CN109313687A - AI-based computer security - Google Patents

Abstract

Computer security systems based on artificial intelligence include critical infrastructure protection & penalty (CIPR) through cloud & hierarchical information security (CTIS), machine secret intelligence (MACINT) & penalty through covert operations in network space, a priori real-time defense (LIZARD) logically inferring null databases, critical thinking memory & perception (CTMP), Lexical Objectivity Mining (LOM), Linear Atomic Quantum Information Transfer (LAQIT), and Universal BCHAIN Everything Connectivity (UBEC) systems with basic connectivity coordination attachment integration nodes.

Description

Computer security based on artificial intelligence

Cross reference to related applications

This application claims the entitled Clandestine Machine Intelligence submitted on January 24th, 2016 Retribution through Covert Operations in Cyberspace (passes through the Blinding Operations in cyberspace Secret machine intelligence punishment) U.S. Provisional Application No.62286437；On 2 11st, the 2016 entitled Logically submitted Inferred Zero-database A-priori Realtime Defense (prevent in real time by the priori in reasoning zero data library It is imperial) U.S. Provisional Application No.62294258；The entitled Critical Infrastructure that on March 13rd, 2016 submits Protection&Retribution(CIPR)through Cloud&Tiered Information Security(CTIS) The U.S. Provisional Application of (the critical infrastructures protection & punishment (CIPR) for the information security (CTIS) being layered by cloud &) No.62307558；The entitled Critical Thinking Memory&Perception (Being Critical submitted on April 16th, 2016 Thinking remember & perception) U.S. Provisional Application No.62323657；The entitled Linear Atomic that on April 23rd, 2016 submits The interim Shen in the U.S. of Quantum Information Transfer (LAQIT) (linear atoms Multi cavity atom model (LAQIT)) It please No.62326723；Entitled Objective Debate Machine (ODM) (the objective debate machine submitted on May 25th, 2016 (ODM)) U.S. Provisional Application No.62341310；And the entitled Lexical that on December 27th, 2016 submits The U.S. Provisional Application No.62439409 of Objectivity Mining (LOM) (vocabulary objectivity excavates (LOM))；2016 5 The entitled METHOD AND DEVICE FOR MANAGING SECURITY IN A COMPUTER NETWORK that the moon is submitted on the 4th The U.S. Patent application No.15145800 of (method and apparatus of the safety in management computer network)；And September 14 in 2016 The U.S. Patent application for the entitled SYSTEM OF PERPETUAL GIVING (system for permanently giving) that day submits Disclosures of which is incorporated herein, just as they are illustrated herein by the priority of No.15264744 by quoting.

Technical field

The present invention relates to the systems of the computer security based on artificial intelligence.Subsystem includes the information being layered by cloud & The critical infrastructures protection & of safety (CTIS) punishes (CIPR), the machine secret intelligence by the Blinding Operations in cyberspace It can (MACINT) & punishment, the memory & perception of the priori Real-time defence (LIZARD) in reasoning zero data library, critical thinking (CTMP), vocabulary objectivity excavates (LOM), linear atoms Multi cavity atom model (LAQIT) and there is basic connection to coordinate attachment All items of the general BCHAIN of integrated node connect (UBEC) system.

Background technique

Computer network security relevant issues tend to rely on human expert to solve the problems, such as complexity.Computer and networks By the malicious entities vulnerability exploit (exploit) including hacker, this, which has been overwhelmed, depends finally on people for the rapid expansion of ability The traditional solution of class expert.Becoming the solution party for overcoming the limitation of this situation by the strategy of artificial intelligence driving Case.However, the advanced model of new policy mandates is capable of the thought process of effective simulation mankind, and it is adapted to pass through computer Hardware is realized.

Summary of the invention

Computer safety system based on artificial intelligence, wherein the system includes the memory of storage programming instruction；Processing Device is coupled to memory and executes programming instruction；And at least one database, wherein the system includes providing to specify The computer-implemented system of function.

The computer-implemented system is that the critical infrastructures protection & for the information security (CTIS) being layered by cloud & is punished (CIPR) is penalized, further comprises:

A) credible platform comprising report the network of the spy of activities of hacker；

B) the network & security service provider (MNSP) managed provides encryption safe, the connectivity & compliance of management Solution & service；

Wherein virtual private network (VPN) connection MNSP and credible platform, wherein VPN is provided to and from credible platform Communication channel, wherein MNSP is adapted to all business in analysis enterprise network, and wherein the business is routed to MSNP.

The MNSP includes:

A) the priori Real-time defence (LIZARD) in reasoning zero data library exports purpose and function from foreign code, And therefore there are malicious intent or there is no preventing it in the case where lawful cause, and without reference to priori historical data In the case where analyze therein and their own threat；

B) artificial security threat (AST), provides the hypothesis security scenario for being used to test the effect of safety regulation collection；

C) creative module executes the process of the new mixed form except intelligence creation transcendental form；

D) conspiracy detection, identifying information cooperate and extract the mode of safety-related behavior, and be multiple safe things of conspiracy Part provides routine background inspection, and attempts to determine the mode and correlation seemed between incoherent security incident；

E) safety behavior, storage event and their security response and speciality simultaneously index to them, wherein the sound It should include prevention/approval decision；

F) iteration intelligence growth/intelligence evolution (I²GE), identified using big data and malware signature, and pass through benefit The future potential variation of Malware is simulated with AST and creative module；And

G) critical thinking, memory, perception (CTMP) criticize prevention/approval decision and serve as safe supplemental layers, and Using from I²The cross reference intelligence of GE, LIZARD and credible platform, wherein it is objective to estimate that own forms item by CTMP The ability of decision, and will avoid safeguarding the decision made in the case where internal low confidence.

LIZARD scaled-down version client is adapted to operate in the equipment of enterprise network, with the LIZARD safety in MNSP Communication.

(DMZ) includes sub-network in demilitarized zone, and it includes the HTTP clothes with safety responsibility more higher than normal computer Business device, so that the remainder of enterprise network will not undertake such safety responsibility.

I²GE includes iteration evolution, and parallel evolving path is mature wherein and is selected, and the generation of iteration is suitable for identical Artificial security threat (AST), and finally can most resist security threat with the path of optimal personality trait.

The LIZARD includes:

A) grammar module provides the frame that computer code is write for reading &；

B) purpose module exports purpose using grammar module from code, and exports mesh with its complicated purpose format 's；

C) virtually obscure, be cloned in virtual environment in wherein enterprise network and database, and sensitive data is replaced For false (vacation) data, wherein the behavior according to target, environment can include more false elements by dynamic change in real time Or more true elements of whole system；

D) signal imitation provides a kind of punishment form when having obtained the analysis conclusion virtually obscured；

E) internal consistency inspection checks all intrinsic functions of significant foreign code；

F) foreign code is rewritten, and is dropped foreign code at complicated purpose format using grammar module and purpose module；

G) concealed code detection, detection secret are embedded in the code in data & transmission grouping；

H) it needs to map matching, is the hierarchical structure for the mapping for needing & purpose and is referenced to determine foreign code Whether the overall goal of system is adapted to；

Wherein for writing, grammar module receives complex format purpose from purpose module, then with arbitrary code language Method writes code, and then the arbitrary code is translated into practical executable code by help function；Wherein for reading, grammer Module provides the grammar explanation of code for purpose module to export purpose for the function of such code；

Wherein the signal imitation understands the communication grammer of Malware Yu its hacker using grammar module, then kidnaps this The communication of sample is to provide false impression to Malware, i.e., sensitive data is successfully sent back to hacker by it, wherein black Visitor sends the error code of Malware also by LIZARD, so that it is appeared to from Malware；Wherein external generation Code rewrites using purpose derived from institute and constructs code set, so that it is guaranteed that only carrying out desired and understanding external in enterprise The purpose of code, and any unexpected function executes the access that cannot all obtain to system.

Foreign code is reproduced to mitigate potential not detected malice loophole benefit with grammer in order to rewrite foreign code With the purpose of statement is compared and is matched with derived purpose by combined method, and wherein purpose module is used to complicated for operation Purpose format, wherein needing to map matching in the case where having export purpose and keeping hierarchical structure to safeguard to all enterprises The jurisdiction needed, so that the purpose of code block is defined and proves rationally, this depends on reflecting with jurisdiction come the needs oriented The vacancy hit, wherein input purpose is the introducing of recurrence debugging process.

Recurrence debugging cycles through code segment and comes test errors and application error reparation, wherein if mistake exists, Then entire code segment is replaced by original foreign code section, wherein source code section be then flagged in virtually obscure and Behavioural analysis, wherein with foreign code, the reset condition of code by for code rewriting purpose module and Grammar module is explained, wherein because needing the case where installing original foreign code section there are permanent error in rewritable versions Under, foreign code is directly referred to by debugger, wherein section is tested by environment when virtual operation to check at re-written code Code error, wherein environment executes code segment when virtual operation, and checks run time error, wherein in the feelings with code error Under condition, the mistake generated in environment when being defined on virtual operation in range and type, wherein having the case where purpose is aligned Under, the potential solution of code error is to export code again by the purpose from elaboration to formulate, wherein code error Range with alternate formats rewrite to avoid such mistake, wherein potential solution is exported, and wherein if do not had With a hook at the end solution, then lose the code rewriting to the code segment and is concentrated use in final code directly from external generation The source code section of code.

For needing to map matched operation, LIZARD cloud and LIZARD scaled-down version refer to the level of enterprise's jurisdiction branch Mapping needs to map matching and demonstrates in business system wherein no matter inputting purpose is stated or export via purpose module Interior execution code/function reasonable ground, wherein the primary copy of level mapping is stored on the LIZARD cloud in MNSP, wherein Calculated by reference to primary copy need map matching in need to index, wherein pre-optimized needs index be distributed in it is all can Between the endpoint client end of access, wherein needs mapping matching is received needs to request to what whole system most suitably needed, In it is corresponding output be the complicated purpose format for indicating suitably to need.

The entire LAN infrastructure of enterprise is rebuild substantially in MNSP, wherein then hacker is in system process performing point When analysis, be exposed in the element of true LAN infrastructure and virtual clone's version, wherein if this alanysis the result shows that There are risk, then hacker increases the exposure of virtual clonal basis facility, to reduce truthful data and/or equipment is compromised Risk.

Malware root signature is provided to AST so that forming iteration/variant that Malware root is signed, wherein will malice The polymorphie variant of software is provided as from I²The output of GE is simultaneously transferred into malware detection.

Malware detection is deployed in all three levels of the composition of computer, including user's space, kernel spacing With firmware/hardware space, all spaces are all monitored by Lizard scaled-down version spy.

The computer-implemented system is punished by secret intelligence (MACINT) & of machine of the Blinding Operations in cyberspace It penalizes, further comprises:

A) intelligent information and configuration management (I²CM), intelligent information management is provided, checks and controls；And

B) console (MC) is managed, provides a user input/output channel:

Wherein I²CM includes:

I) it polymerize, inessential and redundancy information is filtered out using general purpose grade criterion, merges and label is from multiple The information flow of platform；

Ii) configuration and deployment services comprising for disposing the new spectra being arranged with predetermined security configuration and connectivity The network equipment and the interface of the deployment for managing new user account；

Iii it) is separated by jurisdiction, wherein according to the letter of the special separation marking of related jurisdiction of management console user Cease pond；

Iv it) by separation is threatened, is threatened according to individual come organizational information；

And

V) automation control, access MNSP cloud, credible platform or additional third party's service.

In MNSP cloud, behavioural analysis observation Malware state in which when Malware is in false data environment With performed movement；Wherein when Malware attempts to send false data to hacker, the signal of sending is re-routed so that It is received by false hacker；Wherein the code structure of hacker's interface Malware and to the internal structure of Malware carry out Reverse-engineering is to export hacker's interface, wherein emulating false hacker and false Malware in virtualized environment；It is wherein virtual The false hacker of change sends response signal to real Malware, to observe next behavior pattern of Malware, wherein giving The not associated spurious response code of behavior/state of hacker one and true Malware.

The ability and characteristic of vulnerability exploit scanning recognition crime assets and resulting scanning result is by vulnerability exploit Management, the vulnerability exploit are the journeys sent by credible platform via the punishment vulnerability exploit database of infiltration target crime system Sequence, wherein punishment vulnerability exploit database include a kind of vulnerability exploit by hardware supplier with established back door and known bugs Form provide criminal activity means, wherein unified court evidence database include from across multiple enterprises it is multiple come The compilation court evidence in source.

When the suspend mode spy in crime system captures the file of enterprise network, firewall generation is forwarded to log The log of polymerization, wherein data category is divided into long-term/depth scan and in real time/surface scan by log aggregation.

Depth scan facilitates big data and participates in big data, while utilizing conspiracy detection subalgorithm and external physical pipe Manage subalgorithm；Wherein the standard logs from security checkpoints are polymerize at log aggregation and are selected using lower limit filter It selects；Wherein case index+tracking stores event details；Wherein abnormality detection is according to the intermediate data provided by depth scan module Come using case index and safety behavior with any potential risks event of determination；Wherein external entity management and conspiracy detection quilt It is involved in the analysis of event.

Credible platform searches any computer to check itself or its server relatives/neighbours (other services connected to it Device) it whether was in the past that credible platform establishes double agent or treble agent；Wherein index in credible double spies+track Yun Heke Letter treble agent, which is indexed+tracked, executes spy's lookup inspection at cloud；Wherein passed through it by the double agent that any computer is trusted Trusted channel pushes vulnerability exploit, and wherein the vulnerability exploit attempts to search sensitive document, it is isolated, by its exact state Credible platform is sent back to, and then attempts to wipe it from crime computer.

ISP API request is made via credible platform and at network monitoring network log to arbitrary system, concurrently It is now transferred to the potential file of crime computer, wherein metadata is used to determine to send the file to the important of which platform computer Confidence level, wherein network monitoring finds the network details of crime computer, and these information are re-routed to credible platform, In the credible platform be used to the safe API for participating in being provided by software and hardware supplier so as to using the judicial inquiry can be helped Any established back door.

Software or firmware update are pushed to crime computer to establish new back door by credible platform, and wherein placebo updates Similar machine near being pushed to is to keep stealthy, and wherein target identities details is sent to credible platform, wherein credible flat Platform is communicated with software/firmware maintenance personnel to update placebo update and back door and to be pushed to correlation computer, wherein back door It updates and new back door is introduced by crime calculating by using the software update system pre-established of installation on computers The system of machine, wherein placebo update have ignored back door, and wherein back door is transferred to target by maintenance personnel, and have and be higher than pair The computer of the mean exposure measurement of target, wherein more newly arrive via back door implement vulnerability exploit when, to sensitive document carry out every From and duplication, then to analyze its metadata usage history, wherein collect the forensic data of any supplement and by its It is sent to the vulnerability exploit contact point at credible platform.

Long-term Priority flag is pushed to any and all variation/updates that crime system is monitored on credible platform, Wherein business system submits target to authorization module, which scans all subsystem inputs to obtain defined mesh Any association of target, wherein then information will be passed in business system if there is any matching, which limits authorization simultaneously Attempt to permeate target, wherein input is transferred to desired analysis module, which keeps mutually beneficial security information synchronous.

The computer-implemented system is the priori Real-time defence (LIZARD) in reasoning zero data library, is further wrapped It includes:

A) static core (SC), mainly includes fixed program module；

B) iteration module, amendment create and destroy the module on dynamic shell, and wherein iteration module is using AST for pacifying The reference of full performance, and automatic code write method is handled using iteration core；

C) differential amendment symbol algorithm, is modified primary iteration according to the defect that AST has found, wherein micro- applying After dividing logic, proposes a kind of new iteration, at this moment, recursive call iteration core and undergo the identical process tested by AST；

D) logical deduction algorithm receives the known safe response of dynamic shell iteration from AST, and wherein what generation LDA deduces Code collection, which is constituted, will realize to correctly responding known to security scenario；

E) dynamic shell (DS) mainly includes via the dynamic routine module of iteration module (IM) automated programming；

F) code-insulated isolates foreign code in the virtual environment of constraint；

G) concealed code detection detects the code in concealed embedding data and transmission grouping；And

H) foreign code is rewritten, after exporting foreign code purpose, the part or whole code of re-written code itself And allows only to rewrite and be performed；

Wherein all business equipments are routed by LIZARD, wherein all softwares and firmware of operation business equipment are compiled firmly Code to execute any kind of download/upload via the LIZARD as lasting agent, wherein LIZARD with include movement in Data, the data in use and data-at-rest three types data interaction, wherein LIZARD with include file, electronics postal The data medium interaction of part, network, mobile device, cloud and removable medium.

The system further comprises:

A) AST overflows repeater, wherein when system can only execute low confidence decision, by data be relayed to AST with It is improved for further iteration；

B) internal consistency inspection checks whether all intrinsic functions of foreign code block are meaningful；

C) mirror image is tested, check to ensure that the input/output dynamic of rewriting with it is original identical, to make source code In any hiding vulnerability exploit be all redundancy and never execute；

D) it needs to map matching comprising be referenced to the needs for the overall goal for determining whether foreign code adapts to system With the hierarchical structure of the mapping of purpose；

E) truthful data synchronizer, selection will be given the data for merging environment and thus make in what priority Suspected malicious software can not access sensitive information；

F) data management system is go-between's interface between entity and data outside virtual environment；

G) virtually obscure, obscure and limit by the way that code gradually and to be partly immersed into the false environment of virtualization Code；

Malware stealthily and is discretely transferred in false data environment by h) secret transmissions module；And

I) data readjustment tracking tracks all information for uploading and being downloaded to suspicious entity from suspicious entity.

The system further includes purpose comparison module, is wherein compared four kinds of different types of purposes, to ensure reality The presence and behavior of body be in the production towards the overall goal of system LIZARD it is deserved and understand.

The iteration module using SC come according to returned from data the purpose limited in repeater (DRR) to the code library of DS into The amendment of row grammer, the wherein revised version of LIZARD and multiple parallel carry out pressure tests, and safety is changed by AST Scene.

Inside SC, logical derivation is from required function in exported logic in initial simpler function, thus from elaboration Complicated purpose construct entire function dependency tree；

Wherein code translation by any universal code directly understood by grammar module function be converted to it is any it is selected Know computer language, and also executes the inverse operation by known computer language translation for arbitrary code；

Wherein logic reduces will drop the mapping that the function of interconnection is generated at simpler form with the logic of written in code；

Wherein complicated purpose format is the storage format for storing the interconnection specific item for indicating overall purpose；

It is that the behavior of what function and type refers to the hard coded reference of what kind of purpose that wherein purpose, which is associated with,；

Wherein iteration extends through reference purpose association to add details and complexity, so that simple target is evolved into Complicated purpose；

Wherein iteration, which is explained, traverses all interconnection functions, and generates task of explanation by reference to purpose association；

Wherein outer kernel is made of grammer and purpose module, these modules work to export as logic purpose not together The foreign code known, and executable code is generated according to the function code target of elaboration；

Wherein foreign code is the unknown code of LIZARD and function and expected purpose are unknown, and foreign code is pair Purpose derived from the input of inner core and institute is output, wherein derived from purpose be the given code estimated by purpose module It is intended to, wherein purpose derived from institute is returned with complicated purpose format.

IM is used for the reference of security performance using AST, and automatic code write method is handled using iteration core, wherein At DRR, when LIZARD must not be without recourse to when being made decisions, by the data about malicious attack and bad actor with low confidence It is relayed to AST；Wherein inside iteration core, differential amendment symbol algorithm (DMA) from inner core receive grammer/purpose program capability and Aims of systems guidance, and primary iteration is corrected according to the defect that AST 17 is had found using such code set；Wherein safety As a result defect is intuitively showed, to indicate the safe prestige shifted when running virtual execution environment by primary iteration The side of body.

Inside DMA, current state indicates the dynamic shell code set with symbolically associated shape, size and location, The wherein different configurations of the different configuration instruction safe and intelligents of these shapes and reaction, wherein AST provide by chance it is incorrect with And correctly response is any potential response of what current state；

Wherein vector of attack serves as the symbolic demonstration of network security threats, wherein direction, size and color all with hypothesis Security attribute (such as type of the size of vector of attack, Malware and Malware) it is related, wherein vector of attack signify Property popped up from code set to indicate the security response of code set；

Wherein correct status indicates that the code block of the slave dynamic shell of DMA generates the final of the process of desired security response As a result, wherein the difference between current state and correct status causes different vector of attack to respond；

Wherein AST provides known safety defect together with correct security response, and wherein logical deduction algorithm uses DS's Previous ones are come an iteration that is more excellent and more preferably equipping generating the dynamic shell of referred to as correct security response program.

In virtually obscuring, suspect code is reconditely assigned in an environment, in this environment, the data of half Intelligently merge with false data, wherein any main body operated in real system can be because of virtual isolated and light Pine and the data environment for being reconditely transferred to partially or completely falseness；Wherein false data generator uses truthful data synchronizer As the template for creating personation & hash；Confidence level risk in the perception of the incoming foreign code wherein perceived Will affect LIZARD selection obscures grade；Wherein the high confidence level of malicious code will be called and extremely include a large amount of false datas The distribution of environment；Point to real system or 100% false data environment can be wherein called to the low confidence of malicious code Match.

Data are recalled tracking and are kept to the tracking from the upload of suspicious entity and all information for downloading to suspicious entity；Its In in the case where false data has been sent to legitimate enterprise entity, execute the readjustment for adjusting back all false datas, and conduct Replacement sends truthful data；Wherein implement readjustment trigger so as to legal business entity to certain information hold fire until Until not being false in the presence of confirmation data.

Behavioural analysis tracks the downloading of suspicious entity and uploads behavior, with the potential correction movement of determination, wherein true system System is comprising existing entirely in the original truthful data except virtualized environment, wherein the truthful data of replacement false data is will be true Real data is supplied to the place that data recall tracking without filtering, suspicious in the past to use so as to make truthful data patch Truthful data physically replace false data；The data management system being wherein immersed in virtually isolated environment, which receives, to be come The truthful data patch of tracking is recalled from data；Wherein when harmless code is cleared to malicious code by behavioural analysis, execute False data in former suspicious entity is replaced with the truthful data represented by it by correction movement；Wherein secret token be by LIZARD is generated and the security string of distribution allows really harmless entity without its work；Wherein if token lost, Then this indicates that the legal entity may be placed in once in a while in the false data environment of part because it is the risk assessment of Malware Possibility scene, hereafter have delay interface delayed conversation be activated；Wherein, if it find that token then this show server ring Border is that true and therefore any delay session is all deactivated.

Inside behavioural analysis, purpose mapping is to confer to the hierarchical structure of the aims of systems of entire business system purpose, It is said that the built-in system of the middle anything for doing stated, activity and code library purpose with suspicious entity needs to carry out Compare；The storage, CPU processing and network activity of suspicious entity are wherein monitored with activity monitoring, wherein grammer Module explains these activities according to desired function, and wherein these functions are then translated as the expection in behavior by purpose module Purpose, wherein code library is source code/programming structure of suspicious entity and is forwarded to grammar module, and wherein grammar module understands Encoding syntax and the intermediate mapping that programming code and symbol active are reduced to interconnection function, wherein purpose module generates suspicious reality The perception of body, output code library purpose and activity purpose is intended to, and wherein code library purpose includes and such as programmed by the grammer of LIZARD Known purpose, function, jurisdiction and the power of entity derived from ability, wherein activity purpose includes and is such as deposited by its of LIZARD Known purpose, function, jurisdiction and the power for the entity that the understanding of storage, processing and network activity is understood, wherein stated Purpose is hypothesis purpose, function, jurisdiction and the power for the entity such as stated by entity itself, needed for purpose include enterprise Expected purpose required by industry system, function, jurisdiction and power, wherein all purposes is all compared in comparison module, Wherein between purpose it is any it is inconsistent will all cause the deviation in purpose scene, this causes correction to act.

The computer-implemented system is critical thinking memory & perception (CTMP).The system further comprises:

A) Being Critical rule range expander (CRSE) using known sensing range and is upgraded to including perception Critical thinking range；

B) correct rule, instruction derived correct rule by using the critical thinking range of perception；

C) rule executes (RE), executes and has been confirmed to be existing and has been realized according to memory to the scanning of chaos field Rule to generate desired and relevant critical thinking decision；

D) Being Critical decision exports, and produces by comparing the conclusion obtained by perception observer's emulator (POE) and RE Give birth to the final logic totally exported for determining CTMP；

Wherein the POE generates the emulation of observer, and tests/compare institute in the case where these variations of observer's emulation There is potential perception point；

Wherein the RE includes chessboard plane, is used to track the conversion of rule set, and wherein the object on the disk indicates any The complexity of given unsafe condition, and these objects are indicated by the response of safety regulation collection across the movement of ' safe chessboard ' and are managed The evolution of the unsafe condition of reason.

The system further comprises:

A) subjective opinion decision is the decision provided by selected pattern matching algorithm (SPMA)；

B) input system metadata comprising the original metadata from SPMA, the original metadata describe algorithm Mechanical process and its how to reach these decisions；

C) reasoning is handled, and is asserted by comparing property qualitative attribution logically to understand；

D) rule process, using derived result rule, the reference point as the range for being used to determine current problem；

E) remember net, scan market variables log to obtain achievable rule；

F) raw sensed generates, and receives metadata log from SPMA, wherein being parsed and being formed to log indicates this The perception of the perception of kind algorithm, wherein to perceive complex format (PCF) to store the perception, and emulated by POE；Wherein answer The perception angle that perception angle instruction has been applied and utilized by SPMA；

G) automatic sensing discovery mechanism (APDM) is generated using creative module according to the perception angle by applying The input of offer and formed mixing perception, so as to increase the range of perception

H) self-criticism sex knowledge density (SCKD), estimation can report the model for the potential unknown knowledge that log can not obtain It encloses and type, thus CTMP subsequent critical thinking feature can use the potential range of related to knowledge；Wherein criticize The property sentenced thinking indicates the external shell jurisdiction of rule-based thinking；

I) it implies and derives (ID), the angle for the perception data that may be implied from the export of the perception angle of current application；

Wherein SPMA is via perception and rule and critical thinking juxtaposition performed by CTMP.

The system further comprises:

A) resource management distribution (RMA) is used to execute the perception amount of observer's emulation in wherein adjustable strategy instruction, Wherein the priority of selected perception is selected according to the weight of descending, wherein the then side of strategy instruction selection truncation Formula, rather than select percentage, fixed number or more complicated algorithm；

B) storage search (SS), use CVF derived from data enhancing log perceptually store the database of (PS) Criterion in lookup, wherein other than its relevant weight, perception is also to be stored as it than variable format (CVF) in PS Index；

C) measurement is handled, the reverse-engineering for distributing the variable from SPMA；

D) perception is deduced (PD), and the original of assignment response is replicated using assignment response and its corresponding system metadata Begin to perceive；

E) meta data category module (MCM), will debugging and algorithm keeps track point wherein using the information based on grammer to classify For different classifications, wherein the category is used for tissue and generates different assignment response relevant to risk and chance；

Perception angle is divided into the classification of measurement by f) measurement combination；

Single metric reversion is returned to entire perception angle by g) measurement conversion；

The measurement category of multiple and variation perception angle is stored in each database by h) metric extension (ME) In；

I) it may compare variable format generator (CVFG), information flow be changed to comparable variable format (CVF).

The system further comprises:

A) perception matching 503, CVF is formed by deriving (RSD) received perception from rule syntax wherein；Wherein The CVF newly formed is utilized to similar index and searches relevant perception in PS, wherein potential matching is returned to rule Then grammer generates (RSG)；

B) memory identification (MR), wherein by entering data to form chaos field 613；

C) remember conceptual index, entire concept individually is optimized for indexing wherein, is used wherein indexing by alphabetical scanner To interact with chaos field；

D) rule realizes resolver (RFP), the various pieces of the rule with identification label is received, wherein each part All it is labeled as being had been found in chaos field or not being found by memory identification；Wherein RFP logically deduces Sufficiently identified in chaos field the whole rule of deserved which of RE (i.e. it is all they part combination)；

E) rule syntax format separation (RSFS), correct rule is separated and is organized by type wherein, thus everything, Property, condition and object are separately stacked；

F) rule syntax derives, and ' the black and white ' rule of logic is converted into the perception based on measurement wherein, thus multiple The complex arrangement of rule is converted into multiple measurements via variable gradient to state single uniform perceptual；

G) rule syntax generates (RSG), receives the perception that had previously confirmed, these perception are stored and participated in perceive format The internal metric of perception is constituted, and emulates the input of raw sensed/defeated wherein this measurement based on gradient of measurement is converted to The binary system of information flow and logic rules collection out；

H) rule syntax format separation (RSFS) meets the rule of the reality of observed object in wherein correct Rule Expression The accurate representation form of collection, thus correct rule is separated and is organized by type and therefore all movement, property, condition and object Separately stacked so that system can distinguish had found in chaos field which part and which part not by It was found that；

I) internal logic is deduced, and uses logic theory, to avoid fallacy, what kind of rule will be accurate to deduce Ground indicates many measurement gradients in perception；

J) contextual analysis is measured, the interconnected relationship in assay measures perception, some of them measurement, which can rely on, to be had Other measurements of different degrees of magnitude, wherein this contextualized is mutual for supplementing mirror image of the rule in ' number ' rule set format Even relationship；

K) rule syntax format conversion (RSFC), the grammer in accordance with rule syntax format (RSF) classify to rule And separation；

Wherein intuitive decision making participates in critical thinking via using perception, and wherein thinking decision participates in criticizing via using rule The property sentenced thinking, wherein perception is according to the format syntax defined with internal form from the received data of intuitive decision making, wherein meeting Rule be from the received data of thinking decision, which is the set of the achievable rule set from RE, wherein counting According to according to the format syntax transmitting limited in internal form；

Wherein movement instruction may have been carried out, will be performed, the movement for the activation that is being considered, and wherein property indicates Some like property qualitative attribution, the attribute description other business, no matter it is movement, condition or object, and conditional instruction is patrolled Operation or operator are collected, wherein object instruction can have the target for the attribute that can be applied to it；

The rule schemata wherein separated is used as the output from rule syntax format separation (RSFS), is considered pre- Remember cognitive phase), and as the output for carrying out Self-memory identification (MR), it is considered as cognitive phase after memory).

The system further comprises:

A) chaos field parsing (CFP), by the format combination of log at single scannable chaos field 613；

B) additional rule is generated from memory identification (MR) to supplement correct rule；

It is wherein internal in perception matching (PM), measure statistical provide from perception storage, mistake manages parsing grammer and/or The statistical information of logic error from any of each measurement, isolated measurement is isolated by each individual measurement, because They are combined in the past in the individual unit as input perception, and node comparison algorithm (NCA) receives two or more CVF's Node is constituted, wherein the degree of each node representation property magnitude of CVF, wherein being executed based on individual nodes similar Property compare, and population variance is calculated, wherein lesser square margin indicates closer matching.

The system of claim further comprises:

A) raw sensed-intuitive thought (simulation) is perceived according to ' simulation ' format analysis processing, wherein mould relevant to decision Quasi- format perception is stored in the gradient on no rank smoothed curve；

B) original rule-logical thinking (number) handles rule according to number format, wherein number relevant to decision The original rule of format is stored as small to not having the rank of ' gray area '；

Wherein unconsummated rule is the interdependent rule set not being adequately identified in chaos field of logic according to them, And the rule realized is to be identified as available enough rule set in chaos field 613 according to their logic is interdependent；

Wherein queue management (QM) is using grammatical relation reconstruct (SRR) with each body portion of the sequence analysis for being best suitable for logic Point, and access memory identification (MR) as a result, it is possible thereby to answer binary Yes/No process problem and take movement appropriate, Wherein QM checks each regular segment stage by stage, if lacking single section in chaos field and not having pass appropriate with other sections System, then be denoted as being not implemented by rule set；

Sequential memory tissue is the optimization information storage of in-order information " chain ", wherein in memory access point, it is each to save Width means observer in each of point (block) is to the direct accessibility of the object (node) remembered, wherein may have access to Property in the range of each letter indicate its direct memory access point to observer, wherein larger range of accessibility indicate Each sequential node there are more accessibility points (wherein only ' in order ' quote more than one sequence rather than from it is any with Quoted in the node of machine selection), then the range of accessibility is narrower (relative to sequence size, wherein having nesting In the case where sub-sequence layers, the sequence for showing strong inhomogeneities is made of a series of lesser subsequence of interconnection.

