mutually beneficial security information synchronous of credible platform 10Energy.Subsystem 303 issues security request and exchanging safety information.If it find that related with target 297 or any target relativesInformation, then information also by Parallel transmutation to guarantee module 300.The information output 302 of module 301 is forwarded to subsystem303 to complete their requested tasks or function, any useful information about target 297 that guarantee module 300 is learntA part of court investigation as business system 228 hands to result 298.
The priori Real-time defence (LIZARD) in reasoning zero data library
Figure 43 and 44 shows the Dependence Structure of LIZARD (the priori Real-time defence in reasoning zero data library).Static core193 be the main fixed routine module via human programmers' hard coded.Iteration module 194 is intelligently corrected, creates and is soldRuin the module on dynamic shell 198.Located for the reference of security performance and using artificial security threat (AST) using iteration coreManage automatic code write method.As shown at Figure 51, iteration core 195 is to make 198 iteration of dynamic shell for improvements in securityMain logic.Differential amendment symbol algorithm 196 is modified primary iteration according to the defect that AST has found.Applying differentialAfter logic, a kind of new iteration is proposed, recursive call iteration core & iteration core experience is tested by AST in the new iterationIdentical process.Logical deduction algorithm (LAD) 197 receives dynamic shell iteration in its current state from artificial security threat (AST)In known safe response.LDA also deduces what kind of code set composition and will realize to (being provided by AST) security scenarioKnown correct response.Dynamic shell DS 198 is mainly comprising via the dynamic routine module of iteration module automated programming.CodeIsolation 199 isolates foreign code in the virtual environment (such as petri dish) of limitation.Concealed code detection 200 detects hiddenCode in secret embedding data & transmission grouping.When system only can execute low confidence decision, AST overflows repeater 201 willData are relayed to AST to improve for further iteration.Internal consistency checks the 202 all internal letters for checking foreign code blockWhether number is meaningful.Ensure there is no one section in the internal code inconsistent with the purpose of entire foreign code.External generationCode is rewritten 203 after export foreign code purpose, and the people for rewriteeing entire code itself is a part of and only allow by againCode executes.Mirror image test-based examination with the input/output dynamic that ensures to rewrite with it is original identical.In this way, making in source codeAny hiding vulnerability exploit be all redundancy and never execute.Needing to map matching 204 is to be referenced to determineWhether foreign code adapts to the hierarchical structure of the mapping for needing & purpose of the overall goal of system (such as puzzle).ReallyData synchronizing unit 205 is that intelligently selection will be given and merge environment and one layer in give with what priority two layers of data(another layer is data management system).In this way, highly sensitive information would not be under a cloud Malware access & can only be used to crowdIt is well known and be determined as trustworthy code.Data management system 206 is entity & between the data outside virtual environmentGo-between's interface.Framework coordinates device 207 manages semi-artificial or artificial algorithm all inputs, output, thread injection and diagnosis.Virtually obscure in the 208 false environment by the way that code gradually and to be partly immersed into virtualization and obscures with constrained code (thereforePotential Malware).Malware stealthily and is discretely transferred to false data environment 394 by secret transmissions module 209In.With purpose comparison module 210, four kinds of different types of purposes are compared to the presence to ensure entityIt is LIZARD deserved and understand in the production towards the overall goal of system with behavior.Potential big disagreement instruction in purposeMalicious act.False data generator 211, which creates, to be designed to and truthful data (i.e. a batch SSN) indistinguishable false numberAccording to.The building of the management virtual environment of virtual environment manager 212 comprising the ratio of such as false data, available system function,The variables such as network communication option, the Save option.213 tracking of data readjustment tracking is uploaded and is downloaded to suspicious from suspicious entity 415All information of entity 415.This is done to mitigate sensitive information by the potential security risk for being transferred to Malware.It is thisSafety inspection also reduces the logistics problem that legal enterprise process receives false (vacation) data.It is had been sent in false dataIt in the case where (being now known as) legitimate enterprise entity, executes " readjustment ", adjust back all false datas and sends truthful data(data being originally requested).
Figure 45 shows the general introduction of LIZARD (the priori Real-time defence in reasoning zero data library), which is a kind of energyEnough center supervision for preventing all potential network security threats in real time in the case where directly not helping dynamic growth databaseAlgorithm.Determine whether that data/access enters system and is based on needing to know, needs function, purpose driving basis.If codeOr data block cannot provide function/purpose of the hard coded target towards the system of realization, then it will with include it is virtual isolated andThe discreet fashion obscured is rejected.LIZARD is equipped with the grammar explanation device that can read and write computer code.In conjunction with itPurpose derives ability, it can export object-oriented behavior from code block or even those secrets are embedded in and seem healthCode block in data.All business equipments (or even the company in the equipment outside those business locations, such as public cafePhone) it is all to be routed by LIZARD.All softwares and firmware for running enterprise assets are all hard codeds, so as to as permanentAgency is the same to execute any kind of download/upload via LIZARD.Pass through informing against strategy and alleviate to forever to loyal assetsLong proxy policies are not abided by.The number transmitting occurred in business system, which will necessarily be bound into, to be typically hard coded by one piece to pass throughThe hardware relayed by LIZARD, therefore malicious code can not find safe position, can not find any to ignore lasting agentThe computer that the cooperation of strategy is compromised.LIZARD and iteration module (IM) have symbiosis.IM clone hard coded towards meshThe syntax understandability of target task and LIZARD.Then it modifies LIZARD using these grammar capacities to adapt to hard codedTarget.Manual security threatens (AST) module to participate in parallel virtual environment with the different variants of pressure test LIZARD.By scoreHighest variant is selected as next formal iteration.LIZARD provides the innovation for deviating from the status of network security solutionMode.By its advanced logical deduction ability, it is able to carry out instant and accurate security decision, without " very little too late "Modern network Prevention-Security normal form.The data interaction of LIZARD and three types: data in data, use in movement andStatic data.LIZARD is interacted (referred to as vector) with the data medium of six seed types: file, Email, network, movementEquipment, cloud and removable medium (USB).Business system 228 shows the type of server run in its infrastructure, such asHTTP and DNS etc..Mobile device 305 is shown as operating in public cafe 306, while via LIZARD scaled-down version clientEnd 43 is connected to 228 number basis facilities of business system.Such client 43 serves as the gateway of internet 304, hereafter itIt is connected to the LIZARD cloud 308 of encryption.
Figure 46 shows the general introduction of the main algorithm function about LIZARD.The external dynamic shell (DS) 313 of the LIZARD isA kind of function section for being easier to change via iteration.High complexity is needed to realize that the module of their purpose usually belongs toAt the shell 313;Because of the level of complexity that they can will directly be handled more than programmer team.Iteration module 314 uses quietState core (SC) 315 ' fixes the purpose limited in target ' & data to DS according to from data return repeater (DRR) 317313 code library carries out grammar correction.Then threaten (AST) 17 under multiple and variation security scenario to this by manual securityModified LIZARD version carries out pressure test (parallel).Most successful iteration is adopted the feature release as scene.The SC 315 of LIZARD is least easy to change via automatic Iterative, but is directly changed by mankind's programmer.Especially it is known asKernel 334 it is innermost rectangular, it is not influenced completely by automatic Iterative.The innermost layer 334 is just as instructing LIZARDDirection & whole capability tree root.General dynamic module (GDM) 316 is to automate the most extendable block region of self-programming simultaneouslyAnd it is consequently belonging to the administrative area of dynamic shell 313.Because the such program run in GDM 316 is in constant ' beta ' shapeState (it is in progress to be not necessarily stable and work).When LIZARD executes low confidence decision, it can be via dataIt returns to repeater (DRR) 317 and related data is relayed to AST 17 to improve the future iterations of LIZARD.LIZARD itself is notThe data for executing decision are depended directly on, but the data of the threat about continuous evolution may benefit from LIZARD indirectlyThe priori decision that may execute of future iterations.Label 342 shows that the human work involved in Code Design is more, and code is justMore static (variation is very slow).The number of iteration module (IM) 314 pairs of code programmings is more, the dynamic and mobility of codeIt is stronger.Grammar module 35 and purpose module 36 show function out of SC 315.
Figure 47 shows the internal work of static core (SC) 315.Logical derivation 320 is exported from initial simpler function and is patrolledCollect upper required function.Final result is to construct entire function dependency tree from the complicated purpose of elaboration.Code translation 321 will be by languageAny (general) code conversion that method modularity function directly understands is any selected known computer language.Also executing will be knownComputer language translation is the inverse operation of arbitrary code.Rule and grammer 322 include the explanation and generation for helping syntactic structureStatic defining.For example, the rule for being used for C++ programming language and grammer can be stored in 322.Logic simplifying 323 will use generationThe logic drop that code is write generates the mapping of the function of interconnection at simpler form.Write code 324 be final output canProgram is executed, and code target 332 is input.Complicated purpose format 325 is for storing the interconnection specific item for indicating overall purposeStorage format.Purpose association 326 is that function & type of behavior refers to the hard coded reference of what kind of purpose.RepeatedlyGeneration extension 327 adds details and complexity by reference to purpose association so that simple target to be evolved into complicated purpose.Iteration explains that 328 all interconnection functions of traversal generate task of explanation by reference to purpose association 326.Outer kernel 329 mainly byGrammer and purpose module are formed, these modules work to export as logic purpose into unknown foreign code together, and & is according to explainingThe function code target stated generates executable code.Foreign code 330 is the unknown code of LIZARD and function and expected meshIt is unknown.When foreign code 330 is the input to inner core, purpose 331 derived from institute is output.Purpose 331 is by purposeThe intention for the given code 330 that module 36 is estimated.Purpose derived from institute is returned with complicated purpose format 325.
Figure 48 show inner core 334 how the essential kernel function of mandatory system, they be via maintenance 318 platforms by correlationInternet security expert 319 is directly and dedicated programmed.Core code 335 is substantially basic needed for operation LIZARD.In core 336Interior, basic framework and library 336 possess functional, such as compression and a comparing function needed for operation LIZARD.In core 336,Thread management and load balance 337 enable LIZARD efficiently to extend on server cluster, and communication and cryptographic protocolLimit indicted encryption type (such as AES, RSA etc.).In core 336, memory management 339 allow by LIZARD explain andThe data of processing effectively manage in the random access storage device (RAM) of server.Aims of systems 336 includes security strategy340 and business goal 341.Strategy 340 is by (or multiple) Network Safety Analysis personnel's manual designs, as LIZARDIt can refer to the guidance to operate according to customization variable.Therefore, there is LIZARD which to prove that is considered dangerous and prohibitsMovement only and what be admissible standard.For example, may forbid other than tissue in enterprise security policy 340Recipient sends Email, or locks an account after third time Password Input attempts failure.Business goal 341 defines enterpriseIndustry wishes to realize the wider characteristic of what kind of common infrastructure.Target 341 is mainly used for have with regard to LIZARDHave what function and it must execute what function about the infrastructure background of enterprise to instruct the self-editing of dynamic shell 313Journey.
Figure 49 shows the internal work of dynamic shell (DS) 313.The section of LIZARD is mainly by artificial intelligence programming module(iteration module) manipulates.Module in external shell 345 is the mould for having the new & experiment influenced on a small quantity on the decision of whole systemBlock.Inner shell 344 is the main body of LIZARD;Its most of intelligent capability is all operating there.New and experiment algorithmThe software space of 343 ' betas ' distribution is programmed by the mankind, artificial intelligence or both there and tests what new module neededFunction.
Figure 50 shows the iteration module (IM) of intelligent amendment, creation and the module on damage dynamic shell 313.It uses artificialSecurity threat (AST) 17 is used for the reference of security performance and is handled automatic code write method using iteration core 347.In dataIt returns at repeater (DRR) 317, it, will be bad about malicious attack & when LIZARD, which has to take, to be made decisions with low confidenceThe data of actor are relayed to AST 17.The virtual testing environment that there is the creation of AST 17 simulating Safety to threaten, to enable iterationProcess.The artificial evolution of AST 17 is fully participated in remain ahead in the movable organic evolution of crime hostile network.HavingIn the case where having static core clone 346, static core 315 is used as the criterion of iterative guidance (including half dynamic outer core 329).CauseFor the iteration, outer kernel 329 is partly corrected;Self-programming has reached the complete period in artificial intelligence circulation.IterationCore 347 receives artificial security scenario objective guidance to change dynamic kernel 313.Iteration core 347 generates many iteration.?Best iteration is executed in manual security's test to be uploaded to become the live function iteration of dynamic shell in the stage 348.
Figure 51 is shown as the iteration core 347 of the main logic of the code iteration for being used in safety improvement.It is passed havingIn the case where returning iteration 350, the new example of iteration core 347 is called, replaces primary iteration 356 with new iteration 355.Such transitionIt is managed by thread management 349, which makes the load balance 337 and thread pipe from the subset for making core code 335Derived from reason.Differential amendment symbol algorithm (DMA) 353 receives grammer/purpose program capability 351 and objective from inner core 334Guidance 352.Both inputs are associated with basic framework and library 336 and 340/ business goal 341 of security strategy.Then it usesSuch code set is modified primary iteration 356 come the defect found according to AST 17.After applying differential logic, mentionA kind of new iteration 355 is gone out, the identical process that recursive call iteration core 347 and experience are tested by AST 17 after this.?In the case where security scenario 360 with queuing, at all known point of safes, multiple scenes execute dynamic shell jointly313 integration test.With activity safety scene 361, current active security scenario is being isolated virtualDynamic shell 313 is tested in performing environment 357.Such environment 357 is a virtual instance completely isolated from fielded system.ItExecute manually generated malicious attack and invasion.When running virtual execution environment 357, safe result can intuitively be presented and lackFall into 362 security threats for ' passing through ' primary iteration 356 with instruction.Hereafter, it has been found that any defect 363 be forwarded to DMA353 attempt to omit the generation of the new iteration 355 of such defect with promotion.
Figure 52-57 shows the logical process of differential amendment symbol algorithm (DMA) 353.Current state 365 indicates there is symbol313 code set of dynamic shell of ground associated shape, size and location.The different configuration instruction safe and intelligents of these shapes and reactionDifference configuration.AST 17 provide by chance it is incorrect and it is correct response be what current state 365 any potential soundAnswer (isolation this document, because it is virus).The symbol that vector of attack 370 (all the points arrow) serves as network security threats showsModel.Direction, size & color all with the security attribute of hypothesis (such as vector of attack, Malware size and Malware classType) it is related.The security response that vector of attack is symbolically popped up from code set to indicate code set.It is shown with reference to A 367 fairPerhaps the specific security configuration that vector of attack passes through may or may not be correct security response.It is shown with reference to B368The vector of attack popped up from code set, with reference to the alternative respond style of A while being shown in potential correct or incorrect.GinsengIt examines C 369 and the security response that vector of attack is sent back to its origin position is shown, may or may not be correct peaceTotal regression.On Figure 53, correct status 354 is indicated for the micro- of the security response needed for generating from the code block of dynamic shell 313Divide the final result of the process of amendment symbol algorithm 353.Correct status 354 is passed by the new iteration 355 to dynamic shell 313Return iteration 350 and generates.Although there are nuance between current state 365 and correct status 354, these differences mayEntirely different vector of attack 370 is caused to respond.While reference A 367 allows vector of attack directly to pass through, with reference to A 371(correct security response) pops up vector of attack with a right angle.In 354 the two of current state 365 and correct status,The vector of attack response of reference B is still had not been changed.In the case where having with reference to 373 C, vector of attack is also sent back itStarting resource (although being different from the position with reference to C 369).All these attack vector representations all illustrate and correspond to safetyThe logistics management of threat.Figure 54 shows AST security attack vector 375, it is the attack sequence provided by AST 17.CorrectlySecurity response 376 shows the desired security response about attack vector 370.It is shown not yet in this stage for generating thisThe code set (shape) of the correct security response of kind, they have no knowledge about.Figure 55 shows current dynamic shell attack response 377,Its security response for showing the difference to correct dynamic shell attack response 378.Such correct response is 378 by logical deduction algorithm(LDA) it 197 generates.Figure 56 shows how LDA 197 infers correct security setting to match correct attack-response 378.Static core 315 provides system framework/guidance 352 and grammer/purpose automated programming ability 351 to LDA 379, so that it canConstruction generates the security procedure of correct attack-response 378.At the stage 381, the basic of dynamic shell 313 is provided to LDA 379Iteration 356.This iteration is represented as generating the security response program 382 of not up to standard and inefficient security response.It is suchProgram 382 is provided as the input of LDA 379.LDA is using the grammer from static core 315/purpose function 351 so as to never justTrue security response program 382 constructs, so that it meets correct attack response 378.Therefore, correct security response is generatedProgram 383, and it is regarded as the new iteration 355 of dynamic shell 313.The mistake continued via the recursive iteration 350 of iteration core 347Journey will continue to make the security capabilities of dynamic shell 313 to upgrade, until it is full of all security information that can be obtained by AST 17.Figure 57 shows simplifying for the process and summarizes, because AST 17 provides known safety defect 364 and correct security response384.Although AST 17 is capable of providing known safety defect 364 and response 384, it can not construct will generate it is such correctThe effective and program being currently running of response 384.Therefore, LDA 379 using dynamic shell 313 priori (basic) iteration 356The iteration 355 for generating the excellent of the dynamic shell for being referred to as correct security response program 385 and more preferably equipping.The use of word ' program 'Indicate the general function of many different function and submodule that operate in dynamic shell 313.
Figure 58 shows the general introduction virtually obscured.The following ability for virtually obscuring the generation of & false data is deployed in and to be hadIn the cloud platform for the encryption that the small-sized/medium sized business for having seldom network security employee to no network security employee uses.SafetySystem can also be directly installed in the data center of big companies.In the case scene, Malware 385 comes from internet304 and around professional standard firewall/intruding detection system/anti-virus etc..Under the current state of its safe iteration, LIZARD16 have intention/purpose low confidence assessment of incoming code block 385.These situations are assumed worst case scene.It has the right to obtain the risk of critical data in order to which the process for mitigating not guilty has been deprived of, and alsos for avoiding that malicious code is allowed to haveHave a risk of sensitive data, suspect code 385 be reconditely assigned to wherein half data all with false (vacation) data intelligenceIn the environment that can merge.Other than typically managing visiting demand, the expression of real system 388 is not limited by truthful data 389.Due to virtually isolating 390, any object operated in real system 388 can be easy to and reconditely be transmitted to part391 or all 394 false data environment.Truthful data synchronizer 386 is that intelligently selection will be given the data for merging environmentAnd with one (the other is data management system 401) in two layers of what priority.In this way, suspicious Malware can notAccess highly sensitive information, and only it is known that and being established as trustworthy code could to obtain this highly sensitiveInformation.False data generator 387 uses truthful data synchronizer 386 as the mould for creating the personation unavailable data of &Plate.The attribute of data type, data format, packing density, data details etc. is simulated, according to truthful data 389 to generateDatabase with realistic data, the database seem whole and are integrated very well into system (without uncorrelated and oddNumber data).The confidence risk perceived in the perception of incoming foreign code will affect LIZARD16 selection obscure grade.CodeHigh confidence level as malice will be called to the distribution of the environment comprising a large amount of false datas 394.Code becomes the low of malice and setsReliability can be called to the distribution of real system 388 (being considered as the benefit suspected) or 100% false data environment 394 and (be regardedDistrust for default).This customization option in safety behavior is limited in security strategy 340, which is aims of systems 336Subset, it is the subset of inner core 334.The network interface for having used height to monitor in the environment comprising false data 393392.This safe interface is used to protection environment and is not leaked in constrained environment, for example, combine virtual isolated 390 it is trueSystem 388.Such isolated 390 is completely isolated using virtualization technology and protect random access memory (RAM) and CPU lineJourney is from merging, to separate each environment and own.
Figure 59-61 shows the monitoring virtually obscured and response aspect.Such system is monitored according to Malware behaviorAnd manage Malware 385.Initial LIZARE think at its current complicated iteration stages code block may be Malware orPerson may not be Malware.In the case where it is not Malware, LIZARD can be pushed it by 50% false data 391In the virtual clone of the real system of composition.This is done so that, if final certification it be not Malware, system and enterpriseFunction would not be severely impacted (such as providing the SSN etc. of mistake).In illustrated example, code block is actually to dislikeAnticipate software 385, but because the new and unknown property of this threat and vulnerability exploit method this stage LIZARD stillIt is so uncertain.Figure 60 has been shown in particular how to be immersed in Malware 385 in 380 virtually isolated false data environment 391,Because LIZARD still do not know it be also be Malware.Data management system 401 is intelligently by truthful data and falsenessData merge, so that highly sensitive data do not expose.The information generated by Malware 385 is uploaded 402 by manager 401To false data storage device 400, and 398 previously stored false datas are downloaded to merge with truthful data 397.In this way, dislikingSoftware of anticipating does not have the write access to truthful data storage device 397, and cannot cover sensitive information.385 quilt of MalwareVirtual isolated 380, so that it is exposed only to data management system 401.This virtual isolate forbids Malware can be by bypassingData management system 401 accesses all truthful datas 397.Behavioural analysis 403 tracks the downloading 398 and upload 402 of suspect code blockBehavior is with the potential correction movement of determination.403 monitoring Malware 385 such as how its just form behavior of analysis, it is true to helpRecognize or deny the original suspection of LIZARD.By monitoring the behavior of Malware in the form of its is just, LIZARD is had been acknowledgedInitial suspection, i.e. foreign code are strictly Malware.Malware 385 is silently and careful via secret transmissions module 395Ground is transferred to 100% false data virtual environment 394.Malware is in 50% false data environment 391 in order to preventIt is multiplied and executes infection, as precautionary measures, entire virtual environment is safely destroyed (including Malware).At thisStage, Malware 385 are completely submerged in the false environment 394 for being not exposed to any sensitive information now.Monitoring maliceSoftware improves following dynamic shell via secret communication channel to the potential communication at its home (such as heartbeat signal), so as to potential313 iteration.Such Malware behavioural information returns to repeater (DRR) 317 via data and will be transmitted to AST 17 so that futureIteration is benefited.In this way, DS 313 can make more confident decision to similar Malware 385, without taking againMeasure places it in 50% false data environment 391 (this still includes some risks being stolen about valid data).
Figure 62 and 63 shows the data that tracking uploaded from suspicious entity 415 and be downloaded to all information of suspicious entity 415Readjustment tracking 399.This is done to mitigate sensitive information by the potential security risk for being transmitted to Malware.This safety inspectionLook into the logistics problem that legitimate enterprise process receives false data 400 that also reduces.It is had been sent to (now in false dataKnowing becomes) in the case where legitimate enterprise entity, executes ' readjustment ' that will adjust back all false datas and sent very as replacementReal data (it is initial request).Implement readjustment trigger so as to legitimate enterprise entity to certain information hold fire untilIt is not false to be confirmed as stopping there are data.If truthful data is transferred to the virtual Malware for merging environmental interior,Then entire environmental chamber will be destroyed with internal Malware 385 together safety.Total system to about known in MalwareAlarm is placed in any abnormal movement of its all data before destroyed.This concept obtains body in total system monitoring 405It is existing.It is empty if the entity for receiving part truthful data is finally proved to be Malware (when analyzing behavior pattern)Near-ring border (including Malware) will be safely destroyed, and monitor enterprise for the abnormal movement of marked truthful dataNetwork in range.In this way, including any potential information leakage.There is tracking false data downloading 407 and uploading 408In the case of;It tracks the suspicious entity 415 being sent in virtual container and being sent from the suspicious entity 415 in virtual containerFalse data.In the case where having notice to upload safety 410, has been written into initially as safeguard protection and collected in false dataData in 400 were considered safe later, and prepared write-in truthful data 412 therefore to meet suspicious entity 415Upload 402 requests.Hereafter, it uploads relaying 411 and the security information marked in this way is passed into truthful data 412.In legitimate enterpriseIn the case that entity (rather than Malware) receives false data 400, range existing for 413 false datas is notified.True numberIt is uploaded according to 412 accurately to replace false data.Data readjustment trigger 414 be legal entity (and unintentionally;MaliciouslyEntity attempts to be shown as legal) on the installation of software that executes, check that instruction merging data environment may be swashed by potentialHiding signal living.Data management system 401 is that entity 415 should merge with calculating with false data 400 (if any)Go-between's interface between the data of the ratio of truthful data 412 (if any).402 and 398 letter of downloading are uploaded havingIn the case where breath stream, trigger 414 is adjusted back for data and marks top of each grouping/file (if necessary) to consider data?.
Figure 64 and 65 shows the internal work of data readjustment trigger 414.Behavioural analysis 403 tracks suspicious entity 415Download and upload behavior, with the potential correction movement 419 of determination.Real system 417 includes to exist entirely in outside virtualized environmentThe original truthful data 412 in portion, and include all possible sensitive data.The truthful data for replacing false data 418 is at thisFiltered (or even before truthful data synchronizer 386) is supplied to the truthful data of data readjustment tracking 399 in the case of kind.In this manner it is possible to which manufacturing truthful data patch 416 replaces with false data truthful data on original suspicious entity 422.The data management system 401 being immersed in virtually isolated environment 404 receives truthful data patch from data readjustment tracking 399416.The patch 416 includes correct, true and quasi- for being converted to entity 422 (currently known is harmless) suspicious in the pastThe replacement instruction of true information state.Such patch 416 is passed to data callback interface 427, which is then passedTo entity 422 suspicious in the past.The data 420 of downloading be enterprise downloaded in false data environment 404 data (therefore numberAccording to being partially or completely false).Fixed data 421 is after truthful data patch 416 has also been employed that, false data is replacedIt is changed to its place for corresponding to truthful data.When harmless code 409 is cleared to malice by behavioural analysis 403, executes to correct and moveMake 419.This movement 419 is the false data replaced in former suspicious entity 422 with the truthful data 412 represented by it.It is secretSecret order board 424 is the security string for being generated and being distributed by LIZARD.Secret token 424 cannot to virtually obscure system proof canIt is legal and harmless for doubting entity 415.On the contrary, it allows really harmless entity not continue its work, since it knows that it isUndergo the influence of part 391 or complete 394 false data environment.As long as entity be it is legal, employee/software etc. is to false informationEffect should not just have logistics, and lead to actual life problem (sending wrong address, employee is misunderstood and employs).Data readjustment trigger 414 is merely present in legitimate enterprise function and physically.Under default situations, legal entity will be checked and is embedded inAppointed position in formula server environment 404, to determine that the 424 of token exist.If token lost 429 and 425, this tableThe bright legal entity may be unexpectedly placed in the false data environment of part (because being that malice is soft to its risk assessmentPart).Hereafter, activation has the delayed conversation 428 of delay interface 426.If it find that token 426 and 424, then this shows serverEnvironment is true and therefore any delayed conversation is all deactivated 427.Postponing interface 426 is the mould being directly pre-installed on physicallyBlock.When instruction is in false environment 404, delayed conversation will be activated.Delayed conversation means the process of entity by artificial slowGround allowance 403 time of behavioural analysis is harmless or malice decision about the entity to make.In fact, such delay is pre-Movement spends several seconds to meter every time.For actual Malware, the copy (itself of secret token no matter when is obtainedRoutinely can change and regenerate) it is extremely difficult, because it is only embedded in confidence in 100% truthful data system,And Malware almost may never open it.In the case scene of no discovery secret token, in conjunction with delay interface426, this implies that entity is patient before regaining authentic data access by behavioural analysis 403.
Figure 66 shows data selection, filters out highly sensitive data and merges truthful data with false data.It will be trueReal data 412 is supplied to the truthful data synchronizer 386 for filtering out highly sensitive data 431.The filter area is according in static stateThe system strategy 430 that is limited in core 315 and change.The module 431 ensures that sensitive information never reaches existing for suspicious entity 415Identical virtual environment.When generating virtual environment 404, data are once filtered.Have for the criterion for generating 433In the case of, filtered truthful data is used as generating the false data criterion of what type and quantity.False data is raw387 creations of growing up to be a useful person are designed to and truthful data (i.e. a batch SSN) indistinguishable false data.There is compatibility to enforceIn the case where 432, false data generated is verified compatible with truthful data, it is ensured that does not deposit and is overlapped and cannot be deposited too much againIn the grouping of the data type of omission.So that the collection of both truthful data and false data is not in the case where causing any suspectionSeamlessly merge, i.e. vacation SSN and true SSN is not overlapped and (avoids repeating).Computer Graphics device 434 manages virtual environment 404Building, this includes the variables such as false data ratio, available system function, network communication option, the Save option.Data baseStandard 435 is the variable for tuning the ratio of truthful data and false (vacation) data.With merging data 438,Data are merged according to data base 435.During merging process, make to be marked as less sensitive truthful data with toThe false data of the more sensitive impression of people merges.Ratio management 437 constantly adjusts the truthful data merged and analogue dataQuantity, to meet desired false data ratio.According to the real-time merging data of request of data 440 of suspicious entity 415.With false data ratio returned data appropriate at the data 439 of request.
Figure 67 and 68 shows the internal work of behavioural analysis 403.Purpose mapping 441 is to confer to entire business system purposeThe hierarchical structure of aims of systems.This purpose is distributed even for the granularity of small scale network, CPU processing and storage event.It is said that by the built-in system for the anything that stated, activity and code library purpose and suspicious entity 415 are being done need intoRow compares.Using activity monitoring 453, the storage, CPU processing and network activity of suspicious entity are monitored.Grammar module 35 is according to the phaseThe function of prestige explains these activities 443.Such function is then translated as the expected purpose in behavior by purpose module 36.ExampleSuch as, code library purpose 446 may be to submit annual revenue report, and activity purpose 447 may be " to collect all high salary employeesSSN".This method is similar to the department of customs on airport, someone must be to the certain articles of customs declaration there, and no matter such as customsWhat will search their luggage.Code library 442 is source code/programming structure of suspicious entity 415.Its source code will not be disclosedEntity (because be compiled closing source program) access system can be prevented by system policy 430.By such code library442 as the subset of behavioural analysis 403 are forwarded to grammar module 35.The grammar module 35 understands Encoding syntax and can will programCode and symbol active are reduced to the intermediate mapping of interconnection function 444.Such function 444 indicates code library 442 and activity 443Function, and it is transferred to the purpose module 36 for generating the perception ' intention ' of suspicious entity 415.The purpose module 36 generates output generationCode library purpose 446 and activity purpose 447.The code library purpose 446 includes real as derived from the grammer program capability as LIZARDKnown purpose, function, jurisdiction and the power of body 415.The activity purpose 447 include such as by LIZARD its storage, handle andKnown purpose, function, jurisdiction and the power for the entity 415 that the understanding of network activity 453 is understood, wherein the purpose statedIt is hypothesis purpose, function, jurisdiction and the power of the entity such as stated by entity itself.Required purpose 445 includes system of enterpriseSystem required expected purpose, function, jurisdiction and power.It is similarly to employ the needs to realize company.This makesIn the case where the ability of suspicious entity 415 and/or service are not system absolute demands, LIZARD can prevent suspicious entity415.This all four purpose 445-448 are compared in comparison module 449, with ensure entity 415 presence and behavior in courtIt is LIZARD deserved and understand into the production of the target 336 of system.Between four purpose 445-448 it is any it is inconsistent allThe disagreement in 450 scene of purpose will be called, this causes correction to act 419.Correction movement can potentially mark suspicious entity 415It is denoted as Malware 385 or harmless 409.Subsequent movement may be safely to destroy virtual container, or carefully incite somebody to action maliceSoftware 385 is moved to new virtual environment, which accesses truthful data (only false data) and real corporate networkIt is zero access.
Critical thinking remembers & perception (CTMP)
The main logic of Figure 69 diagram CTMP 22.The main target of CTMP is the Being Critical decision made by third party.CTMP22 cross references come from multiple source (i.e. I2GE, LIZARD, credible platform etc.) intelligence, and understand to perception and reality phaseIt hopes.CTMP estimates oneself to have the ability to form objective decision to an affairs, and will avoid asserting with internal low confidence workDecision out.Incoming data flow (such as the army of global deployment spy and carry out the information of feasible platform) is all converted into canThe data of execution.Subjective opinion decision 454 indicates the original subjective decision provided by input algorithm, which is referred to as institute's modelingFormula matching algorithm (SPMA) 526.The SPMA is usually a kind of typical security-related protection system, but there is no limit otherThe system of type, such as vocabulary objectivity excavate (LOM) (reasoning algorithm) and permanent administration way (MPG) (tax explanation calculationMethod).Input system metadata 455 indicates the original metadata from SPMA 526, which depict the mechanical process of algorithm andHow such decision is realized.Reasoning processing 456 will be asserted by comparing property qualitative attribution logically to understand.In rule processIn 457, the subset as the reasoning processing of derived result rule is used as to the reference for being used to determine the range of current problemPoint.Being Critical rule range expander (CRSE) 458 by using known sensing range and upgraded to including perception batchThe property sentenced thinking range.Correct 459 instruction of rule derived correct rule by using the critical thinking range of perception.RememberingRecall in net 460, scans market variables (market performance 30 and profile history 31) log with implementation rule.It is any applicable and can be realExisting rule can be all performed to generate Investment Allocation covering decision.It is executed in (RE) 461 in rule, execution has been confirmed to beIt is determined in the presence of and according to the rule that the scanning of chaos field 613 is realized in memory with generating desired and relevant critical thinkingPlan.This execution of rule will necessarily generate specific result.And the process of chaos complexity may cause still inconsistent generationAs a result, and the logic complex process of RE 461 always causes identical deduction as a result, on condition that rule set is consistent.It is criticizingProperty decision output 462 in, execute what both (RE) 461 obtained by comparing by perception observer's emulator (POE) 475 and ruleConclusion generates the final logic totally exported for determining CTMP.Being Critical decision 463 is final output, it is to affairsOpinion, it is intended to make it as objective as possible.Log 464 is used in no subjective opinion from input algorithm (MPG)The raw information of Being Critical decision is independently made in the case where influence or prejudice.It is from SPMA that raw sensed, which generates (RP2) 465,526 receive the module of metadata log.Such log is parsed and forms the perception for indicating the perception of this algorithm.WithPerception complex format (PCF) is emulated to store the perception by perception observer's emulator (POE) 475.The perception of applicationAngle 466 indicates the perception angle applied and utilized by SPMA 526.The instruction benefit of automatic sensing discovery mechanism (APDM) 467With the module of creative module 18, which generates (according to the input provided by the perception angle 466 applied shapeAt) mixing perception, allow to increase the range of perception.Critical thinking 469 indicates the external shell of rule-based thinkingJurisdiction.This causes to show according to the rule that SPMA 526 is established very well but new correct rule derived from also showing inside CTMPThen 459 rule executes (RE) 461.
With reference to the self-criticism sex knowledge density 474 of Figure 70, incoming original log indicates technology known to SPMA 526Knowledge.The module 474 estimation can report the range and type of the potential unknown knowledge that log can not obtain.In this way, CTMP is subsequentCritical thinking feature can use by the potential range of the directly known and unknown knowledge related to of system.Perception is seenThe person's of examining emulator (POE) 475 generates the emulation of observer, and test/more all potential perception points emulate with observerThis variation.Input is all potential perception points other than the data logging of enhancing.Output be this enhancing log according toMost preferably, the security decision that most related and most careful observer is obtained using the result that such merging of selected perception generates.With reference to implicit derivation (ID) 477, the angle for the perception data which may imply from the export of the perception angle 470 of current applicationDegree.With reference to covering correction movement 476, criticism is acted/asserted to generate final correction by perceiving observer's emulator (POE) 475.
Figure 71 shows the Dependence Structure of CTMP.Reference resources manage & and distribute (RMA) 479, and adjustable policy instruction is utilizedTo execute the perception amount of observer's emulation.The priority of selected perception is selected according to the weight of descending.Then the planThe slightly mode of instruction selection truncation, rather than select percentage, fixed number or more complicated algorithm.(SS) is searched for reference to storage480, using from the criterion in the database lookup that CVF perceptually stores (PS) 478 derived from data enhancing log.At measurementReason (MP) 489 makes the variable reverse-engineering from selected pattern matching algorithm (SPMA) 526 Investment Allocation at from such calculation' seeking help ' perception of the intelligence of method.Perception deduction (PD) 490 is responded using Investment Allocation and its corresponding system metadata comesReplicate the raw sensed of Investment Allocation response.Output (CDO) 462 instruction of Being Critical decision is for determining finally patrolling for CTMP outputVolume.With reference to meta data category module (MCM) 488, debugging and algorithm keeps track are divided into using the information classification based on traditional grammarDifferent classifications.Then the category can be used for tissue and generate different throwing relevant to market/taxation risk and chanceProvide assignment response.Input system metadata 455 is separated into significant investment point by frame of reference separated from meta-data (SMS) 487With causality.With reference to tucker logic 483, by all Investment Allocations and relevant market/tax risk, chance and it is eachFrom response carry out compressive classification.All applicable main bodys of 481 rolling view of main body omniselector.Main body tucker 482 retrieval withThe relevant appropriate investment risk of main body and distribution., other than its relevant weight, perception storage (PS) 478 is also using as its ropeComparable variable format (CVF) the storage perception drawn.This means that database is optimized to what reception was searched as input inquiryCVF, and result will be all kinds of perception.
With reference to Figure 72, implicit derivation (ID) 477 exports the perception data that may be implied from currently known perception angleAngle.With reference to self-criticism sex knowledge density (SCKD) 492, incoming original log indicates known knowledge.Module estimation canThe range and type for the potential unknown knowledge that report log can not obtain.In this way, CTMP subsequent critical thinking feature can be withUsing by the potential range of the directly known and unknown knowledge related to of system.In measurement combination 493, angle will be perceivedDegree is divided into the classification of measurement.In measurement conversion 494, single metric reversion is returned into entire perception angle.In metric extension(ME) in 495, the measurement category of multiple and variation perception angle is stored in each database.With each individual degreeThe peak value knowledge of DB is measured to indicate the upper bound.Measurement is returned into perceptually angle in enhancing and abundant complexity and is utilizedFor critical thinking.In the case where having comparable variable format generator (CVFG) 491, information flow is changed to canCompare variable format (CVF).
Figure 73 shows the Dependence Structure of CTMP.In Being Critical rule range expander (CRSE) 458, known to utilizationPerception carrys out the critical thinking range of extension rule collection.In perception matching 503, received by deriving (RSD) 504 from rule syntaxPerception form transformable variable format (CVF).The CVF newly formed is utilized to similar index and stores in perception(PS) relevant perception is searched in 479.Potential matching is returned to rule syntax and generates (RSG) 505.(MR) is identified in memoryIn 501, chaos field 613 is formed by entering data to.Field scanning is executed to identify known concept.In memory identification indexIn 500, entire concept is individually optimized for the independent sector referred to as indexed.These indexes are used to and chaos by alphabetical scannerThe interaction of field 613.Rule realizes that resolver (RFP) 498 receives the various pieces of the rule with identification label.Each partIt is marked as having been found in the chaos field 613 by memory identification 501 or not be found.RFP logically deducesSufficiently identify that rule executes deserved which of (RE) 461 whole rule (they all parts in chaos field 613Combination).In rule syntax format separation (RSFS) 499, correct rule is separated and is organized by type.Thus everything, propertyMatter, condition and object are separately stacked.This enables the system to distinguish what part is found in chaos field 613, withAnd what has not found.It is derived in 504 in rule syntax, ' the black and white ' rule of logic is converted into the perception based on measurement.The complex arrangement of multiple rules is converted into multiple measurements via variable gradient to state single uniform perceptual.Rule syntax is rawThe perception previously confirmed is received at (RSG) 505, these are perceived, and format stores and the internal metric for participating in perceiving is constituted to perceive.This measurement based on gradient of measurement is converted into binary system and logic rules collection, to emulate the input/output of raw sensedInformation flow.Rule syntax format separation (RSFS) 499 correct Rule Expression meets the essence of the rule set of the reality of observed objectThe true form of expression.Correct rule is separated and is organized by type.Therefore all movement, property, condition and object are separately stacked.This enables a system to distinguish has found which part and which part are not found in chaos field 613.Internal logic506 are deduced using logic theory, to avoid fallacy, many in perception will be accurately indicated with what kind of rule of deducingMeasure gradient.In order to illustrate an example, this is just as using (radio frequency etc.) analog sine and converting thereof into digital steppingEqually.Total trend, position and the result is that identical.However, having converted analog signals into number.Measure contextual analysisInterconnected relationship in the perception of 507 assay measures.Certain measurements can rely on other measurements with different degrees of magnitude.This languageBorder is for supplementing mirror image interconnected relationship of the rule in ' number ' rule set format.508 pairs of each perception are analyzed in input/output(grey) or regular (black and white) outputs and inputs execution differential analysis.The target of the module, which is to ensure that, to be output and inputAs similar or identical as possible (from grey to black/white and vice versa) is kept after conversion.It is defeated that criterion calculates 509 calculatingEnter the criterion and task of rule.This can be translated into ' motivation ' of rule set behind.Code fo practice has reason, this can be withUnderstood by implicit or specific definition.Therefore, the implicit reason of ' number ' rule is had been carried out why by calculating, equallyThe reason of can be used to the composition for proving to measure in the perception for seeking identical input/output capabilities.Rule forms analysis 510Analyze rule main assembly/composition and they each other how reciprocation.For supplementing the mirror image in ' simulation ' perceptionInterconnecting relation.In the case where converting (RSFC) 511 with rule syntax format, is classified to rule and separated, to meetThe grammer of rule syntax format (RSF) 538.
Figure 74 shows the final logic for handling the intelligent information in CTMP.Final logic, which receives, comes from intuition/perceptionBelieve with both thinking/logical schema the intelligent of (respectively perceive observer's emulator (POE) 475 and rule executes (RE) 461)Breath.In direct decision comparison (DDC) 512, two kinds of decisions from intuition and thinking are compared, it is further to checkVerifying.Crucial difference is that there are no more first-metadata, because if they are agreed unanimously anyway, then being interpreted asWhat is extra.Terminal output control (TOC) 513 is for determining that the CTMP between mode intuition 514 and thinking 515 is exportedLast logic.Intuitive decision making 514 is via one in two major parts using the CTMP for perceiving participation critical thinkingIt is a.Referring to perception observer's emulator (POE) 475.Thinking decision 515 is via the CTMP for participating in critical thinking using ruleTwo major parts in another.(RE) 461 is executed referring to rule.Perception 516 is according to defined in internal form 518Format syntax is from the received data of intuitive decision making 158.Implementation rule 517 is from the received data of thinking decision 515, this is to come fromRule executes the set of applicable (achievable) rule set of (RE) 461.According to the format defined in internal form 518Grammer transmits such data.By using internal form 518, meta data category module (MCM) 488 can identify the twoThe grammer of input, because they are according to known to using inside CTMP and consistent standardized format.