Non-sequential memory organization handles the information storage of non-sequential continuous item, and wherein invertibity indicates non-sequential arrangement and system One range, wherein non-sequential relationship is indicated by the relatively wide access point of each node, wherein when the sequence of node is by again There are identical uniformities when shuffling, wherein core subject be associated with, same number of Node is repeated but has different Core (center object), wherein kernel representation main subject matter, remaining node serve as the memory neighbours for the main subject matter, phase For can more easily access memory neighbours there is no the core subject of definition.

Memory identification (MR) scanning chaos field is to identify known concept, and wherein chaos field is arbitrarily to be immersed in ' white noise ' field ' of concept in sound ' information, wherein memory concept retain storage be ready to index and reference field inspection can recognize Concept, wherein 3 alphabetical scanners scan the chaos field, and check 3 that correspond to target alphabetical sections, wherein 5 letter scannings Device scans the chaos field, and checks 5 that correspond to target alphabetical sections, but specifically with each single item progress one throughout field Acting the section checked is entire word, and wherein chaos field is segmented for being scanned by different proportion, wherein with scanning range Diminution, accuracy increase, wherein the increase in the field field with scanner, bigger alphabetical scanner is more efficiently used for Identification is executed, cost is accuracy, wherein the not processed memory concept that memory conceptual index (MCI) leaves in response to them And alternately change the size of scanner, wherein MCI 500 is started and is gradually reduced with maximum available scanner, so as to send out Now more computing resources check that smaller memory concept target is potentially present of.

Field interpretation logic (FIL) operates the logistics for managing the scanner of different in width, and wherein general range is swept It retouches and is started with big letter scanning, and with the less large-scale field of resource detailed survey, cost is small scale accuracy, wherein when Specific range scans are used when important region is positioned, and are needed by ' amplification ', so that it is guaranteed that in redundancy and not curved Bent position does not execute expensive accurate scanning, wherein receiving the additional identification indication field to memory concept in chaos field Range includes the intensive saturation of memory concept.

In automatic sensing discovery mechanism (APDM), perception angle is by including the multiple of range, type, intensity and consistency Measurement is pressed composition and is limited, these define many aspects for constituting the perception of overall recognition, wherein creative module produces again Miscellaneous change perceived, wherein perception weight defines perception has how many relative effect to perception when being emulated by POE, wherein two The weight of a input perception is all under consideration, also defines the weight of the perception of new iteration, it includes perceived shadow by previous generation Loud hybrid metric.

Input for CVFG is batch data, is to indicate to be made of the node of CVF generated to indicate The arbitrary collection of data, wherein sequential advancement is executed by each of each unit defined by batch data, wherein Data cell is converted into node format, have with such as the identical composition of information referenced by final CVF, wherein when checking turn Node after changing the stage there are when it is temporarily stored in during node retains, wherein creating it if can not find them And occurred and the statistical information that uses updates them using including, wherein having, all nodes with a grain of salt are assembled and conduct CVF push is that module exports.

Node comparison algorithm compares two nodes read from original CVF and constitutes, wherein having part matching mould In the case where formula (PMM), if there are active nodes in a CVF, and its (node is not found in it is more candidate In latent), then the comparison impunity, wherein with entire match pattern WMM, if in a CVF There are active nodes, and its (node be in latent) is not found in it is more candidate, then punish to comparing.

It is significant safe causality that system metadata, which separates (SMS) for input system separated from meta-data, wherein In the case where with three dimension scanning/assimilation, using the classification container of pre-production and the original analysis from categorization module from being System metadata in extract unsafe condition main body/suspect, wherein main body be used as export the main ginseng of security response/variable relation Examination point, wherein being extracted from system metadata in the case where scanning/assimilating with risk using the classification container of pre-production The risk factors of unsafe condition and original analysis is extracted from categorization module, risk and show or be exposed to such risk Target subject it is associated, wherein in the case where having response scanning/assimilation, using the classification container of pre-production from system It extracts in metadata by the response of the unsafe condition of input Algorithm constitution, and extracts original analysis from categorization module, wherein It is said that responding associated with deserved such security principal responded.

In MCM, format separation is separated and is classified to metadata according to the rule and grammer that can recognize format, wherein Local format rule and grammer include enable MCM module identify preformatting metadata streams definition, wherein debug with Track is to provide used variable, function, method and type and their own outputs and inputs types of variables/content coding Grade tracking, wherein algorithm keeps track is a software levels tracking, provides and analyzes the secure data combined with algorithm, wherein providing How resulting security decision (approval/prevention) reaches the tracking (reasonable ground) of the decision together with it, and each Factor is to the appropriate weight for making the security decision role.

In measurement processing (MP), security response X indicates that series of factors, these factors facilitate the knot selected by SPMA The security response that fruit obtains, wherein initial weight is determined by SPMA, wherein perception is deduced, (PD) uses one of security response Point and its corresponding system metadata replicate the raw sensed of security response, wherein display is explained in the perception to dimension sequence PD how will receive the security response of SPMA and relevant input system metadata association get up with re-create as initially by The full scope for the intelligence ' number perception ' that SPMA is used, wherein shape filling, stacking amount and dimension are capture intelligent algorithms The number perception of ' perspective view '.

In PD, using security response X as input be forwarded in reasonable ground/reasoning and calculation, by using input/it is defeated Reduce the intention supply of (IOR) module out to determine the reasonable ground of the security response of SPMA, wherein IOR module uses metadata In the separation of various function calls listed output and input, wherein separated from meta-data is executed by MCM.

For POE, input system metadata is that raw sensed generates (RP2) for generating the first of perception in CVF Begin to input, wherein derived CVF is used as perceiving storage from data enhancing log in the case where having storage search (SS) (PS) the criterion in database lookup, wherein in the ranking, perception is sorted according to their final weight, wherein data The log of enhancing is applied to for generating prevention/approval suggestion perception, and wherein SCKD marks log to limit unknown knowledge Expection upper range, wherein data parsing enhances log and input system metadata to data and carries out basic explain to export such as By the original SPMA original approval determined or decision is prevented, wherein CTMP criticizes decision according to perception in POE, and according to from patrolling The rule defined on volume, which to execute in rule, criticizes decision in (RE).

In the case where having measurement complexity, the circular extraneous peak value for indicating the known knowledge about individual measurement, Wherein circular external margin indicates more measurement complexity, and center indicates less measurement complexity, and wherein center is shallow Ash indicates the measurement combination of the present batch of the perception angle of application, and external Dark grey indicate generally by system store with it is known Measurement complexity, wherein the target of ID be increase calculation of correlation complexity, allow perception angle in complexity sum number Amount aspect is multiplied, and Oxford gray surface region indicates the total size of the present batch of the perception angle of application, and root The quantity of the range left according to the known upper limit is more than, wherein in enhancing and abundant complexity that measurement return is multiple as measurement Polygamy is transmitted as the input that measurement is converted, and individual is inverted to the entire angle of perception by it, thus by final output It is assembled into implicit perception angle.

For SCKD, it is known that data classification (KDC) separates Given information with input category, appropriate so as to execute DB analogy inquiry, and information is separated into classification, wherein separated classification provides input to CVFG, CVFG is defeated with CVF format Classification information out is used to check similitude in given data range DB by storage search (SS), wherein each classification by The relevant range for marking its given data according to SS result, wherein the label range of the unknown message of each classification is by group again It is installed onto the identical original incoming stream of unknown data combiner (UDC).

The computer-implemented system is that vocabulary objectivity excavates (LOM).The system further comprises:

A) initial query reasoning (IQR), problem is transferred to wherein, and it retains (CKR) using center knowledge to decode To the vital missing details for understanding and answering a question/being made a response to problem；

B) investigation clarification (SC), problem and supplemental queries data are transferred to wherein, and it receives and comes from human subject Input and send output to the mankind, and form clear problem/assert；

C) assert construction (AC), by assert or problem in the form of receive propose, and provide it is relevant to such proposal The output of concept；

D) response is presented, and is for appealing that connecing by the AC conclusion drawn is presented in both (RA) to human subject and rationality Mouthful；

E) level mapping (HM) maps associated concept to find the problem/assert the confirmation or conflict of consistency, and Calculate the interests and risk that certain position is taken on the theme；

F) center knowledge retains (CKR), is the major database for being referenced for the knowledge of LOM；

G) knowledge verification (KV), the knowledge for receiving high confidence level and criticizing in advance, these knowledge are needed for looking into CKR Inquiry ability is logically separated with assimilation；

H) receive response, this is to give a kind of selection of human subject to be used to or receive the response of LOM or to criticize Sentence to appeal, wherein being handled by KV, if response is received so that (high confidence level) knowledge as confirmation is deposited Storage is in CKR, wherein forwarding them to RA if human subject does not receive response, which is checked and criticism is given by the mankind The reasons why appealing out；

I) the artificial intelligence service provider (MAISP) managed, it runs the internet of the LOM of the master instance with CKR Mysorethorn example, and LOM is connected to interdependent front end services, back-end services, third party application, information source and MNSP cloud.

Front end services include human intelligence personal assistance, communication application program and agreement, home automation and medical applications Program, wherein back-end services include online shopping, online transport, medicine prescription order, and wherein front-end and back-end service is via text API infrastructure and the LOM of part are interacted, this realizes the standardization of information transmitting and agreement, and wherein LOM is via automation Research mechanism (ARM) is from oracle retrieval knowledge.

Primal problem of language construct (LC) explanation from human subject and parallel modules/assert input, to generate language The logical separation of grammer；Wherein concept discovery (CD) clarification the problem of/assert interior reception point of interest and by leading using CKR Associated concept out；Wherein, concept priority (CP) receives related notion, and in the logical layer for indicating specificity and versatility They are ranked up；Wherein response separation logic (RSL) understands that the mankind respond using LC, and by related and effective response It associates with preliminary clarification request, to realize the target of SC；Wherein then LC be re-used during output stage with Modification primal problem/assert to include by the received supplemental information of SC；Wherein context construction (CC), which uses to come from, asserts construction (AC) metadata and the evidence from human subject provide brute facts to CTMP to carry out critical thinking；Wherein decision ratio The overlapping before criticizing and after criticism between decision has been determined compared with (DC)；Wherein conceptual compatibility detection (CCD) is compared from original The concept for problem/assert is derived to determine logical compatibility result；Wherein interests/exposure calculator (BRC) is received from CCD and is compatible with Property as a result, and weigh interests and risk, with formed include variable implicit during concept is constituted gradient unified decision；It is wherein general It reads interaction (CI) and attribute related with AC concept is distributed into each of the information collected via investigation clarification (SC) from human body main body Part.

Inside IQR, LC receives original problem/assert；The problem is separation on language and IQR utilizes CKR Individual word and/or phrase per treatment；By reference to CKR, IQR considers potential option, they may be in view of word/short The ambiguity of language.

Investigation clarification (SC) is received from IQR and is inputted, wherein input includes requested clarification series, human subject will be directed to The objective answer for the primal problem to be obtained/assert is come the requested clarification series answered, wherein providing for clarification Response is forwarded to response separation logic (RSL), it will respond associated with clarification request；Wherein requested with what is handled Clarification concurrently, to LC provide clarification language association, wherein association comprising it is requested clarification language construction between it is interior Portion's relationship, this enables RSL to modify primal problem/assert, thus the problem of LC output has been clarified.

For receiving the construction of asserting for the problem of having clarified/assert, PROBLEM DECOMPOSITION is point of interest by LC, these points are passed It is delivered on concept discovery, wherein CD is by exporting associated concepts using CKR, and wherein concept is ordered by concept prioritization (CP) In logical layer, wherein top layer is designated as concept most typically, and lower layer is assigned more and more specific concept, wherein pushing up Layer is transferred to level mapping (HM) as modularization input；Wherein in the parallel transfer of information, HM receives point of interest, this is emerging Interest point is by its interdependent modular concept interaction (CI) processing, and wherein CI is distributed to attribute by the index information at access CKR emerging It is interesting, wherein final output returns to AC after derived concept has been subjected to compatibility test when HM completes its internal procedure, And weigh and return interests/risk of position.

Input is provided to the compatibility/conflict grade CCD distinguished between two concepts for HM, CI, wherein compatibility/ Colliding data is forwarded to BRC, which is translated as taking the interests of whole consistent position in this problem with conflict And risk, wherein risk/advantage factors using position together with them are transmitted to AC as modularization output, wherein system includes letter Breath stream circulation, instruction as gradually build up it is objective in response to the problem of/subjective quality asserted and the intelligence gradually supplemented is terraced Degree；Wherein CI receives point of interest and explains each point of interest according to the top layer of the concept of prioritization.

It for RA, language text of the core logical process by conversion, and returns the result, wherein if the result is that high confidence level , then result is transmitted on knowledge verification (KV), correctly to assimilate into CKR, wherein if the result is that low confidence , then result is transmitted to the circulation for continuing self-criticism on AC, center logic is with the pre- criticism of not language elements The form of decision is received from LC and is inputted, wherein being transmitted to CTMP for the decision as subjective opinion, wherein decision is also forwarded to Context constructs (CC), the context construct (CC) using metadata from AC and the potential evidence from human subject to CTMP provides the brute facts as input ' objective fact ', wherein the case where CTMP has received two mandatory input Under, these information best attempt processed for reaching ' objective opinion ' to export it, wherein using opinion as criticism inside RA Decision afterwards is handled, wherein before criticism and both decisions after criticism is all forwarded to decision comparison (DC), the decision comparison (DC) determine the overlapping range between two decisions, wherein then appeal argument otherwise recognize be it is true or improve review a little with Explain appeal it is why invalid, wherein to recognize or improve scene it is unconcerned in the case where, by the transmitting of the result of high confidence level It is transmitted on AC 808 for further analysis on to KV and by the result of low confidence.

For CKR, information unit is stored in unit knowledge format (UKF), wherein rule syntax format (RSF) is one Group is for tracking the grammer standard of reference rule, and wherein multiple rules units in RSF can be utilized to describe single object Or movement；Wherein source attribute is the set of complex data, and the information source of tracer request protection, wherein UKF cluster is by being linked A succession of UKF variant composition, to be limited to independent information in jurisdiction, wherein UKF 2 include main target information, Middle UKF 1 includes timestamp information and omits timestamp field itself therefore to avoid infinite regression, and wherein UKF 3 belongs to comprising source Property information and therefore omit source field itself to avoid infinite regression；Wherein each UKF2 must be accompanied by least one UKF1 With a UKF3, otherwise cluster (sequence) is considered as that information incomplete and therein can't be patrolled by LOM total system is general Collect processing；Wherein between central UKF2 and its corresponding UKF1 and UKF3 unit in, there may be serve as link bridge UKF2 unit, wherein a series of UKF clusters will be handled as KCA to assert derived from being formed, wherein knowledge validation analysis (KCA) is UKF cluster information is compared to the place to be used to confirm the evidence about viewpoint position, wherein after the completion of the processing of KCA, CKR can export the conclusive dogmatic position to theme.

For ARM, wherein as indicated by User Activity, the interaction of user and LOM concept be directly or indirectly brought to Answer/response is in problem/assert correlation, and wherein the estimated CKR that eventually generates of User Activity has low relevant information or do not have The concept of relevant information, as request but the list of not available concept indicated by, wherein with concept arrange & it is preferential In the case where gradeization (CSP), concept definition is received from single independent source and they polymerize so as to the resource to information request Divide priority, wherein by information source provide data according to they request what concept definition and at Information Aggregator (IA) It is received and is parsed, and save relevant metadata, wherein will send information to cross reference analysis (CRA), there will Received information compared with the previous existing knowledge from CKR and considering the previous existing knowledge from CKR In the case where the received information of construction institute.

Personal intelligence profile (PIP) is the ground that the personal information of individual is stored via multiple potential distal points and front end Side, wherein their information is opened with CKR points, but can be used for LOM total system generic logic, wherein related with artificial intelligence application Personal information is encrypted and is stored in personal UKF cluster pond with UKF format, wherein with information anonymity processing (IAP) In the case of, information is added CKR after being deprived of any personal recognizable information, wherein analyzing with cross reference (CRA) in the case where, by received information compare and considered from CKR with the previous existing knowledge from CKR Previous existing knowledge in the case where the received information of construction institute.

The equipment and service that internet on life supervision automation (LAA) connection linking platform enables, wherein actively determining Plan (ADM) according to fund appropriation rule & manage (FARM) consider front end services, back-end services, IoT equipment, expenditure rule and can With the availability and function of quantity；FARM receive to module limit criterion, limitation and range mankind's input with inform ADM it What movable jurisdiction is, wherein password money-capital is stored in digital wallet, wherein IoT interactive module (IIM) is safeguarded Which available database of IoT equipment, wherein data feeding indicate IoT enable equipment when to LAA send information.

The system further comprises behavior monitoring (BM), monitors the identifiable request of data of individual from the user to examine Immoral and/or illegal material is looked into, wherein related from external service syndication users in the case where polymerizeing (MDA) with metadata Data wherein this information is passed to conclusion/deduction, and are finally PCD so as to establish the digital identity of user, There is using the confirmation from MNSP because usually executing complicated analysis；Wherein from being tested by the process identity of destination of PIP The user of card passes through information trace (IT), and is checked according to behavior blacklist, drills at (PCD) wherein detecting before crime It unravels silk and concludes information to be merged and analyze to obtain the conclusion before crime, wherein PCD utilizes CTMP, directly refers to the black name of behavior Singly come verify conclusion and deduce generate position, wherein blacklist maintenance authorization (BMA) operated in the cloud service frame of MNSP.

LOM is configured to manage the personification combination in individual life, and wherein LOM receives the inside review via LOM The initial problem that process is drawn a conclusion, wherein it is connected to LAA module, the module be connected to LOM can receive from it data and The internet for controlling data enables equipment, wherein LOM deduces and lacks during constructing argument with contextualized The link of mistake, wherein LOM has decoded that solution is original to assert caused predicament with its logic, it must know or assume first pass In certain variables of situation.

The computer-implemented system is linear atoms Multi cavity atom model (LAQIT).The system includes:

A) identical consistent color list is recursively repeated in logical construction grammer；And

B) it is recursively translated using the sequence using The English alphabet；

Wherein when constructing ' basis ' layer of alphabet, shortens on color channel and unequal weight uses colour Sequence, and retain remaining space for the syntactic definition in color channel for using and extending from now on；

Wherein, complicated algorithm reports its log event and state report using LAQIT, automatically generates state/Log Report, Wherein state/Log Report is converted into the text based LAQIT grammer that can be transported, wherein grammatically unsafe information is logical Number transmitting is crossed, wherein the text based grammer that can be transported is converted into readable LAQIT vision syntax (the linear mould of height Formula), wherein key is optimized for human mind, and based on relatively short shape sequence；

Wherein, the non-security text in part is by sender's input to submit to recipient, and wherein be converted into can for text The text based LAQIT grammer of the encryption of transmission, wherein grammer security information is transmitted by digital form, and wherein data are turned It is changed to the LAQIT grammer visually encrypted；

Wherein increment recognition effect (IRE) is the channel of information transmitting, and is just known before information unit delivers completely Not Chu its complete form, wherein merge this effect of predictive index by the transition between display word and word, Middle proximal end recognition effect (PRE) is the channel of information transmitting, and the identification information when information unit is destroyed, merges or changes The complete form of unit.

In the linear model of LAQIT, block, which shows ' basic to render ' version of linear model and puts, shows that it does not add Close, wherein with word separator, the color of shape indicates the subsequent character of word, and serves as word and next Separation between a word, wherein singly checking that there is region merging technique bigger the smaller of letter to check region, and therefore each picture The information of element is less, wherein checking in region double, there are more movable alphabets, wherein shade coverings to make to be passed to for each pixel It slows up with the letter of outflow, so that the principal focal point of observer is on checking region.

In the atomic mode with broad range encryption stage, which letter the reference of primary colours capital characters will define General rule, wherein there is impact (kicker) identical with primary colours color gamut, and it definitely defines specific character, Wherein with read direction, information delivering is read in the rectangular upper beginning in the top of an orbit ring, wherein once Orbit ring is completed, and reads by from the rectangular continuation in top of next sequence orbit ring, wherein into/out entrance is character The creation and breakdown point of (its primary colours), wherein the fresh character for belonging to related track will occur from entrance and slid clockwise is to its position It sets, wherein atomic nucleus defines the subsequent character of word；

Wherein in the case where navigating with word, each piece of entire word (or the molecule mould indicated on the left of screen Multiple words under formula), wherein corresponding block moves to the right outwardly when showing word, and when the word is completed, block to It retreats, wherein the Color/Shape of primary colours of first letter of Color/Shape and word of navigation block is identical；Wherein have In the case that sentence navigates, each piece of expression word cluster, wherein cluster is can to adapt to most on word Navigation Pane Big word amount, wherein state of atom creation is the transition that one kind causes increment recognition effect (IRE), wherein under such transition Primary colours occur from into/out entrance, hide their impact, and the position moved clockwise to assume them；Its Central Plains Sub- conditional extensions are the transition that one kind causes proximal end recognition effect (PRE), once wherein primary colours reach their position, they are just It can be displaced outwardly in ' extension ' sequence that information state is presented, it discloses impact it is possible thereby to which the specific of information state is presented Definition；Wherein state of atom destruction is the transition that one kind causes increment recognition effect (IRE), and wherein primary colours have shunk (reversion Sequence spreading) to cover impact again, wherein their positive slidings clockwise now with arrive into/exit entrance.

In the case where obscuring with shape, standard square is replaced by five visual different shapes, wherein grammer Interior change in shape allows to be inserted into useless (vacation) letter at the policy point of atom profile, and useless letter has obscured message True and expected meaning, wherein it is all the decruption key via safety and temporarily transmitted that decode letter, which be true or useless, Come what is completed；

Wherein, it in the case where having redirection bonding, is bonded and two letters is linked together to and changed reading process, Wherein when being started with typical read mode clockwise, encounters initiation (beginning) and land on reasonable/non-useless letter Bonding on (being terminated with reasonable/non-useless letter), which will turn to read mode, restores it on land letter；

Wherein with radioactivity element, some elements can " in a hurry (rattle) ", this can make letter It whether is useless assessment reversion, wherein shape shows the shape that can be used for encrypting, and wherein central factor, which is shown, defines immediately In the central factor of the track of the subsequent character of word.

In the case where having redirection bonding, which is started with " initiation " letter and is terminated with " land " letter, Wherein any of which may be useless or may not be useless, wherein if no one of they are useless , then the bonding changes read direction and position, wherein if one or two be all it is useless, entire bonding must be neglected Depending on, otherwise message will be decrypted improperly, wherein in the case where having bonding key definition, if reading information state During must comply with bonding, then depend on it whether be specifically defined in encryption key.

In the case where having single cluster, two neighbours are non-radioactive, therefore limit range for cluster, wherein by Double clusters are appointed as effectively in key, so the element is to be processed if if element is not first radioactivity, wherein In the case where having double clusters, key definition double clusters are limited to it is movable, therefore while decrypting message it is all its The cluster of his size be considered as it is latent, wherein it is incorrect explanation show interpreter as why not double clusters are considered as instead Sequence (wrong report).

Under encryption enabled and the molecular pattern of streaming, in the case where having concealed dictionary attack to resist, message is not It is decrypted correctly and will lead to " distracting attention " standby message, wherein in the case where each molecule has multiple movable words, During molecular procedures, these words are presented parallel, to increase the information of every surface area ratio, however have consistent transition Speed, wherein binary system and streaming mode show streaming mode, and in the configuration of typical atom read mode be it is binary, Wherein binary mode Deictic Center element defines which character word is followed by, and wherein molecular pattern is also binary；It removes When enabling the encryption for abiding by streaming mode, wherein streaming mode in orbit refers to spcial character.

The computer-implemented system is to coordinate all items of general BCHAIN of attachment integrated node with basic connection (UBEC) system of connection.The system further comprises:

A) communication gate (CG) is the main algorithm that BCHAIN node is interacted with its hardware interface, hereafter cause and its The communication of its BCHAIN node；

B) remote node behavior pattern is explained in node statistics investigation (NSS)；

C) a possibility that node escape index, tracking nodes neighbors will be fled near sensing node；

D) node saturation index tracks the number of nodes in the detection range of sensing node；

E) node consistency index tracks the quality for the node serve such as explained by sensing node, wherein high node one Cause the neighbor node around sex index instruction that often there is more available uptime and consistency of performance, wherein having The node having a double purpose often has lower index of conformity in use, wherein dedicated for the node of BCHAIN network Show higher value；And

F) node overlapping index tracks the quantity for the overlapping nodes such as explained mutually by sensing node.

The system further comprises:

A) customize chain identification module (CRM), with include previously by the application program chain of Node registry or determining for micro- chain Chain link processed, wherein when detecting update on the section of the application program chain in first chain emulator in first chain or micro- chain, CRM Notify the rest part of BCHAIN agreement；

B) content is claimed delivering (CCD), is received the CCR by verifying and is sent correlation CCF hereafter to meet request；

C) dynamic strategy adaptation (DSA), management strategy creation module (SCM) are moved by using creative module State generates new policy deployment, and so that the system is via optimisation strategy selection algorithm (OSSA), preferably sophisticated strategies are mixed, Middle new strategy changes according to the input provided is explained by field chaos；

D) the various economic personalities managed at UBEC platform interface (UPI) and by graphic user interface (GUI) Password figure economy exchange (CDEE)；Wherein in the case where personality A, node resource is consumed come the phase only consumed with you Match, as long as wherein personality B consumes resource profit margin as much as possible greater than predetermined value, wherein personality C comes via transaction currency Working cell is paid, wherein node resource is spent as much as possible in the case where personality D, and not by any desired return Limitation, either consumption content or pecuniary compensation；

E) current working status explains (CWSI), determines the node with reference to the economic section of infrastructure of first chain Complete the current surplus or deficit of the aspect of work credit；

F) economically consider that (ECWI) is forced in work, consider selected in the case where work at present surplus/deficit Economic personality, with assessment whether should execute more work at present；And

G) symbiosis recurrence intelligently progress (SRIA), it includes a kind of Trinitarian between the algorithms of different of LIZARD for being Relationship, by understand code purpose come the source code of innovatory algorithm, the generation including their own, simulation virtual iteration I²GE and BCHAIH network, the BCHAIH network are can to run mixing for complicated data-intensive program with a scattered manner The huge network of the node disorderly connected.

Detailed description of the invention

The present invention will be more fully understood with reference to detailed description class in conjunction with the accompanying drawings, wherein:

Fig. 1-2 6 is the key that show information security (CTIS) base being layered by cloud & for being collectively known as CIPR/CTIS Infrastructure protects the schematic block diagram of & punishment (CIPR)；Specifically:

Fig. 1-2 is to illustrate how to provide for being defined as a kind of analysis method of multiple angles explained safely Schematic diagram；

Fig. 3 is shown for safe EI²The encryption safe based on cloud management of (extranet, Intranet, internet) networking The schematic diagram of service architecture；

Fig. 4-8 is the schematic diagram for showing the general introduction of network & security service provider (MNSP) of management；

Fig. 9 is the schematic diagram for showing the actual time safety processing about the encryption safe based on LIZARD cloud；

Figure 10 is to show the exemplary critical infrastructures of information security (CTIS) being layered by cloud & in energy resource system to protect Protect the schematic diagram of & punishment (CIPR)；

Figure 11 is the schematic diagram for showing the invasion of stage 1- initial system；

Figure 12 is the schematic diagram for showing the initial Trojan Horse of stage 2-；

Figure 13 is the schematic diagram for showing the downloading of the advanced executable Malware of stage 3-；

Figure 14 is the schematic diagram for showing the compromise of stage 4- intrusion prevention/prevention system；

Figure 15 is the schematic diagram for showing hacker's expected behavior He practical security response；

Figure 16 is the schematic diagram of the internal authentication protocol access (SIAPA) for the plan that shows；

Figure 17 is the schematic diagram for showing the access of root grade and standard level access；

Figure 18 is the schematic diagram for showing supervision and examining；

Figure 19 is to show iteration intelligence growth/iteration evolution (I²GE schematic diagram)；

Figure 20 is the schematic diagram for showing infrastructure system；

Figure 21 is the schematic diagram for showing crime system, infrastructure system and public basic installations；

Figure 22 and 23 be show foreign code rewrite how from the beginning grammatically duplication foreign code it is potential to mitigate Not detected malice vulnerability exploit schematic diagram；

Figure 24 and 25 is to show recurrence to debug the schematic diagram how to recycle by code segment；

Figure 26 is the schematic diagram for showing the need for mapping matched internal work；

Figure 27-42 is to show to show by what secret intelligence (MACINT) & of machine of the Blinding Operations in cyberspace was punished It is intended to；Specifically:

Figure 27 is the schematic diagram for showing intelligent information management, checking and controlling；

Figure 28 is the schematic diagram for showing the movement by behavioural analysis；

Figure 29 and 30 is the schematic diagram for showing crime system and the punishment for crime system；

Figure 31 and 32 is the schematic diagram for showing the stream of MACINT；

Figure 33 be show MACINT Blinding Operations summarize and crime how the schematic diagram of vulnerability exploit business system；

Figure 34 is the schematic diagram shown for the details for using long-term/depth scan of big data；

Figure 35 is the schematic diagram for illustrating how to search any computer on credible platform；

Figure 36 is to illustrate how to know that the dual or treble agent from credible platform participates in further court investigation Schematic diagram；

Figure 37 is the schematic diagram for illustrating how to be used to credible platform participate in ISP API；

Figure 38 is to illustrate how the safe API for being used to credible platform participate in be provided by software and hardware supplier with loophole Utilize the schematic diagram at the back door of any foundation；

Figure 39-41 is to illustrate how for general and customizable vulnerability exploit to be applied to any and crime computer signal Figure；

Figure 42 is to illustrate how for long-term Priority flag to be pushed to the schematic diagram that crime system is monitored on credible platform；

Figure 43-68 is the schematic diagram for showing the priori Real-time defence (LIZARD) in reasoning zero data library；Specifically:

Figure 43 and 44 is the schematic diagram for showing the Dependence Structure of LIZARD；

Figure 45 is the schematic diagram for showing the general introduction of LIZARD；

Figure 46 is the schematic diagram for showing the general introduction of the main algorithm function about LIZARD；

Figure 47 is the schematic diagram for showing the internal work of static core (SC)；

Figure 48 be show inner core how the schematic diagram of the essential kernel function of mandatory system；

Figure 49 is the schematic diagram for showing the internal work of dynamic shell (DS)；

Figure 50 is the schematic diagram for showing the iteration module (IM) of intelligent amendment, creation and the module on damage dynamic shell；

Figure 51 is the schematic diagram for being shown as the iteration core of main logic of the code iteration for being used in safety improvement；

Figure 52-57 is the schematic diagram for showing the logical process of differential amendment symbol algorithm (DMA)；

Figure 58 is the schematic diagram for showing the general introduction virtually obscured；

Figure 59-61 is the schematic diagram for showing the monitoring virtually obscured and response aspect；

Figure 62 and 63 is the data readjustment for showing all information that tracking uploaded from suspicious entity and be downloaded to suspicious entity The schematic diagram of tracking；

Figure 64 and 65 is the schematic diagram for showing the internal work of data readjustment trigger；

Figure 66 is the schematic diagram for showing data selection, filters out highly sensitive data and makes truthful data and false data Merge；

Figure 67 and 68 is the schematic diagram for showing the internal work of behavioural analysis；

Figure 69-120 is the schematic diagram for showing critical thinking memory & perception (CTMP)；Specifically:

Figure 69 is the schematic diagram for showing the main logic of CTMP；

Figure 70 is the schematic diagram for showing perception angle；

Figure 71-73 is the schematic diagram for showing the Dependence Structure of CTMP；

Figure 74 is the schematic diagram for showing the final logic for handling the intelligent information in CTMP；

Figure 75 is two masters of intuition/perception and thinking/logic for showing assimilation and exporting to the single terminal for representing CTMP The schematic diagram to be inputted；

Figure 76 is the schematic diagram for showing the range of the intelligent thinking occurred in original selection pattern matching algorithm (SPMA)；

Figure 77 was shown for the showing by the CTMP juxtaposed routine SPMA of critical thinking executed via perception and rule It is intended to；