Figure 75 shows intuition/perception and thinking/logic two of the assimilation to the single terminal output for representing entire CTMPMain input.Being Critical decision+member-metadata 521 is according to the grammer transmission perception 516 or real limited in internal form 518The digital carrier of existing rule 517.
Figure 76 shows the range of the intelligent thinking occurred in original selection pattern matching algorithm (SPMA) 526.Input becomesAmount 524 is the initial financial/tax allocation variable for considering reason and rule process.CTMP intends to criticize them, and becomes artificialThe second opinion of intelligence.Variable input 525 receives the input variable for defining security decision.These variables provide for CTMP distinguishes assortedIt is the criterion of reasonable correction movement.If there are addition, subtraction or variation, variations appropriate to be reflected in for variableAs a result in the correction movement obtained.The common-denominator target of CTMP is to distinguish entangling for variation that is correct and accurately reflecting in input variableCorrect, the crucial variation of direct action.With selected pattern matching algorithm (SPMA) 526, selected pattern match is calculatedMethod attempts to distinguish optimal movement according to the criterion of own.As a result the output form 527 obtained is SPMA526 using justThe result that beginning input variable 168 generates.The rule as derived from 526 decision of SPMA is considered as ' current rule ', but is not necessarily" correct rule ".As attribute merges 528 according to the log information provided by SPMA 526, reason processing 456 is according to SPMA526 continue current knowledge.
Figure 77 is shown for the juxtaposed routine SPMA of critical thinking executed via perception and rule by CTMP.HaveIn the case where misunderstanding movement 531, selected pattern matching algorithm (SPMA) 526 can not provide the correction movement of entirely accurate.This isBecause there is no some basic bases checked to assume in the initial program or data of SPMA 526.In this example, using 3DDimension/vector that object is not accounted for as input variable with correctly appropriate action specification SPMA 526.It is suitable havingIn the case where action 532, critical thinking considers to be omitted the third dimension as the vector checked by SPMA 526.The third dimensionDegree is considered by critical thinking 469, because all additional perception angle inspections are all performed.With reference to correct rule533, Being Critical rule range expander (CRSE), which passes through using the perception angle (i.e. third dimension) not considered previously, to be extendedThe understanding range of rule set.With reference to current regular 534, rule derived from current correct action decision institute is reflected to SPMA 526Understanding or its shortage (compared with correct rule).Input rule be derived from the selected pattern matching algorithm (SPMA) 526,The algorithm description understands range by the default that SPMA is provided.This illustrate SPMA526 only understand financial allocation plane it is generalTwo dimensions in thought.
Figure 78 shows how to generate correct rule compared with having been omitted from the conventional current rule 534 of heightened awareness and/or variableThen 533.In the case where parsing (CFP) 535 with chaos field, by the format combination of log at referred to as chaos field 613It is single can scanning element.Correct rule of the additional rule 536 to supplement and establish is generated from memory identification (MR) 501533.With reference to perception rule 537, it will be considered as related and popular perception and be converted into logic rules.If perception (withIts raw sensed format) there is the metric relation for limiting many ' gray area ' many complexity, then ' black and white ' is patrolledCollecting rule includes such ' grey ' region by the n grade extension of complexity.It is effectively to deposit that rule syntax format 538, which is a kind of,Storage and query interface and the storage format that optimizes.
Description perception matching (PM) 503 module of Figure 79 and 80.About measure statistical 539, provided from perception storage (PS) 479Statistical information.Fashion trend, internal metric relationship and measurement growth rate of this statistical definition measurement etc., some general statisticalsInquiry (such as overall measurement popularity sequence) is performed automatically and stores.Other more specifically inquire (measurement X and Y how phaseClose) it is from 479 Real time request of PS.Metric relation keeps 540 metrology relation datas, so as to push it to systemIn one output.The parsing of mistake manages 541 is originated from the grammer and/or logic error of any each measurement.Individually measurement 542 makes everyIndividual measurement separates, because they are combined in the past in the individual unit as input perception 544.Input perceives 544By the example combination for the perception that measure visual, smell, tactile and the sense of hearing form.Node comparison algorithm (NCA) 546 receive two orThe node of multiple CVF is constituted.The magnitude degree of each node representation property of CVF.It is executed based on individual nodes similarProperty compares, and calculates polymerization variance.This accurate comparison for ensuring effectively to calculate.(no matter it is specific for saving smaller square marginPoint or aggregate weight) indicate closer to matching.Comparable variable format (CVF) 547 is the various structures for illustrating CVFAt visual representation.Matching is submitted, because output 550 is the terminal output of perception matching (PM) 503.Node comparison algorithm(NCA) any node overlapping in 546 is left matching result, and therefore submits total result in the stage 550.
Figure 81-85 shows rule syntax derivation/generation.Raw sensed-intuitive thought (simulation) 551 is basis thereThe perception of ' simulation ' format analysis processing.Original rule-logical thinking (number) 552 is to handle rule according to number format there.WithThe relevant perception of analog format 553 of financial allocation decision is stored in the gradient on no rank smoothed curve.With financial allocation decisionRelevant number format 554 original rule is stored as small to not having the rank of ' gray area '.It is original for data contentRule 555 is identical as correct rule 533.Unlike, original regular 555 by 499 turns of rule syntax format separation (RSFS)It is changed to the format of more dynamical, which allows via memory identification 501 and 613 cross reference of chaos field.It can recognize regular segment556 be from via original regular 555 rule of 501 identification of memory identification.This instruction constitutes original correct regular 533Each section of (such as movement, attribute, condition and object) is identified in chaos field 613, and is therefore suitable for potentialBecome the rule realized in logic.Safety covering decision 557 is to execute the final result that (RE) 461 is generated, the result by ruleAllow to execute correction movement.Such correction movement is also directed to terminal output control (TOC) 513 by channel, is to closeThe subset of the bigger correct action logic executed in key decision output (CDO) 462.Unconsummated regular 558 be according to its logicIt is interdependent and be not yet adequately identified in chaos field 613 rule set (according to rule realize resolver 498).Equally, according toThe logic analyzed by CDO 462 is interdependent, and the rule 517 met is identified as in chaos field 613 sufficiently available.Third partyDatabase solution 559 is management buffer area, cache, disk storage, thread management, memory management and other typical casesThe hardware interface software of mechanical data library facility.Realize that debugger 560 attempts to find out the reason that rule is not implemented.It is chaoticField 613 it is not abundant enough or be rule set be substantially be not inconsistent it is logical.If rule set be not inconsistent it is logical, can be withIt is checked immediately in the accuracy of a certain degree.However, in order to establish the potential sparsity of chaos field 613, it is necessary to take moreSecondary investigation, to avoid falling into the falsehood for executing scanty survey.
Figure 86-87 shows the work of rule syntax format separation (RSFS) 499 module.In the module, correct rule 502It is to separate and organize by type.Therefore, everything, property, condition and object are all to separate to stack.This enables systemEnough distinguish has found which part and which part are not found in chaos field 613.About movement 561, four kinds of ruleThen the instruction of one of segment data type may have been carried out, will be performed, the movement of the activation etc. that is considered.About property562, the instruction of one of four kinds of regular segment data types describes certain property like attribute of other some items, it isWork, condition or object.About condition 563, one of four kinds of regular segment data types indicate logical operation or operator (such asIf x and y so z, if x or z so y etc.).About object 564, the instruction of one of four kinds of regular segment data types will be allSuch as act 561 and the attribute of attribute 562 be applied to its target.In processing stage 565, the relationship export result collected so far is madeIt is submitted for output, and program then terminates.Processing stage 566 passes through one entry of regular segment iteration every time.Processing stage 567Explain each personal relationship (such as movement 561, object 564 etc.) between record rule section.Therefore, each in the stage 565Personal relationship is collected and prepares to export.Sequential scan 568 is ' [division] ' mark splits each unit of RSF 538.Main body and bur from RSF 538 are also separated and are parsed.Separation output 569 is each main body and inside subject relationship quiltThe place that scanner is kept.When entire RSF 538 is sequentially scanned, them are sent immediately for exporting.Rule of detachment format570 be the delivery mechanism to contain each regular segment (such as movement 561, object 564 etc.) from separation output 569.PointIt uses from rule schemata 570 and is highlighted in two main points of information transmitting: first as from rule syntax latticeFormula separates the output (this is considered as remembering preceding cognitive phase) of (RSFS) 499 and identifies that (MR's) 501 is defeated as Self-memory is carried out(cognitive phase after memory) out.
Figure 88 shows the work that rule realizes resolver (RFP) 498.The module receives each of the rule with identification labelA section.Each section is had been found or is not found labeled as in chaos field by memory identification (MR) 501.RFP 498It logically deduces and has sufficiently identified that rule executes which deserved whole rule of (RE) 461 (i.e. in chaos field 613It is all they part combination).Queue management (QM) 561 is using grammatical relation reconstruct (SRR) 497 module to be best suitable for logicThe each individual part of sequence analysis.QM 561 access memory identification (MR) 501 as a result, so as to answer it is binary be/No process problem simultaneously takes movement appropriate.QM checks each regular segment stage by stage, if lacking single section in chaos field 613And there is no relationship appropriate with other sections, be then denoted as being not implemented by rule set.If by all examination phase, ruleCollection is flagged as realization 522.The QM stage 571 checks whether discovery regular segment ' the object C ' in chaos field 613.The QM stage 572Check next suitable section whether to it is original ' object C ' is related, at the same according to memory identification (MR) 501 also in chaos field 613In it has also been found that regular segment ' object C '.Same logic is separately applied to the QM stage 573 and 574 for condition B and movement A.These segment tables show a part of (A, B, C etc.) not instead of program kernel logic, refer to expected and typically used as showingConsistent example.The rule set 575 for receiving Perfect Reconstruction needs the rule set that meets of queue management 576 to export, it is assumed that discovery ruleThen collection is achievable, and the association of regular segment is provided by syntactic relation reconstruct (SRR) module 497.
The realization debugger 560 for the reason of Figure 89-90 display attempts to find out not implementation rule.It is chaotic field 613It is not abundant enough or be rule set be substantially be not inconsistent it is logical.If rule set be not inconsistent it is logical, can be in a certain journeyIt is checked immediately in the accuracy of degree.However, in order to establish the potential sparsity of chaos field 613, it is necessary to multiple investigation is taken, withJust it avoids falling into the falsehood for executing scanty survey.The sparse sex investigation 577 of field specially checks that chaos field 613 is abundant enoughStill it is not enough to the variable composition of triggering rule set.Scanning 578 checks dependency rule component depositing inside chaos field 613?.Investigation DB 579 stores investigation result for referring in the recent period.If investigation DB 579 has been saturated/has filled full, the inspection of condition 580It looks into.This means that any possible scanning to Rule section has all executed, although scanning can generate positive or negative result.If having been carried out all possible scanning, conclusion 581 is implicit: the sparsity in entire chaos field 613It is why rule set to be classified as unconsummated reason.If executing all possible scanning not yet, conclusion 582 isImplicit: investigation is more sectors that are incomplete and needing to scan chaos field 613, reliably to judge chaos fieldWhether 613 sparsities are that rule becomes the reason of not being implemented.It whether there is in 583 inspection rule set of logic impossibility testInherent impossible logic is interdependent, this is that it becomes to be classified as unconsummated reason.For example, object 584 ' bachelor ' byIt distributes property 585 ' married ', which results in inherent contradictions.Test 583 has determined the dictionary definition of item 584 and 585.It is internalRule compliance inspection 588 will check whether all properties are consistent and related to its object counterpart.In RSF538 format' bachelor ' 584 contributes the part definition of object 586 ' man ', and " married " 585 defines (being also at 538 format of RSF) contribution' two people of object 587 ' part definition.Checking 588 conclusion is, potentially includes object 587 ' two with regard to object 586 ' man 'It is personal ' for, it is compatible that two, which define 586 and 587,.During rule correlations conversion 589, fair item is converted to holdRow is relatively tested.Understand that second definition is (' married in the background that such conversion allows to define (' bachelor ') at firstPerson ').To draw a conclusion 591, the rule comprising in one contradiction, i.e., same people currently gets married 590 and not to be had currently simultaneouslyThere is marriage 592.
Figure 91 shows rule and executes (RE) 461;Execution be confirmed to be it is existing and according to memory to chaos field 613It scans and realizes regular to generate desired and relevant critical thinking decision.There are chessboard plane, be used to trackThe conversion of rule set.Object on the disk indicates the complexity of any given unsafe condition, and these objects are across ' safe chessboard 'Movement indicate by safety regulation collection response come the evolution of the unsafe condition managed.Stage 1 593,538 information of RSF limitDetermine the initial initial position of all related objects in chessboard plane, therefore defines the beginning of dynamic cascading unsafe condition.ThisSymbolically it is used to illustrate to handle the logic ' position ' of the rule of dynamic security policy.Stage 2 594 and stage 6 598 indicateObject conversion, the safety regulation which is applying modify the location and range of certain unsafe conditions.ExampleSuch as, conversion of the object in the stage 2 and 6 can indicate encryption Being Critical file.Stage 3 595 illustrates object on chessboardIt is mobile, the practical movement of this external position that can correspond to show up as the sensitive document of a part of security response strategy.Stage 4596 and the stage 5597 show two object mergings into the process of common third object.One sample application of the rule isIt is combined to promote two independences of efficient and safety management the transmitting of information and isolated local area network.It is executed completing rule(RE) 461 when, the result of correct rule 533 and current rule 534 is different.This illustrates the Being Critical think ofs that CTMP has been executedDimension advantage, rather than the less crucial result generated from selected pattern matching algorithm (SPMA) 526.All shape, faceColor and position all symbolically indicate secure variant, incidence and response (because explaining that simple rather than actual safety is rightAs).SPMA has generated the final shape position different from CTMP, and for pentagonal similar but different colour-differenceDifferent (orange and yellow).This is because complicated conditional statement (all treated rule set of all input journals is constituted) and go outExisting.It is similarly to the sportsman's variable (height, power) such as how changed and starts game of billiards, sportsman's variable (body of the variationHeight, power etc.) entirely different result ball position can be caused.Purple square is also converted to cube by CTMP, symbolicallyThe ability of size and perception that its consideration SPMA 526 of expression (throughout the description of CTMP) or the even mankind never it is expected or consider.Final safety covering decision 599 is executed according to correct regular 533.
Figure 92 and 93 declaration order memory organizations, are a kind of information storage means of optimization, it read and write it is allHigher efficiency is provided in terms of " chain " of such as alphabet order information.In memory access point 600, in node 601 (block)Direct accessibility of each width means observer to the object (node) remembered.By the sequential memory order of alphabetIn, ' A ' is most addressable memory point, because it is first node of sequence.Letter e, H and L are also easier to directly access,Because they are " leaders " of the subsequence ' EFG ', ' HIJK ' and ' LMNOP ' of themselves.In the range of accessibility 602Interior each letter indicates its direct memory access point to observer.Larger range of accessibility indicates each sequential nodeThere are more accessibility points, and vice versa.More multisequencing is only quoted ' in order ' rather than from any random selectionNode in quote), the range of accessibility is narrower (relative to sequence size.This allows to be carried out according to the magnitude of successionMore effective memory recall.In the case where having nested sub-sequence layers 603, the sequence for showing strong inhomogeneities is by oneThe lesser subsequence composition of series interconnection.Alphabet is the height instruction of this behavior, because each subsequence ' ABCD ',' EFG ', ' HIJK ', ' LMNOP ' are all to be all individually present as a memory sequences, but they interconnect and form entire letterTable.If there is accessing once in a while or frequently for certain nodes to chief series, then such memory storage and reference mayIt can be more effective.This way it is possible to avoid being scanned since entire sequence, to obtain the efficiency of time and resource.It is similarly toAccording to the books that chapters and sections scan, rather than book is scanned from first page in search every time.In extremely non-uniform 605 range, depositIn the inconsistent access point for spreading all nodes.This means that it is made of a large amount of nested subsequence, they are mutual as chainEven.Extremely non-uniform sequence means that it is medium sequence, but should have multiple memory access points (nested subsequenceLayer).Extremely uneven 605 example is alphabet, it be variation be difficult recite, this depend on since which letter.?In the case where with extremely uniform 607 range, throughout all nodes, there are consistent access points.This means that it is not by as chainThe nested subsequence composition equally interconnected.Extremely uniform sequence means it or is extremely continuous (throughout nodeAlmost without consistent access point) or be extremely discontinuous (throughout the consistent big access point of node).Extremely uniform 607Example is the set of fruit, and when reciting them almost without sequence that is any specified or emphasizing, also there is no any interconnectionSubsequence.Medium homogeneity range 606 has initial big accessed node, it means that starts to recite content from the beginning to be most effective's.However, furthermore to the effect that linear, there is no nested sub-sequence layers for this instruction, and there are unusual big sequences.Medium non-homogeneous 604 range less deviates linear too many and therefore spreads consistent access point.There is more delicate and limit in this instructionFixed less nested sub-sequence layers, and meet consistent and reversible set simultaneously.Show the letter of medium non-homogeneous 604 behaviorThe example of breath can be the catalogue for automaker.In the presence of the classification that can be limited, such as sport car, merge power car andSUV, but strong prejudice is not present in the list that just how should be recited or remember, because potential client may be still to compareSUV and sport car, it is specified in spite of separated classification.
Figure 94 shows non-sequential memory organization, handles the information storage of non-sequential continuous item.The fruit set the case whereUnder, there is no the sequences for the Height assignment that should read them, and opposite alphabet correspond to this how to read information have it is strong suitableOrder sequence.Memory organization 608 shows the accessed node uniform always for all fruit, indicates non-sequential tissue.In 608Tissue illustrate invertibity is how to indicate non-sequential arrangement and uniform range.In this case, it indicates the note of fruitIt is non-sequential for recalling, as indicated by the relatively wide access point of each node.It is same equal when the order of fruit is shuffledThere is also the sequence of this instruction fruit is reversible even property.On the contrary, the sequential series as alphabet are more difficult to upside down backIt reads aloud, rather than routine is recited.Common fruit list does not show this phenomenon, and ratio is quoted in this instruction except sequence listIt is more frequent in sequence list.In core subject and association 609, since succession being not present in the fruit list, togetherA series of fruit are repeated, but have different cores (center object).The main theme of kernel representation, remaining fruit serve as itMemory neighbours can more easily be accessed relative to the core subject if there is no defined by by remembering neighbours.In strong neighbourIt occupies in 610A, although apple is a kind of common fruit, due to the overlapping in spelling, it is more general than other with the strong tie of pineappleWater flowing fruit is stronger.Therefore, pineapple is considered as memory more towards association.In weak neighbours 610B, because pineapple isTropical fruit (tree), thus it with orange and banana (common fruit) be associated with it is less.Pineapple more likely because the torrid zone overlapping and byRefer to be mango.Figure point 612 illustrates how the extremely weak sequence of fruit series leads to upper extremely strong uniformity in the access of node 601.