Figure 78 is that the schematic diagram for how generating compared with conventional current rule and correcting rule shown；

Figure 79 and 80 is the schematic diagram for showing perception matching (PM) module；

Figure 81-85 is to show rule syntax derivation/generation schematic diagram；

Figure 86-87 is the schematic diagram for showing rule syntax format separation (RSFS) module；

Figure 88 is the schematic diagram for showing the work that rule realizes resolver (RFP)；

Figure 89-90 is to show the schematic diagram for realizing debugger；

Figure 91 is the schematic diagram for showing rule execution；

Figure 92 and 93 is the schematic diagram for showing sequential memory tissue；

Figure 94 is the schematic diagram for showing non-sequential memory organization；

Figure 95-97 is the schematic diagram for showing memory identification (MR)；

Figure 98-99 is the schematic diagram for showing field interpretation logic (FIL)；

Figure 100-101 is the schematic diagram for showing automatic sensing discovery mechanism (APDM)；

Figure 102 is the schematic diagram for showing raw sensed and generating (RP2)；

Figure 103 is the schematic diagram for showing the logic flow of comparable variable format generator (CVFG)；

Figure 104 is the schematic diagram for showing node comparison algorithm (NCA)；

Figure 105 and 106 is the schematic diagram for showing system metadata separation (SMS)；

Figure 107 and 108 is the schematic diagram for showing meta data category module (MCM)；

Figure 109 is the schematic diagram for showing measurement processing (MP)；

Figure 110 and 111 is the schematic diagram for showing the interior design of perception deduction (PD)；

Figure 112-115 is the schematic diagram for showing perception observer's emulator (POE)；

Figure 116 and 117 is to show the implicit schematic diagram for deriving (ID)；

Figure 118-120 is the schematic diagram for showing self-criticism sex knowledge density (SCKD)；

Figure 121-165 is the schematic diagram for showing vocabulary objectivity and excavating (LOM)；Specifically:

Figure 121 is the schematic diagram for showing the main logic that (LOM) is excavated for vocabulary objectivity；

Figure 122-124 is the schematic diagram for showing the artificial intelligence service provider (MAISP) of management；

Figure 125-128 is the schematic diagram for showing the Dependence Structure of LOM；

Figure 129 and 130 is the schematic diagram for showing the internal logic of initial query reasoning (IQR)；

Figure 131 is the schematic diagram for showing investigation clarification (SC)；

Figure 132 is to show the schematic diagram for asserting construction (AC)；

Figure 133 and 134 is the schematic diagram for showing the interior details how level mapping (HM) maps；

Figure 135 and 136 is the schematic diagram for showing the interior details that rationality appeals (RA)；

Figure 137 and 138 is the schematic diagram for showing the interior details that center knowledge retains (CKR)；

Figure 139 is the schematic diagram for showing automation research mechanism (ARM)；

Figure 140 is the schematic diagram for showing style scanning (SS)；

Figure 141 is to show the schematic diagram for assuming covering system (AOS)；

Figure 142 is to show intelligent information & configuration management (I²CM) and management console schematic diagram；

Figure 143 is the schematic diagram for showing personal intelligent profile (PIP)；

Figure 144 is the schematic diagram for showing life supervision & automation (LAA)；

Figure 145 is the schematic diagram for showing behavior monitoring (BM)；

Figure 146 is the schematic diagram for showing ethics right of privacy law (EPL)；

Figure 147 is the schematic diagram for showing the general introduction of LIZARD algorithm；

Figure 148 is the schematic diagram for showing iteration and intelligently growing；

Figure 149 and 150 is the schematic diagram for showing iteration evolution；

Figure 151 and 154 is the schematic diagram for showing creative module；

Figure 155 and 156 is the schematic diagram for showing the LOM for being used as personal assistant；

Figure 157 is the schematic diagram for showing the LOM for being used as research tool；

Figure 158 and 159 is the schematic diagram for showing LOM and utilizing proposed theoretical benefit and disadvantage；

Figure 160 and 161 is to show the schematic diagram that LOM is the manufacture of diplomatic maneuvres war game implementation strategy；

Figure 162 and 163 is the schematic diagram for showing the newspapers and periodicals task that LOM executes investigation property；

Figure 164 and 165 is the schematic diagram for showing LOM and executing history verifying；

Figure 166-179 is to show safety and the schematic diagram effectively towards digitized language LAQIT；Specifically:

Figure 166 is the schematic diagram for showing the concept of LAQIT；

Figure 167 is the schematic diagram for showing major type of available language；

Figure 168 and 169 is the schematic diagram for showing the linear model of LAQIT；

Figure 170 and 171 is the schematic diagram for showing the characteristic of atomic mode；

Figure 172-174 is the schematic diagram for showing the general introduction of encrypted feature of atomic mode；

Figure 175 and 176 is the schematic diagram for showing the mechanism for redirecting bonding；

Figure 177 and 178 is the schematic diagram for showing the mechanism of radioactivity element；And

Figure 179 is the schematic diagram for showing the molecular pattern of encryption enabled and streaming；

Figure 180-184 is the summary for the front end for showing UBEC platform and being connected to distributed information distribution system BCHAIN Schematic diagram；Specifically:

Figure 180 be show include and run BCHAIN enabling application program BCHAIN node schematic diagram；

Figure 181 is the schematic diagram for showing the core logic of BCHAIN agreement；

Figure 182 is the schematic diagram for showing the dynamic strategy adaptation (DSA) of management strategy creation module (SCM)；

Figure 183 is the schematic diagram for showing the password figure economy exchange (CDEE) with various economic personalities；

Figure 184 is the schematic diagram for showing symbiosis recurrence intelligence progress (SRIA).

Specific embodiment

The critical infrastructures protection & punishment (CIPR) for the information security (CTIS) being layered by cloud &。

How the definition that Fig. 1-2 shows the multiple angles explained safely provides as a kind of analysis method.In attached drawing In label 1, network have been established form the figure of invader and bad actor using beacon and spy.When such figure/data Library and complicated prediction algorithm match clock synchronization, and threatening before potential crime just will appear.I²GE utilizes big data and Malware label Whose factor name identification to determine.Safety behavior 20, which stores, forms security incident, its precedent for influencing and suitably responding.In this way Appropriate response can be criticized by CTMP 22 (critical thinking, memory, perception) as the supplemental layers of safety.What appended drawing reference 2 referred to It is which assets is among risk, may cause which potential damage.Example: hydroelectric generation dam can make its all gate It opens, this eventually submerges neighbouring village and leads to the loss of life and property.Infrastructure DB 3 refer to comprising about It is related to public or private company sensitive and non-sensitive information the Universal Database of national basis facility staff.Infrastructure 4 Control the potential skill for controlling industrial infrastructure equipment (electric power watt on dam flood-discharge lock, national grid etc.) Art, number and/or mechanical measure.Appended drawing reference 5 analyzes business model with the time of the potential blind spot of protrusion.Such attack is held very much It is easily blinded to merge and to be hidden under legitimate traffic with legitimate traffic.Whether the problem of asking is: having any Politics/finance/sport/other events may be the interested point of bad actor.The network of the external spy of credible platform is reported Activities of hacker and preparation.Therefore it can estimate attack opportunity.In appended drawing reference 6, the problem of asking is: who is possible quilt The enterprise of more weak tendency as target of attack? the enterprise of which type may in given geographical location weak tendency? their most fragiles Assets/control what is and to protect their best means be what.The network of the external spy of credible platform returns to report Accuse activities of hacker and preparation.Therefore can estimate to attack position.In appended drawing reference 7, the problem of asking, is: depositing in the world This attack can be subsidized and instigated in what kind of geopolitical, enterprise and financial pressure.Who can benefit from it and by How much is benefit.The network of the external spy of credible platform returns to report activities of hacker and preparation.Therefore it can estimate that attack is dynamic Machine.In appended drawing reference 8, the problem of asking is: what the potential vulnerability exploit point of Malware and place of hiding oneself be.How to make Key Asset and infrastructure control point are endangered with these blind spots and the access point that do not strengthen.LIZARD 16 can be from external Purpose and function are exported in code, and therefore there are malicious intent or without preventing it in the case where lawful cause.CTMP 22 can consider to Being Critical prevention/approval decision and serve as safe supplemental layers.

Fig. 3 is shown for safe EI²The encryption safe clothes based on cloud management of (extranet, Intranet, internet) networking Business framework.The network security service provider (MNSP) 9 of management is to critical infrastructures industry section (such as energy, chemistry, core, water Dam etc.) encryption safe, the connectivity & compliance solution & service of management are provided.Credible platform 10 is by shared safety Information and service and from the set of verified company and system benefited each other.Hardware & software supplier 11 be hardware/ The manufacturer (such as Intel, Samsung, Microsoft, Symantec, apple etc.) of the industry identification of software.In the present specification, They to credible platform 10 provide to the access of its product and/or any potential measure of vulnerability exploit, make it possible to Limited or sufficient ability carries out back door access.This has been carried out may collaboration partner and joint Ministry of State Security to credible platform The potential safety and/or punishment process of door cooperation, it is desirable to make laws.Virtual Private Network (VPN) 12 is a kind of industrial standard skill Art realizes safety and overall separation communication between MNSP 9, credible platform and their association partner.Extranet Allow almost to share digital element, just as they are located near same local (such as LAN).Therefore, both technologies In conjunction with the efficiently communication with safety between affiliate is promoted, to enhance the operation of credible platform.Security service provider 13 It is to provide public and/or private company the set of security strategy and solution.Their solution/product be with Form of treaty tissue, so that credible platform can be from raw security information (such as new malware signature) and safety analysis Middle benefit.This increase of security intensity and then security service provider oneself is made to be benefited because they can obtain it is additional Security tool and information.It is that the mutual of security information shares that (such as new malice is soft that third party, which threatens intelligence (3PTI) feeding 14, Part signature).Credible platform serves as the concentration hub of transmission, reception and this security information of assimilation.In multiple feedings of information In the case where, the analysis module (such as conspiracy detection 19) that can be cooperated via identifying information obtains more advanced security-related Behavior pattern (by utilize security service provider).Law enforcement agency 15 refers to relevant law enforcement authority, either state (such as FBI) or international (such as INTERPOL) of (such as NYPD), country.Establishing communication is to send and receive peace Full information, to promote or complete the punishment to crime hacker.This punishment usually requires positioning and arrests suspect appropriate, and They are tried in related law court.

Fig. 4-8 is the network & security service provider (MNSP) 9 of management and the general introduction of internal submodule relationship.LIZARD 16 analyze the threat of their own without reference to prior historical data.Manual security threatens (AST) 17 to provide For test safety regulation validity hypothesis security scenario.Security threat is consistent in seriousness and type, with Significant comparison to security scenario is just provided.Creative module 18, which executes, intelligently to be created newly from previous input form The process of mixed form.As card module for serving polyalgorithm.Conspiracy detection 19, which provides, pacifies multiple ' conspiracys ' The general context inspection of total event, and attempt to determine the mode and relevance between the security incident for seeming unrelated.Safety behavior 20: event and its security response and speciality are stored and are worked out index so as to for future Query.I²GE 21 is the big number of MNSP 9 According to, retrospective analysis branch.In the signature following function of standard, it can be imitated by the AST using creative module The future potential variation of true Malware.CTMP 22 is using from multiple sources (such as I²GE, LIZARD, credible platform etc.) Cross reference intelligence, and understand to perception and reality expectation.CTMP estimates that oneself forms objective decision to an affairs Ability, and avoid asserting the decision made with internal low confidence.Management console (MC) 23 be the mankind be used to monitor and The intelligence interface of control complexity and automanual system.Intelligent information & configuration management (I²CM) 24 process comprising control information And the types of functionality that authoring system utilizes.Energy network exchange 25 is to connect energy supplier, manufacturer, buyer etc. One large-scale private extranet.This allows them to exchange security information related with their common industry.Energy network Then exchange is conveyed to MNSP cloud 9 via VPN/ extranet 12.Such cloud communication allows bidirectional safe to analyze, and 1) will wherein Important security information data are supplied to MNSP cloud from energy network exchange, and 2) act important safe correction from MNSP Cloud is supplied to energy network exchange.All EI of energy company²(extranet, Intranet, internet) networking service always via VPN 12 routes to MNSP cloud.The certification & encryption that MNSP is utilized for all services abide by country (specific country, such as FedRAMP, NIST, OMB etc.) international (ETSI, ISO/IEC, the IETF, IEEE etc.) standard of & and security requirements (such as FIPS Etc.).Intranet 26 (the layer 2/3VPN of encryption) maintains the secure inner connection in enterprise (energy company) private network 27.This LIZARD scaled-down version client 43 is allowed to operate in enterprise infrastructure, while can be with LIZARD present in MNSP cloud 9 Cloud 16 communicates.The local node of the expression private network of appended drawing reference 27.Such private network, which exists, provides multiple positions (label For position A, B and C).Different technological infrastructure settings can reside in each private network, such as server cluster (position C) or shared employee office with mobile device connect (position A) with private WiFi.Each section of private network Point is all with the management console (MC) 23 of distributed own.Portable media device 28 is configured to secure connection to private It is connected to Intranet 26 with network and therefore by extension, and therefore they are indirect via secure vpn/extranet connection 12 It is connected to MNSP 9.During using the secure connection, all business are all routed via MNSP, so as to sudden and violent to the maximum extent It is exposed to the real-time and retrospective safety analysis algorithm of deployment.Such portable device can keep the secure connection, either It is from the inside of the private network of safety or the WiFi access of public cafe.Demilitarized zone (DMZ) 29 is comprising HTTP The subnet of server, HTTP server have safety responsibility more higher than common computer.The safety responsibility of server does not go out Complex software and hardware composition in neglect of safety, but due to public server.Although adding due to having use up maximum effort Strong security, but still there are many potential points of attack, so the server is placed in DMZ, so as to private network (position Set C) remainder be not exposed to such safety responsibility.Due to this separation, HTTP server can not with not in DMZ Private network inside other equipment communication.Due to being mounted with DMZ on HTTP server, so LIZARD scaled-down version client End 43 can operate in DMZ.There is exception in DMZ strategy, so as to the accessible HTTP server of MC 23 and therefore accesses DMZ.Scaled-down version client is communicated via the encrypted tunnel formed from event 12 and 26 with MNSP.In appended drawing reference 30, these Server is isolated in private network, but is not immersed in DMZ 29.This allows the inside of the equipment in private network Communication.Each of which has the separate instance of LIZARD scaled-down version client 43 and is managed by MC 23.Internet 31 By coherent reference, because it is the information transmitting between MNSP 9 and the business equipment 28 for running LIZARD scaled-down version client Medium.Internet is the source that business equipment is most susceptible to security threat, rather than is originated from the local situation of local area network (LAN) It threatens.Because of high security risk, all information transmitting in each equipment all can be routed to MNSP as agency.From mutual The potential bad actor of networking will can only see the information encrypted due to the VPN/ external connection web frame 12 in appropriate location. Third party threatens intelligence (3PTI) feeding 32 to indicate to be provided by third party and is tuned according to the customization of previous existing contractual obligation Information input.Iteration evolution 33: parallel evolving path is mature and is selected.Iteration adapts to identical artificial safe prestige from generation to generation It coerces (AST), and the path with optimal personality trait is terminated with the security threat for resisting most serious.Evolving path 34: actually The series of rules collection generation for including and isolating.Evolution characteristic and criterion are limited by this path personality X.

Fig. 9 shows the actual time safety processing about the encryption safe based on LIZARD cloud.Grammar module 35 is to read & to write Computer code provides frame.For writing；Complex format purpose is received from PM, generation is then write with arbitrary code grammer Code, then the arbitrary code can be translated into true executable code (depending on desired language) by help function.For reading It takes, provides the grammar explanation of code for PM to export the purpose of the function of such code.Purpose module 36 uses grammar module 35 to export purpose from code with the such purpose of ' complicated purpose format ' output of own.Such purpose should be abundant Ground description is such as by the expectation function (even if the code is in concealed embedding data) of the SM code block explained.Virtually obscure 37: Enterprise network and database are cloned in virtual environment, and sensitive data is replaced by false (vacation) data.According to target Behavior, environment can include more true elements of more false elements or whole system by dynamic change in real time.Letter Number simulation 38 provides a kind of punishment form usually used when having obtained the analysis conclusion for virtually obscuring (protection).Signal imitation The communication grammer of Malware Yu its hacker is understood using grammar module.Then it kidnap as communicate to Malware to The impression to make mistake, i.e., it sensitive data is successfully sent back to hacker (even if it is destined to the virtual illusion of hacker False data).True hacker sends the error code of Malware also by LIZARD, so that it is appeared to from malice Software.This can be by the debugging tangent line of the time of hacker and resource transfers to mistake, and finally with the print of its idle mistake As the Malware in walking off from one's job.Internal consistency checks that 39 check that the institute of foreign code is functional all meaningful.Really It protects there is no one section in the internal code inconsistent with the purpose of entire foreign code.Foreign code rewrites 40 and uses grammer and mesh Module by foreign code drop at complicated purpose format.Then it constructs code set using derived purpose.This ensures The purpose of foreign code that is desired and understanding is only carried out in enterprise, and any unexpected function execution cannot all obtain Access to system.Concealed code detection 41 detects the concealed code being embedded in data & transmission grouping.Need to map matching 42 It is the hierarchical structure for the mapping for needing & purpose and is referenced to determine the overall goal whether foreign code adapts to system. LIZARD scaled-down version client 43 is to omit the LIZARD journey of heavy resource function (such as virtually obscuring 208 and signal imitation) The lightweight version of sequence.It by using without using signature database be used as with reference to objective prior threat analysis come with the smallest Computer resource utilization rate executes instant and real-time threat assessment.With log 44, energy company's system 48 With multiple log creation points, standard software mistake/access log, operating system log, monitoring probe etc..Then by this A little logs are fed to local mode matching algorithm 46 and CTMP 22, to carry out the safety analysis of depth and responsiveness.Have In the case where business 45, all inside and outside business are by industrial standard present in energy company's local mode matching algorithm 46 Software composition, this software provides the initial safe layers of such as anti-virus, adaptive firewall etc..

Correction movement 47 will be held by being initially understood to solve safety problem/risk local mode matching algorithm 46 Load.This, which may include, prevents port, file transmitting, management function request etc..Its system 48 and Special safety are calculated by energy company Method separates, which also sends its log and business information.This is because these algorithms, LIZARD 16, I²GE 21 and CTMP 22 is all based on MNSP cloud 9.There is this separation to provide the database model of centralization, which results in bigger It secure data/trend pond and therefore more fully analyzes.

In case of fig. 11, crime system scanning for into goal systems can vulnerability exploit channel.If possible If, it can damage the channel for delivering a small amount of payload.Crime system 49 is used to by robber crime side to affiliate System 51 and the therefore final initiation of infrastructure system 54 malware attacks.Malware source 50 is malicious code (malice Software) inactive form container.Once code eventually arrives at (or attempting to reach) target infrastructure system 54, malice is soft Part is just activated to execute the malice task of its specified or on-demand execution.Affiliate's system 51 is according to infrastructure company Contract agreement between (energy company) and cooperative venture is interacted with infrastructure system.Such agreement reflects certain business The exchange of interests, such as supply chain management service or inventory tracking.In order to realize the service decided through consultation, both sides are according to the peace previously decided through consultation Full standard electronically interacts.The Malware source 50 for representing the malicious parties of operation crime system 49 attempts in cooperation partner With vulnerability exploit of the discovery for infiltration in system.In this way, Malware will reach infection (i.e. infrastructure system 54) Final goal.In this way, buddy system has been used for acting on behalf of course of infection from Malware source 50.In buddy system 51 and base In many communication channels between Infrastructure system 54, the Malware which is originated from Malware source 50 is damaged Evil.It uses channel/agreement 53: communication channel not yet impaired between affiliate's system 51 and infrastructure system 54 is shown. These channels may include file system connection, database connection, Email routing, VOIP connection etc..Infrastructure system 54 be the key element of the operation of the direct access infrastructure DB 57 of energy company and infrastructure control 56.Industrial standard Intrusion prevention system 55 is implemented as the security procedure of standard.Infrastructure control 56 is attached to equipment related with the energy Digital interface.For example, this may include the opening and closing of the water flow gate in Hydropower Dam, solar panel array is directed toward Angle etc..Infrastructure database 57 includes related quick with the entire core operation of infrastructure system and energy company Feel information.Such information may include contact details, employee track in shifts, energy device file and blueprint etc..

In case of fig.12, impaired channel 52 provides very narrow window of opportunity for vulnerability exploit, therefore very Simple Trojan Horse is uploaded to goal systems to extend vulnerability exploit chance.Trojan Horse 58 is originated from Malware source 50, it is advanced by impaired channel 52, and reach its target (i.e. infrastructure system 54).Its purpose is to open to pass through leakage Hole utilize and provide chance, so as to install on the target system advanced executable Malware payload (it more It is complicated and include the actual malice code for stealing data etc.).

How Figure 13 shows after the Trojan Horse further vulnerability exploit system via being created by Trojan Horse New open channel safely uploads to large size executable Malware grouping in system.Advanced 59 quilt of executable Malware It is transferred to basic system 54 and therefore sensitive database 57 and control 56.Advanced executable Malware use is by previous special Lip river The digital path that the vulnerability exploit of her wooden horse is opened up reaches its destination.

Figure 14 shows how advanced executable Malware 50 damages ID so that sensitive infrastructure information and control Point can be downloaded to discretely on not detected crime system.Hacker's expected behavior 60, hacker 65 have managed to be had There is the trusted voucher of the employee of company of legal authorization access credentials.Hacker intends to be obtained using these vouchers to intention only for employing The careful and inconspicuous access for the local area network that member uses.Hacker intends the security response for surmounting typical " very little, too late ".I.e. Endpoint security client is set to try for data to be relayed to cloud security service, retrospective analysis security solution can only also manage damage Bad control, rather than eliminate and managed from the threat initially invaded in real time.In the case where having practical security response 61, LIZARD scaled-down version client (being used for endpoint use) can not the clear proof needs that bright voucher logs in fact and system access uses, function And purposes.Because it have no knowledge about this whether be really voucher predetermined and legitimate user, user be placed in partial virtual/ In false environment.Such environment can analyze the exposure real-time dynamicly changed when the behavior of user to sensitive data.Row It is all existing element in 64 the two of LAN infrastructure that is true and virtually cloning based on his interaction to hacker for analysis 62 65 execution.In the case where having impaired voucher 63, hacker obtains authorization, and he is managed to energy company's portable computer 28 and LAN infrastructure 64 that therefore portable computer is configured to connect to access voucher.Firstly, these vouchers It may be damaged due to Email, the unencryption business equipment etc. for stealing the voucher being locally stored of intercepting and capturing unencryption. LAN infrastructure 64 indicates a series of business equipments connected via local network (wiredly and/or wirelessly).This may include beating Print machine, server, tablet computer, phone etc..Entire LAN infrastructure is virtually rebuild (virtual router in MNSP cloud 9 IP distribution, virtual printer, virtual server etc.).Then, when system process performing analysis 62, hacker is exposed on really In LAN infrastructure and the virtual element for cloning both versions.If the result of this analysis indicates risk, hacker is to vacation The exposure of infrastructure (opposite with practical basis facility) just will increase, to reduce truthful data and/or the damaged wind of equipment Danger.Hacker 65 is intended to the initial invasion via impaired authority 63 enabling to access and steal the bad actor of sensitive information. With code-set 66, one group of three password of distribution are accessed to authentication.These passwords never can be independent Storage, and occur always as a set.Employee must input these three passwords according to the agreement temporarily distributed from SIAPA Combination.In the case where having planned internal authentication protocol access (SIAPA) 67, the certification of the login portal of individual employee Agreement weekly/every month can all be modified.Such agreement can be that (they, which have been allocated in advance, is used for from one group of password A, B and C Certification) in select password A and C.By arranging certification change first day of month (each Monday or) on a consistent basis, Employee will get used to switching authentication protocol, this will minimize false positive event (when legal employee using old agreement and is trapped in falseness When in data environment 394).In order to offset the risk for the new agreement damaged by hacker, which can only be in their new agreement quilt It checks primary before destroying and can not be examined.It is for the first time also uniquely to check to need special dual factor anthentication, it is all Such as bio-identification/retina/to the short message of mobile phone.Employee need to only remember one or two letter, these letters indicate that he answers Which of three passwords of the input.For the 1st week 68, any content inputted other than only password A and B all will triggering False data environment 394.For the 2nd week 69, false data will all be triggered by inputting any content other than only password A and C Environment.For the 3rd week 70, false data environment will all be triggered by inputting any content other than only password B.For the 4th week 71, false data environment will all be triggered by inputting any content other than all passwords.At SIAPA 72, authentication protocol is Secrecy, anyone for being only able to access that interim notice knows correct agreement.It is virtually cloned in 73 in LAN infrastructure, Since hacker 65 has input all three passwords, rather than correct password is omitted, so hacker 65 is voicelessly transferred to In the copying surroundings for not including significant data or function in MNSP cloud 9.Think oneself successfully to have penetrated into very in hacker While real system, court evidence and behavioural analysis are had collected.For case scene, ' Error Protocol used ' 74, hacker does not have Using correct agreement, because he has no idea to know, needless to say hacker omits specific cryptosystem even without expecting to exist Special agreement.At appended drawing reference 75, hacker has sought to steal validation certificate, and intends to log in Corporation system and steal Sensitive data.Enterprises superintendent office 76 is made of administration committee and Technology Command Center.It is monitoring and approval/prevention The top layer of potential malicious act.Employee B and D 77 is not robber's (they are loyal to the interests of enterprise completely) and has been chosen as Ratify the qualified employee of root grade function 80 cooperated three times.Employee A 78 is not selected for cooperative process 80 three times.This can Can be because he it is no it is enough the experience of company work, technical experience, previous conviction or he be other employees mistake In close friend, this may result in the conspiracy to company etc..Employee C (robber) 79 attempt to access that purpose from malevolence and Root grade function/action of execution.Such root grade function 80 cannot be in the employee without three with individual root grade access authority Agreement and approval is lower executes.Although employee C is only one employee with malicious intent, all three employees are right The result for executing this grade function bears same responsibility.Which results in a kind of culture with suspection with caution, and due to right The foresight of program seriously prevents the malicious act of employee first.Employee E and F 81 is not selected for cooperating three times Process 80, because they execute without root grade access authority or ratify first requested grade function.Supervision examines 82 Requested action is examined and criticized using the time provided by artificial postpone.Root grade action 83 is delayed by 1 hour, to give Superintendent office's examination acts and clearly ratifies or prevent the chance of the movement.It can not or be not useable for making decisions in superintendent office In the case where, strategy can limit default-action (ratify or refuse politely).Supervision examines that 84 have determined why be not carried out unanimously What the reasons why agreeing to decision be.For performed root grade movement 85, when by cooperating and supervising monitoring system, in safety Ground maintenance executes the movement of root grade while having approved who what record.In this way, if root grade the result of the action violates company Maximum benefit can then extend detailed investigation.At appended drawing reference 86, due to cooperating failure (agreement of not reaching an agreement three times Decision), the movement of root grade has been cancelled.At appended drawing reference 87, all three selected employees all one with root grade access authority It causes to agree to approval root grade movement.If the movement of root grade is actually malice, all three employees is just needed all to become anti- To the part of the conspiracy of company.Due to it is this be less likely but still there are a possibility that, root grade movement be delayed by 1 hour 83, and superintendent office has an opportunity to examine it (see appended drawing reference 76 and 82).At appended drawing reference 88, it has been selected as One or more of qualified employee cooperated three times /had rejected the movement of requested grade.Therefore root grade movement 89 itself are cancelled, and root grade movement 89 is cancelled, because of the decision for agreement of not reaching an agreement.Evolving model database 90 wraps Containing security risk mode previously found and processed.These modes list the current Malware that evolution may be transformed into The potential means of state.Malware root signature 91 is provided to AST17, so as to form iteration/variant of signature 91.It will The polymorphie variant 92 of Malware is provided as from I²The output of GE, and it is transferred to malware detection system 95.Basis Facility system 93 physically belongs in the premise of infrastructure.The usual management infrastructure function of the system, such as power station, Power network etc..Infrastructure computer 94 is executed so that the function that the infrastructure function from system 93 is carried out Or the certain computer of the part of function.Malware detection software 95 is deployed in all three grades of computer composition. This includes user's space 97, kernel spacing 99 and firmware/hardware space 101.This is every in three grades corresponding to being specially deployed to The malware detection deployment executed on a grade of Lizard scaled-down version spy.In driver (it is present in kernel spacing 99) In have found the form of Malware 96 via 34 iteration of evolving path.User's space 97 applies journey for mainstream developer Sequence.It is easiest to the space of infiltration Malware while being also the space being easiest to for being used to detect and be isolated Malware.It is all User's space activity is all effectively monitored by LIZARD scaled-down version.Application program 98 in user's space may include such as The program of Microsoft Office, Skype, Quicken etc..Kernel spacing 99 be mostly by operating system supplier (such as Apple, Microsoft and Linux foundation) it safeguards.Although being more difficult to permeate than user's space, unless corresponding infrastructure passes through Kernel modifications are crossed, otherwise most of responsibility belongs to supplier.All interior nuclear activities (including registry change (Microsoft OS), memory management, network interface management etc.) all effectively monitored by LIZARD scaled-down version.Driver 100 sets basis Applying computer 94 can interact with peripheral equipment and hardware (mouse, keyboard, fingerprint scanner etc.).Firmware/hardware space 101 are safeguarded by firmware/hardware supplier completely.Extremely difficult infection in the case where not direct physical access hardware of Malware is (i.e. Old BIOS chip is removed from mainboard and in new one upper welding).Certain firmware activities are supervised by LIZARD scaled-down version Depending on, this depends on hardware configuration.BIOS 102 (a type of firmware) is that operating system is soft from the first layer constructed thereon Part.Public basic installations 103 refer to unknown and potential impaired number basis facility (ISP router, fiber optic cables etc.).Between Spy 104 is implanted by their the known description (port, protocol type etc.) for participating in being stored in credible platform database On public basic installations and monitor known readjustment channel.Spy checks heartbeat signal and notifies that credible platform is soft using malice Part source.In the case where having automatic discovery and installation scaled-down version client 105, LIZARD cloud detection in MNSP 9 is not to having The point-to-point system (such as portable computer) of signal response (shaking hands) is provided to LIZARD.Endpoint will be synchronous in discovery, and Pass through I²CM 24 classifies.Therefore, LIZARD cloud (via the long-range root shell of SSH) detects Lizard scaled-down version client 43 It is not mounted/activation, and by the way that it forces the installation of client 43 and ensures that it is correctly activated using root shell.Malware It is because being fitted without scaled-down version client 43 on access device that 106A, which is initially entered,.Scaled-down version client 43, which is almost mounted on, is Each of on system in possible example, needless to say all business being transferred into and out are all by the inclusion of the road MNSP of LIZARD cloud By.In the case where utilizing 107 with initial compromise, before it can establish concealed readjustment channel 106B, integrally examined with it Survey and potentially prevent the initial solid of vulnerability exploit.Channel 106B is that Malware 106B and its basis carry out distributed communication One fuzzy communication path.This may include masking signal to make it appear that legal http or https application program industry Business.Extensive supplier 108 provides valuable resource, such as to software, hardware, firewall, service, finance and key foundation The concealed access of facility, to allow spy 104 to be implanted in public basic installations 103.Heartbeat signal is via readjustment channel 106B is issued with specific size and frequency by Malware with aturegularaintervals, and is directed to it via concealed readjustment channel Origin/loyalty source.The signal designation enable Malware source 50 determine following vulnerability exploit and coordinate attack its State/ability.Such Malware source-representation has the tissue of hacker's ability of malicious intent；Either black hat group Or country-state government.The LIZARD run in MNSP cloud 9 detects Malware 106A and heartbeat signal (in channel Inside 106B) because all, to be transferred into and out business all be to be routed via vpn tunneling by MNSP cloud/Lizard.

Figure 22 and 23 shows foreign code and rewrites to replicate foreign code grammatically how from the beginning to mitigate potentially Not detected malice vulnerability exploit.Combined method 113 is by the purpose 112A of statement (if applicable, according to business strategy 147 it can be optionally) be compared and match with derived purpose 112B.Complicated purpose is manipulated using purpose module 36 Format, and realize matching or mismatch case scene that result obtains.In the case where having export purpose 112B, mapping is needed The jurisdiction of all enterprises' needs is safeguarded with hierarchical structure is kept.Therefore, the purpose of code block can be defined and prove to close Reason, this is depended on jurisdiction the vacancy needed to map in 114 that orients.Input purpose 115 is recurrence debugging process (its benefit With purpose & grammar module) introducing.Merge multiple introducings (such as purpose), each purpose input one list of initialization Only and parallel instances.Last safety inspection 116 is checked using ' reason ' that grammer 35 and 36 module of purpose carry out more purposes, to protect Any vulnerability exploit point in shield programming, and final output 117 is transferred to VPN/ extranet 12.

Figure 24 and 25 show recurrence debugging 119 how to be recycled by code segment so as in possible local test errors and Application error repairs 129 (solutions).If mistake exists, it is original (external) that entire code segment, which is replaced 123, Code segment 121.Source code section is then labeled to promote added layer of security (such as virtually obscure and behavioural analysis).Having In the case where having foreign code 120, the reset condition of code by for code rewriting purpose module 36 and grammar module 35 It explains.Because needing to install original (external) code segment there are permanent error in rewritable versions, by debugger Directly refer to foreign code 120.122 section 121 of re-written code is tested by environment 131 when virtual operation to check code error 132.Such environment 131 executes code segment 121 (such as function and type), and checks run time error (syntax error, buffering Area's spilling, function call of mistake etc.).Any code error is handled to be repaired.There is the case where code error 132 Under, the mistake that is generated in environment when being defined on virtual operation in range and type.All correlative coding details are provided to promote Solution.With purpose alignment 124, the potential solution for code error 132 is by from this way Function and the purpose of type code is exported again to formulate.The range of code error is rewritten with alternate formats to keep away Exempt from such mistake.Potential solution is exported, and without solution is retained, is then lost to the code segment 121 code rewriting and the source code section (directly from foreign code) is concentrated use in final code.Usually coding is wrong Accidentally 132 Coding Project 138 will be repeatedly received in a cycle.If all Coding Projects were all as solution should Mistake 132 and use up；It then loses 137 solutions and uses original foreign code section 133.Code segment 121 can be labeled 136 to be external in order to such as virtually obscuring and the decision of the additional security measure of behavioural analysis etc.For example, if weight The code block write includes the foreign code section of high level, then is easier to place it in false data environment 394.Away from code Section cache 130 in the case where, individual code section (function/type) be cached and by across multiple rewrite operations again Using to increase LIZARD cloud resource efficiency.The cache is limited or highly-utilized, because all business are all via at cloud VPN is concentrated.With re-written code section provider 128, provide the code segment 121 previously rewritten so that Its respective solution 129 can be applied to it by code error.

Figure 26 shows the need for the internal work of mapping matching 114, verifying purpose jurisdiction.LIZARD cloud and scaled-down version ginseng Examine the level mapping 150 of jurisdiction branch of enterprise.This is done to prove that code/functional purpose is reasonable, and do not having Such code/function is potentially prevented in the case of effect reasonable ground.No matter input purpose 139 be required or export (via Purpose module 35), need to map the reasonable ground that all Validation Code/functions of matching 114 execute in business system.Level mapping 150 primary copy is stored on the LIZARD cloud in MNSP 9, is stored on the account of corresponding registered enterprise.Need mapping With in 114 to need to index 145 calculated by reference to primary copy.Then, pre-optimized need to index (and not Hierarchical structure itself) it is distributed between all addressable endpoint client ends.It needs to map matching to receive to whole system most What is suitably needed needs to request 140.Corresponding output is the complicated purpose format 325 for indicating suitably to need.With need criterion+ Priority filtering 143, and needs appropriate are searched in business strategy 147.The each jurisdiction of such tactful 147 regulation can Can have the type and classification of some need.The range needed may come from E-mail communication, software installation needs.Strategy 147 determine that is to need priority according to enterprise.According to definition associated with each branch, portion corresponding to they is needed Door is associated.In this way, scope check can be executed.Example: needing to map the request that matching approval HR downloads all employee CV, because To be when carrying out annual review to employee performance according to the ability of employee now.In the case where having initial parsing 148, Each jurisdiction branch is downloaded for needing to refer to.In the case where calculating branch's needs 149, basis and each point are needed The associated definition of branch department corresponding to they is associated.In this way, scope check can be executed.Example: it needs to map matching batch Quasi- HR downloads the request of all employee CV, because being according to the jurisdiction limited in level mapping 150 now to employee performance When carrying out annual review.

Pass through secret intelligence (MACINT) the & punishment of the machine of the Blinding Operations in cyberspace

Figure 27 shows intelligent information management, checks and control.Polymerization 152 filtered out using general purpose grade criterion it is inessential and The information of redundancy, while merging and marking the information flow from multiple platforms.Configuration & deployment services 153 are that have for disposing New spectra networked asset (computer, portable computer, mobile phone) interface of correct security configuration and connectivity setting.? After equipment is added and is arranged, it can be adjusted therewith via having the management console controlled as internuncial management feedback It is whole they.The service also manages the deployment of new client/client user account.This deployment may include hardware and user account Association, the customization of interface, client/client variable list (such as type of service, product type etc.).Pass through jurisdiction 154 separation, exclusively according to the related jurisdiction of management console user come the information pool of separation marking.It is threatened passing through 155 come in the case where separating, according to each threat come organizational information.Each type of data otherwise with threaten be associated with (this add Superfluous words) or be removed.At the stage for the process for being marked as intelligent contextualized 156, remaining data seem now As group of islands, each island are a network security threats.In order to keep safety analysis more mature, closed between platform Connection.Historical data is (from I²GE 21 rather than LIZARD 16) it is accessed to understand Threat Model, and CTMP be used to criticize Property thinking analysis.Have threaten predicament management 157 in the case where, network security threats be from get a bird's eye view visual angle (big picture) sense Know.Such threat is passed on management console to present for figure.Because related with threat mechanism counted The measurement result of calculation finally merges from multiple platforms；So can be performed automatically more informed Threat Management decision.It automatically controls 158 indicate to be used to control the algorithm accesses with the related management of control of MNSP 9, TP, 3PS.Management feedback control 159 provides The advanced control of the additional service based on third party's service (3PS) of all MNSP clouds, credible platform 10, the service can be used to Promote make decisions, collect evidence, threatening investigation etc..Such management control is finally embodied in management console (MC), is had There is customizable visual aid appropriate and efficiency is presented.This allows direct from individual interface (it can amplify details as required) Whole system (MNSP, TP, 3PI) is control effectively and manipulated.Manually control 160 expressions be used to control MNSP 9, TP, The artificial access of the management relevant control of 3PS.Directly management 161 provides human interface using manually controlling.With classification In the case where jurisdiction 162, the user for managing console, which uses, limits their jurisdictions and range to information classification access Their logging on authentication.All potential data vectors 163 are all running data, in static data & use Data.Customized visual aid 164 for each business enterprice sector, (drape over one's shoulders by accounting, finance, HR, IT, law, safety/control general, privacy/ Dew, labour union etc.) and stakeholder staff, manager, the administrative personnel of department (each corresponding) and third party partner, hold Method authorities use.Integrated single-view 165 is such as monitoring, log recording, report, event correlation, alarm processing, strategy/rule Collect creation, correction movement, the use and third party's service of algorithm optimization, service provision (new client/modification), credible platform The list of all potential abilities of (including receiving report and alarm/log etc. from third party service provider & supplier) etc A view.Unified view 165 in all aspects to safety 165 is the set of a visual aid, it indicate circumference, enterprise, Data center, cloud, removable media, mobile device etc..Network security team 167 is a qualified professional team, he Monitor straddle multiple systems activity and state.Because making the Intelligent treatment and AI decision of information, it is possible to Cost is reduced by employing the less personnel with less experience.The main purpose of the team is used as executing on a large scale System is verified while analysis site according to desired criterion come the spare level during mature and progress.Behavioural analysis 168 169 status of observation Malware and performed movement while at which in 100% false data environment 394. When Malware is interacted with false data 170, behavioural analysis will be recorded in the mode observed in activationary time (such as only in week Just activation when day office closes), file access request, requested management function etc..Malware 169 is by hacker 177 implantation.Although hacker believes that Malware is successfully implanted into goal systems by him, which is shifted silently And it isolates to 100% false data environment 394.At false data 170, Malware 169 has held a vacation in a digital manner Data copy.While doing so, in the case where data are true impression, and it is by extension, and hacker 177 has forgotten that these are counted According to being true or false.When Malware attempts to send false data to hacker, output signal is re-routed, so that it It is received by false hacker 174, this is opposite with the expectation of the Malware of real hacker.With hacker's interface 171, Grammar module 35 and purpose module 36 (they belong to LIZARD system according to jurisdiction) receive the code knot of Malware 169 Structure.These modules make the internal structure reverse-engineering of Malware to export hacker's interface.The interface be described in detail in Malware and The communication means that uses between hacker, Malware are to the expectation of hacker (such as receive order etc.) and hacker to Malware It is expected that (such as state report etc.).The false hacker 174 and false malice that such information allows to emulate in virtualized environment 173 Software 172.Once behavioural analysis 168 has sufficiently had studied the behavior of Malware 169, the signal imitation function of MNSP 9 can To emulate the program for being similar to hacker 177 and showing.This is included in real Malware 169, false data 170 and false hacker 174 Between existing communication protocol.In the case where the signal response 175 with emulation, the false hacker 174 of virtualization is to real Malware 169 sends response signal, to give the impression of its its Mission Success or failure.Such signal may include to evil The order of meaning software action and/or the request that information state is updated.This is done to further behavioural analysis research, so as to Observe next behavior pattern of Malware.At the end of research, wherein the false data environment 394 with Malware is wanted It is frozen or is destroyed.In the case where having response code 176 of emulation, hacker can be given soft with true malice The unrelated spurious response code of behavior/state of part.According to desired punishment strategy, can send false error code or vacation at Function code.False error code can give the inoperative impression of a kind of Malware of hacker (being in this way when in reality), and And the time of hacker can be wasted on useless debugging tangent line.Successful error code can reduce hacker and be transferred to attention A possibility that manufacturing on the Malware of new model, but be primarily focused on current Malware and it is any it is possible gradually It is improved into formula.Because such Malware is damaged and understood by LIZARD, hacker will exist wasted effort On impaired Malware, it is believed that it is succeeding.The Malware that hacker 177 believes that he is implanted into successfully permeates Into goal systems.In fact, Malware is isolated in the environment of virtualization.The identical virtualized environment is It is (either two-way with the method and grammer of the communication of hacker to emulate it to the behavioural analysis 168 that Malware is formulated Or omnidirectional).Crime assets 178 indicate the investment carried out via crime finance 184, to promote the hacker of crime system 49 And malicious operation.Such assets 178 are usually expressed as computer capacity and internet together with property, show as to both assets With strong investment, hacker's performance that is more advanced and formulating meticulously is realized.Using crime code 179, by credible platform Spy executes vulnerability exploit scanning, to collect court evidence as much as possible.Using crime computer 180, CPU loophole benefit is executed With being instructed using AVX overflows CPU.This causes increase heat, increase power consumption, CPU degeneration more and process of commission of crime Available processing capacity is reduced.The vulnerability exploit scanning 181 of crime assets 178 is executed to identify their ability and characteristic.Knot The scanning result that fruit obtains is managed by vulnerability exploit 185 and transfers it to credible platform 10.Vulnerability exploit 185 is by credible The program that platform is sent via the punishment vulnerability exploit database 187 for penetrating into target crime system 49, such as Figure 27-44 It is emulated in MACINT.Electric power and cooling spending are significantly increased, this exhausts crime finance 184.Shutting down computer seriously to interfere Crime operation.Purchase new computer can bring bigger pressure to crime finance, and this new computer is easy to as old meter Calculation machine is like that by vulnerability exploit.Punishment vulnerability exploit database 187 includes what a kind of vulnerability exploit was provided by hardware supplier 186 The measure of the criminal activity of form in the back door and known vulnerability established.Unified court evidence database 188 includes The court evidence of compilation from multiple sources across multiple enterprises.It in this way, may the most powerful law case Part is based upon crime enterprise, is submitted to relevant law court.With target selection 189, only it is being directed to mesh After mark establishes enough court evidences, which is just selected for punishing.This may include to needing to be supervised examination The minimum time of court case requires (such as 6 months).Evidence must have self confirmation property of height, and the thing isolated Part cannot be used to implement punishment, because fearing the not guilty target of attack and causing law repercussion.With target verification 190 In the case of, suspicious crime system is verified using a variety of methods, to surmount any potential blinding method (public coffee Coffee shop, TOR network etc.), comprising:

Physical positioning.GPS can use.Cloud service can help to confirm (such as to log in position for cloud (Dropbox) The long-term precedent set)

Physical equipment.MAC Address, sequence number (come from manufacturer/supplier).

Personnel's verifying.Biological attribute data is used in security system, photo is shot from front camera, in multiple platforms It is upper to confirm consistent logging on authentication.

Figure 33 show MACINT Blinding Operations general introduction, crime how vulnerability exploit business system.Business system 228 defines The infrastructure of enterprise and the entire scope of property and jurisdiction.Enterprise computer 227 is the key component of business system 228, Because it includes sensitive information 214, and depends on enterprise network 219, because it is usually planning for task.Suspend mode dual Spy 215 is that latent and ' suspend mode ' Malware is kept on object-computer 227.Due to shortage activity, programmer and network Safety analysis personnel are difficult to detect it, because any damage occurs not yet.When hacker's discovery from crime system 49 makes When with chance opportunity of their suspend mode spy 215, spy 215 stealthily captures the copy of sensitive document 214.In this rank Section, hacker exposes themselves and is tracked, but this be decided in its sole discretion at them in the case where no administrator notifies when The chance installed using spy 215 (i.e. if file 214 is worth).In the stage 216, via enterprise network outside encryption will The file 214 of capture is pushed to robber destination server.This encryption (i.e. https) is allowed by strategy, therefore transmits not It is prevented immediately.The file 214 of capture is passed on the network infrastructure of enterprise network 219, it is intended to leave business system 228 and enters and arbitrary system 262 and eventually enter into crime system 49.This network infrastructure is represented as LAN router 217 With firewall 218, they are that Malware will be by before the file 214 of capture can be transferred to except business system Last obstacle.It is considered not preventing the professional standard firewall 218 for the file 214 for stealing capture to generate forwarding in this example To the log of log aggregation 220.Then, such polymerization will be used for long-term/depth scan 221 in classification and in real time/surface is swept The data for retouching 222 the two are separated.Under the case scene of empty result 223, real-time 222 are almost without adequate preparation execution When rogue activity identification, to stop it before execution.In the case where Malware connects 224 case scenes of discovery, sweep for a long time It retouches 221 and eventually identifies malicious act, because its advantages are that have more times to analyze.The abundant permission of time is long-term 221, which are able to use more complicated algorithm and data point, is more thoroughly searched for.In the feelings with Botnet damaged section 225 Under condition, the computer for belonging to any third party system is used to transfer sensitive document 226, to escape investigation and frame any third Side.Burglar receives sensitive document 226 at crime computer 229, while remaining hidden via their Botnet in the presence of simultaneously And it continues to use this document and is illegally extorted and made profit.Potential the chasing after of the identity (such as IP address) of the crime computer left Track may can only stay on any computer 238, and the administrator and investigator of business system 228 can not access these calculating Machine.

Figure 34 shows the more details for using long-term/depth scan 230 of big data 231.Depth scan 230 helps In big data 231 and big data 231 is participated in, while utilizing two subalgorithms ' conspiracy detection ' and ' external entity management '.It is intermediate As a result it is pushed to abnormality detection, these abnormality detections are responsible for final result.From security checkpoints (such as firewall and center Server) standard logs polymerize and selected with lower limit filter at log aggregation 220.With case index+ Tracking 235 in the case where, event details are stored, such as IP address, MAC Address, supplier ID, sequence number, the time, the date, DNS etc..These details are deposited as both local data base and shared cloud database (database is different in data) ?.Being locally stored of these entries (limiting together with according to the strategy of enterprise) is pushed to cloud database so that other enterprises by Benefit.In turn, useful event information is received so that local analytics are benefited.Trusted third party 235 register enterprise may be Through experienced the unlawful practice of Botnet, and prevention details is capable of providing to mitigate such risk.With security row In the case where 236, safe reaction guidance is stored in local data base and shared cloud database that (these databases are in data In be different).This reaction guidance defines the behavior point for ensuring security system.For example, if IP address access is got over Part index shows 6 systems being associated with using Botnet in 10 times, then forbids IP address up to 30 days, and in log Priority flag is set in system to mark IP address to access any trial of system during this time period.The local of these guidances Storage (limiting together with according to the strategy of enterprise) is pushed to cloud database, so that other enterprises are benefited.In turn, it receives useful Event information so that local analytics be benefited.With abnormality detection 237, according to what is provided by depth scan module Intermediate data determines any potential risks event using case index and safety behavior, just as unwarranted spy will It is the same that sensitive document is transferred to the arbitrary system except enterprise network.Any computer 238 is shown as knot involved in branch The destination server that fruit obtains is highlighted, by any known characteristic (such as MAC Address/last known IP address 239, state Family and uptime mode etc.) it limits.Such analysis relates generally to external 232 module of entity management.Then system It can determine a possibility that this computer participates in Botnet 240.Such analysis relates generally to conspiracy detection 19.

Figure 35 illustrates how to search any computer on credible platform 10 to check itself or its server relatives/neighbours Whether (other servers connected to it) were in the past that credible platform 10 establishes double agent or treble agent.242 table of stage The Given information for how sending any computer 238 of such as MAC Address/IP address 239 etc shown, so as to case index+ It is inquired at tracking 235 and cloud version 2 32.The such cloud version tracking event details operated from credible platform 10 are to identify future Threat and Threat Model, i.e. MAC Address, IP address, timestamp of access etc..It sends the result of this inquiry 242 to and is System collects details 243.Such details includes: original 238 details of any computer, periodically receives grouping and/or to computer 238 send computer/system of grouping and the system physically close to computer 238.Then such details is forwarded to In the stage 246 and 247, they check whether any one of above-mentioned computer/system has occurred double agent 247 or triple Spy 246.This spy, which searches, to be checked in credible double agent's rope+draw tracking cloud 244 and credible treble agent+index tracking cloud It is executed at 245.Double agent's index 244 includes the system for the suspend mode spy for being mounted with to be controlled by feasible platform and its subsidiary body List.Treble agent 245 includes by criminal group be the system that (such as Botnet) damages list, but also with discrete Mode by credible platform 10 damage to monitor rogue activity and impact development.Then, the two clouds export they as a result, this A little results are collected in activity and the list of relevant spy 248.

Figure 36 illustrates how to know that the dual or treble agent from credible platform 10 participates in further court investigation.From 248 are shifted in the list of spy；Suspend mode spy 252 appropriate is activated 249.The double agent trusted by any computer 238 Computer 251 pushes vulnerability exploit 253 by its trusted channel 254.In any computer 238 after successful deployment, loophole benefit With 253 tracking sensitive documents 241 activity, and recognize it be sent to it is currently known be crime computer 229 that.It It follows and is used to 216 transmit the same paths of file 241 in channel 255 for the first time, and attempt to establish on crime computer 229 Oneself.Then the vulnerability exploit 253 is attempted to find sensitive document 241, be isolated to it, its definite state sent back credible Platform 10, and then attempt to wipe it from crime computer 229.Then, credible platform 10 turns segregate file Original business system 228 (it possesses original document) is sent back to for court's purposes.It is not always to guarantee that vulnerability exploit 253 can Sensitive document 241 is retrieved, but can at least forward the recognizable information 239 about crime computer 229 and system 49.

Figure 37 illustrates how that credible platform 10 is used to participate in ISP (the Internet service offer about any computer 238 Quotient) 257API.Network monitoring 261 is used to attempt and compromise arbitrary system 262 is with the further judicial inquiry.Business system 228 The limited information 259 of any computer 238 is only known about, and is being sought about crime computer 229 and system 49 Information.ISP 257API request is made via credible platform 10.At network monitoring 261, discovery is for arbitrary system 262 System network log, and potential file is transferred to crime computer 229 (it was confirmed to be crime computer 229 later).Day Will history can not record the composition accurately and completely of sensitive document 241 enough in detail, but be able to use metadata 260 come with Which platform computer significant confidence level decision sends the file to.The network details of the discovery crime computer 229 of network monitoring 261 258, and these information are therefore rerouted to credible platform 10, the platform and then notice business system 228.

Figure 38 illustrates how the safe API for being used to participate in by credible platform 10 to be provided by software 268 and 272 supplier of hardware The back door of any foundation of the judicial inquiry can be helped with vulnerability exploit.In the stage 263, by the known body of crime computer 229 Part details is transferred to credible platform 10 to participate in back door API.Such details may include MAC Address/IP address 239 and crime Suspect software+hardware of computer.Then, feasible platform 10 is supplied to the accompanying software 268 and hardware 272 for being in latence Quotient delivers vulnerability exploit 253 (vulnerability exploit code is transferred but is not performed).Also be delivered to supplier is business system 228 The suspect software 269 and hardware 273 for the crime computer 229 suspected at the stage 263.Supplier retains established software 270 and 274 back door of hardware list, including on how to calling them, need that authorization measure and their energy taken What such information power and limitation are.All these back doors are all isolated inside supplier and secrecy, therefore feasible Platform is not received by the sensitive information for handling these back doors, and there is provided the vulnerability exploits 253 that will benefit from them.At When function implements software 267 or 271 back door of hardware, vulnerability exploit 253 is discretely mounted on crime computer 229.Sensitive text Part 241 is isolated and copies, then to analyze its metadata usage history.It is any surplus on crime computer 229 Remaining copy all can be by Safety Sweep.Collect any other possible supplement court evidence.All these forensic datas can all return Contact point of the vulnerability exploit 253 at credible platform 10.Hereafter, court evidence 265 is transmitted to business system 228, the court Evidence 265 includes the sensitive document 241 found on crime computer 229, and it is related with crime system grasped about The identification details of those of the evidence of file 241 initially stolen people.In this way, if business system 228 is during initial theft File 241 is deleted from its system, then business system 228 can restore file 241, and identification details 264 will make it Can seek to punish in terms of law damages and disables 49 Botnet of crime system, to mitigate the following wind attacked Danger.

Figure 39-41 illustrates how to execute the mistake directly compromised in the case where attempting the direct help of no credible platform 10 General 282 and 283 vulnerability exploits of customization are applied to any 238 and 229 computer of crime in journey.General vulnerability exploit 282 is By business system 280 via independent network security research come the collection of tissue and the software of assembling, firmware and hardware vulnerability exploit It closes.With vulnerability exploit, 283 vulnerability exploits of customization are customized according to the Given information in relation to target.With most It is possible that successful first and most unlikely last successfully mode delivers vulnerability exploit 253.About crime computer 229 can Customization 283 is transferred to information aggregate 284.Such information includes any of computerized information, such as MAC Address/ IP address 239 and the suspect software+hardware 285 currently in use of crime computer 229.Proxy management 286 is that intelligently selection is used In the combination of the algorithm and database of the agency that vulnerability exploit is attempted.Agency network 279 is that any individual system is allowed to cover A series of agent nodes 278 of their original identity.The node passes through in this digital communication and becomes apparent originator Person.It is intelligently selected by proxy management 286 according to the current work load of the overall performance of node, the availability of node and node Select node.Attempt three potential points of the vulnerability exploit of crime computer 229 and/or any computer 238.If vulnerability exploit The way of crime computer 229 fails, then the trial of any computer 238 of vulnerability exploit is carried out anyway, because it is still It can promote entire court investigation.A kind of method is direct vulnerability exploit, is for second the Botnet tunnel via any computer Road 276, and the third is that (and other are not for the primitive approach of the vulnerability exploit that crime system is used to install Botnet 277 The vulnerability exploit point used).Botnet tunnel 276 is the activity in crime computer 229 and Botnet 240 established The means of communication used between part.Any forensic data generated by vulnerability exploit 253 is sent to system of enterprise in the stage 275 System 228.

Figure 41 is illustrated how using the specific API with feasible platform 10 come by 289 criminal of pushing to of software or firmware update Guilty computer 229 is to establish new back door.Placebo is updated into the similar machine near 288 push to keep stealthy.System of enterprise Target identities details 297 is sent credible platform 10 by system 228.Such details includes MAC Address/IP address 239.It is credible flat Platform 10 is communicated with software/firmware maintenance device 287 placebo update 288 and back door are updated 289 and are pushed to correlation computer.Afterwards Door, which is updated, introduces crime meter for new back door by using the software update system pre-established of installation on computers In 229 systems of calculation machine.This update may be for operating system, BIOS (firmware), it is specific as word processor Software.Placebo updates 288 and back door is omitted, so that security compromise will not be made, but shows identical with back door update 289 Details and mark (i.e. update number/code), to arouse the stealthy environment for keeping back door.Maintenance personnel 287 passes back door 295 It is delivered to target and also there is to target the computer higher than mean exposure measurement.Such additional computer 296, which can be, to be belonged to The computer of 49 infrastructure of crime system, or can be the calculating on local network identical with crime computer 229 Machine.Additional computer 296 as vulnerability exploit, which increases to obtain in the case where directly attacking impossible situation, enters crime calculating The chance (i.e. they close the update etc. to operating system) in the path of machine 229.If can be built on nigh computer 296 Oneself is stood, then vulnerability exploit 253 will consider the difference into target.For having to the institute of the mean exposure measurement of target The computer 291 being related to submits placebo to update 228.Exposure can be understood as shared public network (i.e. virtual private network Deng) or public service platform (i.e. file-sharing etc.).Related system 290 may also contact on strategy with crime system 49 Together, such as possessed by same companies structure of the law etc..Belong to the neighbor computers 293 of neighbor systems 292 by Placebo update is given, because they lean on the physical location (areal etc.) of close-target crime computer 229.Related system Both 290 and neighbor systems 292 are all given placebo and update 288, in order to the court investigation of time-sensitive, are not present simultaneously What maintenance personnel 287 planned to deliver in the near future regularly updates (or any suitable and feasible investigation).It is intended to existing In the case scene regularly updated for improving software/firmware, then the system 290 and neighbouring system 292 being related to do not need to give Placebo, which is more newly arrived, verifies the legitimacy that perceived back door 289 updates.On the contrary, back door 289 can be implanted in for crime In some legal updates of computer 229 and other computers 296.295 successful implementation vulnerability exploits 253 are being updated via back door When, sensitive document 241 is isolated and is copied, so as to its metadata usage history of post analysis.Then the safely criminal of removing Any remaining copy on guilty computer 229.Collect the court evidence of any supplement.Hereafter it sends forensic data to credible flat The contact point of vulnerability exploit at platform 10.After data are verified at platform 10, enterprise is then transferred it at result 281 Industry system 228.

Figure 42 is illustrated how for long-term Priority flag to be pushed on credible platform 10 to monitor crime system 229 to be used for Any and all change/updates.New development is monitored according to priority for a long time in order to investigate.Firstly, business system 228 is to work Guarantee module 300 for the subset of feasible platform 10 submits target 297 (including identifiable details 239).The guarantee mould All inputs 299 of subsystem 303 of block scan are with any association of the target 297 for defined by.If there is any matching, It then communicates information to limit and assures and try to permeate in the business system 228 of target 297.Information input 299 is attached credible The information of the System Reports commonly used in analysis needed for reception of platform 10.Input is also likely to be to obtain credible platform 10 Approval and reputation sole purpose and submit.Subsystem 303 submits their input to credible platform 10, this be in order to Seek the advantage of the business system 228 of monitoring target 297.Which increase one in these subsystems 303 encounter target or The chance of relative target, no matter this is positive, neutral or passive interaction.Such input 299 is passed to Desired analysis module 301, the module indicate the most of function for being used to keep mutually beneficial security information synchronous of credible platform 10 Energy.Subsystem 303 issues security request and exchanging safety information.If it find that related with target 297 or any target relatives Information, then information also by Parallel transmutation to guarantee module 300.The information output 302 of module 301 is forwarded to subsystem 303 to complete their requested tasks or function, any useful information about target 297 that guarantee module 300 is learnt A part of court investigation as business system 228 hands to result 298.

The priori Real-time defence (LIZARD) in reasoning zero data library

Figure 43 and 44 shows the Dependence Structure of LIZARD (the priori Real-time defence in reasoning zero data library).Static core 193 be the main fixed routine module via human programmers' hard coded.Iteration module 194 is intelligently corrected, creates and is sold Ruin the module on dynamic shell 198.Located for the reference of security performance and using artificial security threat (AST) using iteration core Manage automatic code write method.As shown at Figure 51, iteration core 195 is to make 198 iteration of dynamic shell for improvements in security Main logic.Differential amendment symbol algorithm 196 is modified primary iteration according to the defect that AST has found.Applying differential After logic, a kind of new iteration is proposed, recursive call iteration core & iteration core experience is tested by AST in the new iteration Identical process.Logical deduction algorithm (LAD) 197 receives dynamic shell iteration in its current state from artificial security threat (AST) In known safe response.LDA also deduces what kind of code set composition and will realize to (being provided by AST) security scenario Known correct response.Dynamic shell DS 198 is mainly comprising via the dynamic routine module of iteration module automated programming.Code Isolation 199 isolates foreign code in the virtual environment (such as petri dish) of limitation.Concealed code detection 200 detects hidden Code in secret embedding data & transmission grouping.When system only can execute low confidence decision, AST overflows repeater 201 will Data are relayed to AST to improve for further iteration.Internal consistency checks the 202 all internal letters for checking foreign code block Whether number is meaningful.Ensure there is no one section in the internal code inconsistent with the purpose of entire foreign code.External generation Code is rewritten 203 after export foreign code purpose, and the people for rewriteeing entire code itself is a part of and only allow by again Code executes.Mirror image test-based examination with the input/output dynamic that ensures to rewrite with it is original identical.In this way, making in source code Any hiding vulnerability exploit be all redundancy and never execute.Needing to map matching 204 is to be referenced to determine Whether foreign code adapts to the hierarchical structure of the mapping for needing & purpose of the overall goal of system (such as puzzle).Really Data synchronizing unit 205 is that intelligently selection will be given and merge environment and one layer in give with what priority two layers of data (another layer is data management system).In this way, highly sensitive information would not be under a cloud Malware access & can only be used to crowd It is well known and be determined as trustworthy code.Data management system 206 is entity & between the data outside virtual environment Go-between's interface.Framework coordinates device 207 manages semi-artificial or artificial algorithm all inputs, output, thread injection and diagnosis. Virtually obscure in the 208 false environment by the way that code gradually and to be partly immersed into virtualization and obscures with constrained code (therefore Potential Malware).Malware stealthily and is discretely transferred to false data environment 394 by secret transmissions module 209 In.With purpose comparison module 210, four kinds of different types of purposes are compared to the presence to ensure entity It is LIZARD deserved and understand in the production towards the overall goal of system with behavior.Potential big disagreement instruction in purpose Malicious act.False data generator 211, which creates, to be designed to and truthful data (i.e. a batch SSN) indistinguishable false number According to.The building of the management virtual environment of virtual environment manager 212 comprising the ratio of such as false data, available system function, The variables such as network communication option, the Save option.213 tracking of data readjustment tracking is uploaded and is downloaded to suspicious from suspicious entity 415 All information of entity 415.This is done to mitigate sensitive information by the potential security risk for being transferred to Malware.It is this Safety inspection also reduces the logistics problem that legal enterprise process receives false (vacation) data.It is had been sent in false data It in the case where (being now known as) legitimate enterprise entity, executes " readjustment ", adjust back all false datas and sends truthful data (data being originally requested).