Figure 95-97 shows memory identification (MR) 501, executes the scanning of chaos field 613 there to identify known concept.It is mixedIgnorant field 613 is ' field ' for the concept being arbitrarily immersed in ' white noise ' information.Make CTMP system on the basis of spontaneousKnow this point, and it is considered as " in the natural environment " and unpredictable.The purpose of memory identification is effectively to scanField is to identify known concept.In the case where having memory concept to retain 614, stores recognizable concept and it is ready toIt is indexed and reference field inspection.The simplification example that the diagram has used vegetables title to spell, to facilitate the easy reason to systemSolution.However, the example is used as the analogy of much increasingly complex scene.For actual life example of security, this can be withIncluding identifying and distinguishing between citizen and army personnel in camera feed.For network security example, this may include known to identificationWith the Troy of memory, back door and detect them in many safe white noises (log).3 alphabetical scanner 615 the case whereUnder, it scans the chaos field 613 and checks 3 that correspond to target alphabetical sections.For example, ' PLANT ' is target, and scannerIt is incrementally moved along field with each 3 characters.With the advance each time of scanner, section ' PLA ', ' LAN ' and ' ANT ' sectionIt will be examined, because they are the subsets of word ' PLANT '.Nevertheless, word ' LAN ' and ' ANT ' are by chance to be also meshTarget independence word.Therefore, when finding one in these three alphabetical sections in field, it, which can imply that, is had been foundThe target complete of ' LAN ' or ' ANT ', or the subset of ' PLANT ' may have been found.Same concept is also applied for 5 wordsFemale scanner 616, but be specifically entire word ' PLANT ' throughout the section that is each preceding and then checking of entire field.Such asThe target of ' LAN ' and ' ANT ' etc is omitted, because at least needing 5 alphabetical targets using 5 alphabetical scanners.To chaos wordSection 613 is segmented, so that (3,5 or more letter scanning) is scanned in varing proportions, because this ratio providesDifferent grades of scan efficiency and effect.With the diminution (quantity of smaller letter) of scanning range, accuracy increase (andVice versa).As the field field of scanner increases, biggish letter scanner more efficient, cost when executing identificationIt is accuracy (how small this have depending on target).In memory conceptual index (MCI) 500, what the stage 617 left in response to themNot processed memory concept and the size (3,5 or more) for alternately changing scanner.MCI 500 is with maximum available scannerStart and be gradually reduced in the stage 617, allows to find more computing resources to check the latent of smaller memory concept targetExist.Stage 618 recycles available memory concept so that they index (be suitble to suitable length (such as 3 or 5) compared withSmall section) it can be exported in the 620th stage.If conceptual index keeps there is not yet memory concept in 624, the stage 619 willIt is created according to the Logistics Process of movement.Then the derived index of institute is assigned to holding 624 from the stage 620 by 621 stage of stage.When the whole circle of the programming of MCI 500 continues, if MCI is finished untreated alphabetical scanner, it will reach and pitches,If it is sky that there, which keeps 624, empty (null) result 622 is submitted, or non-empty is retained 624 and is submitted as modularizationOutput 623.The range of the section of chaos field 613 is differed from number 625 to 628.Section 625 and 626 indicates to be scanned by 5 lettersThe scanning that device executes, and section 627 and 628 indicates 3 letter scannings.Scanning 625 has when checking target ' TOMATO ' of 6 lettersThere are 5 pitches.Two 5 alphabetical sections match at ' TOMAT ' and ' OMATO ', they had previously been indexed at MCI 500It crosses.Each of these both correspond to 5 letter matchings in 6 alphabetic words, this further corresponds to 83%.This score/Percentage is cumulatively added in favor of with 167% memory concept 637, therefore successfully has found concept in chaos field 613‘TOMATO'.Scanning 626 with ' EGGPLANT ' memory concept targets, the important section of two of them be ' GGPLA ' and‘PLANT'.Although a possibility that ' GGPLA ' refers exclusively to the real matching of ' EGGPLANT ', and section " PLANT " introduces wrong report, becauseFor ' PLANT ' in memory concept target and an inherently memory concept target.For ' PLANT ' is identified as depositingIt is in chaos field 613, and ' EGGPLANT ' is the system of unique really identifiable memory concept in field, will be classifiedFor wrong report.However, the programming of the system can be avoided the case scene of wrong report, because of 63% matching of ' GGPLA ' contribution.' PLANT ' in the context of ' EGGPLANT ' also contributes 63%, and ' PLANT ' tribute in the context of target ' PLANT 'Offer 100%.When matching aggregation addition, the polymerization score of 125% (63%+63%) 638 of target ' EGGPLANT ' reception, and meshMark ' PLANT ' obtains 100%639.Therefore scanner successfully maintains the correct explanation to chaos field 613.Scanning 627Width is 3 letters, and identifies section ' TOM ', this causes 50% polymerization to match 640.This is deposited with the field of scanning 625Target it is identical, but due to the difference (3 rather than 5) in sweep length, find weaker confidence level (50% with167%) matching.Therefore, the design of MCI 500 includes multiple sweep length layers, to spend it in accuracy and computing resourceBetween reach correct balance.Scanning 628 also merges 3 alphabetical width, this time there are two potential wrong report tangents 636.Although the actual concept in field is ' CARROT ', concept ' CAR ' and ' ROT ' are considered being present in field and theyOneself is present in field.Scanner must distinguish the correct concept which is in chaos field 613 now.It will utilizeThe subsequent scanography this point nearby carried out on letter.Finally, this concept identification is ' CARROT ' and not by scannerIt is ' CAR ' or ' ROT ', this is because the further evidence of other positioning indexes.The 100% of ' CAR ' 641 it is compound matching and200% combinations matches of ' CARROT ' 642 have all been defeated by both compound matchings of the 100% of ' ROT ' 643.
Figure 98-99 shows field interpretation logic (FIL) 644 and 645, they are operated for being managed using result appropriateThe logistics of the scanner of different in width.General range scanning 629 is started with big letter scanning.Such scanning can be withThe less large-scale field of resource detailed survey, cost are small scale accuracys.Therefore, lesser alphabetical scanner is delegated to moreSpecific field range, to improve accuracy when needed.It is swept when significant region is positioned using specific range630 are retouched, and is needed by ' amplification '.General correlation is that field range of the selection for scanning is smaller, the type of scannerWith regard to smaller (letter is fewer).This ensures not executing expensive accurate scanning in redundancy and unbending position.The section of FIL645 guard logistics to scanner as the result is shown.If specific scanner receives the volume of memory concept in chaos field 613Outer identification, then this indication field range 631 (613 sections) contains the intensive saturation of memory concept, and is worth use smallerWidth scan on the particular range " amplification ".Therefore, the 5 alphabetical scanners that field range is 30%632 will be with 10%The 633 alphabetical scanner of field range activation 3, the field range are considered as " increased ' additional ' identification ' 634 depending on theyDepending on the initial results of return.' additional ' expression identification in 634 is to the supplement tentatively identified executed in FIL section 644.
Figure 100-101 shows automatic sensing discovery mechanism (APDM) 467.Although observer 646 represents number or the mankind seeThe person of examining, but same object can be perceived via multiple perception.Observable object is used to illustrate potential network security caseScene.The limited range for perceiving the information that angle A 647 is generated about the Observable object, because it is the wash with watercolours in two dimensionsDye.It perceives angle B 648 and generates more informed range, because it includes third dimension.Perceive the result pair of angle C 649In our limited thinking abilities be unknown because creative mixed process creativeness 18 is just by modern parallel processing capability instituteIt utilizes.Critical thinking algorithm has and generates more by mixing the measurement of angle A and B and therefore forming new iteration 653The potentiality of more sensible forms, more sensible forms may the understanding sense of hearing beyond the mankind or iteration complexity+efficiency and CPUExponential relationship (not being the flation) between time and ability.Perception angle 650 is by a variety of measure definitions, including but notIt is limited to range, type, intensity and consistency 651.These be likely to become it is more more complicated than examples presented above in range, thereforeThere may be the change perceiveds of many complexity generated by creative module.Perception weight 652 is defined by perceiving observerThere is great relative effect to perception when emulator (POE) 475 emulates.The meeting when limiting the weight of new iteration perception 653Consider the weight of the two input perception.The new iteration perception 653 includes the hybrid metric by previous generation sensation influence: A+B.Such new perception angle may be potentially security software and provide a fruitful new advantageous point to detect secretVulnerability exploit.Via the combination of test/mistake and intelligent selection, select the perception of several generations for mixing.If perception is (especiallyThe perception of new iteration) in terms of the insight that safety problem is provided it is proved to be useless, then it can in use notGive and emphasize again, but it seldom be deleted because it is never fully known it whether will provide useful insight.CauseThis, the tradeoff between computer capacity resource and safe and intelligent is to want hands-on.
Figure 102 shows raw sensed and generates (RP2) 465, is to receive member from selected pattern matching algorithm (SPMA) 526The module of data logging.Such log is parsed and forms the perception for indicating the perception of this algorithm.To perceive complexityFormat (PCF) is emulated to store the perception by perception observer's emulator (POE).System metadata separates (SMS)487 provide output of the security response/variable to 654, it establishes safe causality, because of correction appropriate movement and touchingHair variable (main body, position, behavioural analysis etc.) is coupled.The comparable non-patterned item 655 of variable format 547To indicate.All kinds of perception that each of these perception set all change have for forming the specific of CVF 547 and addingPower influences.
Figure 103 shows the logic flow of comparable variable format generator (CVFG) 491.Input for CVFG is data batchAmount 658, is the arbitrary collection for indicating the data that must be made of to indicate the node of CVF547 generated.Stage 659 is logicalEach of each unit defined by batch data 658 is crossed to execute sequential advancement.Data cell is turned at the stage 660It changes node format into, has and the identical informational content as referenced by final CVF 547.Node is the structure block of CVF, andAnd allow to execute other CVF efficient and accurate comparative assessment.CVF be similar to irreversible MD5 hash and, but it have thanCompared with the characteristic (node) of optimization.Then, when the stage 665 check these nodes there are when, these conversion after node it is temporaryNode is stored in keep in 661.If not finding them, them are created in the stage 662, and in the stage 663 with such as sending outRaw rate and the statistical information used update them.In the stage 664, all nodes with holding 661 are assembled and as moduleChanging output push is CVF547.If after generator operation, keeping 661 as sky, then returning to zero result 618.
In Figure 104, two nodes that node comparison algorithm (NCA) 667 is just relatively being read from original CVF 547 are constituted666 and 668.The magnitude degree of each node representation property of CVF.Similarity system design is executed based on individual nodes,And calculate polymerization variance.This accurate comparison for ensuring effectively to calculate.Smaller square margin (no matter it be specific for node orAggregate weight) indicate closer to matching.In the presence of the two kinds of comparison patterns that can occur: partial match pattern (PMM) and entiretyMatch pattern (WMM).For PMM, if there are an active nodes in a CVF, and do not have in it is more candidateIt was found that its (node is latent), then this is than less likely paying for.Mode applicability example: compare when A and forest A will be setCompared with when, tree A will find in forest A its existing hithermost matching and set B.For WMM, if there are one in a CVFA active node, and its (node is latent) is not found in it is more candidate, then this, which compares, to pay for.ModeApplicability example: when that will set A and be compared with forest A, will not find to match because tree A and forest A be it is direct relatively, and have very big variation in terms of being overlapped with structural similarity.
Figure 105 to 106 shows system metadata separation (SMS) 487, and input system metadata 484 is separated into intentionallyThe safe causality of justice.When exporting from MCM 488, the programming element of log is individually retrieved at the stage 672.In the stageAt 673, the more detailed of relationship between security response and secure variant (security log) is obtained using each classification from MCMCombination, such 674 assimilation of classification is then made in the stage 669,670 and 671.In the feelings with three dimension scanning/assimilation 669Under condition, using the classification container of pre-production and from the original analysis of categorization module, unsafe condition is extracted from system metadataMain body/suspect.Main body is used as exporting security response/variable relation Primary Reference point.The range of main body can be from people, meterCalculation machine, executable code segment, network or even enterprise.This resolved main body 682 is stored in main body storage device 679In.Scanned with risk/assimilate 670 in the case where, using the classification container of pre-production and from the original of categorization moduleThe risk factors of unsafe condition are extracted in analysis from system metadata.Risk and the target subject for showing or being exposed to such riskIt is associated.Risk can be defined as potential attack point, attack types of failing etc..Such risk is stored in and they are in masterIn the associated risk storage device 680 of relative subject at body index 683.In the case where having response scanning/assimilation 671,Using the classification container of pre-production and from the original analysis of categorization module, extracts from system metadata and obtained by input algorithmUnsafe condition response.The response with it is said that deserved such security principal responded is associated.The range of response can be fromApproval/prevention/mark/is isolated/obscures/signal imitation/punishment etc..Such response is stored in and they are in main body index 683In the associated response storage device 681 of the relative subject at place.Then, the information of this storage is by tucker logic (PL) 483All security principals and relevant risk and response are carried out compressive classification by reason, the tucker logic 483.
Figure 107 to 108 shows meta data category module (MCM) 488.In format separation 688, according to recognizable formatRule and grammer are separated and are classified to metadata.Such metadata must be assembled according to identifiable format, noThen metadata will be rejected processing.Native format rule and grammer 689 include the member for enabling MCM module to identify preformattingThe definition of data flow.Due to the correlation and existence in metadata, locally mean ' format ' previously selected.Debugging tracking485 are to provide used variable, function, method and type and its their own output and input types of variables/contentCode level tracking.It provides total function call chain (function for calling other functions).Algorithm keeps track 486 is a software levels tracking,It, which is provided, analyzes the secure data combined with algorithm.There is provided resulting security decision (approval/prevention) together with its howThe tracking (reasonable ground) for reaching the decision and each factor are to the appropriate weight for making the security decision role.At the stage 686, this algorithm keeps track 486 leads to each of these security decision reasonable grounds of the searching loop of MCMMode.Such reasonable ground define how and why with computer log grammer make certain security response (withoutIt is directly to be write by the mankind).It can recognize that format 687 is the predetermined and standardized syntax format compatible with CMTP.Therefore, ifFormat statement from input system metadata 484 then returns to 618 modularization, zero result 618 without being identified.SPMA's 526Programmer is obligated to encode metadata 484 with the identifiable standardized format of CTMP.This kind of format is not needed by CTMP institute speciallyHave and monopolizes, JSON and XML etc..Variable retain 684 be there processing variable by by classification keep 674 so that itCan be used as final and unified output and meanwhile submit 685.Stage 675 is as debugging tracking 485 and algorithm keeps track 486It inputs between two Main Branches of information and is compared inspection.There is reasonable ground in code level in such relatively tracking, withWhy more fully understand will appear such safe reasonable ground, and whether be worth the output as MCM.The step for beIt is preventative, to ensure that the reasoning of each safe reasonable ground and decision behind can be by fine geographical even in code levelSolution, thus the further potential criticism of verifying CTMP as a whole.Checked at the stage 676 similar risk evidence withIn the confirmation using debugging tracking data.At the stage 677, metadata is checked for any function of being called by SPMA, andAnd hereafter check these applicable functions, to check whether according to the function use standardized to limit them that can recognize format 687Way and the reasonable ground used.
Figure 109 shows measurement processing (MP) 489, makes that selected pattern matching algorithm (SPMA) 526 security response will be come fromVariable reverse-engineering at from such algorithm intelligence ' relief ' perception.Security response X 690 expression facilitate byThe series of factors of the resulting security response (i.e. approval/prevention/is obscured) of SPMA selection.Each of each shapeAll indicate the security response from selected pattern matching algorithm (SPMA).Initial weight is determined by SPMA, therefore its intelligenceIt is utilized.Then a large amount of to quote such decision to Sensing model.Perception infers that (PD) 490 uses a part of security responseAnd its corresponding system metadata replicates the raw sensed of security response.The perception of dimension series 699 explains that display PD will be shownShow how PD uses the security response of SPMA, and is associated with relevant input system metadata 484 to re-create initially by SPMAThe gamut of the intelligence ' number perception ' used.This makes CTMP have deep understanding to input algorithm, and then can weighWith the intelligence with cross reference polyalgorithm and variable algorithms, therefore realize an important milestone of artificial intelligence.It is suchShape is the complex rule implemented by SPMA, the symbol of behavior and correlation.Shape filling 697, stacking amount 698 and dimension 699It is the number perception for capturing intelligent algorithm " visual angle ".699 type of dimension of perception indicates 3D shape, it can be for languageSay that the symbol of learning algorithm indicates, which interprets the Internal e-mail of employee of company, and attempts to detect and/or predict companyThe security breaches of sensitive information.Although dimension type may be that (change 694C is the single intelligent algorithm with minor changeIt is circular, and 695C/696C is rectangle, indicates the nuance in intelligent algorithm), but there may be may not in face amountIt can show the multiple initial safes made via such algorithm response.Seem it and 692A ratio at face amount 694A696A has more something in commons.In spite of this anti-intuition, but 692A is the algorithm shape by being totally different from dimension 699Security response performed by filling 697.Although perception 695C and 696C be it is identical, their security response correspond to 695A with696A has fine distinction.Security response 695A is darker and indicates the dimension perception from side 695B, and 696A has been indicatedExactly the same perception, although coming from front 696B.These Discrepancy Descriptions are to different security threats/suspicious difference made a responseHow security response is found to be identical intelligent algorithm by reverse-engineering.All three example (its that dimension 699 perceivesIn two be identical) be combined into hereafter in CTMP perceptually angle B 702 by the individual unit of internal reference.RootThe influence of the perception angle in CTMP is calculated according to the initial weight for influencing used security response 694A, 695A and 696AWeight.With stacking amount perception 698, third dimension depth is not received by dimension 699, it is found that safety is rung693A is answered to become a part of one group of multiple amount.This, which can be, constructs security profile on new company employee to avoid external penetrationProfiled algorithm symbol indicate.Although CTMP initially only receives the individual security profile for being expressed as security response 693A,It is actually the set for being referred to as the mutual reference profile of perception stacking amount 698 (after MP 489 executes reverse-engineering)A part.Such perception can be used as perception angle A 701 and quote in CTMP, for security response 691A and 692A, toMP 489 provides the security response 701 that endless shape is expressed as on symbol.PD 490 is sent out using input system metadataNow the intelligent algorithm of security response origin is look for being not present for expected secure variant.For example, this may be a kind of noteIt anticipates to there is no rule/anticipatory behaviors, rather than notices a kind of algorithm there are suspicious actions.This may be one not byThe employee of company signed on Email according to his common mode.This might mean that the sudden change of habit or the employeeElectronic mail account be accustomed to not yet the malicious act person to sign on Email as real employee damageInstruction.The algorithm is digital perceived shape filling 697 by reverse-engineering, can be with appropriate weighing factorPerceptually angle C 700 is referred in CTMP.
Figure 110 and 111 shows the interior design of perception deduction (PD) 490, is mainly used by measurement processing (MP) 489.It is forwarded to security response X as input in reasonable ground/reasoning and calculation 704.The module, which passes through to utilize such as to be stored in, is intended to DBInput/output in 705 simplifies the intention supply of (IOR) module 706 to determine the reasonable ground of the security response of SPMA.In this wayModule I OR explanation function input/output relationship, to determine the reasonable ground and intention of the purpose of function.IOR module usesThe separation for the various funcalls listed in metadata is output and input.Such separated from meta-data is by meta data category module(MCM) it 488 executes, wherein output classification is to gather 672 and 674 appearance.In JRC 704, for the peace for being provided as input 690Total regression is stored in the function being intended in DB 705 intention to check.If function is intended to confirm the security decision of SPMA, willThey are submitted as effective reasonable ground to measurement conversion JMC 703.In JMC module, the security response being verified is justWhen reason is converted into the measurement of the characteristic of restriction perception.Measurement is similar to the feeling of the mankind, and security response reasonable groundIndicate the reasonable ground using this feeling.When people passes through road, their feeling (or measurement) quilts for vision and soundPromoted, and they to smell and tactile feel to be at it is latent.The feeling set and their own intensity magnitudeIndicate the perception of ' going across the road '.To the reasonable ground of the analogy will ' road vehicle can be danger, and you can seeTo and hear them '.Therefore, it is reasonable for proving that perception is constituted from rationality, and forms example perception angle C 543.I/O(input/output) relationship is defined as the single set that the function of the offer of function in this way is inputted and accordingly exported.IOR706 first check for the I/O relationship and function ' intention ' that whether have analyzed function by reference to internal database in the past.IfInformation is had found in the database, then the supplement of current I/O data is used as at the stage 708.Then check supplement (such asIf fruit is applicable in) I/O data whether enough saturation the analysis level significant enough at the stage 714 can be reached.It shouldQuantity is with technical term quantization and floor level is limited by pre-existing CTMP strategy.If there is no be used to analyzeEnough I/O information content, then cancel specific functional analysis at the stage 711 and IOR module 706 proceeds to next can be usedFunction.When I/O relationship is to be sufficient to the information content of analysis, classified according to similitude 709 to I/O relationship.For example,It was found that a kind of currency conversion is another currency (i.e. USD to EUR) by a kind of I/O relationship, and find another kind I/O relationship by oneKind of unit of weight is converted to another unit of weight (i.e. pound to kilogram).Both I/O relationships are due to triggering concept and classification ropeDraw associated and is categorized as belonging to data conversion.For example, such index can quote USD, EUR and pound, kilogram carry out logarithmIt is referred to according to transform class.Therefore, once finding these units in I/O relationship, IOR 706 can be correctly to themClassify.Therefore, it is currency and unit conversion functions that the intention of the function is under a cloud.To all available I/O relationships intoRow classification when, these classifications sort the quantity for the I/O relationship weight for including at the stage 710 according to them, wherein most byThe appearance first welcome.At the stage 715, if the classification of I/O data can confidence the intention of display function mode,They can be checked.This is to be input to performed by audit function the consistency of output conversion to complete.IfSome information category is lasting and distinguishing (to be such as a classification for currency conversion and be second class by Conversion of measurement unitNot), then these classifications become describing ' intention ' of function.Therefore, which will be described as having conversion currency and unitIntention.The function is reduced to its expected purpose by IOR 706, this is with important safety analysis meaning, because of CTMPCan be with the actual purpose of function present in Validation Code, and any damage can be had resulted in the execution via this category codeMalicious act is intelligently scanned before.If IOR 706 with the confidence of abundant degree to ' intention ' have it is well understood that ifIt is submitted as modularization output 712.' if intention ' classification does not confirm by force each other, and ' intention ' of the function not byIt assuredly establishes, then ' intention ' of the function is declared as unknown and IOR706 and proceeds to next available function in the stageIt is analyzed at 711.