Figure 45 shows the general introduction of LIZARD (the priori Real-time defence in reasoning zero data library), which is a kind of energy Enough center supervision for preventing all potential network security threats in real time in the case where directly not helping dynamic growth database Algorithm.Determine whether that data/access enters system and is based on needing to know, needs function, purpose driving basis.If code Or data block cannot provide function/purpose of the hard coded target towards the system of realization, then it will with include it is virtual isolated and The discreet fashion obscured is rejected.LIZARD is equipped with the grammar explanation device that can read and write computer code.In conjunction with it Purpose derives ability, it can export object-oriented behavior from code block or even those secrets are embedded in and seem health Code block in data.All business equipments (or even the company in the equipment outside those business locations, such as public cafe Phone) it is all to be routed by LIZARD.All softwares and firmware for running enterprise assets are all hard codeds, so as to as permanent Agency is the same to execute any kind of download/upload via LIZARD.Pass through informing against strategy and alleviate to forever to loyal assets Long proxy policies are not abided by.The number transmitting occurred in business system, which will necessarily be bound into, to be typically hard coded by one piece to pass through The hardware relayed by LIZARD, therefore malicious code can not find safe position, can not find any to ignore lasting agent The computer that the cooperation of strategy is compromised.LIZARD and iteration module (IM) have symbiosis.IM clone hard coded towards mesh The syntax understandability of target task and LIZARD.Then it modifies LIZARD using these grammar capacities to adapt to hard coded Target.Manual security threatens (AST) module to participate in parallel virtual environment with the different variants of pressure test LIZARD.By score Highest variant is selected as next formal iteration.LIZARD provides the innovation for deviating from the status of network security solution Mode.By its advanced logical deduction ability, it is able to carry out instant and accurate security decision, without " very little too late " Modern network Prevention-Security normal form.The data interaction of LIZARD and three types: data in data, use in movement and Static data.LIZARD is interacted (referred to as vector) with the data medium of six seed types: file, Email, network, movement Equipment, cloud and removable medium (USB).Business system 228 shows the type of server run in its infrastructure, such as HTTP and DNS etc..Mobile device 305 is shown as operating in public cafe 306, while via LIZARD scaled-down version client End 43 is connected to 228 number basis facilities of business system.Such client 43 serves as the gateway of internet 304, hereafter it It is connected to the LIZARD cloud 308 of encryption.

Figure 46 shows the general introduction of the main algorithm function about LIZARD.The external dynamic shell (DS) 313 of the LIZARD is A kind of function section for being easier to change via iteration.High complexity is needed to realize that the module of their purpose usually belongs to At the shell 313；Because of the level of complexity that they can will directly be handled more than programmer team.Iteration module 314 uses quiet State core (SC) 315 ' fixes the purpose limited in target ' & data to DS according to from data return repeater (DRR) 317 313 code library carries out grammar correction.Then threaten (AST) 17 under multiple and variation security scenario to this by manual security Modified LIZARD version carries out pressure test (parallel).Most successful iteration is adopted the feature release as scene. The SC 315 of LIZARD is least easy to change via automatic Iterative, but is directly changed by mankind's programmer.Especially it is known as Kernel 334 it is innermost rectangular, it is not influenced completely by automatic Iterative.The innermost layer 334 is just as instructing LIZARD Direction & whole capability tree root.General dynamic module (GDM) 316 is to automate the most extendable block region of self-programming simultaneously And it is consequently belonging to the administrative area of dynamic shell 313.Because the such program run in GDM 316 is in constant ' beta ' shape State (it is in progress to be not necessarily stable and work).When LIZARD executes low confidence decision, it can be via data It returns to repeater (DRR) 317 and related data is relayed to AST 17 to improve the future iterations of LIZARD.LIZARD itself is not The data for executing decision are depended directly on, but the data of the threat about continuous evolution may benefit from LIZARD indirectly The priori decision that may execute of future iterations.Label 342 shows that the human work involved in Code Design is more, and code is just More static (variation is very slow).The number of iteration module (IM) 314 pairs of code programmings is more, the dynamic and mobility of code It is stronger.Grammar module 35 and purpose module 36 show function out of SC 315.

Figure 47 shows the internal work of static core (SC) 315.Logical derivation 320 is exported from initial simpler function and is patrolled Collect upper required function.Final result is to construct entire function dependency tree from the complicated purpose of elaboration.Code translation 321 will be by language Any (general) code conversion that method modularity function directly understands is any selected known computer language.Also executing will be known Computer language translation is the inverse operation of arbitrary code.Rule and grammer 322 include the explanation and generation for helping syntactic structure Static defining.For example, the rule for being used for C++ programming language and grammer can be stored in 322.Logic simplifying 323 will use generation The logic drop that code is write generates the mapping of the function of interconnection at simpler form.Write code 324 be final output can Program is executed, and code target 332 is input.Complicated purpose format 325 is for storing the interconnection specific item for indicating overall purpose Storage format.Purpose association 326 is that function & type of behavior refers to the hard coded reference of what kind of purpose.Repeatedly Generation extension 327 adds details and complexity by reference to purpose association so that simple target to be evolved into complicated purpose. Iteration explains that 328 all interconnection functions of traversal generate task of explanation by reference to purpose association 326.Outer kernel 329 mainly by Grammer and purpose module are formed, these modules work to export as logic purpose into unknown foreign code together, and & is according to explaining The function code target stated generates executable code.Foreign code 330 is the unknown code of LIZARD and function and expected mesh It is unknown.When foreign code 330 is the input to inner core, purpose 331 derived from institute is output.Purpose 331 is by purpose The intention for the given code 330 that module 36 is estimated.Purpose derived from institute is returned with complicated purpose format 325.

Figure 48 show inner core 334 how the essential kernel function of mandatory system, they be via maintenance 318 platforms by correlation Internet security expert 319 is directly and dedicated programmed.Core code 335 is substantially basic needed for operation LIZARD.In core 336 Interior, basic framework and library 336 possess functional, such as compression and a comparing function needed for operation LIZARD.In core 336, Thread management and load balance 337 enable LIZARD efficiently to extend on server cluster, and communication and cryptographic protocol Limit indicted encryption type (such as AES, RSA etc.).In core 336, memory management 339 allow by LIZARD explain and The data of processing effectively manage in the random access storage device (RAM) of server.Aims of systems 336 includes security strategy 340 and business goal 341.Strategy 340 is by (or multiple) Network Safety Analysis personnel's manual designs, as LIZARD It can refer to the guidance to operate according to customization variable.Therefore, there is LIZARD which to prove that is considered dangerous and prohibits Movement only and what be admissible standard.For example, may forbid other than tissue in enterprise security policy 340 Recipient sends Email, or locks an account after third time Password Input attempts failure.Business goal 341 defines enterprise Industry wishes to realize the wider characteristic of what kind of common infrastructure.Target 341 is mainly used for have with regard to LIZARD Have what function and it must execute what function about the infrastructure background of enterprise to instruct the self-editing of dynamic shell 313 Journey.

Figure 49 shows the internal work of dynamic shell (DS) 313.The section of LIZARD is mainly by artificial intelligence programming module (iteration module) manipulates.Module in external shell 345 is the mould for having the new & experiment influenced on a small quantity on the decision of whole system Block.Inner shell 344 is the main body of LIZARD；Its most of intelligent capability is all operating there.New and experiment algorithm The software space of 343 ' betas ' distribution is programmed by the mankind, artificial intelligence or both there and tests what new module needed Function.

Figure 50 shows the iteration module (IM) of intelligent amendment, creation and the module on damage dynamic shell 313.It uses artificial Security threat (AST) 17 is used for the reference of security performance and is handled automatic code write method using iteration core 347.In data It returns at repeater (DRR) 317, it, will be bad about malicious attack & when LIZARD, which has to take, to be made decisions with low confidence The data of actor are relayed to AST 17.The virtual testing environment that there is the creation of AST 17 simulating Safety to threaten, to enable iteration Process.The artificial evolution of AST 17 is fully participated in remain ahead in the movable organic evolution of crime hostile network.Having In the case where having static core clone 346, static core 315 is used as the criterion of iterative guidance (including half dynamic outer core 329).Cause For the iteration, outer kernel 329 is partly corrected；Self-programming has reached the complete period in artificial intelligence circulation.Iteration Core 347 receives artificial security scenario objective guidance to change dynamic kernel 313.Iteration core 347 generates many iteration.? Best iteration is executed in manual security's test to be uploaded to become the live function iteration of dynamic shell in the stage 348.

Figure 51 is shown as the iteration core 347 of the main logic of the code iteration for being used in safety improvement.It is passed having In the case where returning iteration 350, the new example of iteration core 347 is called, replaces primary iteration 356 with new iteration 355.Such transition It is managed by thread management 349, which makes the load balance 337 and thread pipe from the subset for making core code 335 Derived from reason.Differential amendment symbol algorithm (DMA) 353 receives grammer/purpose program capability 351 and objective from inner core 334 Guidance 352.Both inputs are associated with basic framework and library 336 and 340/ business goal 341 of security strategy.Then it uses Such code set is modified primary iteration 356 come the defect found according to AST 17.After applying differential logic, mention A kind of new iteration 355 is gone out, the identical process that recursive call iteration core 347 and experience are tested by AST 17 after this.? In the case where security scenario 360 with queuing, at all known point of safes, multiple scenes execute dynamic shell jointly 313 integration test.With activity safety scene 361, current active security scenario is being isolated virtual Dynamic shell 313 is tested in performing environment 357.Such environment 357 is a virtual instance completely isolated from fielded system.It Execute manually generated malicious attack and invasion.When running virtual execution environment 357, safe result can intuitively be presented and lack Fall into 362 security threats for ' passing through ' primary iteration 356 with instruction.Hereafter, it has been found that any defect 363 be forwarded to DMA 353 attempt to omit the generation of the new iteration 355 of such defect with promotion.

Figure 52-57 shows the logical process of differential amendment symbol algorithm (DMA) 353.Current state 365 indicates there is symbol 313 code set of dynamic shell of ground associated shape, size and location.The different configuration instruction safe and intelligents of these shapes and reaction Difference configuration.AST 17 provide by chance it is incorrect and it is correct response be what current state 365 any potential sound Answer (isolation this document, because it is virus).The symbol that vector of attack 370 (all the points arrow) serves as network security threats shows Model.Direction, size & color all with the security attribute of hypothesis (such as vector of attack, Malware size and Malware class Type) it is related.The security response that vector of attack is symbolically popped up from code set to indicate code set.It is shown with reference to A 367 fair Perhaps the specific security configuration that vector of attack passes through may or may not be correct security response.It is shown with reference to B368 The vector of attack popped up from code set, with reference to the alternative respond style of A while being shown in potential correct or incorrect.Ginseng It examines C 369 and the security response that vector of attack is sent back to its origin position is shown, may or may not be correct peace Total regression.On Figure 53, correct status 354 is indicated for the micro- of the security response needed for generating from the code block of dynamic shell 313 Divide the final result of the process of amendment symbol algorithm 353.Correct status 354 is passed by the new iteration 355 to dynamic shell 313 Return iteration 350 and generates.Although there are nuance between current state 365 and correct status 354, these differences may Entirely different vector of attack 370 is caused to respond.While reference A 367 allows vector of attack directly to pass through, with reference to A 371 (correct security response) pops up vector of attack with a right angle.In 354 the two of current state 365 and correct status, The vector of attack response of reference B is still had not been changed.In the case where having with reference to 373 C, vector of attack is also sent back it Starting resource (although being different from the position with reference to C 369).All these attack vector representations all illustrate and correspond to safety The logistics management of threat.Figure 54 shows AST security attack vector 375, it is the attack sequence provided by AST 17.Correctly Security response 376 shows the desired security response about attack vector 370.It is shown not yet in this stage for generating this The code set (shape) of the correct security response of kind, they have no knowledge about.Figure 55 shows current dynamic shell attack response 377, Its security response for showing the difference to correct dynamic shell attack response 378.Such correct response is 378 by logical deduction algorithm (LDA) it 197 generates.Figure 56 shows how LDA 197 infers correct security setting to match correct attack-response 378. Static core 315 provides system framework/guidance 352 and grammer/purpose automated programming ability 351 to LDA 379, so that it can Construction generates the security procedure of correct attack-response 378.At the stage 381, the basic of dynamic shell 313 is provided to LDA 379 Iteration 356.This iteration is represented as generating the security response program 382 of not up to standard and inefficient security response.It is such Program 382 is provided as the input of LDA 379.LDA is using the grammer from static core 315/purpose function 351 so as to never just True security response program 382 constructs, so that it meets correct attack response 378.Therefore, correct security response is generated Program 383, and it is regarded as the new iteration 355 of dynamic shell 313.The mistake continued via the recursive iteration 350 of iteration core 347 Journey will continue to make the security capabilities of dynamic shell 313 to upgrade, until it is full of all security information that can be obtained by AST 17. Figure 57 shows simplifying for the process and summarizes, because AST 17 provides known safety defect 364 and correct security response 384.Although AST 17 is capable of providing known safety defect 364 and response 384, it can not construct will generate it is such correct The effective and program being currently running of response 384.Therefore, LDA 379 using dynamic shell 313 priori (basic) iteration 356 The iteration 355 for generating the excellent of the dynamic shell for being referred to as correct security response program 385 and more preferably equipping.The use of word ' program ' Indicate the general function of many different function and submodule that operate in dynamic shell 313.

Figure 58 shows the general introduction virtually obscured.The following ability for virtually obscuring the generation of & false data is deployed in and to be had In the cloud platform for the encryption that the small-sized/medium sized business for having seldom network security employee to no network security employee uses.Safety System can also be directly installed in the data center of big companies.In the case scene, Malware 385 comes from internet 304 and around professional standard firewall/intruding detection system/anti-virus etc..Under the current state of its safe iteration, LIZARD 16 have intention/purpose low confidence assessment of incoming code block 385.These situations are assumed worst case scene. It has the right to obtain the risk of critical data in order to which the process for mitigating not guilty has been deprived of, and alsos for avoiding that malicious code is allowed to have Have a risk of sensitive data, suspect code 385 be reconditely assigned to wherein half data all with false (vacation) data intelligence In the environment that can merge.Other than typically managing visiting demand, the expression of real system 388 is not limited by truthful data 389. Due to virtually isolating 390, any object operated in real system 388 can be easy to and reconditely be transmitted to part 391 or all 394 false data environment.Truthful data synchronizer 386 is that intelligently selection will be given the data for merging environment And with one (the other is data management system 401) in two layers of what priority.In this way, suspicious Malware can not Access highly sensitive information, and only it is known that and being established as trustworthy code could to obtain this highly sensitive Information.False data generator 387 uses truthful data synchronizer 386 as the mould for creating the personation unavailable data of & Plate.The attribute of data type, data format, packing density, data details etc. is simulated, according to truthful data 389 to generate Database with realistic data, the database seem whole and are integrated very well into system (without uncorrelated and odd Number data).The confidence risk perceived in the perception of incoming foreign code will affect LIZARD16 selection obscure grade.Code High confidence level as malice will be called to the distribution of the environment comprising a large amount of false datas 394.Code becomes the low of malice and sets Reliability can be called to the distribution of real system 388 (being considered as the benefit suspected) or 100% false data environment 394 and (be regarded Distrust for default).This customization option in safety behavior is limited in security strategy 340, which is aims of systems 336 Subset, it is the subset of inner core 334.The network interface for having used height to monitor in the environment comprising false data 393 392.This safe interface is used to protection environment and is not leaked in constrained environment, for example, combine virtual isolated 390 it is true System 388.Such isolated 390 is completely isolated using virtualization technology and protect random access memory (RAM) and CPU line Journey is from merging, to separate each environment and own.

Figure 59-61 shows the monitoring virtually obscured and response aspect.Such system is monitored according to Malware behavior And manage Malware 385.Initial LIZARE think at its current complicated iteration stages code block may be Malware or Person may not be Malware.In the case where it is not Malware, LIZARD can be pushed it by 50% false data 391 In the virtual clone of the real system of composition.This is done so that, if final certification it be not Malware, system and enterprise Function would not be severely impacted (such as providing the SSN etc. of mistake).In illustrated example, code block is actually to dislike Anticipate software 385, but because the new and unknown property of this threat and vulnerability exploit method this stage LIZARD still It is so uncertain.Figure 60 has been shown in particular how to be immersed in Malware 385 in 380 virtually isolated false data environment 391, Because LIZARD still do not know it be also be Malware.Data management system 401 is intelligently by truthful data and falseness Data merge, so that highly sensitive data do not expose.The information generated by Malware 385 is uploaded 402 by manager 401 To false data storage device 400, and 398 previously stored false datas are downloaded to merge with truthful data 397.In this way, disliking Software of anticipating does not have the write access to truthful data storage device 397, and cannot cover sensitive information.385 quilt of Malware Virtual isolated 380, so that it is exposed only to data management system 401.This virtual isolate forbids Malware can be by bypassing Data management system 401 accesses all truthful datas 397.Behavioural analysis 403 tracks the downloading 398 and upload 402 of suspect code block Behavior is with the potential correction movement of determination.403 monitoring Malware 385 such as how its just form behavior of analysis, it is true to help Recognize or deny the original suspection of LIZARD.By monitoring the behavior of Malware in the form of its is just, LIZARD is had been acknowledged Initial suspection, i.e. foreign code are strictly Malware.Malware 385 is silently and careful via secret transmissions module 395 Ground is transferred to 100% false data virtual environment 394.Malware is in 50% false data environment 391 in order to prevent It is multiplied and executes infection, as precautionary measures, entire virtual environment is safely destroyed (including Malware).At this Stage, Malware 385 are completely submerged in the false environment 394 for being not exposed to any sensitive information now.Monitoring malice Software improves following dynamic shell via secret communication channel to the potential communication at its home (such as heartbeat signal), so as to potential 313 iteration.Such Malware behavioural information returns to repeater (DRR) 317 via data and will be transmitted to AST 17 so that future Iteration is benefited.In this way, DS 313 can make more confident decision to similar Malware 385, without taking again Measure places it in 50% false data environment 391 (this still includes some risks being stolen about valid data).

Figure 62 and 63 shows the data that tracking uploaded from suspicious entity 415 and be downloaded to all information of suspicious entity 415 Readjustment tracking 399.This is done to mitigate sensitive information by the potential security risk for being transmitted to Malware.This safety inspection Look into the logistics problem that legitimate enterprise process receives false data 400 that also reduces.It is had been sent to (now in false data Knowing becomes) in the case where legitimate enterprise entity, executes ' readjustment ' that will adjust back all false datas and sent very as replacement Real data (it is initial request).Implement readjustment trigger so as to legitimate enterprise entity to certain information hold fire until It is not false to be confirmed as stopping there are data.If truthful data is transferred to the virtual Malware for merging environmental interior, Then entire environmental chamber will be destroyed with internal Malware 385 together safety.Total system to about known in Malware Alarm is placed in any abnormal movement of its all data before destroyed.This concept obtains body in total system monitoring 405 It is existing.It is empty if the entity for receiving part truthful data is finally proved to be Malware (when analyzing behavior pattern) Near-ring border (including Malware) will be safely destroyed, and monitor enterprise for the abnormal movement of marked truthful data Network in range.In this way, including any potential information leakage.There is tracking false data downloading 407 and uploading 408 In the case of；It tracks the suspicious entity 415 being sent in virtual container and being sent from the suspicious entity 415 in virtual container False data.In the case where having notice to upload safety 410, has been written into initially as safeguard protection and collected in false data Data in 400 were considered safe later, and prepared write-in truthful data 412 therefore to meet suspicious entity 415 Upload 402 requests.Hereafter, it uploads relaying 411 and the security information marked in this way is passed into truthful data 412.In legitimate enterprise In the case that entity (rather than Malware) receives false data 400, range existing for 413 false datas is notified.True number It is uploaded according to 412 accurately to replace false data.Data readjustment trigger 414 be legal entity (and unintentionally；Maliciously Entity attempts to be shown as legal) on the installation of software that executes, check that instruction merging data environment may be swashed by potential Hiding signal living.Data management system 401 is that entity 415 should merge with calculating with false data 400 (if any) Go-between's interface between the data of the ratio of truthful data 412 (if any).402 and 398 letter of downloading are uploaded having In the case where breath stream, trigger 414 is adjusted back for data and marks top of each grouping/file (if necessary) to consider data ?.

Figure 64 and 65 shows the internal work of data readjustment trigger 414.Behavioural analysis 403 tracks suspicious entity 415 Download and upload behavior, with the potential correction movement 419 of determination.Real system 417 includes to exist entirely in outside virtualized environment The original truthful data 412 in portion, and include all possible sensitive data.The truthful data for replacing false data 418 is at this Filtered (or even before truthful data synchronizer 386) is supplied to the truthful data of data readjustment tracking 399 in the case of kind. In this manner it is possible to which manufacturing truthful data patch 416 replaces with false data truthful data on original suspicious entity 422. The data management system 401 being immersed in virtually isolated environment 404 receives truthful data patch from data readjustment tracking 399 416.The patch 416 includes correct, true and quasi- for being converted to entity 422 (currently known is harmless) suspicious in the past The replacement instruction of true information state.Such patch 416 is passed to data callback interface 427, which is then passed To entity 422 suspicious in the past.The data 420 of downloading be enterprise downloaded in false data environment 404 data (therefore number According to being partially or completely false).Fixed data 421 is after truthful data patch 416 has also been employed that, false data is replaced It is changed to its place for corresponding to truthful data.When harmless code 409 is cleared to malice by behavioural analysis 403, executes to correct and move Make 419.This movement 419 is the false data replaced in former suspicious entity 422 with the truthful data 412 represented by it.It is secret Secret order board 424 is the security string for being generated and being distributed by LIZARD.Secret token 424 cannot to virtually obscure system proof can It is legal and harmless for doubting entity 415.On the contrary, it allows really harmless entity not continue its work, since it knows that it is Undergo the influence of part 391 or complete 394 false data environment.As long as entity be it is legal, employee/software etc. is to false information Effect should not just have logistics, and lead to actual life problem (sending wrong address, employee is misunderstood and employs). Data readjustment trigger 414 is merely present in legitimate enterprise function and physically.Under default situations, legal entity will be checked and is embedded in Appointed position in formula server environment 404, to determine that the 424 of token exist.If token lost 429 and 425, this table The bright legal entity may be unexpectedly placed in the false data environment of part (because being that malice is soft to its risk assessment Part).Hereafter, activation has the delayed conversation 428 of delay interface 426.If it find that token 426 and 424, then this shows server Environment is true and therefore any delayed conversation is all deactivated 427.Postponing interface 426 is the mould being directly pre-installed on physically Block.When instruction is in false environment 404, delayed conversation will be activated.Delayed conversation means the process of entity by artificial slow Ground allowance 403 time of behavioural analysis is harmless or malice decision about the entity to make.In fact, such delay is pre- Movement spends several seconds to meter every time.For actual Malware, the copy (itself of secret token no matter when is obtained Routinely can change and regenerate) it is extremely difficult, because it is only embedded in confidence in 100% truthful data system, And Malware almost may never open it.In the case scene of no discovery secret token, in conjunction with delay interface 426, this implies that entity is patient before regaining authentic data access by behavioural analysis 403.

Figure 66 shows data selection, filters out highly sensitive data and merges truthful data with false data.It will be true Real data 412 is supplied to the truthful data synchronizer 386 for filtering out highly sensitive data 431.The filter area is according in static state The system strategy 430 that is limited in core 315 and change.The module 431 ensures that sensitive information never reaches existing for suspicious entity 415 Identical virtual environment.When generating virtual environment 404, data are once filtered.Have for the criterion for generating 433 In the case of, filtered truthful data is used as generating the false data criterion of what type and quantity.False data is raw 387 creations of growing up to be a useful person are designed to and truthful data (i.e. a batch SSN) indistinguishable false data.There is compatibility to enforce In the case where 432, false data generated is verified compatible with truthful data, it is ensured that does not deposit and is overlapped and cannot be deposited too much again In the grouping of the data type of omission.So that the collection of both truthful data and false data is not in the case where causing any suspection Seamlessly merge, i.e. vacation SSN and true SSN is not overlapped and (avoids repeating).Computer Graphics device 434 manages virtual environment 404 Building, this includes the variables such as false data ratio, available system function, network communication option, the Save option.Data base Standard 435 is the variable for tuning the ratio of truthful data and false (vacation) data.With merging data 438, Data are merged according to data base 435.During merging process, make to be marked as less sensitive truthful data with to The false data of the more sensitive impression of people merges.Ratio management 437 constantly adjusts the truthful data merged and analogue data Quantity, to meet desired false data ratio.According to the real-time merging data of request of data 440 of suspicious entity 415. With false data ratio returned data appropriate at the data 439 of request.

Figure 67 and 68 shows the internal work of behavioural analysis 403.Purpose mapping 441 is to confer to entire business system purpose The hierarchical structure of aims of systems.This purpose is distributed even for the granularity of small scale network, CPU processing and storage event. It is said that by the built-in system for the anything that stated, activity and code library purpose and suspicious entity 415 are being done need into Row compares.Using activity monitoring 453, the storage, CPU processing and network activity of suspicious entity are monitored.Grammar module 35 is according to the phase The function of prestige explains these activities 443.Such function is then translated as the expected purpose in behavior by purpose module 36.Example Such as, code library purpose 446 may be to submit annual revenue report, and activity purpose 447 may be " to collect all high salary employees SSN".This method is similar to the department of customs on airport, someone must be to the certain articles of customs declaration there, and no matter such as customs What will search their luggage.Code library 442 is source code/programming structure of suspicious entity 415.Its source code will not be disclosed Entity (because be compiled closing source program) access system can be prevented by system policy 430.By such code library 442 as the subset of behavioural analysis 403 are forwarded to grammar module 35.The grammar module 35 understands Encoding syntax and can will program Code and symbol active are reduced to the intermediate mapping of interconnection function 444.Such function 444 indicates code library 442 and activity 443 Function, and it is transferred to the purpose module 36 for generating the perception ' intention ' of suspicious entity 415.The purpose module 36 generates output generation Code library purpose 446 and activity purpose 447.The code library purpose 446 includes real as derived from the grammer program capability as LIZARD Known purpose, function, jurisdiction and the power of body 415.The activity purpose 447 include such as by LIZARD its storage, handle and Known purpose, function, jurisdiction and the power for the entity 415 that the understanding of network activity 453 is understood, wherein the purpose stated It is hypothesis purpose, function, jurisdiction and the power of the entity such as stated by entity itself.Required purpose 445 includes system of enterprise System required expected purpose, function, jurisdiction and power.It is similarly to employ the needs to realize company.This makes In the case where the ability of suspicious entity 415 and/or service are not system absolute demands, LIZARD can prevent suspicious entity 415.This all four purpose 445-448 are compared in comparison module 449, with ensure entity 415 presence and behavior in court It is LIZARD deserved and understand into the production of the target 336 of system.Between four purpose 445-448 it is any it is inconsistent all The disagreement in 450 scene of purpose will be called, this causes correction to act 419.Correction movement can potentially mark suspicious entity 415 It is denoted as Malware 385 or harmless 409.Subsequent movement may be safely to destroy virtual container, or carefully incite somebody to action malice Software 385 is moved to new virtual environment, which accesses truthful data (only false data) and real corporate network It is zero access.

Critical thinking remembers & perception (CTMP)

The main logic of Figure 69 diagram CTMP 22.The main target of CTMP is the Being Critical decision made by third party.CTMP 22 cross references come from multiple source (i.e. I²GE, LIZARD, credible platform etc.) intelligence, and understand to perception and reality phase It hopes.CTMP estimates oneself to have the ability to form objective decision to an affairs, and will avoid asserting with internal low confidence work Decision out.Incoming data flow (such as the army of global deployment spy and carry out the information of feasible platform) is all converted into can The data of execution.Subjective opinion decision 454 indicates the original subjective decision provided by input algorithm, which is referred to as institute's modeling Formula matching algorithm (SPMA) 526.The SPMA is usually a kind of typical security-related protection system, but there is no limit other The system of type, such as vocabulary objectivity excavate (LOM) (reasoning algorithm) and permanent administration way (MPG) (tax explanation calculation Method).Input system metadata 455 indicates the original metadata from SPMA 526, which depict the mechanical process of algorithm and How such decision is realized.Reasoning processing 456 will be asserted by comparing property qualitative attribution logically to understand.In rule process In 457, the subset as the reasoning processing of derived result rule is used as to the reference for being used to determine the range of current problem Point.Being Critical rule range expander (CRSE) 458 by using known sensing range and upgraded to including perception batch The property sentenced thinking range.Correct 459 instruction of rule derived correct rule by using the critical thinking range of perception.Remembering Recall in net 460, scans market variables (market performance 30 and profile history 31) log with implementation rule.It is any applicable and can be real Existing rule can be all performed to generate Investment Allocation covering decision.It is executed in (RE) 461 in rule, execution has been confirmed to be It is determined in the presence of and according to the rule that the scanning of chaos field 613 is realized in memory with generating desired and relevant critical thinking Plan.This execution of rule will necessarily generate specific result.And the process of chaos complexity may cause still inconsistent generation As a result, and the logic complex process of RE 461 always causes identical deduction as a result, on condition that rule set is consistent.It is criticizing Property decision output 462 in, execute what both (RE) 461 obtained by comparing by perception observer's emulator (POE) 475 and rule Conclusion generates the final logic totally exported for determining CTMP.Being Critical decision 463 is final output, it is to affairs Opinion, it is intended to make it as objective as possible.Log 464 is used in no subjective opinion from input algorithm (MPG) The raw information of Being Critical decision is independently made in the case where influence or prejudice.It is from SPMA that raw sensed, which generates (RP2) 465, 526 receive the module of metadata log.Such log is parsed and forms the perception for indicating the perception of this algorithm.With Perception complex format (PCF) is emulated to store the perception by perception observer's emulator (POE) 475.The perception of application Angle 466 indicates the perception angle applied and utilized by SPMA 526.The instruction benefit of automatic sensing discovery mechanism (APDM) 467 With the module of creative module 18, which generates (according to the input provided by the perception angle 466 applied shape At) mixing perception, allow to increase the range of perception.Critical thinking 469 indicates the external shell of rule-based thinking Jurisdiction.This causes to show according to the rule that SPMA 526 is established very well but new correct rule derived from also showing inside CTMP Then 459 rule executes (RE) 461.

With reference to the self-criticism sex knowledge density 474 of Figure 70, incoming original log indicates technology known to SPMA 526 Knowledge.The module 474 estimation can report the range and type of the potential unknown knowledge that log can not obtain.In this way, CTMP is subsequent Critical thinking feature can use by the potential range of the directly known and unknown knowledge related to of system.Perception is seen The person's of examining emulator (POE) 475 generates the emulation of observer, and test/more all potential perception points emulate with observer This variation.Input is all potential perception points other than the data logging of enhancing.Output be this enhancing log according to Most preferably, the security decision that most related and most careful observer is obtained using the result that such merging of selected perception generates. With reference to implicit derivation (ID) 477, the angle for the perception data which may imply from the export of the perception angle 470 of current application Degree.With reference to covering correction movement 476, criticism is acted/asserted to generate final correction by perceiving observer's emulator (POE) 475.

Figure 71 shows the Dependence Structure of CTMP.Reference resources manage & and distribute (RMA) 479, and adjustable policy instruction is utilized To execute the perception amount of observer's emulation.The priority of selected perception is selected according to the weight of descending.Then the plan The slightly mode of instruction selection truncation, rather than select percentage, fixed number or more complicated algorithm.(SS) is searched for reference to storage 480, using from the criterion in the database lookup that CVF perceptually stores (PS) 478 derived from data enhancing log.At measurement Reason (MP) 489 makes the variable reverse-engineering from selected pattern matching algorithm (SPMA) 526 Investment Allocation at from such calculation ' seeking help ' perception of the intelligence of method.Perception deduction (PD) 490 is responded using Investment Allocation and its corresponding system metadata comes Replicate the raw sensed of Investment Allocation response.Output (CDO) 462 instruction of Being Critical decision is for determining finally patrolling for CTMP output Volume.With reference to meta data category module (MCM) 488, debugging and algorithm keeps track are divided into using the information classification based on traditional grammar Different classifications.Then the category can be used for tissue and generate different throwing relevant to market/taxation risk and chance Provide assignment response.Input system metadata 455 is separated into significant investment point by frame of reference separated from meta-data (SMS) 487 With causality.With reference to tucker logic 483, by all Investment Allocations and relevant market/tax risk, chance and it is each From response carry out compressive classification.All applicable main bodys of 481 rolling view of main body omniselector.Main body tucker 482 retrieval with The relevant appropriate investment risk of main body and distribution., other than its relevant weight, perception storage (PS) 478 is also using as its rope Comparable variable format (CVF) the storage perception drawn.This means that database is optimized to what reception was searched as input inquiry CVF, and result will be all kinds of perception.