Figure 112-115 display perception observer's emulator (POE) 475.The module generates the emulation of observer, and is observingTest/more all potential perception points in the case where these variations of person's emulation.And inputting is that all potential perception points addThe data logging of enhancing;Output, which is this enhancing log, utilizes selected perception according to best, most related and most careful observerThe obtained security decision of result that generates of such merging.Input system metadata 484 is that raw sensed generates (RP2) 465For generating the initial input of perception in comparable variable format CVF 547.There is the case where storage search (SS) 480Under, the criterion from the database lookup that derived CVF is used as perception storage (PS) 478 in data enhancing log.PS is nextThe matched CVF of highest is provided from all available CVF 547 of database.Their related perception constitutes and weight is cited simultaneouslyFor the successful match event in result 716.Similarity overlapping is suggested as 60% matching 719 and 30% matching 720.These knotsFruit is calculated by storage search 480.With result 716, then matching 719 and 720 is stored andIndividual perception sequence is calculated at weight calculation 718.Such totality calculated using database CVF compared with input CVFSimilarity (or matching) value, and the value and each individual are perceived into multiplied by weight.Such weight is stored and closes with CVFConnection, as initially determined by measurement processing (MP) 489.In sequence 717, perception is sorted according to their final weight.Such sequence is unsafe condition to be understood using most related (as weighted in weight calculation 718) perception and therefore by mostThe part of the selection course of 731 order output of whole block 730 or approval.Once being sorted to perception, just they are turnedIt is dealt into application program 729, data enhancing log 723 is applied to perception to generate block/approval suggestion there.Log 723 isThe input journal of system with raw security event.Self-criticism sex knowledge density (SCKD) 492 marks log to limit notThe expection upper range of knowledge.This means that perception it can be considered that using unknown data range flags data.This means thatPerception can execute more accurately assessment to security incident, it is contemplated that it has had estimated it and has been aware of that how many and it does not knowHow much is road.Data parse the enhancing logs 723 of 724 pairs of data and input system metadata 484 explain substantially with export such as byThe original approval or prevent decision 725 that original selected pattern matching algorithm (SPMA) 526 determines.Accordingly, there exist two potential casesThe block 730, Huo Zheyi of security-related event (preventing program from downloading) in example scene, SPMA or selected scene 727It selects to ratify 731 such events in scene 726.At this point, CTMP 22 has been achieved with progress so far, it is ready to execute itMost crucial and most critical task, i.e. criticism decision (including but not limited to network security).The criticism in CTMP with two kinds notSame mode occurs twice, herein once according to perception in perception observer's emulator (POE), and once according to logicThe rule of upper restriction executes in (RE) in rule, and in POE, when receiving block command from SPMA, the covering for participating in 732 is patrolledVolume.At stage 732A, it is assumed that the default-action of block 730, and by finding the prevention/approval being stored in case scene 727The average value of confidence value prevents average value (BLOCK-AVG) and approval average value (APPROVE-AVE) 732B to calculate.Stage732C checks whether the average confidence of case scene 727 is greater than the confidence nargin predetermined (by strategy).If sceneConfidence level is low, then this instruction CTMP refuses criticism since information/understanding is insufficient.When there is this low confidence situation, RMAFeedback module 728 is participated at stage 732D to attempt to reappraise the unsafe condition including more perceiving.This additional considerationPerception may will increase confidence nargin.Therefore, RMA feedback itself will be communicated with resource management and distribution (RMA) 479, with inspectionIt looks into according to whether policy in resource management allows revaluation.If this revaluation is rejected, which has had reached its peak valueConfidence potentiality, and initial approval/prevention decision is covered by permanent discontinuation for the POE session.Stage 732E indicates that RMA is anti-By more resources and therefore feedback module 728 receives the situation of license in terms of more perception are re-assigned to from RMA 479In calculation.In this condition, stop to rewrite at stage 732F and attempt (CTMP criticism), to allow with additional sensedNew assessment is carried out to case scene 727 in the case where (and therefore computer resource load increases).The instruction batch of stage 732GQuasi-average value has enough confidence (according to strategy) to move the approval that prevention movement 730/732A is covered at stage 732H is defaultedMake 731.The approval logic 733 that same logic is suitable for occurring at case scene 726.At stage 733A, default-actionIt is arranged to that SPMA 526 is requested such to be ratified.It is set by finding prevention/approval of the size in case scene 726The average value of certainty value prevents average value and approval average value 733B to calculate.Stage 733C checks being averaged for case scene 726Whether confidence level is greater than the confidence nargin predetermined (by strategy).When such confidence level situation increases, RMA feedback module728 participate at stage 733D to attempt to reappraise the unsafe condition including more perceiving.Stage 733E indicates that RMA feeds back mouldBlock 728 receives the situation of license from RMA 479 and is re-assigned in calculating with therefore perceiving more resources and more.In this condition, at stage 733F stop rewrite attempt (CTMP criticism), so as to allow with additional sensed (and becauseThis computer resource load increase) in the case where new assessment is carried out to case scene 726.Stage 733G instruction approval average valueThere is enough confidence (according to strategy) to act 730 for the prevention that approval movement 731/733A is covered at stage 733H is defaulted.
Figure 116 and 117 shows the implicit sense that derives (ID) 477, may be implied from currently known perception angle exportThe angle of primary data.The perception angle 470 of application is stored in the range of the known perception in CTMP storage system.This kind of perception470 are applied and are used by SPMA 526, and perceptually 734 set collects and is forwarded to measurement combination 493.The module493 metrics class by the angular transition for perceiving 734 formats to derive the format that (ID) 477 is identified by implying.There is measurementIn the case where complexity 736, the circular extraneous peak value for indicating the known knowledge about individual measurement.Therefore towards circular outerPortion edge indicates more measurement complexity, and center indicates less measurement complexity.Center light gray indicates the perception of applicationThe measurement of the present batch of angle combines, and external Dark grey indicates generally by system storage and known measurement complexity.The target of ID477 is to increase the complexity of calculation of correlation, and perception angle is multiplied in complexity and quantitative aspects.In the case where the known metrics complexity from present batch is there are no comprising such details/complexity, it is added toRelevant measurement DB738.In this way, can be used in a batch potential for the measurement complexity that system at full circle and has newly storedFollowing perception angle is implicit to be derived.This amount of complexity constitutes 736 as input and is transmitted to metric extension (Me) 495, at thatIn it is multiple measurement and different perception angles be stored in each database 738 by category.Dark grey surface region indicates applicationPerception angle present batch total size, and the quantity of the range left be more than the known upper limit.With each individual degreeThe peak value knowledge of DB is measured to indicate the upper bound.Therefore, enhance current batch using previously known details/complexity of those measurementsThe measurement of amount (they are exported via the perception angle of present batch).Measurement is returned into conduct in enhancing and abundant complexityPerceive complexity 737.As seen in chart 737, light gray region is had become than in metrics range 739, consistency 740, classIt is bigger in all four sectors of type 741 and intensity 742.This instruction becomes in further detail and multiple in all four measurement sectorsIt is miscellaneous.Then the input by the measurement complexity 737 of the enhancing as measurement conversion 494 is transmitted, and individual is inverted to perceptionEntire angle 735.Therefore, final output is assembled into the implicit angle 471 of perception, this is being originally inputted using angle of perceivingThe extended version of degree 470.
Figure 118-120 shows self-criticism sex knowledge density (SCKD) 492, and estimation can report that log can not obtain latentIn the range and type of unknown knowledge.In this way, to can use the system known and not for CTMP22 subsequent critical thinking featureThe potential range for the knowledge related to known.Here is an example of the expectation function and ability for showing SCKD 492Use-case:
1) system has been that nuclear physics establishes strong term of reference.
2) system executed nuclear physics with quantum physics in complexity and type be by it is clear with it is similar methodicallyClassification.
3) however, compared with nuclear physics, the system is in terms of quantum physics with the reference knowledge of more much less.
4) therefore the system limits the upper bound of potential accessible quantum physics knowledge via the analogy of nuclear physics.
5) system determines the range of the unknown knowledge in the case where quantum physics are big.
Given data classification (KDC) 743 separates (known) information confirmed with 746 categories of input, so as toExecute DB analogy inquiry appropriate.Such information is separated into classification A, B and C 750, separated classification is independent after thisInput is provided to comparable variable format generator (CVFG) 491.Then CVFG is with 547 format output category information of CVF,It is used to check the similitude in given data range DB 747 by storage search (SS) 480.In the case where 747 DB, according to numberThe upper bound of given data is limited according to classification.It makes comparisons between the similar type and structure of data, to estimate knowledgeConfidence level.If SS 480 can not find any result to carry out knowledge analogy at scene 748, current data is stored,So as to carry out the analogy in future.According to use-case example, this will be the event for allowing the range of nuclear physics to be defined.Then,It, can be by the currently stored carry out analogy of its knowledge and nuclear physics knowledge when referring to quantum physics future.?Scape 749 describes that scene is found as a result, at this moment, according to SS 480 as a result, being marked with its relevant range of given data everyA classification.Hereafter, at unknown data combiner (UDC) 744, the label range of the unknown message of each classification is re-assembliedIt returns in identical original data stream (input 746).Output 745 at, return original input data and with unknown data rangeDefinition combines.At Figure 119, given data classification (KDC) module 743 is illustrated in more detail.Given data 752 is mainly to inputAnd include block of information 755, they indicate the data area of definition, such as each entry from error log.Stage 756 checksIdentifiable definition in block, this definition will show that it is marked as nuclear physics information according to use-case.It is protected if there is classification is suitable forThe classification of the information labels of the block in 750 is stayed, then by supplementing it using treated block of information 755 come at the stage 748Enhance pre-existing classification using details.If there is no such classification, then the category is created at the stage 749, so as toIt can accordingly and correctly store block of information 755.Basic logic 759 cycle through in order these blocks substantially until it is all itIt is all processed.It is all after them having handled, if (will not limit) minimum number by strategy is submitted to classificationRetain 750, then KDC 743 submits module words output as zero result 618.If there is sufficient amount of treatedBlock, then classification reservation 750 is submitted to median algorithm 751 (it is mainly SCKD 492).Unknown data combiner (UDC) 744Receive the given data marked from median algorithm 751 with unknown number strong point 757.Such data are initially stored in classification guarantorIt stays in 750, and basic logic 760 cycles through all data cells in order therefrom.Stage 754 checks from reservation 750Whether the classification of restriction includes the original metadata for describing how to be reconstructed into individual classification identical information flow.This metadataIt is initially to be found in the input given data 752 from KDC 743, because at this stage, data are divided into class not yetNot and there are the initial single anastomotic structures for keeping all data.In the stage 754 by the corresponding data weight of metadata and theyAfter new association, tag block is transferred to block recombination and retains 753.The first number to match with data is not found at the stage 754In the case where, then sky will inevitably be remained by withholding 753, and by zero result 618 of return moduleization.In successful first numberWhen according to matching, retains 753 and be filled and be given data+label unknown data for the output of the modularization of UDC 744757.Block 755 in modularization output indicates the original information block found in such as given data 752 from KDC743.Pentagon758 indicate the definition of unknown data ranges, and each of this definition and given data 755 piece couple.
Vocabulary objectivity excavates (LOM)
Figure 121 shows the main logic that (LOM) is excavated for vocabulary objectivity.LOM attempt as close possible to extensive problem and/Or the objective answer asserted.It participates in human subject 800 to allow them to recognize or improve the opinion of the position of their opposition LOMAccording to.Recognize or improve the core philosophy that argument is LOM because it must it mistake when can recognize that this point so that it fromKnowledge (this is its initial place for obtaining knowledge therefrom) study of the middle mankind.LOM be extremely big database (and thereforeCPU, RAM and disk it is all be all crucial participant), and will be from concentrating on single (but replicating for redundancy and backup)Central knowledge in main example retains (CKR) 806 and is benefited.It can be via the payment for being connected to such central master instance or freeAPI promotes third party application.The activity of LOM is to conclude problem or assert 801 mankind masters for entering main LOM visual interfaceBody 800 starts.Such problems/assert that 801A is transferred to initial query reasoning (IQR) 802 so that for handling, this is initially looked intoIt askes reasoning (IQR) 802 and keeps (CKR) 806 using center knowledge to decode and understand with answer/response in problem/assert [...]During crucial missing details.Hereafter, that problem/assert 801 is transferred to investigation together with the inquiry data of supplement is clear(SC) 803A clearly participates in human subject 800 to realize supplemental information, allows to objectively and utilization is all required upper and lowerText carrys out problem analysis/assert 801A.Therefore, the problem of formation has been clarified/assert 801B, it uses and is such as mentioned by human subject 800Initial primal problem out/assert 801 but supplement the details acquired from 800 via SC 803A.Assert construction (AC) 808ATo assert or the form of problem (such as 801B) receives proposition, and provide the output of relevant to such proposition concept.ResponseBeing presented 809 is to be drawn for appealing that both (RA) 811 are presented to human subject 800 and rationality by LOM (specifically AC 808)Conclusion interface;Appeal that (RA) 811 proposes the conclusion obtained by LOM (especially AC 808) to human subject 800 and rationalityInterface.Such interface visually is presented for the mankind 800 and is presented with pure digi-tal syntax format to RA 811 suchInterface.Level mapping (HM) 807A maps associated concept to find the problem/assert the confirmation or conflict of consistency.Then itCalculate the interests and risk that certain position is taken in the main body.It is the knowledge for being referenced for LOM that center knowledge, which retains 806,Major database.Logical division and the separation for optimizing search efficiency and concept allow to establish strong argument, andIt is on the defensive in response to the criticism of human subject 800.The knowledge that knowledge verification (KV) 805A receives high confidence level and criticizes in advance, theseKnowledge needs logically to separate for the query capability and assimilation in CKR 806.Receiving response 810 is to give human subjectA kind of 800 selection is appealed to be used to or receive the response of LOM or to criticize.If response is received, by KV805A is handled, so that (high confidence level) knowledge store as confirmation is in CKR 806.If human subject 800Do not receive response, then forwards them to rationality and appeal (RA) 811A, check and criticize the reason of the appealing provided by the mankind 800By.RA 811A can be criticized and be asserted, either self-criticism is still to the criticism of mankind's response (at receiving response 910'No' response).
Figure 122-124 shows artificial intelligence service provider (MAISP) 804A of management.MAISP operation is known with centerKnow the internet cloud example for retaining the LOM of master instance of (CKR) 806.MAISP 804A by LOM be connected to front end services 861A,The interdependent 804C of back-end services 861B, third party application, information source 804B and MNSP9 cloud.Front end services 861A includes artificialIntelligent personal assistants (such as Assistant of the Alexa of the Siri of apple, the Cortana of Microsoft, Amazon, Google), communicationApplication program and agreement (i.e. Skype, WhatsApp), home automation (i.e. refrigerator, garage, door, thermostat) and medical treatment are answeredWith program (such as doctor's another kind opinion, medical history).Back-end services 861B include online shopping (such as Amazon.com),It is online to transport (such as Uber), medicine prescription order (such as CVS) etc..Such front end 861A and rear end 861B service viaThe API infrastructure 804F and LOM of documentation is interacted, this realizes the standardization of information transmitting and agreement.LOM is via automaticChange research mechanism (ARM) 805B from oracle 804B retrieval knowledge.
Figure 125-128 shows the Dependence Structure of LOM, how interdependent mutually each other between indicating module.Language construct (LC)812A explains the primal problem from human subject 800 and parallel modules/assert input, using generation can by LOM system asThe logical separation of the language syntax integrally understood.Concept discovery (CD) 813A the problem of clarified/assert and receive interest in 804It puts and by exporting associated concept using CKR 806.Concept priority (CP) 814A receives related notion, and is indicating specialThey are ranked up in qualitative and versatility logical layer.Top layer is designated concept most typically, and lower layer is assignedMore and more specific concept.Response separation logic (RSL) 815A understands that the mankind respond using LC 812A, and by correlation and hasThe response of effect associates with preliminary clarification request, therefore realizes the target of SC 803A.Then LC 812A is in the output stage phaseBetween to be re-used to modify primal problem/assert 801 include by the received supplemental information of SC 803.Human interface's module(HIM) 816A provides clear and logically separate prompt to human subject 800, to solve by initial query reasoning (IQR)The notch of 802A specified knowledge.Context construction (CC) 817A is used from the metadata for asserting construction (AC) 808A and is come fromThe potential evidence of human subject 800 provides brute facts to CTMP to carry out critical thinking.Decision comparison (DC) 818A is determinedOverlapping before criticism and after criticism between decision.Conceptual compatibility detection (CCD) 819A compares from primal problem/asserts801 concept is derived to determine logical compatibility result.Such concept can indicate circumstances, existence, obligation etc..BenefitBenefit/exposure calculator (BRC) 820A receives compatibility results from CCD 819A, and weighs interests and risk to be formed including conceptThe unified decision of the gradient of the variable implied in composition.Concept interaction (CI) 821A will attribute related with AC 808A concept pointDispensing clarifies each section for the information that (SC) 803A is collected from human body main body 800 via investigation.
Figure 129 and 130 shows the internal logic of initial query reasoning (IQR) 802A.Serve as the language of the subset of IQR 802Construction (LC) 812A receives primal problem/assert 801 from human subject 800.801 are separated from language so as to IQR 802ASuccessively handle each individual word and/or phrase.Auxiliary verb " should " 822 suggest that shortage about the clear of time dimension 822Property.Therefore, rhetorical question is formed to reach such as ' daily? ', ' weekly? ' etc. clarity.Main body ' I ' 823 suggests that shortageWhom is the clarity of main body about, therefore forms the contingency question verb ' eating ' 824 to be presented to human subject 800 not necessarilyIt is unclear, but other analysis sites of unclarity can be supplemented.IQR 802 using CKR 806DB in the stage 824 by that will be eatenThe concept of product and the concept connection of health and money get up.' main body proposition problem ' 823, are more closed so that proposing for this notice inquiryRelevant contingency question is accommodated, such as ' male or women? ', ' diabetes? does ', ' take exercise? ', ' purchasing power? '.Noun ' fast food '825 suggest that the clarity lacked in terms of it how should explain word.In technical meaning 827, it can be explainedFor its most original form of " supply very quick food ", or to cheap and worked it out very fast in the place of orderMore colloquial styles of " fried salty based food " understand.Salad bar is technically a kind of means for quickly obtaining food, becauseIt is that pre-production is good and commercially available immediately.However, the technical definition does not meet the spoken reason more commonly understood of ' fast food 'Solution.By reference to CKR 806, IQR 802 in view of may consider term ' fast food ' ambiguity during potential choosing?.Can will such as ' hamburger restaurant via manual interface module (HIM) 816? ' and ' salad bar? ' etc blur options be transmitted toHuman subject 800.However, there may be enough information at CKR 806 to understand that the general context of problem 801 indicatesReference to spoken meaning 826.CKR 806 gradually recognizing there are involved by fast food and health after a degree of dispute,It can indicate context general in this way.Because of this, it is very likely that problem 801 refers to the dispute, therefore HIM 816 does not need to be suggestedFurther to clarify human subject 800.Therefore, IQR 802, which attempts to decode, defines nuance obvious and delicate in meaning.It asksTopic 828 to entire LOM instruction human subject 800 be rather than to assert statement in proposition problem.
Figure 131 shows investigation clarification (SC) 803, receives and inputs from IQR 802.Such input includes must be by the mankindMain body 800 is directed to the obtained objective answer to primal problem/assert 801 and the series of requested clarification 830 answered.Therefore, requested clarification 830 is forwarded to human interface's module (HIM) 816B.It clear any will be provided to suchResponse be transmitted to response separation logic (RSL) 815A, then make response with clarify request it is associated.With the institute handledThe clarification 830 of request concurrently, to language construct (LC) 812A provides clarification language association 829.Such association 829 includes instituteInternal relations between the clarification 830 of request and language construction, this is so that RSL 815A can modify primal problem/assert801, allow LC 812A to export the problem of having clarified 804, merges the information via 816 study.
The problem of Figure 132, which is shown, asserts construction (AC) 808, receives the clarification generated by investigation clarification (SC) 803/disconnectedSpeech 804.Then PROBLEM DECOMPOSITION can be interested point 834 (key concept) by LC 812A, these points are passed to concept hairOn existing (CD) 813.Then CD is by exporting associated concepts 832 using CKR 806.Concept priority (CP) 814A is then by concept832 are ordered into expression specificity and recapitulative logical layer.Top layer is designated as concept most typically, and lower layer is dividedWith more and more specific concept.Promote such sequence using the data provided by CKR 806.The top layer is by as modularizationInput is transferred to level mapping (HM) 807.In the parallel transfer of information HM 807, HM 807 receives point of interest 834, the interestPoint is handled by its interdependent modular concept interaction (CI) 821.Attribute is distributed to this by the index information at access CKR806 by CIThe point of interest 834 of sample.When HM 807 completes its internal procedure, after derived concept has been subjected to compatibility test most by itOutput is back to AC 808 eventually and interests/risk of the state of affairs is weighted and returns.This is referred to as modularization output feedback cycle833, because AC 808 and HM 807 have reached full circle, and the modularization output continued to each other is sent until analysisUntil having kept concept complexity fully saturated, and (no matter who until CKR 806 becomes bottleneck due to the limitation of knowledgeFirst).
Figure 133 and 134 shows the interior details how level mapping (HM) 807 works.AC 808 is mentioned parallel to HM 807For two kinds of input.One kind being referred to as concept point of interest 834, and another kind is the top layer (most one of privilege level concept 837As).As shown in Figure 128, concept interaction (CI) 821 is using both inputs by the conclusion of contextualized and 834 phase of point of interestAssociation.Then CI 821 is provided defeated to the compatibility/conflict grade conceptual compatibility detection (CCD) distinguished between two conceptsEnter.This to HM 807 give human subject 800 assert and/or proposition in center knowledge retains the height that indexes in (CKR) 806Consistent and inconsistent general understanding between confidence level knowledge.Such compatibility/colliding data is forwarded to interests/riskThese compatibility (are translated as taking the interests and risk of whole consistent position in this problem with conflict by calculator (BRC) 820Module).For example, three main positions will occur according to use-case (according to the criterion set by human subject 800): overallFor do not recommend fast food, fast food is allowed but is not emphasized, or recommends fast food on the whole.These positions, together with themRisk/advantage factors 836 be forwarded to AC 808 as module output.This is that information flow inside LOM becomes the several of whole circleOne of a point, because AC 808 will attempt the extension asserted for promoting to be forwarded by HM 807.The system is recycled comprising information flow,Indicate as gradually build up it is objective in response to the problem of/subjective quality asserted and the intelligent gradient that gradually supplements.
One analogy is the nectar how honeybee finds flower, it is not intended to which the pollen for collecting it gives the pollen transmission to itHe spends.The colored fertilization generates more flowers, this attracts more honeybees in the long run.It is similarly to appearance inside LOMThe Information Ecosystem of interconnection, gradually to asserting and mature concept ' pollination ' is until system is to the strong confidence of position realization of themeUntil degree.The internal work of the subset concept interaction (CI) as HM 807 is shown on Figure 128.CI 821 receives point of interest834 and each point of interest is explained according to the top layer of the concept of prioritization 837.Two prioritizations of top layer in the exampleConcept is ' health ' and ' budgetary restraints ' 837.Therefore, when CI attempts to explain point of interest 834, it will pass through the view of these themesAngle is explained.Point of interest ' diabetes ' 838 is resulted in about ' expensive medication ' of ' budgetary restraints ' 837 and about ' health ' 837' weaker system '/' intolerant to sugar ' assert.Point of interest ' male ' 839 is asserted " typically it is pressed for time ", although having lowConfidence level, because system discovery needs more specificity, such as " workaholic " etc..The problem of time, is with " budgetary restraints " at anti-Than because system has been noted that the relationship between time and money.Point of interest ' middle class ' 840 is about ' budgetary restraints '837 assert ' food that can afford better quality '.Point of interest " Burger King " 841 is asserted ' just about ' budgetary restraints ' 837Preferably ' and ' economical ', and about ' health ' 837 assert ' high sugar content ' plus ' fried food '.This assert is via referenceIt is stored in what having been established with confidence knowledge in CKR 806 was made.
Figure 135 and 136 shows the interior details that rationality appeals (RA) 811, is self-criticism with regard to it or rings to the mankindThe criticism for the criticism answered is asserted.LC 812A serves as the core sub-component of RA811, and receives input from two potential sources.One sourceIt is if human subject 800 refuses the opinion asserted at the stage 842 by LOM.Another source is in response to presentation 843, it will be countedIt transmits to word and is asserted by AC 808 for what self-criticism inside LOM constructed.Language text is converted into system in LC 812AAfter the intelligible grammer of other parts, it is handled by the core logic 844 of RA.High confidence is returned in such core logicWhen the result of degree 846, as a result it is passed on knowledge verification (KV) 805 correctly to assimilate to CKR 806.In core logicReturn low confidence 845 result when, be as a result passed on AC 808 with continue self-criticism circulation (LOM anotherElement has had reached whole circle).Core logic 844 is in the case where no language elements (as instead of using to artificial intelligenceOptimal grammer for use) input for being in the form for criticizing preceding decision 847 is received from LC 812A.Such 847 quilt of decisionIt is directly forwarded to CTMP 22, ' subjective opinion ' 848 sector as its input.Decision 847 is also forwarded to context construction(CC) 817, the metadata from AC 808 and the potential evidence from human subject 800 are used, by brute facts (i.e. systemLog) it is used as input ' objective fact ' to give CTMP 22.In the case where CTMP 22 has received two mandatory input,Such information is processed to reach ' its best attempt of objective opinion ' 850 with output.Such opinion 850 quilt in RA 811Inside is considered as the decision 851 after criticism.Both 851 decisions are forwarded to decision comparison (DC) 818 after criticism preceding 847 and criticism,It determines the overlapping range between two decisions 847 and 851.Then appeal argument or be recognized as true 852 or improve853 antipoints are invalid to explain why appeal.This assessment be do not consider also not to be partial to appealing be from artificial intelligence orIt executes in the case where the mankind.For recognizing 852 or improving that 852 schemes are inessential is the result of high confidence level 846It is passed on KV 805 and the result of low confidence 845 is passed on AC 808 for further analyzing.
Figure 137-138 show center knowledge retain (CKR) interior details, the data based on LOM intelligent quilt storage andMerge there.Information unit is stored with unit knowledge format (UKF), there are three types the unit knowledge format (UKF):UKF1 855A,UKF2 855B,UKF3 855C.UKF2 855B is to store target there with rule syntax format (RSF) 538The primary format of information highlights as value 865H.Index 856D is to allow to carry out resource high-efficiency reference to mass data setStored digital and processing compatibility/complaint invocation point.The main information block quote timestamp 856C, timestamp 856C be viaReference of the index 856A of referred to as UKF1 855A to individual blocks of knowledge.This unit is held unlike UKF2 855BThe equivalent part timestamp 856C, but the bulk information about timestamp is stored in 538 format of RSF as replacementThe sector value 856H in.Rule syntax format (RSF) 538 is one group for tracking the grammer standard of reference rule.In RSF 538Multiple rules units can be utilized to describe single object or movement.RSF is largely used directly in CTMP.UKF 1855A includes the sector source attribute 856B, which is the reference to the index 856G of 3 855C example of UKF.This unit UKF3855C is the inverse of UKF1 855A, because it has timestamp part but does not have source attribute section.This is because UKF3 855C is depositedSource attribute 856E and the 856B content of storage is in the sector its value 856H in RSF 538.Source attribute is the set of complex data,The information source of tracer request protection.Due to the confirmation and negative factor such as handled in KCA 816D, these sources, which are given, is setThe situation of reliability and authenticity.Therefore, UKF cluster 854F is by together to limiting the system for administering upper independent informationArrange (time and source be dynamic limitation) of UKF variant composition.In a word: 2 855B of UKF includes main target information.UKF 1855A includes timestamp information and omits timestamp field itself therefore to avoid infinite regression.UKF3 855C includes source attributeTherefore information simultaneously omits source field itself to avoid infinite regression.Each UKF2 855B must be accompanied by least one UKF1855A and UKF3 855C, otherwise cluster (sequence) be considered as information incomplete and therein can't be complete by LOMSystem generic logic 859 is handled.At center 2 855B of UKF (with focus target information) corresponding UKF1 855A andIn between UKF3 855C unit, there may be the KUF2 855B units for serving as link bridge.A system will be handled by KCA 816DColumn UKF cluster 854D derived asserts 854B to be formed.Equally, will be handled by KCA 816D a series of UKF cluster 854E with854C is asserted derived from formation.Knowledge validation analysis (KCA) 816D be UKF cluster information is compared be used for confirm aboutThe place of the evidence of viewpoint position.When proposing such requirement, negative evidence etc., which considers attribute sourceReliability.Therefore, after the completion of the processing of KCA 816D, CKR 806 can export the conclusive arbitrary decision about theme 854APosition.CKR 806 never deletes information, also is likely used for because even being intended to false information in truth and dummy messageBetween make and further discriminating between.Therefore, CKR 806 leaves advanced storage Simulation spatial service 854G, which can handle and extend806 data set of CKR that indefinite duration increases.
Figure 139 shows automation research mechanism (ARM) 805B, attempts constantly to supply new knowledge to CKR 806, to increaseThe general estimation of strong LOM and decision-making capability.As being indicated User Activity 857A;User and LOM (via any available front end)The interaction of concept is directly or indirectly brought to related in problem/assert to answer/response.User Activity 857A is estimated eventuallyGenerating CKR has low relevant information or the not no concept of relevant information, as by request but the column of not available concept 857BIndicated by table.In the case where arranging & priority (CSP) 821B with concept;Concept definition is received simultaneously from three independent sourcesAnd they are polymerize so that the resource (bandwidth etc.) to information request (IR) 812B divides priority.Such module I R812B accesses correlated source to obtain the information specifically limited.Such information is limited according to concept type, such source quiltIt is designated as public news sources 857C (public news article, i.e. Reuter, the New York Times, Washington Post etc.), common data shelves(i.e. Facebook, Twitter are fed by case 857D (information fusion is collected, i.e. wikipedia, Quora etc.) and social media 857EDeng).The data provided by such information source according to them request any concept definition and in Information Aggregator (IA) 821BIt is received and is parsed.Save relevant metadata (such as retrieval time, retrieval source).Hereafter it will send information to cross reference(CRA) 814B is analyzed, knowledge existing for the received information of institute and previous from CKR 806 is compared and examined thereThe received information of institute is constructed in the case where considering the previous existing knowledge from CKR 806.This allows according to the current institute of CKR 806Know with ignorant content and assesses and verify the information of new incoming.Style scanning (SS) 808B is that CRA 814B is allowed to considerStyle signature will make the complementary module of new information and the pre-existing knowledge assimilation from CKR 806.That misses is interdependent generalReading 857F is the concept for needing logically to be interpreted as understanding the basic principle of initial target concept.(how it is appreciated that truckWork it may first have to study and understand how diesel engine works).Such missing concept is transferred at CSP 821BReason.The list of activity concept 857G is most popular theme, is ordered as in their CKR 806 most active.It is such generalIt reads 857 G and is transferred to 820 B of creative concept generator (CCG), and then creatively match (via creative module18) to generate new potential concept.The mechanism depends on one of these consolidated materials will be from the source for being connected to IR 812B857C, 857D, 857E generate new range of information.
The example that style uses:
New external data 858A is marked as from known CNN reporter.However it has been found that label with military think tankThe very strong style matching of name.Therefore, which is contributed largely in military think tank in CKR 806, and is noted " soundClaim " come from CNN.This makes further pattern match and conspiracy detection be used for the subsequent execution of LOM logic.(for example, distrustingThe following statement of content from CNN).Hereafter, confirmation is asserted, it is evaluated after conflict and prejudice assessment, just as content is comeFrom think tank rather than CNN.
Figure 140 shows the style scanning for analyzing the style signature 858C of new foreign content (system is not yet exposed to it)(SS)808.Style Science is the statistical analysis of the variation in the literary style between a writer or a kind of type and another kind.ThisThe source expectation for 806 tracking data of CKR/assert is helped, this further helps in LOM detection and confirms to assert.There is signature conclusion(SC) in the case where 819B, the content source attribute of new external data 858A will receive any significant in style signature 858CThe influence matched.Style matching is stronger, stronger according to the source attribute of Style Science.In the case where having signature inquiry (SQ) 807B,Style Science signature 858C is matched with all known signatures from SI 813B.Record appointing in any significant gradient of magnitudeWhat is matched.Signature index (SI) 813B indicates the list of all known style signature 858C such as retrieved from CKR 806.Such as byRepresented by tripartite's style algorithm 858B, LOM depends on any advanced and efficient algorithm style algorithm selected in time.
Figure 141 show assume covering system (AOS) 815B, by assert or problem in the form of receive proposition, and provide withThe output of the relevant concept of this proposition.Concept definition matching (CDM) 803B is there for interdependent explanation (DI) 816B mouldBlock inquiry assumes 858D by any hard coded that human subject 800 provides.All these concepts are all because of the worry of violation aspectAnd it is checked by ethics right of privacy law (EPL) 811B.In 816 B module of interdependent explanation (DI), access meets institute's number of requestAccording to all Knowledge based engineerings to provisioning response it is interdependent.In this way, complete ' tree ' of the information of the objective viewpoint of height is built up in retrieval.InstituteThe data 858E of request is the data that LOM total system generic logic 859 has requested that, either specific inquiry or condition query.One group of information being fully labeled is found in specific inquiry.Condition query request matches all this type of information of certain conditions.
Figure 142 shows intelligent information & configuration management (I2CM) 804E and management console 804D.Polymerization 860A uses generalGrade criterion filters out inessential and redundancy information, and merges and information flow of the label from multiple platforms.Threaten predicament pipeReason 860B is there from getting a bird's eye view visual angle perception concept data hazards.Such threat is passed on management console to be used forFigure is presented.Because measurement result calculated related with the mechanism of threat finally merges from multiple platforms;So can be automaticExecute more informed Threat Management decision.Automatically controlling 860C indicates to be used to control and MNSP 9, credible platform 860Q, third partyService the algorithm accesses of the related management of control of 860R.Management feedback controls 860D and provides all 9 clouds of MNSP, credible platform(TP) 860Q, the additional service based on third party's service 860R advanced control, which can be used to promote to make decisions,Evidence obtaining, threat investigation etc..Such management control 860D is finally embodied on management console (MC) 804D, and it is appropriate to haveCustomizable visual aid and present efficiency.This allows from individual interface (it can amplify details as required) directly to entireSystem (MNSP, TP, 3PI) control effectively and manipulates.It manually controls 860E and is directed to and be used to control MNSP 9, credible platformThe artificial access of the management relevant control of 860Q and third party's service 860R.In the intelligent contextualized 860F stage, remaining dataGroup of islands is looked like now, each island are a conceptual data danger.In order to keep conceptual analysis more mature, flatIt is associated between platform.Historical data is (from I2GE 21 rather than LIZARD) it is accessed to understand Threat Model, and CTMP 22It is used for critical thinking analysis.Configuration & deployment services 860G is that have correct concept data configuration and connectivity for disposingThe interface of the new spectra networked asset (computer, portable computer, mobile phone) of setting.It is added in equipment and it is setAfterwards, it can be adjusted therewith via having management console (MC) 804D as internuncial management feedback control 860D?.The service also manages the deployment of new client/client user account.This deployment may include the pass of hardware and user accountConnection, the customization of interface, client/client variable list (i.e. type of service, product type etc.).Pass through point of jurisdiction 860HFrom exclusively according to the related jurisdiction of MC 804D user come the information pool of separation marking.What is separated by threatening 860IIn the case of, threaten (i.e. conceptual data is dangerous) come organizational information according to each.Each type of data otherwise with threaten be associated with (thisAdd superfluous words) or be removed.Directly management 860J is to be connected to pipe for making MC 804D user via 860E is manually controlledManage the interface of feedback control 860D.With classification & jurisdiction 860H, user's use of MC 804D limits themTheir logging on authentication of jurisdiction and range to information classification access.
All potential data vector 860L indicate running data, the data in static data and use.Customized visual aid 860M for each business enterprice sector, (drape over one's shoulders by accounting, finance, HR, IT, law, safety/control general, privacy/Dew, labour union etc.) and stakeholder staff, manager, the administrative personnel of department (each corresponding) and third party partner, holdMethod authorities etc..Unified view in all aspects to conceptual data 860N is to indicate circumference, enterprise, data center, cloud, moveMedia, mobile device etc..Integrated single-view 860O is such as monitoring, log recording, report, event correlation, alarm processing, planThe creation of summary/rule set, correction movement, the use and third of algorithm optimization, service provision (new client/modification), credible platformAll potential energy of side's service (including receiving report and alarm/log etc. from third party service provider & supplier) etcThe single view of power.Conceptual data team 860P is a qualified professional team, they monitor multiple systems of straddleActivity and state.Because making the Intelligent treatment and AI decision of information, it is possible to by employing with less experienceLess personnel reduce cost.The main purpose of the team is used as verifying system while executing large scale analysis pointAccording to desired criterion come the spare level during mature and progress.
Figure 143 shows personal intelligence profile (PIP) 802C, be stored via multiple potential distal points and front end it is aThe place of the personal information of body.Their information is highly safe and separates with CKR 806, but can be used for LOM total systemGeneric logic 859 is to execute highly personal decision.(PAE) 803C, incoming data are encrypted by implementing personal authentication &Request must authenticate own first, to guarantee that personal information is accessed by correct user completely.With artificial intelligence applicationRelated personal information is encrypted and is stored in personal UKF cluster pond 815C with UKF format.It is handled with information anonymity(IAP) in the case where 816C, information is added CKR 806 after being deprived of any personal recognizable information.Even from numberAfter having deprived such personal information according to stream, IAP 816C attempts to prevent from providing excessive parallel data, these data can be withBy reverse-engineering (for example work detects in court) at the identity for finding out individual.In the feelings for analyzing (CRA) 814B with cross referenceUnder condition, by received information compare and considered from CKR's 806 with the previous existing knowledge from CKR 806The previously received information of construction institute in the case where existing knowledge.This allows according to the currently known road CKR 806 and ignorantThe information of new incoming is assessed and verified to content.For any request of data, always from 806 access information of CRK.If dataThere is personal criterion in request, then merges (PGDM) 813C via personal & general data to quote PIP 802C, and in masterIt is constructed in 806 knowledge of CKR.
Figure 144 shows life and supervises & automation (LAA) 812D, and connection makes times for life routine and isolated casesThe equipment and service that internet on the linking platform of business automation enables.Active decision (ADM) 813D is in LAA 812DHeart logic and according to FARM 814D consider front end services 861A, back-end services 861B, IoT equipment 862A, expenditure rule and canWith the availability and function of quantity.In the case where managing (FARM) 814D with fund appropriation rule &, the mankind are manually to the mouldIt is what that block, which limits criterion, limitation and range to inform its movable jurisdiction of ADM 813D,.Human subject 800 manually will be closeCode money-capital (i.e. bit coin) is stored in digital wallet 861C, thereby implies that the upper of the quantity for the money that LAA 812D can be spentLimit.IoT interactive module (IIM) 815D safeguards which IoT equipment 862A can be used for the database of the mankind.Authentication key and mechanism are depositedIt stores up herein, to realize the security control 862C to IoT equipment 862A.Goods producer/developer 861F is to LAA 812DProgrammable A PI (Application Programming Interface) endpoint is provided as IoT product interactive programming 861E.Such endpoint is interacted by IoTModule (IIM) 815D exclusively with.Data feed 862B indicate IoT enable equipment when to LAA 812D send information so thatFunction and automation movement can be executed.Example: thermostat report temperature, refrigerator report milk stock.Equipment controls 862C tableShow that IoT enables when equipment 862A receives the instruction for being used for execution and acting from LAA812D.Example: opening air-conditioning, opens for wrappingWrap up in the door etc. of delivering.The classification of front end services 861A may include:
Human intelligence personal assistance
Communication application program and agreement
Home automation
Medical Interface
Deliver follow-up service
Back-end services 861B example includes:
Amazon online ordering
- Uber/ is transported
Medicine prescription.
Whole use case example for illustrating the function of LAA 812D is as follows:
The refrigerator that IoT is enabled detects that the temperature of milk is being lower.LOM has carried out such one point below via feeling quotrientAnalysis, when main body does not drink whole milk, their mood is often more passive.Have evaluated the risk in main body life situation andAfter benefit, LOM has subscribed whole milk from online delivery service (such as Amazon).LOM via tracking number withTrack milk transports, and the front door for opening house allows it that can deliver in house property.LOM is closed after deliverer leavesDoor, and the safety with caution in the case where deliverer is malicious act person.Hereafter, the simple wheeled machine with certain dexterous functionDevice people picks up milk and is placed in refrigerator, so that it keeps cold that can't degenerate.
Figure 145 is to show behavior monitoring (BM) 819C, monitors the identifiable request of data of individual from the user to examineLook into immoral and/or illegal material.In the case where polymerizeing (MDA) 812C with metadata, from external service syndication users phaseData are closed, so as to establish the digital identity (such as IP address, MAC Address etc.) of user.This information, which is passed to, returnsIt receives 820C/ deduction 821C, and is finally PCD 807C, utilize the confirmation from MNSP 9 because usually executing complicated divide thereAnalysis.Example: for security purposes, its IP address is transmitted to by the user engaged with the Amazon.com shopping portal as front endThe behavior of LOM monitors (BM) 819C.From all passing through information by the user of authentication using PIP 802C as destinationIt tracks (IT), and is checked according to behavior blacklist 864A.Example: user has asked asking for a chemical component about sulphurTopic.It will be transferred to (part is completely) matched information of the element from blacklist 863B from IT 818C and conclude 820C/ deduction821C.It is detected at (PCD) 807C before crime, deduces and conclude information and be merged and analyze to obtain the conclusion before crime.Such asFruit detects a large amount of confirmations, then the detest information and known identities of user is transmitted to law enforcement authority.PCD 807C utilizes CTMP22, the position generated by concluding 820C and deduction 821C is directly verified with reference to behavior blacklist 864A.Blacklist maintenance is awardedPower (BMA) 817D is operated in the cloud service frame of MNSP 9.BMA 817D publication and maintenance activities blacklist 864A, limitUser is needed to monitor to prevent crime and arrest the dangerous concept of crime.BMA 864B also issue and maintain EPL (morals it is hiddenPrivate law rule) blacklist 864B, sensitive material is marked, so that it is never submitted as the query result of LOM.It is such quickSense material may include the file of leakage, personal information (i.e. Social Security Number, passport number etc.).BMA 864B is explained and roadMoral, privacy and related, the applicable law of law (i.e. network security policy, acceptable use policy, HIPAA, PII etc.) andPolicy.Blacklist is usually made of triggering concept, if user is concept related too many with these, they will be considered canIt doubts.Blacklist may also be for unique individual and/or tissue (such as wanted circular).Following crime prevention works in BMOccur in 819C, has and demonstrate confirmation factor using MNSP 9.Law enforcement authority 864C can be connected to BMA by 9 cloud of MNSP817D in the conceptive offer input to pipe off, and from the 807C Criminal Investigation result of 819C, PCD of BM to receiveInput.Behavior monitoring message certification 864D enables MNSP 9 to provide behavior monitoring intelligence for confirming purpose to BM 819c.Ethics privacy law (EPL) 811B is received the blacklist of customization from MSNP and is prevented using AOS 815B comprising immoral, rightPrivacy-sensitive and/or any of illegal material assert.