With reference to Figure 72, implicit derivation (ID) 477 exports the perception data that may be implied from currently known perception angle Angle.With reference to self-criticism sex knowledge density (SCKD) 492, incoming original log indicates known knowledge.Module estimation can The range and type for the potential unknown knowledge that report log can not obtain.In this way, CTMP subsequent critical thinking feature can be with Using by the potential range of the directly known and unknown knowledge related to of system.In measurement combination 493, angle will be perceived Degree is divided into the classification of measurement.In measurement conversion 494, single metric reversion is returned into entire perception angle.In metric extension (ME) in 495, the measurement category of multiple and variation perception angle is stored in each database.With each individual degree The peak value knowledge of DB is measured to indicate the upper bound.Measurement is returned into perceptually angle in enhancing and abundant complexity and is utilized For critical thinking.In the case where having comparable variable format generator (CVFG) 491, information flow is changed to can Compare variable format (CVF).

Figure 73 shows the Dependence Structure of CTMP.In Being Critical rule range expander (CRSE) 458, known to utilization Perception carrys out the critical thinking range of extension rule collection.In perception matching 503, received by deriving (RSD) 504 from rule syntax Perception form transformable variable format (CVF).The CVF newly formed is utilized to similar index and stores in perception (PS) relevant perception is searched in 479.Potential matching is returned to rule syntax and generates (RSG) 505.(MR) is identified in memory In 501, chaos field 613 is formed by entering data to.Field scanning is executed to identify known concept.In memory identification index In 500, entire concept is individually optimized for the independent sector referred to as indexed.These indexes are used to and chaos by alphabetical scanner The interaction of field 613.Rule realizes that resolver (RFP) 498 receives the various pieces of the rule with identification label.Each part It is marked as having been found in the chaos field 613 by memory identification 501 or not be found.RFP logically deduces Sufficiently identify that rule executes deserved which of (RE) 461 whole rule (they all parts in chaos field 613 Combination).In rule syntax format separation (RSFS) 499, correct rule is separated and is organized by type.Thus everything, property Matter, condition and object are separately stacked.This enables the system to distinguish what part is found in chaos field 613, with And what has not found.It is derived in 504 in rule syntax, ' the black and white ' rule of logic is converted into the perception based on measurement. The complex arrangement of multiple rules is converted into multiple measurements via variable gradient to state single uniform perceptual.Rule syntax is raw The perception previously confirmed is received at (RSG) 505, these are perceived, and format stores and the internal metric for participating in perceiving is constituted to perceive. This measurement based on gradient of measurement is converted into binary system and logic rules collection, to emulate the input/output of raw sensed Information flow.Rule syntax format separation (RSFS) 499 correct Rule Expression meets the essence of the rule set of the reality of observed object The true form of expression.Correct rule is separated and is organized by type.Therefore all movement, property, condition and object are separately stacked. This enables a system to distinguish has found which part and which part are not found in chaos field 613.Internal logic 506 are deduced using logic theory, to avoid fallacy, many in perception will be accurately indicated with what kind of rule of deducing Measure gradient.In order to illustrate an example, this is just as using (radio frequency etc.) analog sine and converting thereof into digital stepping Equally.Total trend, position and the result is that identical.However, having converted analog signals into number.Measure contextual analysis Interconnected relationship in the perception of 507 assay measures.Certain measurements can rely on other measurements with different degrees of magnitude.This language Border is for supplementing mirror image interconnected relationship of the rule in ' number ' rule set format.508 pairs of each perception are analyzed in input/output (grey) or regular (black and white) outputs and inputs execution differential analysis.The target of the module, which is to ensure that, to be output and input As similar or identical as possible (from grey to black/white and vice versa) is kept after conversion.It is defeated that criterion calculates 509 calculating Enter the criterion and task of rule.This can be translated into ' motivation ' of rule set behind.Code fo practice has reason, this can be with Understood by implicit or specific definition.Therefore, the implicit reason of ' number ' rule is had been carried out why by calculating, equally The reason of can be used to the composition for proving to measure in the perception for seeking identical input/output capabilities.Rule forms analysis 510 Analyze rule main assembly/composition and they each other how reciprocation.For supplementing the mirror image in ' simulation ' perception Interconnecting relation.In the case where converting (RSFC) 511 with rule syntax format, is classified to rule and separated, to meet The grammer of rule syntax format (RSF) 538.

Figure 74 shows the final logic for handling the intelligent information in CTMP.Final logic, which receives, comes from intuition/perception Believe with both thinking/logical schema the intelligent of (respectively perceive observer's emulator (POE) 475 and rule executes (RE) 461) Breath.In direct decision comparison (DDC) 512, two kinds of decisions from intuition and thinking are compared, it is further to check Verifying.Crucial difference is that there are no more first-metadata, because if they are agreed unanimously anyway, then being interpreted as What is extra.Terminal output control (TOC) 513 is for determining that the CTMP between mode intuition 514 and thinking 515 is exported Last logic.Intuitive decision making 514 is via one in two major parts using the CTMP for perceiving participation critical thinking It is a.Referring to perception observer's emulator (POE) 475.Thinking decision 515 is via the CTMP for participating in critical thinking using rule Two major parts in another.(RE) 461 is executed referring to rule.Perception 516 is according to defined in internal form 518 Format syntax is from the received data of intuitive decision making 158.Implementation rule 517 is from the received data of thinking decision 515, this is to come from Rule executes the set of applicable (achievable) rule set of (RE) 461.According to the format defined in internal form 518 Grammer transmits such data.By using internal form 518, meta data category module (MCM) 488 can identify the two The grammer of input, because they are according to known to using inside CTMP and consistent standardized format.

Figure 75 shows intuition/perception and thinking/logic two of the assimilation to the single terminal output for representing entire CTMP Main input.Being Critical decision+member-metadata 521 is according to the grammer transmission perception 516 or real limited in internal form 518 The digital carrier of existing rule 517.

Figure 76 shows the range of the intelligent thinking occurred in original selection pattern matching algorithm (SPMA) 526.Input becomes Amount 524 is the initial financial/tax allocation variable for considering reason and rule process.CTMP intends to criticize them, and becomes artificial The second opinion of intelligence.Variable input 525 receives the input variable for defining security decision.These variables provide for CTMP distinguishes assorted It is the criterion of reasonable correction movement.If there are addition, subtraction or variation, variations appropriate to be reflected in for variable As a result in the correction movement obtained.The common-denominator target of CTMP is to distinguish entangling for variation that is correct and accurately reflecting in input variable Correct, the crucial variation of direct action.With selected pattern matching algorithm (SPMA) 526, selected pattern match is calculated Method attempts to distinguish optimal movement according to the criterion of own.As a result the output form 527 obtained is SPMA526 using just The result that beginning input variable 168 generates.The rule as derived from 526 decision of SPMA is considered as ' current rule ', but is not necessarily " correct rule ".As attribute merges 528 according to the log information provided by SPMA 526, reason processing 456 is according to SPMA 526 continue current knowledge.

Figure 77 is shown for the juxtaposed routine SPMA of critical thinking executed via perception and rule by CTMP.Have In the case where misunderstanding movement 531, selected pattern matching algorithm (SPMA) 526 can not provide the correction movement of entirely accurate.This is Because there is no some basic bases checked to assume in the initial program or data of SPMA 526.In this example, using 3D Dimension/vector that object is not accounted for as input variable with correctly appropriate action specification SPMA 526.It is suitable having In the case where action 532, critical thinking considers to be omitted the third dimension as the vector checked by SPMA 526.The third dimension Degree is considered by critical thinking 469, because all additional perception angle inspections are all performed.With reference to correct rule 533, Being Critical rule range expander (CRSE), which passes through using the perception angle (i.e. third dimension) not considered previously, to be extended The understanding range of rule set.With reference to current regular 534, rule derived from current correct action decision institute is reflected to SPMA 526 Understanding or its shortage (compared with correct rule).Input rule be derived from the selected pattern matching algorithm (SPMA) 526, The algorithm description understands range by the default that SPMA is provided.This illustrate SPMA526 only understand financial allocation plane it is general Two dimensions in thought.

Figure 78 shows how to generate correct rule compared with having been omitted from the conventional current rule 534 of heightened awareness and/or variable Then 533.In the case where parsing (CFP) 535 with chaos field, by the format combination of log at referred to as chaos field 613 It is single can scanning element.Correct rule of the additional rule 536 to supplement and establish is generated from memory identification (MR) 501 533.With reference to perception rule 537, it will be considered as related and popular perception and be converted into logic rules.If perception (with Its raw sensed format) there is the metric relation for limiting many ' gray area ' many complexity, then ' black and white ' is patrolled Collecting rule includes such ' grey ' region by the n grade extension of complexity.It is effectively to deposit that rule syntax format 538, which is a kind of, Storage and query interface and the storage format that optimizes.

Description perception matching (PM) 503 module of Figure 79 and 80.About measure statistical 539, provided from perception storage (PS) 479 Statistical information.Fashion trend, internal metric relationship and measurement growth rate of this statistical definition measurement etc., some general statisticals Inquiry (such as overall measurement popularity sequence) is performed automatically and stores.Other more specifically inquire (measurement X and Y how phase Close) it is from 479 Real time request of PS.Metric relation keeps 540 metrology relation datas, so as to push it to system In one output.The parsing of mistake manages 541 is originated from the grammer and/or logic error of any each measurement.Individually measurement 542 makes every Individual measurement separates, because they are combined in the past in the individual unit as input perception 544.Input perceives 544 By the example combination for the perception that measure visual, smell, tactile and the sense of hearing form.Node comparison algorithm (NCA) 546 receive two or The node of multiple CVF is constituted.The magnitude degree of each node representation property of CVF.It is executed based on individual nodes similar Property compares, and calculates polymerization variance.This accurate comparison for ensuring effectively to calculate.(no matter it is specific for saving smaller square margin Point or aggregate weight) indicate closer to matching.Comparable variable format (CVF) 547 is the various structures for illustrating CVF At visual representation.Matching is submitted, because output 550 is the terminal output of perception matching (PM) 503.Node comparison algorithm (NCA) any node overlapping in 546 is left matching result, and therefore submits total result in the stage 550.

Figure 81-85 shows rule syntax derivation/generation.Raw sensed-intuitive thought (simulation) 551 is basis there The perception of ' simulation ' format analysis processing.Original rule-logical thinking (number) 552 is to handle rule according to number format there.With The relevant perception of analog format 553 of financial allocation decision is stored in the gradient on no rank smoothed curve.With financial allocation decision Relevant number format 554 original rule is stored as small to not having the rank of ' gray area '.It is original for data content Rule 555 is identical as correct rule 533.Unlike, original regular 555 by 499 turns of rule syntax format separation (RSFS) It is changed to the format of more dynamical, which allows via memory identification 501 and 613 cross reference of chaos field.It can recognize regular segment 556 be from via original regular 555 rule of 501 identification of memory identification.This instruction constitutes original correct regular 533 Each section of (such as movement, attribute, condition and object) is identified in chaos field 613, and is therefore suitable for potential Become the rule realized in logic.Safety covering decision 557 is to execute the final result that (RE) 461 is generated, the result by rule Allow to execute correction movement.Such correction movement is also directed to terminal output control (TOC) 513 by channel, is to close The subset of the bigger correct action logic executed in key decision output (CDO) 462.Unconsummated regular 558 be according to its logic It is interdependent and be not yet adequately identified in chaos field 613 rule set (according to rule realize resolver 498).Equally, according to The logic analyzed by CDO 462 is interdependent, and the rule 517 met is identified as in chaos field 613 sufficiently available.Third party Database solution 559 is management buffer area, cache, disk storage, thread management, memory management and other typical cases The hardware interface software of mechanical data library facility.Realize that debugger 560 attempts to find out the reason that rule is not implemented.It is chaotic Field 613 it is not abundant enough or be rule set be substantially be not inconsistent it is logical.If rule set be not inconsistent it is logical, can be with It is checked immediately in the accuracy of a certain degree.However, in order to establish the potential sparsity of chaos field 613, it is necessary to take more Secondary investigation, to avoid falling into the falsehood for executing scanty survey.

Figure 86-87 shows the work of rule syntax format separation (RSFS) 499 module.In the module, correct rule 502 It is to separate and organize by type.Therefore, everything, property, condition and object are all to separate to stack.This enables system Enough distinguish has found which part and which part are not found in chaos field 613.About movement 561, four kinds of rule Then the instruction of one of segment data type may have been carried out, will be performed, the movement of the activation etc. that is considered.About property 562, the instruction of one of four kinds of regular segment data types describes certain property like attribute of other some items, it is Work, condition or object.About condition 563, one of four kinds of regular segment data types indicate logical operation or operator (such as If x and y so z, if x or z so y etc.).About object 564, the instruction of one of four kinds of regular segment data types will be all Such as act 561 and the attribute of attribute 562 be applied to its target.In processing stage 565, the relationship export result collected so far is made It is submitted for output, and program then terminates.Processing stage 566 passes through one entry of regular segment iteration every time.Processing stage 567 Explain each personal relationship (such as movement 561, object 564 etc.) between record rule section.Therefore, each in the stage 565 Personal relationship is collected and prepares to export.Sequential scan 568 is ' [division] ' mark splits each unit of RSF 538. Main body and bur from RSF 538 are also separated and are parsed.Separation output 569 is each main body and inside subject relationship quilt The place that scanner is kept.When entire RSF 538 is sequentially scanned, them are sent immediately for exporting.Rule of detachment format 570 be the delivery mechanism to contain each regular segment (such as movement 561, object 564 etc.) from separation output 569.Point It uses from rule schemata 570 and is highlighted in two main points of information transmitting: first as from rule syntax lattice Formula separates the output (this is considered as remembering preceding cognitive phase) of (RSFS) 499 and identifies that (MR's) 501 is defeated as Self-memory is carried out (cognitive phase after memory) out.

Figure 88 shows the work that rule realizes resolver (RFP) 498.The module receives each of the rule with identification label A section.Each section is had been found or is not found labeled as in chaos field by memory identification (MR) 501.RFP 498 It logically deduces and has sufficiently identified that rule executes which deserved whole rule of (RE) 461 (i.e. in chaos field 613 It is all they part combination).Queue management (QM) 561 is using grammatical relation reconstruct (SRR) 497 module to be best suitable for logic The each individual part of sequence analysis.QM 561 access memory identification (MR) 501 as a result, so as to answer it is binary be/ No process problem simultaneously takes movement appropriate.QM checks each regular segment stage by stage, if lacking single section in chaos field 613 And there is no relationship appropriate with other sections, be then denoted as being not implemented by rule set.If by all examination phase, rule Collection is flagged as realization 522.The QM stage 571 checks whether discovery regular segment ' the object C ' in chaos field 613.The QM stage 572 Check next suitable section whether to it is original ' object C ' is related, at the same according to memory identification (MR) 501 also in chaos field 613 In it has also been found that regular segment ' object C '.Same logic is separately applied to the QM stage 573 and 574 for condition B and movement A. These segment tables show a part of (A, B, C etc.) not instead of program kernel logic, refer to expected and typically used as showing Consistent example.The rule set 575 for receiving Perfect Reconstruction needs the rule set that meets of queue management 576 to export, it is assumed that discovery rule Then collection is achievable, and the association of regular segment is provided by syntactic relation reconstruct (SRR) module 497.

The realization debugger 560 for the reason of Figure 89-90 display attempts to find out not implementation rule.It is chaotic field 613 It is not abundant enough or be rule set be substantially be not inconsistent it is logical.If rule set be not inconsistent it is logical, can be in a certain journey It is checked immediately in the accuracy of degree.However, in order to establish the potential sparsity of chaos field 613, it is necessary to multiple investigation is taken, with Just it avoids falling into the falsehood for executing scanty survey.The sparse sex investigation 577 of field specially checks that chaos field 613 is abundant enough Still it is not enough to the variable composition of triggering rule set.Scanning 578 checks dependency rule component depositing inside chaos field 613 ?.Investigation DB 579 stores investigation result for referring in the recent period.If investigation DB 579 has been saturated/has filled full, the inspection of condition 580 It looks into.This means that any possible scanning to Rule section has all executed, although scanning can generate positive or negative result. If having been carried out all possible scanning, conclusion 581 is implicit: the sparsity in entire chaos field 613 It is why rule set to be classified as unconsummated reason.If executing all possible scanning not yet, conclusion 582 is Implicit: investigation is more sectors that are incomplete and needing to scan chaos field 613, reliably to judge chaos field Whether 613 sparsities are that rule becomes the reason of not being implemented.It whether there is in 583 inspection rule set of logic impossibility test Inherent impossible logic is interdependent, this is that it becomes to be classified as unconsummated reason.For example, object 584 ' bachelor ' by It distributes property 585 ' married ', which results in inherent contradictions.Test 583 has determined the dictionary definition of item 584 and 585.It is internal Rule compliance inspection 588 will check whether all properties are consistent and related to its object counterpart.In RSF538 format ' bachelor ' 584 contributes the part definition of object 586 ' man ', and " married " 585 defines (being also at 538 format of RSF) contribution ' two people of object 587 ' part definition.Checking 588 conclusion is, potentially includes object 587 ' two with regard to object 586 ' man ' It is personal ' for, it is compatible that two, which define 586 and 587,.During rule correlations conversion 589, fair item is converted to hold Row is relatively tested.Understand that second definition is (' married in the background that such conversion allows to define (' bachelor ') at first Person ').To draw a conclusion 591, the rule comprising in one contradiction, i.e., same people currently gets married 590 and not to be had currently simultaneously There is marriage 592.

Figure 91 shows rule and executes (RE) 461；Execution be confirmed to be it is existing and according to memory to chaos field 613 It scans and realizes regular to generate desired and relevant critical thinking decision.There are chessboard plane, be used to track The conversion of rule set.Object on the disk indicates the complexity of any given unsafe condition, and these objects are across ' safe chessboard ' Movement indicate by safety regulation collection response come the evolution of the unsafe condition managed.Stage 1 593,538 information of RSF limit Determine the initial initial position of all related objects in chessboard plane, therefore defines the beginning of dynamic cascading unsafe condition.This Symbolically it is used to illustrate to handle the logic ' position ' of the rule of dynamic security policy.Stage 2 594 and stage 6 598 indicate Object conversion, the safety regulation which is applying modify the location and range of certain unsafe conditions.Example Such as, conversion of the object in the stage 2 and 6 can indicate encryption Being Critical file.Stage 3 595 illustrates object on chessboard It is mobile, the practical movement of this external position that can correspond to show up as the sensitive document of a part of security response strategy.Stage 4 596 and the stage 5597 show two object mergings into the process of common third object.One sample application of the rule is It is combined to promote two independences of efficient and safety management the transmitting of information and isolated local area network.It is executed completing rule (RE) 461 when, the result of correct rule 533 and current rule 534 is different.This illustrates the Being Critical think ofs that CTMP has been executed Dimension advantage, rather than the less crucial result generated from selected pattern matching algorithm (SPMA) 526.All shape, face Color and position all symbolically indicate secure variant, incidence and response (because explaining that simple rather than actual safety is right As).SPMA has generated the final shape position different from CTMP, and for pentagonal similar but different colour-difference Different (orange and yellow).This is because complicated conditional statement (all treated rule set of all input journals is constituted) and go out Existing.It is similarly to the sportsman's variable (height, power) such as how changed and starts game of billiards, sportsman's variable (body of the variation Height, power etc.) entirely different result ball position can be caused.Purple square is also converted to cube by CTMP, symbolically The ability of size and perception that its consideration SPMA 526 of expression (throughout the description of CTMP) or the even mankind never it is expected or consider. Final safety covering decision 599 is executed according to correct regular 533.

Figure 92 and 93 declaration order memory organizations, are a kind of information storage means of optimization, it read and write it is all Higher efficiency is provided in terms of " chain " of such as alphabet order information.In memory access point 600, in node 601 (block) Direct accessibility of each width means observer to the object (node) remembered.By the sequential memory order of alphabet In, ' A ' is most addressable memory point, because it is first node of sequence.Letter e, H and L are also easier to directly access, Because they are " leaders " of the subsequence ' EFG ', ' HIJK ' and ' LMNOP ' of themselves.In the range of accessibility 602 Interior each letter indicates its direct memory access point to observer.Larger range of accessibility indicates each sequential node There are more accessibility points, and vice versa.More multisequencing is only quoted ' in order ' rather than from any random selection Node in quote), the range of accessibility is narrower (relative to sequence size.This allows to be carried out according to the magnitude of succession More effective memory recall.In the case where having nested sub-sequence layers 603, the sequence for showing strong inhomogeneities is by one The lesser subsequence composition of series interconnection.Alphabet is the height instruction of this behavior, because each subsequence ' ABCD ', ' EFG ', ' HIJK ', ' LMNOP ' are all to be all individually present as a memory sequences, but they interconnect and form entire letter Table.If there is accessing once in a while or frequently for certain nodes to chief series, then such memory storage and reference may It can be more effective.This way it is possible to avoid being scanned since entire sequence, to obtain the efficiency of time and resource.It is similarly to According to the books that chapters and sections scan, rather than book is scanned from first page in search every time.In extremely non-uniform 605 range, deposit In the inconsistent access point for spreading all nodes.This means that it is made of a large amount of nested subsequence, they are mutual as chain Even.Extremely non-uniform sequence means that it is medium sequence, but should have multiple memory access points (nested subsequence Layer).Extremely uneven 605 example is alphabet, it be variation be difficult recite, this depend on since which letter.? In the case where with extremely uniform 607 range, throughout all nodes, there are consistent access points.This means that it is not by as chain The nested subsequence composition equally interconnected.Extremely uniform sequence means it or is extremely continuous (throughout node Almost without consistent access point) or be extremely discontinuous (throughout the consistent big access point of node).Extremely uniform 607 Example is the set of fruit, and when reciting them almost without sequence that is any specified or emphasizing, also there is no any interconnection Subsequence.Medium homogeneity range 606 has initial big accessed node, it means that starts to recite content from the beginning to be most effective 's.However, furthermore to the effect that linear, there is no nested sub-sequence layers for this instruction, and there are unusual big sequences. Medium non-homogeneous 604 range less deviates linear too many and therefore spreads consistent access point.There is more delicate and limit in this instruction Fixed less nested sub-sequence layers, and meet consistent and reversible set simultaneously.Show the letter of medium non-homogeneous 604 behavior The example of breath can be the catalogue for automaker.In the presence of the classification that can be limited, such as sport car, merge power car and SUV, but strong prejudice is not present in the list that just how should be recited or remember, because potential client may be still to compare SUV and sport car, it is specified in spite of separated classification.

Figure 94 shows non-sequential memory organization, handles the information storage of non-sequential continuous item.The fruit set the case where Under, there is no the sequences for the Height assignment that should read them, and opposite alphabet correspond to this how to read information have it is strong suitable Order sequence.Memory organization 608 shows the accessed node uniform always for all fruit, indicates non-sequential tissue.In 608 Tissue illustrate invertibity is how to indicate non-sequential arrangement and uniform range.In this case, it indicates the note of fruit It is non-sequential for recalling, as indicated by the relatively wide access point of each node.It is same equal when the order of fruit is shuffled There is also the sequence of this instruction fruit is reversible even property.On the contrary, the sequential series as alphabet are more difficult to upside down back It reads aloud, rather than routine is recited.Common fruit list does not show this phenomenon, and ratio is quoted in this instruction except sequence list It is more frequent in sequence list.In core subject and association 609, since succession being not present in the fruit list, together A series of fruit are repeated, but have different cores (center object).The main theme of kernel representation, remaining fruit serve as it Memory neighbours can more easily be accessed relative to the core subject if there is no defined by by remembering neighbours.In strong neighbour It occupies in 610A, although apple is a kind of common fruit, due to the overlapping in spelling, it is more general than other with the strong tie of pineapple Water flowing fruit is stronger.Therefore, pineapple is considered as memory more towards association.In weak neighbours 610B, because pineapple is Tropical fruit (tree), thus it with orange and banana (common fruit) be associated with it is less.Pineapple more likely because the torrid zone overlapping and by Refer to be mango.Figure point 612 illustrates how the extremely weak sequence of fruit series leads to upper extremely strong uniformity in the access of node 601.

Figure 95-97 shows memory identification (MR) 501, executes the scanning of chaos field 613 there to identify known concept.It is mixed Ignorant field 613 is ' field ' for the concept being arbitrarily immersed in ' white noise ' information.Make CTMP system on the basis of spontaneous Know this point, and it is considered as " in the natural environment " and unpredictable.The purpose of memory identification is effectively to scan Field is to identify known concept.In the case where having memory concept to retain 614, stores recognizable concept and it is ready to It is indexed and reference field inspection.The simplification example that the diagram has used vegetables title to spell, to facilitate the easy reason to system Solution.However, the example is used as the analogy of much increasingly complex scene.For actual life example of security, this can be with Including identifying and distinguishing between citizen and army personnel in camera feed.For network security example, this may include known to identification With the Troy of memory, back door and detect them in many safe white noises (log).3 alphabetical scanner 615 the case where Under, it scans the chaos field 613 and checks 3 that correspond to target alphabetical sections.For example, ' PLANT ' is target, and scanner It is incrementally moved along field with each 3 characters.With the advance each time of scanner, section ' PLA ', ' LAN ' and ' ANT ' section It will be examined, because they are the subsets of word ' PLANT '.Nevertheless, word ' LAN ' and ' ANT ' are by chance to be also mesh Target independence word.Therefore, when finding one in these three alphabetical sections in field, it, which can imply that, is had been found The target complete of ' LAN ' or ' ANT ', or the subset of ' PLANT ' may have been found.Same concept is also applied for 5 words Female scanner 616, but be specifically entire word ' PLANT ' throughout the section that is each preceding and then checking of entire field.Such as The target of ' LAN ' and ' ANT ' etc is omitted, because at least needing 5 alphabetical targets using 5 alphabetical scanners.To chaos word Section 613 is segmented, so that (3,5 or more letter scanning) is scanned in varing proportions, because this ratio provides Different grades of scan efficiency and effect.With the diminution (quantity of smaller letter) of scanning range, accuracy increase (and Vice versa).As the field field of scanner increases, biggish letter scanner more efficient, cost when executing identification It is accuracy (how small this have depending on target).In memory conceptual index (MCI) 500, what the stage 617 left in response to them Not processed memory concept and the size (3,5 or more) for alternately changing scanner.MCI 500 is with maximum available scanner Start and be gradually reduced in the stage 617, allows to find more computing resources to check the latent of smaller memory concept target Exist.Stage 618 recycles available memory concept so that they index (be suitble to suitable length (such as 3 or 5) compared with Small section) it can be exported in the 620th stage.If conceptual index keeps there is not yet memory concept in 624, the stage 619 will It is created according to the Logistics Process of movement.Then the derived index of institute is assigned to holding 624 from the stage 620 by 621 stage of stage. When the whole circle of the programming of MCI 500 continues, if MCI is finished untreated alphabetical scanner, it will reach and pitches, If it is sky that there, which keeps 624, empty (null) result 622 is submitted, or non-empty is retained 624 and is submitted as modularization Output 623.The range of the section of chaos field 613 is differed from number 625 to 628.Section 625 and 626 indicates to be scanned by 5 letters The scanning that device executes, and section 627 and 628 indicates 3 letter scannings.Scanning 625 has when checking target ' TOMATO ' of 6 letters There are 5 pitches.Two 5 alphabetical sections match at ' TOMAT ' and ' OMATO ', they had previously been indexed at MCI 500 It crosses.Each of these both correspond to 5 letter matchings in 6 alphabetic words, this further corresponds to 83%.This score/ Percentage is cumulatively added in favor of with 167% memory concept 637, therefore successfully has found concept in chaos field 613 ‘TOMATO'.Scanning 626 with ' EGGPLANT ' memory concept targets, the important section of two of them be ' GGPLA ' and ‘PLANT'.Although a possibility that ' GGPLA ' refers exclusively to the real matching of ' EGGPLANT ', and section " PLANT " introduces wrong report, because For ' PLANT ' in memory concept target and an inherently memory concept target.For ' PLANT ' is identified as depositing It is in chaos field 613, and ' EGGPLANT ' is the system of unique really identifiable memory concept in field, will be classified For wrong report.However, the programming of the system can be avoided the case scene of wrong report, because of 63% matching of ' GGPLA ' contribution. ' PLANT ' in the context of ' EGGPLANT ' also contributes 63%, and ' PLANT ' tribute in the context of target ' PLANT ' Offer 100%.When matching aggregation addition, the polymerization score of 125% (63%+63%) 638 of target ' EGGPLANT ' reception, and mesh Mark ' PLANT ' obtains 100%639.Therefore scanner successfully maintains the correct explanation to chaos field 613.Scanning 627 Width is 3 letters, and identifies section ' TOM ', this causes 50% polymerization to match 640.This is deposited with the field of scanning 625 Target it is identical, but due to the difference (3 rather than 5) in sweep length, find weaker confidence level (50% with 167%) matching.Therefore, the design of MCI 500 includes multiple sweep length layers, to spend it in accuracy and computing resource Between reach correct balance.Scanning 628 also merges 3 alphabetical width, this time there are two potential wrong report tangents 636. Although the actual concept in field is ' CARROT ', concept ' CAR ' and ' ROT ' are considered being present in field and they Oneself is present in field.Scanner must distinguish the correct concept which is in chaos field 613 now.It will utilize The subsequent scanography this point nearby carried out on letter.Finally, this concept identification is ' CARROT ' and not by scanner It is ' CAR ' or ' ROT ', this is because the further evidence of other positioning indexes.The 100% of ' CAR ' 641 it is compound matching and 200% combinations matches of ' CARROT ' 642 have all been defeated by both compound matchings of the 100% of ' ROT ' 643.

Figure 98-99 shows field interpretation logic (FIL) 644 and 645, they are operated for being managed using result appropriate The logistics of the scanner of different in width.General range scanning 629 is started with big letter scanning.Such scanning can be with The less large-scale field of resource detailed survey, cost are small scale accuracys.Therefore, lesser alphabetical scanner is delegated to more Specific field range, to improve accuracy when needed.It is swept when significant region is positioned using specific range 630 are retouched, and is needed by ' amplification '.General correlation is that field range of the selection for scanning is smaller, the type of scanner With regard to smaller (letter is fewer).This ensures not executing expensive accurate scanning in redundancy and unbending position.The section of FIL 645 guard logistics to scanner as the result is shown.If specific scanner receives the volume of memory concept in chaos field 613 Outer identification, then this indication field range 631 (613 sections) contains the intensive saturation of memory concept, and is worth use smaller Width scan on the particular range " amplification ".Therefore, the 5 alphabetical scanners that field range is 30%632 will be with 10% The 633 alphabetical scanner of field range activation 3, the field range are considered as " increased ' additional ' identification ' 634 depending on they Depending on the initial results of return.' additional ' expression identification in 634 is to the supplement tentatively identified executed in FIL section 644.

Figure 100-101 shows automatic sensing discovery mechanism (APDM) 467.Although observer 646 represents number or the mankind see The person of examining, but same object can be perceived via multiple perception.Observable object is used to illustrate potential network security case Scene.The limited range for perceiving the information that angle A 647 is generated about the Observable object, because it is the wash with watercolours in two dimensions Dye.It perceives angle B 648 and generates more informed range, because it includes third dimension.Perceive the result pair of angle C 649 In our limited thinking abilities be unknown because creative mixed process creativeness 18 is just by modern parallel processing capability institute It utilizes.Critical thinking algorithm has and generates more by mixing the measurement of angle A and B and therefore forming new iteration 653 The potentiality of more sensible forms, more sensible forms may the understanding sense of hearing beyond the mankind or iteration complexity+efficiency and CPU Exponential relationship (not being the flation) between time and ability.Perception angle 650 is by a variety of measure definitions, including but not It is limited to range, type, intensity and consistency 651.These be likely to become it is more more complicated than examples presented above in range, therefore There may be the change perceiveds of many complexity generated by creative module.Perception weight 652 is defined by perceiving observer There is great relative effect to perception when emulator (POE) 475 emulates.The meeting when limiting the weight of new iteration perception 653 Consider the weight of the two input perception.The new iteration perception 653 includes the hybrid metric by previous generation sensation influence: A+B. Such new perception angle may be potentially security software and provide a fruitful new advantageous point to detect secret Vulnerability exploit.Via the combination of test/mistake and intelligent selection, select the perception of several generations for mixing.If perception is (especially The perception of new iteration) in terms of the insight that safety problem is provided it is proved to be useless, then it can in use not Give and emphasize again, but it seldom be deleted because it is never fully known it whether will provide useful insight.Cause This, the tradeoff between computer capacity resource and safe and intelligent is to want hands-on.

Figure 102 shows raw sensed and generates (RP2) 465, is to receive member from selected pattern matching algorithm (SPMA) 526 The module of data logging.Such log is parsed and forms the perception for indicating the perception of this algorithm.To perceive complexity Format (PCF) is emulated to store the perception by perception observer's emulator (POE).System metadata separates (SMS) 487 provide output of the security response/variable to 654, it establishes safe causality, because of correction appropriate movement and touching Hair variable (main body, position, behavioural analysis etc.) is coupled.The comparable non-patterned item 655 of variable format 547 To indicate.All kinds of perception that each of these perception set all change have for forming the specific of CVF 547 and adding Power influences.

Figure 103 shows the logic flow of comparable variable format generator (CVFG) 491.Input for CVFG is data batch Amount 658, is the arbitrary collection for indicating the data that must be made of to indicate the node of CVF547 generated.Stage 659 is logical Each of each unit defined by batch data 658 is crossed to execute sequential advancement.Data cell is turned at the stage 660 It changes node format into, has and the identical informational content as referenced by final CVF 547.Node is the structure block of CVF, and And allow to execute other CVF efficient and accurate comparative assessment.CVF be similar to irreversible MD5 hash and, but it have than Compared with the characteristic (node) of optimization.Then, when the stage 665 check these nodes there are when, these conversion after node it is temporary Node is stored in keep in 661.If not finding them, them are created in the stage 662, and in the stage 663 with such as sending out Raw rate and the statistical information used update them.In the stage 664, all nodes with holding 661 are assembled and as module Changing output push is CVF547.If after generator operation, keeping 661 as sky, then returning to zero result 618.

In Figure 104, two nodes that node comparison algorithm (NCA) 667 is just relatively being read from original CVF 547 are constituted 666 and 668.The magnitude degree of each node representation property of CVF.Similarity system design is executed based on individual nodes, And calculate polymerization variance.This accurate comparison for ensuring effectively to calculate.Smaller square margin (no matter it be specific for node or Aggregate weight) indicate closer to matching.In the presence of the two kinds of comparison patterns that can occur: partial match pattern (PMM) and entirety Match pattern (WMM).For PMM, if there are an active nodes in a CVF, and do not have in it is more candidate It was found that its (node is latent), then this is than less likely paying for.Mode applicability example: compare when A and forest A will be set Compared with when, tree A will find in forest A its existing hithermost matching and set B.For WMM, if there are one in a CVF A active node, and its (node is latent) is not found in it is more candidate, then this, which compares, to pay for.Mode Applicability example: when that will set A and be compared with forest A, will not find to match because tree A and forest A be it is direct relatively , and have very big variation in terms of being overlapped with structural similarity.

Figure 105 to 106 shows system metadata separation (SMS) 487, and input system metadata 484 is separated into intentionally The safe causality of justice.When exporting from MCM 488, the programming element of log is individually retrieved at the stage 672.In the stage At 673, the more detailed of relationship between security response and secure variant (security log) is obtained using each classification from MCM Combination, such 674 assimilation of classification is then made in the stage 669,670 and 671.In the feelings with three dimension scanning/assimilation 669 Under condition, using the classification container of pre-production and from the original analysis of categorization module, unsafe condition is extracted from system metadata Main body/suspect.Main body is used as exporting security response/variable relation Primary Reference point.The range of main body can be from people, meter Calculation machine, executable code segment, network or even enterprise.This resolved main body 682 is stored in main body storage device 679 In.Scanned with risk/assimilate 670 in the case where, using the classification container of pre-production and from the original of categorization module The risk factors of unsafe condition are extracted in analysis from system metadata.Risk and the target subject for showing or being exposed to such risk It is associated.Risk can be defined as potential attack point, attack types of failing etc..Such risk is stored in and they are in master In the associated risk storage device 680 of relative subject at body index 683.In the case where having response scanning/assimilation 671, Using the classification container of pre-production and from the original analysis of categorization module, extracts from system metadata and obtained by input algorithm Unsafe condition response.The response with it is said that deserved such security principal responded is associated.The range of response can be from Approval/prevention/mark/is isolated/obscures/signal imitation/punishment etc..Such response is stored in and they are in main body index 683 In the associated response storage device 681 of the relative subject at place.Then, the information of this storage is by tucker logic (PL) 483 All security principals and relevant risk and response are carried out compressive classification by reason, the tucker logic 483.

Figure 107 to 108 shows meta data category module (MCM) 488.In format separation 688, according to recognizable format Rule and grammer are separated and are classified to metadata.Such metadata must be assembled according to identifiable format, no Then metadata will be rejected processing.Native format rule and grammer 689 include the member for enabling MCM module to identify preformatting The definition of data flow.Due to the correlation and existence in metadata, locally mean ' format ' previously selected.Debugging tracking 485 are to provide used variable, function, method and type and its their own output and input types of variables/content Code level tracking.It provides total function call chain (function for calling other functions).Algorithm keeps track 486 is a software levels tracking, It, which is provided, analyzes the secure data combined with algorithm.There is provided resulting security decision (approval/prevention) together with its how The tracking (reasonable ground) for reaching the decision and each factor are to the appropriate weight for making the security decision role. At the stage 686, this algorithm keeps track 486 leads to each of these security decision reasonable grounds of the searching loop of MCM Mode.Such reasonable ground define how and why with computer log grammer make certain security response (without It is directly to be write by the mankind).It can recognize that format 687 is the predetermined and standardized syntax format compatible with CMTP.Therefore, if Format statement from input system metadata 484 then returns to 618 modularization, zero result 618 without being identified.SPMA's 526 Programmer is obligated to encode metadata 484 with the identifiable standardized format of CTMP.This kind of format is not needed by CTMP institute specially Have and monopolizes, JSON and XML etc..Variable retain 684 be there processing variable by by classification keep 674 so that it Can be used as final and unified output and meanwhile submit 685.Stage 675 is as debugging tracking 485 and algorithm keeps track 486 It inputs between two Main Branches of information and is compared inspection.There is reasonable ground in code level in such relatively tracking, with Why more fully understand will appear such safe reasonable ground, and whether be worth the output as MCM.The step for be It is preventative, to ensure that the reasoning of each safe reasonable ground and decision behind can be by fine geographical even in code level Solution, thus the further potential criticism of verifying CTMP as a whole.Checked at the stage 676 similar risk evidence with In the confirmation using debugging tracking data.At the stage 677, metadata is checked for any function of being called by SPMA, and And hereafter check these applicable functions, to check whether according to the function use standardized to limit them that can recognize format 687 Way and the reasonable ground used.

Figure 109 shows measurement processing (MP) 489, makes that selected pattern matching algorithm (SPMA) 526 security response will be come from Variable reverse-engineering at from such algorithm intelligence ' relief ' perception.Security response X 690 expression facilitate by The series of factors of the resulting security response (i.e. approval/prevention/is obscured) of SPMA selection.Each of each shape All indicate the security response from selected pattern matching algorithm (SPMA).Initial weight is determined by SPMA, therefore its intelligence It is utilized.Then a large amount of to quote such decision to Sensing model.Perception infers that (PD) 490 uses a part of security response And its corresponding system metadata replicates the raw sensed of security response.The perception of dimension series 699 explains that display PD will be shown Show how PD uses the security response of SPMA, and is associated with relevant input system metadata 484 to re-create initially by SPMA The gamut of the intelligence ' number perception ' used.This makes CTMP have deep understanding to input algorithm, and then can weigh With the intelligence with cross reference polyalgorithm and variable algorithms, therefore realize an important milestone of artificial intelligence.It is such Shape is the complex rule implemented by SPMA, the symbol of behavior and correlation.Shape filling 697, stacking amount 698 and dimension 699 It is the number perception for capturing intelligent algorithm " visual angle ".699 type of dimension of perception indicates 3D shape, it can be for language Say that the symbol of learning algorithm indicates, which interprets the Internal e-mail of employee of company, and attempts to detect and/or predict company The security breaches of sensitive information.Although dimension type may be that (change 694C is the single intelligent algorithm with minor change It is circular, and 695C/696C is rectangle, indicates the nuance in intelligent algorithm), but there may be may not in face amount It can show the multiple initial safes made via such algorithm response.Seem it and 692A ratio at face amount 694A 696A has more something in commons.In spite of this anti-intuition, but 692A is the algorithm shape by being totally different from dimension 699 Security response performed by filling 697.Although perception 695C and 696C be it is identical, their security response correspond to 695A with 696A has fine distinction.Security response 695A is darker and indicates the dimension perception from side 695B, and 696A has been indicated Exactly the same perception, although coming from front 696B.These Discrepancy Descriptions are to different security threats/suspicious difference made a response How security response is found to be identical intelligent algorithm by reverse-engineering.All three example (its that dimension 699 perceives In two be identical) be combined into hereafter in CTMP perceptually angle B 702 by the individual unit of internal reference.Root The influence of the perception angle in CTMP is calculated according to the initial weight for influencing used security response 694A, 695A and 696A Weight.With stacking amount perception 698, third dimension depth is not received by dimension 699, it is found that safety is rung 693A is answered to become a part of one group of multiple amount.This, which can be, constructs security profile on new company employee to avoid external penetration Profiled algorithm symbol indicate.Although CTMP initially only receives the individual security profile for being expressed as security response 693A, It is actually the set for being referred to as the mutual reference profile of perception stacking amount 698 (after MP 489 executes reverse-engineering) A part.Such perception can be used as perception angle A 701 and quote in CTMP, for security response 691A and 692A, to MP 489 provides the security response 701 that endless shape is expressed as on symbol.PD 490 is sent out using input system metadata Now the intelligent algorithm of security response origin is look for being not present for expected secure variant.For example, this may be a kind of note It anticipates to there is no rule/anticipatory behaviors, rather than notices a kind of algorithm there are suspicious actions.This may be one not by The employee of company signed on Email according to his common mode.This might mean that the sudden change of habit or the employee Electronic mail account be accustomed to not yet the malicious act person to sign on Email as real employee damage Instruction.The algorithm is digital perceived shape filling 697 by reverse-engineering, can be with appropriate weighing factor Perceptually angle C 700 is referred in CTMP.

Figure 110 and 111 shows the interior design of perception deduction (PD) 490, is mainly used by measurement processing (MP) 489. It is forwarded to security response X as input in reasonable ground/reasoning and calculation 704.The module, which passes through to utilize such as to be stored in, is intended to DB Input/output in 705 simplifies the intention supply of (IOR) module 706 to determine the reasonable ground of the security response of SPMA.In this way Module I OR explanation function input/output relationship, to determine the reasonable ground and intention of the purpose of function.IOR module uses The separation for the various funcalls listed in metadata is output and input.Such separated from meta-data is by meta data category module (MCM) it 488 executes, wherein output classification is to gather 672 and 674 appearance.In JRC 704, for the peace for being provided as input 690 Total regression is stored in the function being intended in DB 705 intention to check.If function is intended to confirm the security decision of SPMA, will They are submitted as effective reasonable ground to measurement conversion JMC 703.In JMC module, the security response being verified is just When reason is converted into the measurement of the characteristic of restriction perception.Measurement is similar to the feeling of the mankind, and security response reasonable ground Indicate the reasonable ground using this feeling.When people passes through road, their feeling (or measurement) quilts for vision and sound Promoted, and they to smell and tactile feel to be at it is latent.The feeling set and their own intensity magnitude Indicate the perception of ' going across the road '.To the reasonable ground of the analogy will ' road vehicle can be danger, and you can see To and hear them '.Therefore, it is reasonable for proving that perception is constituted from rationality, and forms example perception angle C 543.I/O (input/output) relationship is defined as the single set that the function of the offer of function in this way is inputted and accordingly exported.IOR 706 first check for the I/O relationship and function ' intention ' that whether have analyzed function by reference to internal database in the past.If Information is had found in the database, then the supplement of current I/O data is used as at the stage 708.Then check supplement (such as If fruit is applicable in) I/O data whether enough saturation the analysis level significant enough at the stage 714 can be reached.It should Quantity is with technical term quantization and floor level is limited by pre-existing CTMP strategy.If there is no be used to analyze Enough I/O information content, then cancel specific functional analysis at the stage 711 and IOR module 706 proceeds to next can be used Function.When I/O relationship is to be sufficient to the information content of analysis, classified according to similitude 709 to I/O relationship.For example, It was found that a kind of currency conversion is another currency (i.e. USD to EUR) by a kind of I/O relationship, and find another kind I/O relationship by one Kind of unit of weight is converted to another unit of weight (i.e. pound to kilogram).Both I/O relationships are due to triggering concept and classification rope Draw associated and is categorized as belonging to data conversion.For example, such index can quote USD, EUR and pound, kilogram carry out logarithm It is referred to according to transform class.Therefore, once finding these units in I/O relationship, IOR 706 can be correctly to them Classify.Therefore, it is currency and unit conversion functions that the intention of the function is under a cloud.To all available I/O relationships into Row classification when, these classifications sort the quantity for the I/O relationship weight for including at the stage 710 according to them, wherein most by The appearance first welcome.At the stage 715, if the classification of I/O data can confidence the intention of display function mode, They can be checked.This is to be input to performed by audit function the consistency of output conversion to complete.If Some information category is lasting and distinguishing (to be such as a classification for currency conversion and be second class by Conversion of measurement unit Not), then these classifications become describing ' intention ' of function.Therefore, which will be described as having conversion currency and unit Intention.The function is reduced to its expected purpose by IOR 706, this is with important safety analysis meaning, because of CTMP Can be with the actual purpose of function present in Validation Code, and any damage can be had resulted in the execution via this category code Malicious act is intelligently scanned before.If IOR 706 with the confidence of abundant degree to ' intention ' have it is well understood that if It is submitted as modularization output 712.' if intention ' classification does not confirm by force each other, and ' intention ' of the function not by It assuredly establishes, then ' intention ' of the function is declared as unknown and IOR706 and proceeds to next available function in the stage It is analyzed at 711.

Figure 112-115 display perception observer's emulator (POE) 475.The module generates the emulation of observer, and is observing Test/more all potential perception points in the case where these variations of person's emulation.And inputting is that all potential perception points add The data logging of enhancing；Output, which is this enhancing log, utilizes selected perception according to best, most related and most careful observer The obtained security decision of result that generates of such merging.Input system metadata 484 is that raw sensed generates (RP2) 465 For generating the initial input of perception in comparable variable format CVF 547.There is the case where storage search (SS) 480 Under, the criterion from the database lookup that derived CVF is used as perception storage (PS) 478 in data enhancing log.PS is next The matched CVF of highest is provided from all available CVF 547 of database.Their related perception constitutes and weight is cited simultaneously For the successful match event in result 716.Similarity overlapping is suggested as 60% matching 719 and 30% matching 720.These knots Fruit is calculated by storage search 480.With result 716, then matching 719 and 720 is stored and Individual perception sequence is calculated at weight calculation 718.Such totality calculated using database CVF compared with input CVF Similarity (or matching) value, and the value and each individual are perceived into multiplied by weight.Such weight is stored and closes with CVF Connection, as initially determined by measurement processing (MP) 489.In sequence 717, perception is sorted according to their final weight. Such sequence is unsafe condition to be understood using most related (as weighted in weight calculation 718) perception and therefore by most The part of the selection course of 731 order output of whole block 730 or approval.Once being sorted to perception, just they are turned It is dealt into application program 729, data enhancing log 723 is applied to perception to generate block/approval suggestion there.Log 723 is The input journal of system with raw security event.Self-criticism sex knowledge density (SCKD) 492 marks log to limit not The expection upper range of knowledge.This means that perception it can be considered that using unknown data range flags data.This means that Perception can execute more accurately assessment to security incident, it is contemplated that it has had estimated it and has been aware of that how many and it does not know How much is road.Data parse the enhancing logs 723 of 724 pairs of data and input system metadata 484 explain substantially with export such as by The original approval or prevent decision 725 that original selected pattern matching algorithm (SPMA) 526 determines.Accordingly, there exist two potential cases The block 730, Huo Zheyi of security-related event (preventing program from downloading) in example scene, SPMA or selected scene 727 It selects to ratify 731 such events in scene 726.At this point, CTMP 22 has been achieved with progress so far, it is ready to execute it Most crucial and most critical task, i.e. criticism decision (including but not limited to network security).The criticism in CTMP with two kinds not Same mode occurs twice, herein once according to perception in perception observer's emulator (POE), and once according to logic The rule of upper restriction executes in (RE) in rule, and in POE, when receiving block command from SPMA, the covering for participating in 732 is patrolled Volume.At stage 732A, it is assumed that the default-action of block 730, and by finding the prevention/approval being stored in case scene 727 The average value of confidence value prevents average value (BLOCK-AVG) and approval average value (APPROVE-AVE) 732B to calculate.Stage 732C checks whether the average confidence of case scene 727 is greater than the confidence nargin predetermined (by strategy).If scene Confidence level is low, then this instruction CTMP refuses criticism since information/understanding is insufficient.When there is this low confidence situation, RMA Feedback module 728 is participated at stage 732D to attempt to reappraise the unsafe condition including more perceiving.This additional consideration Perception may will increase confidence nargin.Therefore, RMA feedback itself will be communicated with resource management and distribution (RMA) 479, with inspection It looks into according to whether policy in resource management allows revaluation.If this revaluation is rejected, which has had reached its peak value Confidence potentiality, and initial approval/prevention decision is covered by permanent discontinuation for the POE session.Stage 732E indicates that RMA is anti- By more resources and therefore feedback module 728 receives the situation of license in terms of more perception are re-assigned to from RMA 479 In calculation.In this condition, stop to rewrite at stage 732F and attempt (CTMP criticism), to allow with additional sensed New assessment is carried out to case scene 727 in the case where (and therefore computer resource load increases).The instruction batch of stage 732G Quasi-average value has enough confidence (according to strategy) to move the approval that prevention movement 730/732A is covered at stage 732H is defaulted Make 731.The approval logic 733 that same logic is suitable for occurring at case scene 726.At stage 733A, default-action It is arranged to that SPMA 526 is requested such to be ratified.It is set by finding prevention/approval of the size in case scene 726 The average value of certainty value prevents average value and approval average value 733B to calculate.Stage 733C checks being averaged for case scene 726 Whether confidence level is greater than the confidence nargin predetermined (by strategy).When such confidence level situation increases, RMA feedback module 728 participate at stage 733D to attempt to reappraise the unsafe condition including more perceiving.Stage 733E indicates that RMA feeds back mould Block 728 receives the situation of license from RMA 479 and is re-assigned in calculating with therefore perceiving more resources and more. In this condition, at stage 733F stop rewrite attempt (CTMP criticism), so as to allow with additional sensed (and because This computer resource load increase) in the case where new assessment is carried out to case scene 726.Stage 733G instruction approval average value There is enough confidence (according to strategy) to act 730 for the prevention that approval movement 731/733A is covered at stage 733H is defaulted.

Figure 116 and 117 shows the implicit sense that derives (ID) 477, may be implied from currently known perception angle export The angle of primary data.The perception angle 470 of application is stored in the range of the known perception in CTMP storage system.This kind of perception 470 are applied and are used by SPMA 526, and perceptually 734 set collects and is forwarded to measurement combination 493.The module 493 metrics class by the angular transition for perceiving 734 formats to derive the format that (ID) 477 is identified by implying.There is measurement In the case where complexity 736, the circular extraneous peak value for indicating the known knowledge about individual measurement.Therefore towards circular outer Portion edge indicates more measurement complexity, and center indicates less measurement complexity.Center light gray indicates the perception of application The measurement of the present batch of angle combines, and external Dark grey indicates generally by system storage and known measurement complexity. The target of ID477 is to increase the complexity of calculation of correlation, and perception angle is multiplied in complexity and quantitative aspects. In the case where the known metrics complexity from present batch is there are no comprising such details/complexity, it is added to Relevant measurement DB738.In this way, can be used in a batch potential for the measurement complexity that system at full circle and has newly stored Following perception angle is implicit to be derived.This amount of complexity constitutes 736 as input and is transmitted to metric extension (Me) 495, at that In it is multiple measurement and different perception angles be stored in each database 738 by category.Dark grey surface region indicates application Perception angle present batch total size, and the quantity of the range left be more than the known upper limit.With each individual degree The peak value knowledge of DB is measured to indicate the upper bound.Therefore, enhance current batch using previously known details/complexity of those measurements The measurement of amount (they are exported via the perception angle of present batch).Measurement is returned into conduct in enhancing and abundant complexity Perceive complexity 737.As seen in chart 737, light gray region is had become than in metrics range 739, consistency 740, class It is bigger in all four sectors of type 741 and intensity 742.This instruction becomes in further detail and multiple in all four measurement sectors It is miscellaneous.Then the input by the measurement complexity 737 of the enhancing as measurement conversion 494 is transmitted, and individual is inverted to perception Entire angle 735.Therefore, final output is assembled into the implicit angle 471 of perception, this is being originally inputted using angle of perceiving The extended version of degree 470.

Figure 118-120 shows self-criticism sex knowledge density (SCKD) 492, and estimation can report that log can not obtain latent In the range and type of unknown knowledge.In this way, to can use the system known and not for CTMP22 subsequent critical thinking feature The potential range for the knowledge related to known.Here is an example of the expectation function and ability for showing SCKD 492 Use-case:

1) system has been that nuclear physics establishes strong term of reference.

2) system executed nuclear physics with quantum physics in complexity and type be by it is clear with it is similar methodically Classification.

3) however, compared with nuclear physics, the system is in terms of quantum physics with the reference knowledge of more much less.

4) therefore the system limits the upper bound of potential accessible quantum physics knowledge via the analogy of nuclear physics.

5) system determines the range of the unknown knowledge in the case where quantum physics are big.

Given data classification (KDC) 743 separates (known) information confirmed with 746 categories of input, so as to Execute DB analogy inquiry appropriate.Such information is separated into classification A, B and C 750, separated classification is independent after this Input is provided to comparable variable format generator (CVFG) 491.Then CVFG is with 547 format output category information of CVF, It is used to check the similitude in given data range DB 747 by storage search (SS) 480.In the case where 747 DB, according to number The upper bound of given data is limited according to classification.It makes comparisons between the similar type and structure of data, to estimate knowledge Confidence level.If SS 480 can not find any result to carry out knowledge analogy at scene 748, current data is stored, So as to carry out the analogy in future.According to use-case example, this will be the event for allowing the range of nuclear physics to be defined.Then, It, can be by the currently stored carry out analogy of its knowledge and nuclear physics knowledge when referring to quantum physics future.? Scape 749 describes that scene is found as a result, at this moment, according to SS 480 as a result, being marked with its relevant range of given data every A classification.Hereafter, at unknown data combiner (UDC) 744, the label range of the unknown message of each classification is re-assemblied It returns in identical original data stream (input 746).Output 745 at, return original input data and with unknown data range Definition combines.At Figure 119, given data classification (KDC) module 743 is illustrated in more detail.Given data 752 is mainly to input And include block of information 755, they indicate the data area of definition, such as each entry from error log.Stage 756 checks Identifiable definition in block, this definition will show that it is marked as nuclear physics information according to use-case.It is protected if there is classification is suitable for The classification of the information labels of the block in 750 is stayed, then by supplementing it using treated block of information 755 come at the stage 748 Enhance pre-existing classification using details.If there is no such classification, then the category is created at the stage 749, so as to It can accordingly and correctly store block of information 755.Basic logic 759 cycle through in order these blocks substantially until it is all it It is all processed.It is all after them having handled, if (will not limit) minimum number by strategy is submitted to classification Retain 750, then KDC 743 submits module words output as zero result 618.If there is sufficient amount of treated Block, then classification reservation 750 is submitted to median algorithm 751 (it is mainly SCKD 492).Unknown data combiner (UDC) 744 Receive the given data marked from median algorithm 751 with unknown number strong point 757.Such data are initially stored in classification guarantor It stays in 750, and basic logic 760 cycles through all data cells in order therefrom.Stage 754 checks from reservation 750 Whether the classification of restriction includes the original metadata for describing how to be reconstructed into individual classification identical information flow.This metadata It is initially to be found in the input given data 752 from KDC 743, because at this stage, data are divided into class not yet Not and there are the initial single anastomotic structures for keeping all data.In the stage 754 by the corresponding data weight of metadata and they After new association, tag block is transferred to block recombination and retains 753.The first number to match with data is not found at the stage 754 In the case where, then sky will inevitably be remained by withholding 753, and by zero result 618 of return moduleization.In successful first number When according to matching, retains 753 and be filled and be given data+label unknown data for the output of the modularization of UDC 744 757.Block 755 in modularization output indicates the original information block found in such as given data 752 from KDC743.Pentagon 758 indicate the definition of unknown data ranges, and each of this definition and given data 755 piece couple.

Vocabulary objectivity excavates (LOM)

Figure 121 shows the main logic that (LOM) is excavated for vocabulary objectivity.LOM attempt as close possible to extensive problem and/ Or the objective answer asserted.It participates in human subject 800 to allow them to recognize or improve the opinion of the position of their opposition LOM According to.Recognize or improve the core philosophy that argument is LOM because it must it mistake when can recognize that this point so that it from Knowledge (this is its initial place for obtaining knowledge therefrom) study of the middle mankind.LOM be extremely big database (and therefore CPU, RAM and disk it is all be all crucial participant), and will be from concentrating on single (but replicating for redundancy and backup) Central knowledge in main example retains (CKR) 806 and is benefited.It can be via the payment for being connected to such central master instance or free API promotes third party application.The activity of LOM is to conclude problem or assert 801 mankind masters for entering main LOM visual interface Body 800 starts.Such problems/assert that 801A is transferred to initial query reasoning (IQR) 802 so that for handling, this is initially looked into It askes reasoning (IQR) 802 and keeps (CKR) 806 using center knowledge to decode and understand with answer/response in problem/assert [...] During crucial missing details.Hereafter, that problem/assert 801 is transferred to investigation together with the inquiry data of supplement is clear (SC) 803A clearly participates in human subject 800 to realize supplemental information, allows to objectively and utilization is all required upper and lower Text carrys out problem analysis/assert 801A.Therefore, the problem of formation has been clarified/assert 801B, it uses and is such as mentioned by human subject 800 Initial primal problem out/assert 801 but supplement the details acquired from 800 via SC 803A.Assert construction (AC) 808A To assert or the form of problem (such as 801B) receives proposition, and provide the output of relevant to such proposition concept.Response Being presented 809 is to be drawn for appealing that both (RA) 811 are presented to human subject 800 and rationality by LOM (specifically AC 808) Conclusion interface；Appeal that (RA) 811 proposes the conclusion obtained by LOM (especially AC 808) to human subject 800 and rationality Interface.Such interface visually is presented for the mankind 800 and is presented with pure digi-tal syntax format to RA 811 such Interface.Level mapping (HM) 807A maps associated concept to find the problem/assert the confirmation or conflict of consistency.Then it Calculate the interests and risk that certain position is taken in the main body.It is the knowledge for being referenced for LOM that center knowledge, which retains 806, Major database.Logical division and the separation for optimizing search efficiency and concept allow to establish strong argument, and It is on the defensive in response to the criticism of human subject 800.The knowledge that knowledge verification (KV) 805A receives high confidence level and criticizes in advance, these Knowledge needs logically to separate for the query capability and assimilation in CKR 806.Receiving response 810 is to give human subject A kind of 800 selection is appealed to be used to or receive the response of LOM or to criticize.If response is received, by KV 805A is handled, so that (high confidence level) knowledge store as confirmation is in CKR 806.If human subject 800 Do not receive response, then forwards them to rationality and appeal (RA) 811A, check and criticize the reason of the appealing provided by the mankind 800 By.RA 811A can be criticized and be asserted, either self-criticism is still to the criticism of mankind's response (at receiving response 910 'No' response).

Figure 122-124 shows artificial intelligence service provider (MAISP) 804A of management.MAISP operation is known with center Know the internet cloud example for retaining the LOM of master instance of (CKR) 806.MAISP 804A by LOM be connected to front end services 861A, The interdependent 804C of back-end services 861B, third party application, information source 804B and MNSP9 cloud.Front end services 861A includes artificial Intelligent personal assistants (such as Assistant of the Alexa of the Siri of apple, the Cortana of Microsoft, Amazon, Google), communication Application program and agreement (i.e. Skype, WhatsApp), home automation (i.e. refrigerator, garage, door, thermostat) and medical treatment are answered With program (such as doctor's another kind opinion, medical history).Back-end services 861B include online shopping (such as Amazon.com), It is online to transport (such as Uber), medicine prescription order (such as CVS) etc..Such front end 861A and rear end 861B service via The API infrastructure 804F and LOM of documentation is interacted, this realizes the standardization of information transmitting and agreement.LOM is via automatic Change research mechanism (ARM) 805B from oracle 804B retrieval knowledge.

Figure 125-128 shows the Dependence Structure of LOM, how interdependent mutually each other between indicating module.Language construct (LC) 812A explains the primal problem from human subject 800 and parallel modules/assert input, using generation can by LOM system as The logical separation of the language syntax integrally understood.Concept discovery (CD) 813A the problem of clarified/assert and receive interest in 804 It puts and by exporting associated concept using CKR 806.Concept priority (CP) 814A receives related notion, and is indicating special They are ranked up in qualitative and versatility logical layer.Top layer is designated concept most typically, and lower layer is assigned More and more specific concept.Response separation logic (RSL) 815A understands that the mankind respond using LC 812A, and by correlation and has The response of effect associates with preliminary clarification request, therefore realizes the target of SC 803A.Then LC 812A is in the output stage phase Between to be re-used to modify primal problem/assert 801 include by the received supplemental information of SC 803.Human interface's module (HIM) 816A provides clear and logically separate prompt to human subject 800, to solve by initial query reasoning (IQR) The notch of 802A specified knowledge.Context construction (CC) 817A is used from the metadata for asserting construction (AC) 808A and is come from The potential evidence of human subject 800 provides brute facts to CTMP to carry out critical thinking.Decision comparison (DC) 818A is determined Overlapping before criticism and after criticism between decision.Conceptual compatibility detection (CCD) 819A compares from primal problem/asserts 801 concept is derived to determine logical compatibility result.Such concept can indicate circumstances, existence, obligation etc..Benefit Benefit/exposure calculator (BRC) 820A receives compatibility results from CCD 819A, and weighs interests and risk to be formed including concept The unified decision of the gradient of the variable implied in composition.Concept interaction (CI) 821A will attribute related with AC 808A concept point Dispensing clarifies each section for the information that (SC) 803A is collected from human body main body 800 via investigation.

Figure 129 and 130 shows the internal logic of initial query reasoning (IQR) 802A.Serve as the language of the subset of IQR 802 Construction (LC) 812A receives primal problem/assert 801 from human subject 800.801 are separated from language so as to IQR 802A Successively handle each individual word and/or phrase.Auxiliary verb " should " 822 suggest that shortage about the clear of time dimension 822 Property.Therefore, rhetorical question is formed to reach such as ' daily? ', ' weekly? ' etc. clarity.Main body ' I ' 823 suggests that shortage Whom is the clarity of main body about, therefore forms the contingency question verb ' eating ' 824 to be presented to human subject 800 not necessarily It is unclear, but other analysis sites of unclarity can be supplemented.IQR 802 using CKR 806DB in the stage 824 by that will be eaten The concept of product and the concept connection of health and money get up.' main body proposition problem ' 823, are more closed so that proposing for this notice inquiry Relevant contingency question is accommodated, such as ' male or women? ', ' diabetes? does ', ' take exercise? ', ' purchasing power? '.Noun ' fast food ' 825 suggest that the clarity lacked in terms of it how should explain word.In technical meaning 827, it can be explained For its most original form of " supply very quick food ", or to cheap and worked it out very fast in the place of order More colloquial styles of " fried salty based food " understand.Salad bar is technically a kind of means for quickly obtaining food, because It is that pre-production is good and commercially available immediately.However, the technical definition does not meet the spoken reason more commonly understood of ' fast food ' Solution.By reference to CKR 806, IQR 802 in view of may consider term ' fast food ' ambiguity during potential choosing ?.Can will such as ' hamburger restaurant via manual interface module (HIM) 816? ' and ' salad bar? ' etc blur options be transmitted to Human subject 800.However, there may be enough information at CKR 806 to understand that the general context of problem 801 indicates Reference to spoken meaning 826.CKR 806 gradually recognizing there are involved by fast food and health after a degree of dispute, It can indicate context general in this way.Because of this, it is very likely that problem 801 refers to the dispute, therefore HIM 816 does not need to be suggested Further to clarify human subject 800.Therefore, IQR 802, which attempts to decode, defines nuance obvious and delicate in meaning.It asks Topic 828 to entire LOM instruction human subject 800 be rather than to assert statement in proposition problem.