Figure 146 shows ethics right of privacy law (EPL) 811B, the blacklist of customization is received from MSNP, and use AOS815B prevent comprising it is immoral, privacy-sensitive and/or any of illegal material are asserted.MNSP 9 is used to handle traditional peaceIt is complete to threaten, for example carry on a attack via Trojan Horse, virus etc..BM 819C and EPL the 811B module of LOM is via returning820C and deduction 821C is received to analyze the context of conceptual data, to determine morals, privacy and effect.
Figure 147 shows the general introduction of LIZARD algorithm.Dynamic shell (DS) 865A is more easily changing via iteration for LIZARDThe layer of change.High complexity is needed to realize that the module of their purpose is generally fallen into here;Because they will be more than programmerThe manageable level of complexity of team.Grammar module (SM) 865B is the frame for reading and writing computer code.ForIt writes;Complex format purpose is received from PM, code is then write with arbitrary code grammer, then help function can be by thisCode translation anticipate at true executable code (depending on desired language).For reading, the grammer of code is provided for PM 865EIt explains to export the purpose of the function of such code.If LIZARD executes low confidence decision, it can be returned via dataIt returns repeater (DRR) 865C and related data is relayed to ACT 866 to improve the future iterations of LIZARD.LIZARD itself is notThe data for executing decision are depended directly on, but the data of the threat about continuous evolution may benefit from LIZARD indirectlyThe priori decision that may execute of future iterations.Artificial concept threatens (ACT) 866 to create with simulation conceptual data dangerVirtual testing environment, to realize iterative process.It is organic to keep malice concept to be formed sufficiently to participate in the artificial evolution of ACT 866Evolution.The iteration module (IM) 865D is come using SC 865F according to ' limiting in fixed target ' & data from DRR 865CPurpose carries out grammer amendment to the code library of DS 865A.The version of the revised LIZARD then with multiple (concurrently) intoRow pressure test, and change conceptual data danger scene by ACT 866.Most successful iteration is adopted the function as sceneIt can version.Purpose module (PM) 865E exports purpose from code using SM 865B, and with ' the complicated purpose format ' of ownExport such purpose.Such purpose should be described fully such as by the expectation function of the SM code block explained (even if the generationCode is in concealed embedding data).Static core (SC) 865F be LIZARD least be easy via automatic Iterative change but byThe layer that mankind's programmer is directly changed.Especially innermost dark color is rectangular, it is not influenced completely by automatic Iterative.This most inRoot of the layer in face just as instructing the direction of LIZARD and the tree of whole capability.
Figure 148 shows iteration intelligently growth (I2The subset of GE 21), it describes static rule collection and is adapting to conceptual dataMature mode when various dangerous.Produce a series of generation-inter- rule sets, their evolution be defined via " personality " speciality intoCapable.Such rule set is used to the incoming conceptual data feeding of processing, and executes most desired notice and correction movement.It drillsInbound path 867A is the entire generation chain with consistent " personality ".With the passage of CPU time, become increasingly to move from generation to generationState.Initial static rule collection becomes less universal and is potentially wiped or covered.Example: evolution approach A has tightLattice and careful speciality, seldom forgiveness or tolerance are assumed.Conceptual action 867B is carried out to the behavior of conceptual data analysis personnelThe place of processing and storage learns evolving path 876A from them.Example: path A has found many and specific feelingsThe reaction for the conceptual data danger that shape and personal type optimism match.Then path A is created imitates this behaviorRule.Mankind 867C expression creates initial rules collection to start the conceptual data of evolution chain analysis personnel.Example: rule is determinedJustice is that any concept related with plutonium is bought on black market can all be prevented from.Path personality 867D is to define to endanger in conceptual dataThe variable cluster for the response characteristic that should be executed when the triggering of danger.
Figure 149-150 shows iteration evolution (I2The subset of GE 21), be wherein parallel evolving path 867A it is mature andThe method selected.The generation of iteration is suitable for identical ACT 866, and the path with optimal personality trait finally most canConcept is resisted to threaten.CPU time 868A is the measurement that cpu power changes over time and can be measured with cpu cycle/second.It is inadequate that the exclusive use time, which measures the received processing exposed amount of evolving path, because the nucleus number of each CPU must be taken into considerationAmount and power.Example: processing makes Intel Pentium III request in time-consuming thousand that may make Intel's Haswell processorIt is 30 minutes time-consuming.By using virtual isolated 868B, all evolving paths are all virtually isolated, and the iteration to guarantee them is completeCriterion entirely based on the personality of themselves.Example: path B does not know that path C has solved difficult conceptual data completelyProblem, and it is necessarily dependent upon the personal traits of own and the data of study calculate solution.Certain paths mayIt is discarded, because they have reached the indefinite duration state that can not identify conceptual data danger.It is most possible as a result, new roadDiameter must pass through modified personality mass production.Example: path D can not be identified in hundreds of CPU time 868A unitsConceptual data is dangerous, therefore entire path is discarded.Monitoring/interactive system 868D is to inject the concept from 866 system of ACTData hazards triggering, and it is dangerous from (all according to specific personal traits) associated conceptual datas of relaying of conceptual action cloudThe platform of response.Example: path B (necessary conceptual data danger response needed for planning generation 12) has been provided in monitoring system.PeopleWork concept threatens (ACT) 866 to be one and provides the isolated blob of consistent conceptual data hazardous environment.It is provided for analysis personnelConcept identification rehearsal, to practice identifying Bu Tong potential conceptual data response and speciality with training system.Example: ACT is providedPeople can recognize as dangerous a series of complex concept.Such as " how to use household Components Chemical synthesis Schain poison gas ".VeryPositive concept threatens (RCT) 869A to provide concept scene 869C realistic threat according to truthful data log.Mankind 867C is to prisonDirect command 869B is given depending on/interactive system 868D.Example: manual abort path changes the master variable etc. in the personality of path.It hands overFork quotes the analysis bridge responded between 869E that module 869D is concept danger 869C and is made by conceptual analysis personnel 867C.?After extracting significant movement, it pushes it to speciality mark module 869F.Concept danger 869C can come from actual danger869A practices 866.Speciality mark module 869F according to (one or more) personality type by all behaviors demarcate come.ShowExample: when conceptual data analysis personnel 867C by mention too much suicide method Email mark 869E at it is risky when, shouldModule is denoted as preventative personality, because its behavior is Chong Die with past event, but also because analysis personnel are to call oneselfCareful personnel.Speciality interactive module 869G analyzes the correlation between different personalities.The information is passed to conceptual actionThen 867B is passed it on monitoring/interactive system 868D and the path of themselves.Example: personality is not tolerant and realIst has very big overlapping in use and returns to similar reaction to same event.But stringent and optimist coupleSame event does not almost always provide similar reaction.
Figure 151-154 shows creative module 18, is a kind of intelligent algorithm, new from previous input form creationMixed form.Creativeness 18 is used as being used to serve the plug-in unit of polyalgorithm in module.At appended drawing reference 870A, two fathersForm (previous form) is pushed to intelligent selection device to generate mixed form 870B.These forms can indicate the pumping of dataAs construction.Example: formAIndicate the averaging model of the danger concept as derived from concept DB.FormBIt indicates to trigger rule by conceptCollection publication about its new information to the reaction of dangerous concept.FormBIn information allow generate mixed form be to compare shapeFormulaAThose of representative more dangerous concept.Intelligent selection device 870B algorithms selection new feature is simultaneously merged into mixed form.Example: the averaging model of the form A expression danger of the conceptual data as derived from concept DB.FormBExpression is issued by conceptual rule collectionAbout its new information to the reaction of former concept danger.FormBIn information allow generate mixed form be to compare formAThe more preferable concept danger triggering of those of expression.Mode 870C defines creative module 18 algorithm types currently in use.In this way,Intelligent selection device 870B is known which part is suitble to merge, this depends on application program currently in use.Example: mode is setIt is set to ACT 866, therefore intelligent selection device 870B knows that there is expected input data danger DB to indicate (formA) and new publicationDetails (reaction that rule set triggers concept danger) (formB).Attributed scheme 870C defines how best toNew data merges with legacy data to generate the method detailed of effective mixed form.Static criterion 870D is analyzed by conceptual dataWhat personnel provided, it is should how mixed form provides general customization.These data may include Sort Priority, instituteDesired data rate and data for directly merging, this depends on what mode 870C selected.Example: if by mouldFormula 870C is selected as ACT 866, then should be able to seriously affect dangerous triggering DB from the information that the dangerous triggering of failure generatesTo change forming for such triggering strongly.If triggering continues failure after these variations, abandon triggering completely.To twoIncoming form executes original 871 B of comparison, this depends on the static criterion 870D provided by conceptual data analysis personnel 867C.?After performing original comparison, most forms are all compatible according to static criterion 870D.It was found that unique difference be formAResponse including being denoted as " external " by static criterion.This means that dangerous triggering DB representationBDo not include/indicate in formACertain exception of middle discovery.Any variation be important according to the static criterion 870D of offer by change of rank importance 871C,What changes unessential be ranked up.Example: due in formAIn have found in formBIn do not have indicate exception, soStatic criterion 870D recognizes that this exception is vital, therefore it causes to have carried out modification outstanding in merging processTo generate mixed formAB.At merging module 871D, it will be kept based on static state criterion 870D and mode 870C currently in useThe constant data different with discovery are reassembled into mixed form.These variations may include the ratio distribution 872A of data, certainA little data have more important and data grids/correlation each other should be how.Example: the grade for receiving unusual combination is importantProperty.After making appropriate adjustment, with the process that static criterion 870D is guidance distinguish to abnormal reaction whether with data itsHis part is incompatible.Then, merging process modifies these pre-existing data, so that abnormal repair can effectively and in advanceExisting data fusion.Overlay information amount is filtered according to the ratio 872A set by static criterion 870.If by ratio 872AIt is set as big, then the form data being largely consistent is merged into mixed form.If ratio 872A setting is small, mostlyNumber mixed forms can all be configured to have to go over iteration with it and be very different.872 B of priority is in two datasetsIt competes in the case where defining a feature so as to same position in form, carries out the process of priority ordering to select which makesFeature is prominent, and makes which feature overlapping and hide.It (is protruded via rectangle when only one speciality can occupy some siteDisplay) when, prioritisation process will occur to select which feature that can be inherited.872 C of pattern defines overlapping point and mergesMode.In most cases, there is the various ways that can occur specifically to merge, therefore static state 870 D of criterion and mode 870C guides the module to tend to certain merging better than another.In most cases, there is the form of overlapping between the features,Therefore it can produce with the form for merging speciality.Example: it when triangle and circle are as input form, can produce" PAC-man " shape.
Figure 155-156 shows the LOM for being used as personal assistant.LOM is configured to manage the personification group in individual lifeIt closes.One people can actively agree to that LOM registers the privacy details about their daily lifes, so that when individual is encountered a difficulty or orderedWhen topic, it provides for suggestion significant and appropriate.Its range can be working condition, eating habit, purchase decision etc..LOM is received to draw a conclusion the initial problem 874B of 874C via the inside review process 874A of LOM.EPL 811B is used to testCard is by the LOM response generated based on morals, the compliance of law and privacy.In order to make LOM more personification, it be can connectTo LAA 812D module, which is connected to the internet enabling equipment that LOM can receive from it data and control.(that is, working as youWhen reaching near your family, air-conditioning is opened).With PIP 802C, LOM receives personal information and user from userIt can agreeable security ground tracking information.In this way, LOM can provide the accurate following response of more personification.With contextualizedIn the case where 874D, LOM can deduce the link of missing during constructing argument.LOM is decoded with its advanced logicPredicament caused by original assert is solved, it must know or assume first certain variables about situation.
Figure 157 shows the LOM for being used as research tool.LOM is used as investment tool in user.Due to asserting 875BIt is to be proposed in a manner of objective and is impersonal, therefore LOM does not need the additional detail 875D of specific and isolated use-case to makeIt can form complicated opinion in this part thing.Therefore, draw a conclusion 875C in the case where no personification information.EPL811B is used to verify by the LOM response generated based on morals, the compliance of law and privacy, and BM 819C is used toMonitoring represents user and implements illegal/immoral movable any conspiracy.
Figure 158-159 shows the benefit and disadvantage that LOM utilizes proposed 867B theory.Bit coin is a kind of equity dispersionNetwork, it verified in the open ledger of referred to as block chain encryption currency ownership.The bit coin of all generations is handed overEasily every 10 minutes are all recorded in by the primary block of Web Mining.The current hard coded limitation of bit coin core client is 1MB,This means that every 10 minutes can only existent value 1MB transaction (being indicated with data mode).Since nearest bit coin is as a kind ofAssets are becoming increasingly popular, so block size, which is limited, causes pressure to system, the payment affirmation time is long, and the expense excavatedIt is more expensive.With contextualized 876D, LOM can deduce the link of missing during constructing argument.LOM is usedIts advanced logic has decoded that solution is original to assert caused predicament, and it is big that it must know or assume that first who will increase blockSmall limitation.Therefore by LOM come the 876C that draws a conclusion.EPL 811B is used to verify by the LOM response generated based on morals, methodThe compliance of rule and privacy, and BM 819C is used to monitoring and represents illegal/immoral movable any conspiracy of user's implementation.
Figure 160-161 shows LOM as the manufacture of diplomatic maneuvres war game implementation strategy.The isolated and security instance of LOM canTo be used on the hardware and facility of military approval.This makes LOM be able to access that it retains in (CKR) 806 in center knowledgeWorld knowledge, while can in the local example of the local intelligent profile (PIP) of individual access it is military it is specific (and evenIt is classified as level of confidentiality) information.Due to the advanced intelligent capability of LOM, army personnel can run complicated war game, while energyEnough access general and concrete knowledge.Initial war game scene is using asserting that 877B and hard coded assume that 877E is proposed.Due to the complexity of war game scene, LOM is made a response with advanced details request 887D.LOM may determine to realizeComplicated response, it must receive high-caliber information, such as 50, the detailed profile of 000 army.The transmitting of such information can be withIt is carried out in the data of several Mbytes of magnitudes, the parallel processing for needing several days can just obtain complicated conclusion.All information all pass through50,000 excel tables (are imported using the movement of single computer interface by format and the agreement transmitting of standardization and automationLattice are up to two hours).In the case where BM 819C and EPL 811B, due to the sensibility of information, Safety Sweep covering is activatedTo disable such defencive function.War game simulate the problem of comprising may by BM 819C and EPL 811B indicate theme.EPL may prevent some useful information, these information can make eventually to produce the money of actual life and cost originallyThe raw simulation influenced is benefited.BM 819C may denote this theme, and be reported to 9 authorities of MNSP.Therefore, it fitsWhen qualified military channel/tissue can authenticate their LOM session via PIP 802C, to allow in interference-free, harmSuch sensitive theme is handled via LOM in the case where hindering or reporting to authorities.Due to such information (such as army's number andPosition) it can be classified, so the covering for preventing completely BM 819C and EPL 811C may be implemented in certified session, in this wayThis sensitive information just enters external platform and each side (such as MNSP9) without departing from LOM forever.There is the case where PIP 802CUnder, the authorization army personnel for being currently running this war game, which is used, has upgraded/special encryption and information the LOM that isolatesCustomize example.This may include curstomer's site storage solution, to ensure that it is public that sensitive military information never entersCloud storage, and be maintained in the facility of military approval.Therefore, this information retained safely enables the inside of LOM to review 877AThe itd is proposed war game of enough simulations.
Figure 162-163 shows the newspapers and periodicals task that LOM executes investigation property, such as discloses the identifiable thin of a peopleSection.The example of the use-case has followed the mystery that bit coin founder is surrounded as known to this acute hearing in assumed name.Bit coin community together withMany magazines and investigation reporter have paid very big effort to attempt to disclose his/her identity.However, LOM can be with oneKind automation and thorough mode maximize investigation effort.The needs that LOM may face in news mystery are found with canThe specific part that accurately initial query is made a response.Therefore LOM can by customized information request scheduling to ARM805B,By information assimilation into CKR 806.With contextualized 879D, LOM does not require the additional of specific and isolated use-caseDetails is to allow it to form the complicated opinion about this affairs, because problem 878B is proposed in a manner of objective and is impersonal's.LOM never can feel that ' being ashamed of ' makes a response because of not knowing or not knowing, because LOM has ' cruel honest '' personality '.Therefore, it is it can be seen how make the presence of inevitably leakage in evidence needed for disclosing the true identity of SatoshiHole, such as at secondary conclusion 878E.When ARM 805B retrieves all known correct Emails for being attributed to Satoshi and chatWhen log, Style Science 808B is performed to confirm and define the true identity of Satoshi.Therefore, about investigation known to LOMAll information of property newspapers and periodicals task are all rendered as conclusion 879C.
Figure 164-165 shows LOM and executes history verifying.LOM can be via the substantive test history text of narrators a series ofThe authenticity offered.Certain historical document (literally meaning ' news ' in Arabic) for being referred to as ' imperial edict ' have passed through cardThe confirmation of the real people of transmission news proves the promoter for being really attributed to it.Because imperial edict literature is initially in ArabicIts spoken context in stored and understood, therefore language construct 812A module references third party translation algorithm so as to directly withIts mother tongue understands literature.With contextualized 879D, LOM does not need the additional of a specific and isolated use-caseDetails, to allow it to form a complicated opinion with regard to this part thing, because problem 879B is with the proposition of objective and non-personal manner's.With KCA 816D, the information of UKF cluster is compared, to confirm such as to be confirmed by a series of narratorsThe validity about reference (imperial edict) evidence.The algorithm considers reliability (the i.e. so-called imperial edict narration in attribute sourcePerson), whens claiming, negate evidence as the proposition etc..From the data retrieved by ARM, the structure concept in CKR 806 surpasses LOMWhen, this facilitate the verification process of imperial edict.Such as ' what is imperial edict for inquiry? ', ' there are what variants for imperial edict? ', ' certification is mostWhat best method? ' self propose the problem of.By inherent advanced reasoning, CKR 806 establishes powerful definition basePlinth, and it is able to demonstrate that any conclusion 879C of LOW output is reasonable.In the case where constructing 879C with cluster, CKR806 obtain concept conclusion by " stacking " block of information (referred to as UKF cluster).These clusters include related with target information wideGeneral metadata can belong to source, time of suspicious information creation etc..
Towards digitized language LAQIT。
The concept of Figure 166 introducing LAQIT.LAQIT be it is a kind of from trust and target side network in transmit information it is efficientAnd safety method.LAQIT, which is provided, to be emphasized readability and emphasize alternate extensive mode between safety.Linearly, formerSon and quantum are different and difference information delivery formats, they provide the feature and application of variation.LAQIT is security informationThe final form of transmitting, because its most weak link is the privacy of brains.Analogue's risk is actually removed, because highThe key that effect is easy to remember is only stored in the brains of recipient, and the message (makes according to the composition real time decrypting of keyWith human mind).Key only needs to transmit once, and is submitted to memory, therefore for the memory event of isolation, can useMore detailed privacy measures transmit key in the case where phone shutdown, through ephemeral encryption Email etc. in person.InstituteSome safety responsibilities are all in the restricted area of key.Because it is simple convenient for memory, most safety responsibility enoughAll it has been mitigated.Block 900A illustrates identical red, orange, blue, green colour sequential consistent with purple, theseColour sequential is repeated in the logical construction grammer of LAQIT and recurrence.Block 900B further illustrates colour sequential by recurrenceGround is used to be translated using The English alphabet.When constructing " basis " layer of alphabet, on the colour sequential and purple channelShortening be used together again with differential weights.Retain the remaining space for the syntactic definition in purple channel, for potentially willTo use and extend.Stage 901 indicates that a complicated algorithm reports its log event and state report using LAQIT.?In the scene, encryption is to be disabled according to selection, and the option encrypted is available.Stage A1 902A indicates state/log reportThat accuses automatically generates.Stage A2 903A indicates the conversion of state/Log Report to the text based LAQIT grammer that can be transported.Stage A3 904A indicates that the grammer that (such as original HTTP) channel transfer can be decrypted by digital encryption (i.e. VPN12) is uneasyThe transmitting of full information.Encryption channel is preferred, but is not compulsory.Stage A4 905A indicates the text based that can be transportedConversion of the grammer to the readable LAQIT vision syntax (such as linear model) of height.Stage 911 indicates that intended recipient is expressed asThe mankind design, are expected and optimize because LAQIT is non-computer/non-Al recipient for information.Stage 906 showsThe sender of sensitive information is the mankind.Such mankind can represent the apparatus of information or informer's proposal.Such sender 906LAQIT encryption key directly is disclosed to human recipient 911 via the tunnel of safety and ephemeral encryption, which is designed toIt transmits such key 939 and leaves any trace in persistent storage.Ideally, human recipient 911 is by key 939It submits to memory and removes all storage traces in any digital display circuit of key, a possibility that eliminate hacker attacks.ThisBecause key 939 is optimized for human mind, because it is based on relatively short shape sequence.Stage B1 902B tableShow the non-security text in local for the submission to recipient 911 inputted by sender 906.Stage B2 903B is indicated thisThe conversion of the class text 902B extremely LAQIT grammer based on the ciphertext that can be transported.Stage B3 904B indicates grammer security informationTransmitting, the channel (such as original HTTP) can be decrypted by digital encryption (such as VPN) to transmit.Stage B4 905B tableShow data to being hereafter presented to the LAQIT grammer of human recipient 911 visually encrypted (such as with encryption stage 8Atomic mode) conversion.
Figure 167 shows all major type of available languages (or mode of information reception and registration) to compare them by using allSuch as the effect of the information channel transmitting information of position, shape, color and sound.Most effective, efficient and practical language is canEffectively integrate and utilize the language of most channel quantity.Increment recognition effect (IRE) 907 is a kind of channel of information transmitting.It is characterized in that identifying its whole forms before information unit is completely delivered.Be similarly to main body complete word orIt is completed before phrase.This effect that LAQIT is indexed by showing word to the transition between word come consolidated forecast.ForFor veteran LAQIT reader, they can be initially formed is showing when block is moved to position but not yet reachesWord.Proximal end recognition effect (PRE) 908 is a kind of channel of information transmitting.It is characterized in that the whole of identification information unitForm, and it otherwise be compromised, obscure or change.This can be in the spelling of english language ' character ' and ' chracaetr 'It writes to illustrate.The outer boundary of unit has been defined (first and last character), but mixed characters close to stillIt is so an entirety by word definitions.With written English 912, typical English text combines the position of letterSet, the shape of letter and identification to entire word, rather than as described in the IRE 907 it is each it is alphabetical together).?In the case where with conversational speech 913, common spoken conversation combines the position (sequence that they say) of word, indicates soundThe shape of frequency modulation rate and audible emphasis.Morse code 915 is made of the binary location of the variation of sound.To letterThe prediction cognition of breath recipient makes it possible IRE907, rather than as Morse code between proximal end gradually streaming letterBreath.With hand signal 915, the position of hands movement and formation (shape) determine information.This range can be transmissionThe signal for making that aircraft is mobile, truck stops etc..It is not much predictive ability, therefore without IRE 907 also without PRE 908.Compared with competing language 912 to 915, LAQIT 916 can utilize most information channels.This means that can be in less JieIn the case where matter (space i.e. on screen), more information are transmitted in a short time.This provides capacity headroom, makes it possible toIt is effectively combined the complex characteristic of such as strong encryption etc.In the case where LAQIT Voice Encryption 909, LAQIT can utilize soundThe further encryption information of the information channel of sound.Therefore this is believed to transmit information via sound, although it cannot be utilizedDecryption communication is to do so.
Figure 168-169 shows the linear model of LAQIT, it is characterised in that its simplicity, easy to use, high information density andLack encryption.Block 917 shows " basic rendering " version of linear model.Point 918 shows that it is not encrypted.Linear model is not permittedPerhaps the effective space distribution of 941 carry out is obscured to shape, this is the basis of the encryption in atomic mode.As replacement, linear mouldFormula is optimized for dense information transmitting and the effective use of screen is presented.With word separator 919, the shapeThe color of shape indicates to follow the word and serves as the character of the separation between the word and next word.This is and atom journeyThe nuclear equivalent grammar of sequence.Indicate that the color code of question mark, exclamation mark, fullstop and comma is all suitable for.Singly check region 920Showing basic rendering 917 and how to combine, there is bigger the smaller of letter to check region, and therefore every compared with advanced rendering 918The information of a pixel is less.Such advanced rendering is characterized in that its pair checks region 922.In advanced rendering, each pictureThere are more movable alphabets for element, it is contemplated that LAQIT reader will be kept up with for speed.Therefore, in presentation speed and letterIt ceases between density and there is compromise predicament.Masking covering 921 makes the letter being transferred into and out slow up, and makes the main note of observerMeaning power is placed on (one or more) and checks on region.Although covering, it is partially transparent, to allow the viewer to enough mentionFor predicting the ability of incoming word and verifying and the word for checking outflow.This is also referred to as increment recognition effect (IRE)907.High density information transmitting 923 illustrates how using advanced rendering 918 that each letter is smaller and in identical spaceMore letters are presented in amount, therefore each pixel conveys more information.
Figure 170 and 171 shows the characteristic of atomic mode, can be extensive encryption stage.The reference of 924 capital characters of primary colours willThe general provisions for specifying which letter to be defined.Red primaries indicate the word according to the alphabetical A of alphabetical table reference 900B between FIt is female.It is possible that the word for using primary colours (not impacting 925) is only read, because concluding the spelling that can be used to infer word.Encryption enabled can be carried out in the presence of five kinds of possible shapes in total.Impact 925 exists with color gamut identical with primary colours, and definiteDefine specific character.There is no impacts to have also indicated that a definition, i.e., is letter in individual red primaries (not impacting)A.To realize that encryption, impact can have in total five kinds of possible shapes 935 with encryption enabled.With read direction 926In the case of, information delivering is read in the rectangular upper beginning in the top of orbit ring.Reading carries out in the direction of the clock.Once completing oneA orbit ring, reader will be since the top of next sequence orbit ring (the second circle) be rectangular.Into/out entrance 927It is the creation and breakdown point of character (its primary colours).The fresh character for belonging to related track will occur from entrance and slide into its clockwisePosition.Atomic nucleus 928 defines the subsequent character of word.Usually this is a space, indicates the sentence after the presentation of this wordIt will continue to.It indicates that the color code of question mark, exclamation mark, fullstop and comma is all to be all suitable for.Whether also indicate the same wordIt will continue under new information state, because all three orbit rings have all had been filled with their maximum capacity.When a trackWhen ring 929 is filled, letter is spilt on next (biggish) orbit ring.The limitation of orbit ring 1 is 7, and ring 2 is 15, andRing 3 is 20.This makes intratomic be up to 42 characters (including potentially useless character).If reaching the limit of 42 charactersSystem, then the word will be cut into 42 sections and core will indicate that next information state is the continuation of current word.It is single havingIn the case where word navigation 930, each piece indicates the entire word (or multiple words under molecular pattern) on the left of screen.WhenWhen showing word, corresponding block moves right outward, and when the word is completed, block is drawn back.The Color/Shape of navigation blockIt is identical as the primary colours of the first letter of word.With sentence navigation 931, each piece of expression word cluster.Cluster is the maximum word amount that can be adapted on word Navigation Pane.If individualism sentence navigation block or multipleIn the last one, then it more likely would not indicate word cluster more smaller than maximum capacity.State of atom creation 932 is oneKind causes the transition of increment recognition effect (IRE) 907.In the case where such transition, primary colours 924 are from into/out entrance927 occur, and hide their impact 925, and the position moved clockwise they are presented.In the transition period, skillfullyLAQIT reader can predict part or whole word before impact 925 is exposed because of IRE 907.It is similarly toMost of search engines are automatically performed feature, they are with initial batch message come the surplus of estimated sequence.
State of atom extension 933 is the transition that one kind causes proximal end recognition effect (PRE) 908.Once primary colours arrived itPosition, they will information state present ' extension ' sequence in be displaced outwardly.This reveals that impact 925 it is possible thereby toBeing specifically defined for information state is presented.Skilled LAQIT reader will be needed not scroll through through each independent letter with gradually structureIt builds word, but the meaning of the word for being attributed to PRE 908 is observed and be immediately appreciate that total as a whole.It is the transition that one kind causes increment recognition effect (IRE) 907 that state of atom, which destroys 934,.At this stage, primary colours 924 have been shunk(sequence spreading 933 of reversion) to cover impact 925 again.Their positive slidings clockwise are now to arrive into/exitEntrance.In the high speed rendering of information state, skilled LAQIT reader will complete the knowledge of word using transition is destroyedNot.This will be it is useful, when be used to watch extension state of atom (impact is shown) window of opportunity it is very narrow (score of second)When, this will be useful.
Figure 172-174 shows the general introduction of the encrypted feature of atomic mode.Due to LAQIT provide it is a kind of efficient and intensiveInformation transfer means, therefore have enough inromation bandwidth headroom to provide the realization of encryption.This grammer encryption is different from typical caseNetwork security encryption, require expected receiver with memory key real time decrypting information wherein.Which reduce maliceThe risk of data in movement, data-at-rest, data in use is read and understood with unauthorized party.Cryptographic complexity is 9Change between a standardized scale 940, is weighed between readable and security intensity.941 (grades are being obscured with shapeIn the case where 1-9), standard square is replaced by five visual different shapes.Change in shape in grammer allows in atomUseless (vacation) letter is inserted at the policy point of profile.Useless letter has obscured the true of message and expected meaning.Decode letterTo be true or useless be all via safety and temporarily transmits decruption key is completed.If letter is simultaneous with keyHold, then it will be counted in the calculating of word.When key is incompatible, it will be ignored in calculating.It is reset havingIn the case where 942 (class 4s -9) of bonding, two letters are linked together and change reading process by bonding.When with typicalWhen read mode clockwise starts, encounters initiation (beginning) and land upper (with reasonable/non-nothing in reasonable/non-useless letterTerminated with letter) on bonding by turn to read mode make its land letter on restore.With 943 (etc. of radioactivity elementGrade 7-9) in the case where, some elements can " flurried ", this can make whether letter is that useless assessment inverts.Shape 935 is shownThe shape that can be used for encrypting: triangle, circle, rectangular, pentagon and trapezoidal is gone out.Central factor 936, which is shown, to be defined immediatelyIn the central factor of the track of the subsequent character of word.These elements are: being used to refer to the red of fullstop, are used to refer to commaBlue that is orange, being used to refer to space is used to refer to the green of question mark and is used to refer to the pink colour of exclamation mark.Encrypt example937 show and obscure 941 suitable for the shape of secret grade 1-9.Central factor 936 is illustrated at the center of track, and uselessLetter 938 is the primary encryption means that 941 are obscured using shape.The useless of the left side has sequence round-rectangular.The right it is uselessWith sequence it is rectangular-triangle.Since the two sequences are not present in encryption key 939, so reader can be by itBe identified as it is useless and therefore when calculate information state meaning when skip them.
Figure 175-176 diagram redirects the mechanism of bonding 942.Encryption example 944 shows redirection bonding 942 and 945.It depositsAbout ' the regulation rule ' for redirecting bonding:
1) it when reaching bonding, is followed by default value and therefore behavior is abandoned routine clockwise.
2) when following a paths: initiating one that alphabetical (letter that the path is started with it) is counted as sequencePoint.
3) when following a paths: landing alphabetical (letter that the path is terminated with it), be counted as one of sequencePoint.
4) paths can only be followed once.
5) alphabetical specific example can be only counted once.
6) if both initiation letter and land letter are not useless, path must comply with.
In the case where having redirection bonding 945, which is started with " initiation " letter and with " land " letter knotBeam, any of which may be useless or may not be useless.If no one of they be it is useless,The bonding changes read direction and position.If one or two be all it is useless, entire bonding must be ignored, otherwise disappearsBreath will be decrypted improperly.Each individual bonding has the correct direction being read, but sequence is not explicitly describedAnd it must be drawn according to the useless composition of current reading position and information state.Useless alphabetical 946 show the two nothingsIt is how to make decryption more complicated and therefore resist brute force attack now with letter.This is because bonding is obscured and redirected to shapeCombination result in for brute force attack person exponentially be more difficult task.In the case where having bonding key definition 947,If must comply with bonding during reading information state, it is depended on whether in encryption key by specifically fixedJustice.Potential definition is: singly-bound closes, double bond is closed and three bondings.Illustrate that incorrect reading redirects key at 949 in incorrect explainClose the potential case of (because not knowing key 947).Such incorrect explanation 949 leads to message ' RDTNBAIB ', and correctThe real message for explaining 948 is " RABBIT (rabbit) '.There are a variety of potential methods to redirect bonding improperly to explain945, because shape, which is utilized, in they obscures 941 complexity to create safer message exponentially.There is only such as correctExplain a kind of correct way of the explanation true messages illustrated in 948.
The mechanism of Figure 177-178 diagram radioactivity element 943.Encryption example 950 shows radioactivity element 943 and 951.It depositsIn ' the regulation rule ' about radioactivity element:
1) during the extension phase of information state, radioactivity element be considered as nonstatic or vibration.
2) radioactivity element can be radiological operations or hiding.
3) activity radioactive element indicates that it is in useless state and is inverted.I.e. if shape composition indicates that it is useless, then it is to report by mistake and be practically without to be counted as useless but be counted as real letter.If shape formsIndicate that it is that really, then it is to report and be counted as useless rather than real letter by mistake.
4) latent radioactivity element indicates that its state is that useless or real letter is not impacted.
5) radioactivity element cluster is existed by the continuous radioactivity in orbit ring to define.When radioactivity element each otherWhen being neighbours' (in specific orbit ring), they define a cluster.If the neighbours of radioactivity element be it is non-radioactive,So here it is the limitations of the upper bound of the cluster.
6) it is movable and latent which cluster key, which limits,.I.e. if key indicates double clusters, all double collectionGroup is radioactive, and all single clusters and three clusters are all latent.
It is acutely shaken if radioactivity element 950 shows alphabetical during the extension phase that information is presented (or element),It is considered radioactive.Due to the classification of secret grade, the atom containing radioactivity element always has interatomic bonding.Because radioactivity element changes the classification of letter, i.e., whether they are useless, so obscuring into safely in exponential increase.It is doubleCluster 952 is shown since there are two radioactivity elements in sequence and in same rail, so how they are counted asCluster (double).No matter by encryption key 954 defines they be considered to be it is movable or latent.There is single cluster 953In the case where, two neighbours be all it is non-radioactive, thus define the range of cluster.Because the specified double clusters of key are effective, so to be processed first be whether the element 953 is not radioactive.There is the case where double cluster key definition 954Under, double clusters are limited to activity by key, therefore the cluster of every other size is considered as latent, while decrypting message.It is incorrect to explain that 956 show how double clusters 952 are not considered as reversion sequence (wrong report) by interpreter.This means that in rankSection 956A, correct answer is to ignore it, because while it is not useless, but it belongs to movable radioactivity cluster (by closeKey 954 is verified), it indicates that decrypting process reversely explains letter.It is said from any practical significance, it is not known that the people of key cannotAll potential combinations are guessed using brute force attack, and shape obscures 941, redirects bonding 942 and 943 quilt of radioactivity elementIt uses simultaneously.How the incorrect interpreter for explaining that 956 are shown without key 954, which is misled into, uses redirection bonding 956B,Explain that 955 should not follow redirection bonding according to correct.Which results in an entirely different message result ' RADIT 'It is not ' ARBBIT '.Illustrate that explanation is decrypted correctly the full details of the means of message in 955 in correct explain.
Figure 179 shows the molecular pattern of encryption enabled and streaming 959.There is the case where concealed dictionary attack resists 957Under, the incorrect decryption of message will lead to " distracting attention " standby message.This be to bad one false impression of executor,They have been successfully decoded message, while they have had received the dummy message for acting as the shielding of real information.EveryIn the case that a molecule has multiple movable words 958, during molecular procedures, these words are presented parallel.Which increaseThe information of every surface area ratio, however there is consistent transition speed, this needs more skilled reader.Word navigation instruction is currentThere are movable four words.However, obscure due to redirecting bonding, the word of message by the not homoatomic across intramolecular withPart exists with as a whole.Binary system and streaming mode 959 show streaming mode, and read in the configuration of typical atomMode is binary.Binary mode Deictic Center element defines word and is followed by which character (i.e. question mark, exclamation mark, sentenceNumber, space etc.).Molecular pattern is also binary;Except when enabling the encryption for abiding by streaming mode.Streaming mode is in-orbitSpcial character (such as question mark etc.) is referred in road.This is done because in encryption intramolecular, word will be across multiple originalsSon exists and therefore specific central factor cannot be uniquely present in specific word.There is the case where molecular linkage 960Under, the not unique encrypted feature of molecular information state encrypts the catalyst obscured.When being placed in ever-increasing moleculeWhen in environment, all security intensities of three kinds of encryption modes (shape is obscured, redirection is bonded and radioactivity element) are all exponentiallyIncrease.Read direction key 961 is shown on the 1st row, and the read direction of default is from left to right, then from a left side on the 2nd rowTo the right side, read direction can be encrypted replaced key.Which increase expected message obscure and therefore message privacy/safetyProperty.Redirecting bonding has prepreerence status, and the even super direction limited in key of taking over is not (as long as bonding is useless).
(UBEC) is connected with all items of general BCHAIN that attachment integrated node (BCHAIN) is coordinated in basic connectionIt summarizes
Figure 180 shows the BCHAIN node 1001 for including and running the application program 1003 that BCHAIN is enabled.Communication gate(CG) 1000 be that BCHAIN node 1001 interacts the communication hereafter caused with other BCHAIN nodes 1001 with its hardware interfaceMain algorithm.Node statistics investigate (NSS) 1006, and it explains remote node behavior pattern.Node escape index 1006A tracking sectionA possibility that point neighbours will flee near sensing node.High escape index instruction solves the strategy refined is needed moreClutter environment.
Example: the smart phone in automobile on a highway will show high node escape index.Electricity in StartbuckRefrigerator will show low-down node escape index.
Node saturation index 1006B tracks the number of nodes in the detection range of sensing node.Higher saturation indexIndicate the congested area with great deal of nodes.This may be because supply/demand tradeoff and performance generated actively and negatively affectedThe two, and more highdensity node region is expected to more stable/more predictable and therefore less confusion.
Example: the Startbuck positioned at downtown New York has high node saturation index.Tent in the middle part of desert will haveLow-down saturation index.
The quality for the node serve that node consistency index 1006C tracking is such as explained by sensing node.High node consistencyNeighbor node around index instruction often has more available uptime and consistency of performance.With dual meshNode often there is lower index of conformity in use, and the node display dedicated for BCHAIN network is higherValue.
Example: with dual-purpose node (such as employee of company's computer) by with low index of conformity, becauseIt at work between during available resource it is less and more in lunch break and the available resource of employee's period of absence.
The quantity for the overlapping nodes that node overlapping index 1006D tracking is such as explained mutually by sensing node.When overlapping indexWhen tending to be related to saturation index, they are the difference is that serving as the common overlapping quantity between index instruction neighbours and satisfyingPhysical trends are pertained only to index, therefore, the high saturation index with long wireless range will lead to high weight on each deviceFolded index.
Example: as the new BCHAIN with high gain directional antenna and advanced beam-forming technology optimizes microchip(BOM) installation, equipment initially enter certain sectors of BCHAIN network.Therefore due to having the communication structure being more overlappedNode, the overlapping index in these sectors increase.
Figure 181 shows the core logic 1010 of BCHAIN agreement.Customize chain identification module (CRM) 1022 and previously by nodeThe customization chain (it can be application program chain or micro- chain) of registration connects.Therefore the node have to the reading of such function,It writes and/or the encrypted access of managerial ability.When on the section of the application program chain in first chain emulator in first chain or micro- chainWhen detecting update, which notifies the rest part of BCHAIN agreement.Content claims that delivering (CCD) 1026 is received by verifyingCCR 1018 and hereafter send correlation CCF 1024 come meet request.
Figure 182 shows dynamic strategy adaptation (DSA) 1008 of management strategy creation module (SCM) 1046.Strategy creationModule (SCM) 1046 is mixed by using creative module 18 via system via optimisation strategy selection algorithm (OSSA)1042 preferred sophisticated strategies and the new policy deployment 1054 of dynamic generation.New strategy explains (FCI) according to by field chaos1048 change.
Figure 183 shows various with being managed by graphic user interface (GUI) at UBEC platform interface (UPI)The password figure economy of economic personality 1058,1060,1062 and 1064 exchanges (CDEE) 1056.In the case where personality A1058,Node resource is consumed only to match (if present) with what you were consumed.Personality A, which is ideally directed to, slightly arrives medium letterThe accidental thrifty consumer of breath amount transmitting.The real-time streams and precedence information of such as voip call (i.e. Skype) etc transmitIt is the smallest.Personality B 1060 consumes resource as much as possible, as long as profit margin (can be with alternative currency (such as greater than XPassword currency, legal tender, noble metal etc.) come the working cell of overtrading).Personality B, which is ideally directed to, to be configured toThe in particular node of the infrastructure contribution profit motivation of BCHAIN network.Therefore, such node usually will be permanentInfrastructure installs (it is run by main power source, rather than battery powered equipment), and has powerful computer-internal structurePart (wireless capability, CPU intensity, hard disk size etc.), such as fixed equipment etc..Personality C 1062 is via transaction currency (password goodsCoin, legal tender, noble metal etc.) working cell is paid, allow to consume content while spending less node resource.Personality C is ideally directed to consumer or those equipment for wanting to benefit but be not desired to them from BCHAIN network of heavy information transmittingResource is depleted the people of (i.e. smart phone consumption battery speed is fast and to warm up in pocket).The personality D 1064 the case whereUnder, node resource is spent as much as possible, and is not limited by any desired return, either consumption content or moneyCompensation.Personality D is someone selection (i.e. core exploit person of BCHAIN network of the intensity of BCHAIN network by its maximum benefitMember can purchase and install node, it is only for Strengthens network, rather than perhaps make money in consuming).Current working status solutionThe economic section of infrastructure that (CWSI) 1066 is released with reference to first chain determines the node working as in terms of work credit is completedPreceding surplus or deficit.Economically think that work forces (ECWI) 1068 to consider in the case where work at present surplus/deficitWhether selected economic personality should execute more work at present with assessment.
Figure 184 is shown as the Trinity relationship so that between the three kinds of algorithms of different that can grow up in intelligence each otherThe intelligently progress (SRIA) of symbiosis recurrence.LIZARD 16 can be by understanding code purpose (including their own) come innovatory algorithmSource code.I2GE 21 can be with the generation of simulation virtual program iteration, therefore selects strongest program version.The BCHAIH netNetwork is the huge network that can run the node of chaotic connection of complicated data-intensive program with a scattered manner.