Figure 131 shows investigation clarification (SC) 803, receives and inputs from IQR 802.Such input includes must be by the mankind Main body 800 is directed to the obtained objective answer to primal problem/assert 801 and the series of requested clarification 830 answered. Therefore, requested clarification 830 is forwarded to human interface's module (HIM) 816B.It clear any will be provided to such Response be transmitted to response separation logic (RSL) 815A, then make response with clarify request it is associated.With the institute handled The clarification 830 of request concurrently, to language construct (LC) 812A provides clarification language association 829.Such association 829 includes institute Internal relations between the clarification 830 of request and language construction, this is so that RSL 815A can modify primal problem/assert 801, allow LC 812A to export the problem of having clarified 804, merges the information via 816 study.

The problem of Figure 132, which is shown, asserts construction (AC) 808, receives the clarification generated by investigation clarification (SC) 803/disconnected Speech 804.Then PROBLEM DECOMPOSITION can be interested point 834 (key concept) by LC 812A, these points are passed to concept hair On existing (CD) 813.Then CD is by exporting associated concepts 832 using CKR 806.Concept priority (CP) 814A is then by concept 832 are ordered into expression specificity and recapitulative logical layer.Top layer is designated as concept most typically, and lower layer is divided With more and more specific concept.Promote such sequence using the data provided by CKR 806.The top layer is by as modularization Input is transferred to level mapping (HM) 807.In the parallel transfer of information HM 807, HM 807 receives point of interest 834, the interest Point is handled by its interdependent modular concept interaction (CI) 821.Attribute is distributed to this by the index information at access CKR806 by CI The point of interest 834 of sample.When HM 807 completes its internal procedure, after derived concept has been subjected to compatibility test most by it Output is back to AC 808 eventually and interests/risk of the state of affairs is weighted and returns.This is referred to as modularization output feedback cycle 833, because AC 808 and HM 807 have reached full circle, and the modularization output continued to each other is sent until analysis Until having kept concept complexity fully saturated, and (no matter who until CKR 806 becomes bottleneck due to the limitation of knowledge First).

Figure 133 and 134 shows the interior details how level mapping (HM) 807 works.AC 808 is mentioned parallel to HM 807 For two kinds of input.One kind being referred to as concept point of interest 834, and another kind is the top layer (most one of privilege level concept 837 As).As shown in Figure 128, concept interaction (CI) 821 is using both inputs by the conclusion of contextualized and 834 phase of point of interest Association.Then CI 821 is provided defeated to the compatibility/conflict grade conceptual compatibility detection (CCD) distinguished between two concepts Enter.This to HM 807 give human subject 800 assert and/or proposition in center knowledge retains the height that indexes in (CKR) 806 Consistent and inconsistent general understanding between confidence level knowledge.Such compatibility/colliding data is forwarded to interests/risk These compatibility (are translated as taking the interests and risk of whole consistent position in this problem with conflict by calculator (BRC) 820 Module).For example, three main positions will occur according to use-case (according to the criterion set by human subject 800): overall For do not recommend fast food, fast food is allowed but is not emphasized, or recommends fast food on the whole.These positions, together with them Risk/advantage factors 836 be forwarded to AC 808 as module output.This is that information flow inside LOM becomes the several of whole circle One of a point, because AC 808 will attempt the extension asserted for promoting to be forwarded by HM 807.The system is recycled comprising information flow, Indicate as gradually build up it is objective in response to the problem of/subjective quality asserted and the intelligent gradient that gradually supplements.

One analogy is the nectar how honeybee finds flower, it is not intended to which the pollen for collecting it gives the pollen transmission to it He spends.The colored fertilization generates more flowers, this attracts more honeybees in the long run.It is similarly to appearance inside LOM The Information Ecosystem of interconnection, gradually to asserting and mature concept ' pollination ' is until system is to the strong confidence of position realization of theme Until degree.The internal work of the subset concept interaction (CI) as HM 807 is shown on Figure 128.CI 821 receives point of interest 834 and each point of interest is explained according to the top layer of the concept of prioritization 837.Two prioritizations of top layer in the example Concept is ' health ' and ' budgetary restraints ' 837.Therefore, when CI attempts to explain point of interest 834, it will pass through the view of these themes Angle is explained.Point of interest ' diabetes ' 838 is resulted in about ' expensive medication ' of ' budgetary restraints ' 837 and about ' health ' 837 ' weaker system '/' intolerant to sugar ' assert.Point of interest ' male ' 839 is asserted " typically it is pressed for time ", although having low Confidence level, because system discovery needs more specificity, such as " workaholic " etc..The problem of time, is with " budgetary restraints " at anti- Than because system has been noted that the relationship between time and money.Point of interest ' middle class ' 840 is about ' budgetary restraints ' 837 assert ' food that can afford better quality '.Point of interest " Burger King " 841 is asserted ' just about ' budgetary restraints ' 837 Preferably ' and ' economical ', and about ' health ' 837 assert ' high sugar content ' plus ' fried food '.This assert is via reference It is stored in what having been established with confidence knowledge in CKR 806 was made.

Figure 135 and 136 shows the interior details that rationality appeals (RA) 811, is self-criticism with regard to it or rings to the mankind The criticism for the criticism answered is asserted.LC 812A serves as the core sub-component of RA811, and receives input from two potential sources.One source It is if human subject 800 refuses the opinion asserted at the stage 842 by LOM.Another source is in response to presentation 843, it will be counted It transmits to word and is asserted by AC 808 for what self-criticism inside LOM constructed.Language text is converted into system in LC 812A After the intelligible grammer of other parts, it is handled by the core logic 844 of RA.High confidence is returned in such core logic When the result of degree 846, as a result it is passed on knowledge verification (KV) 805 correctly to assimilate to CKR 806.In core logic Return low confidence 845 result when, be as a result passed on AC 808 with continue self-criticism circulation (LOM another Element has had reached whole circle).Core logic 844 is in the case where no language elements (as instead of using to artificial intelligence Optimal grammer for use) input for being in the form for criticizing preceding decision 847 is received from LC 812A.Such 847 quilt of decision It is directly forwarded to CTMP 22, ' subjective opinion ' 848 sector as its input.Decision 847 is also forwarded to context construction (CC) 817, the metadata from AC 808 and the potential evidence from human subject 800 are used, by brute facts (i.e. system Log) it is used as input ' objective fact ' to give CTMP 22.In the case where CTMP 22 has received two mandatory input, Such information is processed to reach ' its best attempt of objective opinion ' 850 with output.Such opinion 850 quilt in RA 811 Inside is considered as the decision 851 after criticism.Both 851 decisions are forwarded to decision comparison (DC) 818 after criticism preceding 847 and criticism, It determines the overlapping range between two decisions 847 and 851.Then appeal argument or be recognized as true 852 or improve 853 antipoints are invalid to explain why appeal.This assessment be do not consider also not to be partial to appealing be from artificial intelligence or It executes in the case where the mankind.For recognizing 852 or improving that 852 schemes are inessential is the result of high confidence level 846 It is passed on KV 805 and the result of low confidence 845 is passed on AC 808 for further analyzing.

Figure 137-138 show center knowledge retain (CKR) interior details, the data based on LOM intelligent quilt storage and Merge there.Information unit is stored with unit knowledge format (UKF), there are three types the unit knowledge format (UKF): UKF1 855A,UKF2 855B,UKF3 855C.UKF2 855B is to store target there with rule syntax format (RSF) 538 The primary format of information highlights as value 865H.Index 856D is to allow to carry out resource high-efficiency reference to mass data set Stored digital and processing compatibility/complaint invocation point.The main information block quote timestamp 856C, timestamp 856C be via Reference of the index 856A of referred to as UKF1 855A to individual blocks of knowledge.This unit is held unlike UKF2 855B The equivalent part timestamp 856C, but the bulk information about timestamp is stored in 538 format of RSF as replacement The sector value 856H in.Rule syntax format (RSF) 538 is one group for tracking the grammer standard of reference rule.In RSF 538 Multiple rules units can be utilized to describe single object or movement.RSF is largely used directly in CTMP.UKF 1 855A includes the sector source attribute 856B, which is the reference to the index 856G of 3 855C example of UKF.This unit UKF3 855C is the inverse of UKF1 855A, because it has timestamp part but does not have source attribute section.This is because UKF3 855C is deposited Source attribute 856E and the 856B content of storage is in the sector its value 856H in RSF 538.Source attribute is the set of complex data, The information source of tracer request protection.Due to the confirmation and negative factor such as handled in KCA 816D, these sources, which are given, is set The situation of reliability and authenticity.Therefore, UKF cluster 854F is by together to limiting the system for administering upper independent information Arrange (time and source be dynamic limitation) of UKF variant composition.In a word: 2 855B of UKF includes main target information.UKF 1 855A includes timestamp information and omits timestamp field itself therefore to avoid infinite regression.UKF3 855C includes source attribute Therefore information simultaneously omits source field itself to avoid infinite regression.Each UKF2 855B must be accompanied by least one UKF1 855A and UKF3 855C, otherwise cluster (sequence) be considered as information incomplete and therein can't be complete by LOM System generic logic 859 is handled.At center 2 855B of UKF (with focus target information) corresponding UKF1 855A and In between UKF3 855C unit, there may be the KUF2 855B units for serving as link bridge.A system will be handled by KCA 816D Column UKF cluster 854D derived asserts 854B to be formed.Equally, will be handled by KCA 816D a series of UKF cluster 854E with 854C is asserted derived from formation.Knowledge validation analysis (KCA) 816D be UKF cluster information is compared be used for confirm about The place of the evidence of viewpoint position.When proposing such requirement, negative evidence etc., which considers attribute source Reliability.Therefore, after the completion of the processing of KCA 816D, CKR 806 can export the conclusive arbitrary decision about theme 854A Position.CKR 806 never deletes information, also is likely used for because even being intended to false information in truth and dummy message Between make and further discriminating between.Therefore, CKR 806 leaves advanced storage Simulation spatial service 854G, which can handle and extend 806 data set of CKR that indefinite duration increases.

Figure 139 shows automation research mechanism (ARM) 805B, attempts constantly to supply new knowledge to CKR 806, to increase The general estimation of strong LOM and decision-making capability.As being indicated User Activity 857A；User and LOM (via any available front end) The interaction of concept is directly or indirectly brought to related in problem/assert to answer/response.User Activity 857A is estimated eventually Generating CKR has low relevant information or the not no concept of relevant information, as by request but the column of not available concept 857B Indicated by table.In the case where arranging & priority (CSP) 821B with concept；Concept definition is received simultaneously from three independent sources And they are polymerize so that the resource (bandwidth etc.) to information request (IR) 812B divides priority.Such module I R 812B accesses correlated source to obtain the information specifically limited.Such information is limited according to concept type, such source quilt It is designated as public news sources 857C (public news article, i.e. Reuter, the New York Times, Washington Post etc.), common data shelves (i.e. Facebook, Twitter are fed by case 857D (information fusion is collected, i.e. wikipedia, Quora etc.) and social media 857E Deng).The data provided by such information source according to them request any concept definition and in Information Aggregator (IA) 821B It is received and is parsed.Save relevant metadata (such as retrieval time, retrieval source).Hereafter it will send information to cross reference (CRA) 814B is analyzed, knowledge existing for the received information of institute and previous from CKR 806 is compared and examined there The received information of institute is constructed in the case where considering the previous existing knowledge from CKR 806.This allows according to the current institute of CKR 806 Know with ignorant content and assesses and verify the information of new incoming.Style scanning (SS) 808B is that CRA 814B is allowed to consider Style signature will make the complementary module of new information and the pre-existing knowledge assimilation from CKR 806.That misses is interdependent general Reading 857F is the concept for needing logically to be interpreted as understanding the basic principle of initial target concept.(how it is appreciated that truck Work it may first have to study and understand how diesel engine works).Such missing concept is transferred at CSP 821B Reason.The list of activity concept 857G is most popular theme, is ordered as in their CKR 806 most active.It is such general It reads 857 G and is transferred to 820 B of creative concept generator (CCG), and then creatively match (via creative module 18) to generate new potential concept.The mechanism depends on one of these consolidated materials will be from the source for being connected to IR 812B 857C, 857D, 857E generate new range of information.

The example that style uses:

New external data 858A is marked as from known CNN reporter.However it has been found that label with military think tank The very strong style matching of name.Therefore, which is contributed largely in military think tank in CKR 806, and is noted " sound Claim " come from CNN.This makes further pattern match and conspiracy detection be used for the subsequent execution of LOM logic.(for example, distrusting The following statement of content from CNN).Hereafter, confirmation is asserted, it is evaluated after conflict and prejudice assessment, just as content is come From think tank rather than CNN.

Figure 140 shows the style scanning for analyzing the style signature 858C of new foreign content (system is not yet exposed to it) (SS)808.Style Science is the statistical analysis of the variation in the literary style between a writer or a kind of type and another kind.This The source expectation for 806 tracking data of CKR/assert is helped, this further helps in LOM detection and confirms to assert.There is signature conclusion (SC) in the case where 819B, the content source attribute of new external data 858A will receive any significant in style signature 858C The influence matched.Style matching is stronger, stronger according to the source attribute of Style Science.In the case where having signature inquiry (SQ) 807B, Style Science signature 858C is matched with all known signatures from SI 813B.Record appointing in any significant gradient of magnitude What is matched.Signature index (SI) 813B indicates the list of all known style signature 858C such as retrieved from CKR 806.Such as by Represented by tripartite's style algorithm 858B, LOM depends on any advanced and efficient algorithm style algorithm selected in time.

Figure 141 show assume covering system (AOS) 815B, by assert or problem in the form of receive proposition, and provide with The output of the relevant concept of this proposition.Concept definition matching (CDM) 803B is there for interdependent explanation (DI) 816B mould Block inquiry assumes 858D by any hard coded that human subject 800 provides.All these concepts are all because of the worry of violation aspect And it is checked by ethics right of privacy law (EPL) 811B.In 816 B module of interdependent explanation (DI), access meets institute's number of request According to all Knowledge based engineerings to provisioning response it is interdependent.In this way, complete ' tree ' of the information of the objective viewpoint of height is built up in retrieval.Institute The data 858E of request is the data that LOM total system generic logic 859 has requested that, either specific inquiry or condition query. One group of information being fully labeled is found in specific inquiry.Condition query request matches all this type of information of certain conditions.

Figure 142 shows intelligent information & configuration management (I²CM) 804E and management console 804D.Polymerization 860A uses general Grade criterion filters out inessential and redundancy information, and merges and information flow of the label from multiple platforms.Threaten predicament pipe Reason 860B is there from getting a bird's eye view visual angle perception concept data hazards.Such threat is passed on management console to be used for Figure is presented.Because measurement result calculated related with the mechanism of threat finally merges from multiple platforms；So can be automatic Execute more informed Threat Management decision.Automatically controlling 860C indicates to be used to control and MNSP 9, credible platform 860Q, third party Service the algorithm accesses of the related management of control of 860R.Management feedback controls 860D and provides all 9 clouds of MNSP, credible platform (TP) 860Q, the additional service based on third party's service 860R advanced control, which can be used to promote to make decisions, Evidence obtaining, threat investigation etc..Such management control 860D is finally embodied on management console (MC) 804D, and it is appropriate to have Customizable visual aid and present efficiency.This allows from individual interface (it can amplify details as required) directly to entire System (MNSP, TP, 3PI) control effectively and manipulates.It manually controls 860E and is directed to and be used to control MNSP 9, credible platform The artificial access of the management relevant control of 860Q and third party's service 860R.In the intelligent contextualized 860F stage, remaining data Group of islands is looked like now, each island are a conceptual data danger.In order to keep conceptual analysis more mature, flat It is associated between platform.Historical data is (from I²GE 21 rather than LIZARD) it is accessed to understand Threat Model, and CTMP 22 It is used for critical thinking analysis.Configuration & deployment services 860G is that have correct concept data configuration and connectivity for disposing The interface of the new spectra networked asset (computer, portable computer, mobile phone) of setting.It is added in equipment and it is set Afterwards, it can be adjusted therewith via having management console (MC) 804D as internuncial management feedback control 860D ?.The service also manages the deployment of new client/client user account.This deployment may include the pass of hardware and user account Connection, the customization of interface, client/client variable list (i.e. type of service, product type etc.).Pass through point of jurisdiction 860H From exclusively according to the related jurisdiction of MC 804D user come the information pool of separation marking.What is separated by threatening 860I In the case of, threaten (i.e. conceptual data is dangerous) come organizational information according to each.Each type of data otherwise with threaten be associated with (this Add superfluous words) or be removed.Directly management 860J is to be connected to pipe for making MC 804D user via 860E is manually controlled Manage the interface of feedback control 860D.With classification & jurisdiction 860H, user's use of MC 804D limits them Their logging on authentication of jurisdiction and range to information classification access.

All potential data vector 860L indicate running data, the data in static data and use. Customized visual aid 860M for each business enterprice sector, (drape over one's shoulders by accounting, finance, HR, IT, law, safety/control general, privacy/ Dew, labour union etc.) and stakeholder staff, manager, the administrative personnel of department (each corresponding) and third party partner, hold Method authorities etc..Unified view in all aspects to conceptual data 860N is to indicate circumference, enterprise, data center, cloud, move Media, mobile device etc..Integrated single-view 860O is such as monitoring, log recording, report, event correlation, alarm processing, plan The creation of summary/rule set, correction movement, the use and third of algorithm optimization, service provision (new client/modification), credible platform All potential energy of side's service (including receiving report and alarm/log etc. from third party service provider & supplier) etc The single view of power.Conceptual data team 860P is a qualified professional team, they monitor multiple systems of straddle Activity and state.Because making the Intelligent treatment and AI decision of information, it is possible to by employing with less experience Less personnel reduce cost.The main purpose of the team is used as verifying system while executing large scale analysis point According to desired criterion come the spare level during mature and progress.

Figure 143 shows personal intelligence profile (PIP) 802C, be stored via multiple potential distal points and front end it is a The place of the personal information of body.Their information is highly safe and separates with CKR 806, but can be used for LOM total system Generic logic 859 is to execute highly personal decision.(PAE) 803C, incoming data are encrypted by implementing personal authentication & Request must authenticate own first, to guarantee that personal information is accessed by correct user completely.With artificial intelligence application Related personal information is encrypted and is stored in personal UKF cluster pond 815C with UKF format.It is handled with information anonymity (IAP) in the case where 816C, information is added CKR 806 after being deprived of any personal recognizable information.Even from number After having deprived such personal information according to stream, IAP 816C attempts to prevent from providing excessive parallel data, these data can be with By reverse-engineering (for example work detects in court) at the identity for finding out individual.In the feelings for analyzing (CRA) 814B with cross reference Under condition, by received information compare and considered from CKR's 806 with the previous existing knowledge from CKR 806 The previously received information of construction institute in the case where existing knowledge.This allows according to the currently known road CKR 806 and ignorant The information of new incoming is assessed and verified to content.For any request of data, always from 806 access information of CRK.If data There is personal criterion in request, then merges (PGDM) 813C via personal & general data to quote PIP 802C, and in master It is constructed in 806 knowledge of CKR.

Figure 144 shows life and supervises & automation (LAA) 812D, and connection makes times for life routine and isolated cases The equipment and service that internet on the linking platform of business automation enables.Active decision (ADM) 813D is in LAA 812D Heart logic and according to FARM 814D consider front end services 861A, back-end services 861B, IoT equipment 862A, expenditure rule and can With the availability and function of quantity.In the case where managing (FARM) 814D with fund appropriation rule &, the mankind are manually to the mould It is what that block, which limits criterion, limitation and range to inform its movable jurisdiction of ADM 813D,.Human subject 800 manually will be close Code money-capital (i.e. bit coin) is stored in digital wallet 861C, thereby implies that the upper of the quantity for the money that LAA 812D can be spent Limit.IoT interactive module (IIM) 815D safeguards which IoT equipment 862A can be used for the database of the mankind.Authentication key and mechanism are deposited It stores up herein, to realize the security control 862C to IoT equipment 862A.Goods producer/developer 861F is to LAA 812D Programmable A PI (Application Programming Interface) endpoint is provided as IoT product interactive programming 861E.Such endpoint is interacted by IoT Module (IIM) 815D exclusively with.Data feed 862B indicate IoT enable equipment when to LAA 812D send information so that Function and automation movement can be executed.Example: thermostat report temperature, refrigerator report milk stock.Equipment controls 862C table Show that IoT enables when equipment 862A receives the instruction for being used for execution and acting from LAA812D.Example: opening air-conditioning, opens for wrapping Wrap up in the door etc. of delivering.The classification of front end services 861A may include:

Human intelligence personal assistance

Communication application program and agreement

Home automation

Medical Interface

Deliver follow-up service

Back-end services 861B example includes:

Amazon online ordering

- Uber/ is transported

Medicine prescription.

Whole use case example for illustrating the function of LAA 812D is as follows:

The refrigerator that IoT is enabled detects that the temperature of milk is being lower.LOM has carried out such one point below via feeling quotrient Analysis, when main body does not drink whole milk, their mood is often more passive.Have evaluated the risk in main body life situation and After benefit, LOM has subscribed whole milk from online delivery service (such as Amazon).LOM via tracking number with Track milk transports, and the front door for opening house allows it that can deliver in house property.LOM is closed after deliverer leaves Door, and the safety with caution in the case where deliverer is malicious act person.Hereafter, the simple wheeled machine with certain dexterous function Device people picks up milk and is placed in refrigerator, so that it keeps cold that can't degenerate.

Figure 145 is to show behavior monitoring (BM) 819C, monitors the identifiable request of data of individual from the user to examine Look into immoral and/or illegal material.In the case where polymerizeing (MDA) 812C with metadata, from external service syndication users phase Data are closed, so as to establish the digital identity (such as IP address, MAC Address etc.) of user.This information, which is passed to, returns It receives 820C/ deduction 821C, and is finally PCD 807C, utilize the confirmation from MNSP 9 because usually executing complicated divide there Analysis.Example: for security purposes, its IP address is transmitted to by the user engaged with the Amazon.com shopping portal as front end The behavior of LOM monitors (BM) 819C.From all passing through information by the user of authentication using PIP 802C as destination It tracks (IT), and is checked according to behavior blacklist 864A.Example: user has asked asking for a chemical component about sulphur Topic.It will be transferred to (part is completely) matched information of the element from blacklist 863B from IT 818C and conclude 820C/ deduction 821C.It is detected at (PCD) 807C before crime, deduces and conclude information and be merged and analyze to obtain the conclusion before crime.Such as Fruit detects a large amount of confirmations, then the detest information and known identities of user is transmitted to law enforcement authority.PCD 807C utilizes CTMP 22, the position generated by concluding 820C and deduction 821C is directly verified with reference to behavior blacklist 864A.Blacklist maintenance is awarded Power (BMA) 817D is operated in the cloud service frame of MNSP 9.BMA 817D publication and maintenance activities blacklist 864A, limit User is needed to monitor to prevent crime and arrest the dangerous concept of crime.BMA 864B also issue and maintain EPL (morals it is hidden Private law rule) blacklist 864B, sensitive material is marked, so that it is never submitted as the query result of LOM.It is such quick Sense material may include the file of leakage, personal information (i.e. Social Security Number, passport number etc.).BMA 864B is explained and road Moral, privacy and related, the applicable law of law (i.e. network security policy, acceptable use policy, HIPAA, PII etc.) and Policy.Blacklist is usually made of triggering concept, if user is concept related too many with these, they will be considered can It doubts.Blacklist may also be for unique individual and/or tissue (such as wanted circular).Following crime prevention works in BM Occur in 819C, has and demonstrate confirmation factor using MNSP 9.Law enforcement authority 864C can be connected to BMA by 9 cloud of MNSP 817D in the conceptive offer input to pipe off, and from the 807C Criminal Investigation result of 819C, PCD of BM to receive Input.Behavior monitoring message certification 864D enables MNSP 9 to provide behavior monitoring intelligence for confirming purpose to BM 819c. Ethics privacy law (EPL) 811B is received the blacklist of customization from MSNP and is prevented using AOS 815B comprising immoral, right Privacy-sensitive and/or any of illegal material assert.

Figure 146 shows ethics right of privacy law (EPL) 811B, the blacklist of customization is received from MSNP, and use AOS 815B prevent comprising it is immoral, privacy-sensitive and/or any of illegal material are asserted.MNSP 9 is used to handle traditional peace It is complete to threaten, for example carry on a attack via Trojan Horse, virus etc..BM 819C and EPL the 811B module of LOM is via returning 820C and deduction 821C is received to analyze the context of conceptual data, to determine morals, privacy and effect.

Figure 147 shows the general introduction of LIZARD algorithm.Dynamic shell (DS) 865A is more easily changing via iteration for LIZARD The layer of change.High complexity is needed to realize that the module of their purpose is generally fallen into here；Because they will be more than programmer The manageable level of complexity of team.Grammar module (SM) 865B is the frame for reading and writing computer code.For It writes；Complex format purpose is received from PM, code is then write with arbitrary code grammer, then help function can be by this Code translation anticipate at true executable code (depending on desired language).For reading, the grammer of code is provided for PM 865E It explains to export the purpose of the function of such code.If LIZARD executes low confidence decision, it can be returned via data It returns repeater (DRR) 865C and related data is relayed to ACT 866 to improve the future iterations of LIZARD.LIZARD itself is not The data for executing decision are depended directly on, but the data of the threat about continuous evolution may benefit from LIZARD indirectly The priori decision that may execute of future iterations.Artificial concept threatens (ACT) 866 to create with simulation conceptual data danger Virtual testing environment, to realize iterative process.It is organic to keep malice concept to be formed sufficiently to participate in the artificial evolution of ACT 866 Evolution.The iteration module (IM) 865D is come using SC 865F according to ' limiting in fixed target ' & data from DRR 865C Purpose carries out grammer amendment to the code library of DS 865A.The version of the revised LIZARD then with multiple (concurrently) into Row pressure test, and change conceptual data danger scene by ACT 866.Most successful iteration is adopted the function as scene It can version.Purpose module (PM) 865E exports purpose from code using SM 865B, and with ' the complicated purpose format ' of own Export such purpose.Such purpose should be described fully such as by the expectation function of the SM code block explained (even if the generation Code is in concealed embedding data).Static core (SC) 865F be LIZARD least be easy via automatic Iterative change but by The layer that mankind's programmer is directly changed.Especially innermost dark color is rectangular, it is not influenced completely by automatic Iterative.This most in Root of the layer in face just as instructing the direction of LIZARD and the tree of whole capability.

Figure 148 shows iteration intelligently growth (I²The subset of GE 21), it describes static rule collection and is adapting to conceptual data Mature mode when various dangerous.Produce a series of generation-inter- rule sets, their evolution be defined via " personality " speciality into Capable.Such rule set is used to the incoming conceptual data feeding of processing, and executes most desired notice and correction movement.It drills Inbound path 867A is the entire generation chain with consistent " personality ".With the passage of CPU time, become increasingly to move from generation to generation State.Initial static rule collection becomes less universal and is potentially wiped or covered.Example: evolution approach A has tight Lattice and careful speciality, seldom forgiveness or tolerance are assumed.Conceptual action 867B is carried out to the behavior of conceptual data analysis personnel The place of processing and storage learns evolving path 876A from them.Example: path A has found many and specific feelings The reaction for the conceptual data danger that shape and personal type optimism match.Then path A is created imitates this behavior Rule.Mankind 867C expression creates initial rules collection to start the conceptual data of evolution chain analysis personnel.Example: rule is determined Justice is that any concept related with plutonium is bought on black market can all be prevented from.Path personality 867D is to define to endanger in conceptual data The variable cluster for the response characteristic that should be executed when the triggering of danger.

Figure 149-150 shows iteration evolution (I²The subset of GE 21), be wherein parallel evolving path 867A it is mature and The method selected.The generation of iteration is suitable for identical ACT 866, and the path with optimal personality trait finally most can Concept is resisted to threaten.CPU time 868A is the measurement that cpu power changes over time and can be measured with cpu cycle/second. It is inadequate that the exclusive use time, which measures the received processing exposed amount of evolving path, because the nucleus number of each CPU must be taken into consideration Amount and power.Example: processing makes Intel Pentium III request in time-consuming thousand that may make Intel's Haswell processor It is 30 minutes time-consuming.By using virtual isolated 868B, all evolving paths are all virtually isolated, and the iteration to guarantee them is complete Criterion entirely based on the personality of themselves.Example: path B does not know that path C has solved difficult conceptual data completely Problem, and it is necessarily dependent upon the personal traits of own and the data of study calculate solution.Certain paths may It is discarded, because they have reached the indefinite duration state that can not identify conceptual data danger.It is most possible as a result, new road Diameter must pass through modified personality mass production.Example: path D can not be identified in hundreds of CPU time 868A units Conceptual data is dangerous, therefore entire path is discarded.Monitoring/interactive system 868D is to inject the concept from 866 system of ACT Data hazards triggering, and it is dangerous from (all according to specific personal traits) associated conceptual datas of relaying of conceptual action cloud The platform of response.Example: path B (necessary conceptual data danger response needed for planning generation 12) has been provided in monitoring system.People Work concept threatens (ACT) 866 to be one and provides the isolated blob of consistent conceptual data hazardous environment.It is provided for analysis personnel Concept identification rehearsal, to practice identifying Bu Tong potential conceptual data response and speciality with training system.Example: ACT is provided People can recognize as dangerous a series of complex concept.Such as " how to use household Components Chemical synthesis Schain poison gas ".Very Positive concept threatens (RCT) 869A to provide concept scene 869C realistic threat according to truthful data log.Mankind 867C is to prison Direct command 869B is given depending on/interactive system 868D.Example: manual abort path changes the master variable etc. in the personality of path.It hands over Fork quotes the analysis bridge responded between 869E that module 869D is concept danger 869C and is made by conceptual analysis personnel 867C.? After extracting significant movement, it pushes it to speciality mark module 869F.Concept danger 869C can come from actual danger 869A practices 866.Speciality mark module 869F according to (one or more) personality type by all behaviors demarcate come.Show Example: when conceptual data analysis personnel 867C by mention too much suicide method Email mark 869E at it is risky when, should Module is denoted as preventative personality, because its behavior is Chong Die with past event, but also because analysis personnel are to call oneself Careful personnel.Speciality interactive module 869G analyzes the correlation between different personalities.The information is passed to conceptual action Then 867B is passed it on monitoring/interactive system 868D and the path of themselves.Example: personality is not tolerant and real Ist has very big overlapping in use and returns to similar reaction to same event.But stringent and optimist couple Same event does not almost always provide similar reaction.

Figure 151-154 shows creative module 18, is a kind of intelligent algorithm, new from previous input form creation Mixed form.Creativeness 18 is used as being used to serve the plug-in unit of polyalgorithm in module.At appended drawing reference 870A, two fathers Form (previous form) is pushed to intelligent selection device to generate mixed form 870B.These forms can indicate the pumping of data As construction.Example: formAIndicate the averaging model of the danger concept as derived from concept DB.FormBIt indicates to trigger rule by concept Collection publication about its new information to the reaction of dangerous concept.FormBIn information allow generate mixed form be to compare shape FormulaAThose of representative more dangerous concept.Intelligent selection device 870B algorithms selection new feature is simultaneously merged into mixed form. Example: the averaging model of the form A expression danger of the conceptual data as derived from concept DB.FormBExpression is issued by conceptual rule collection About its new information to the reaction of former concept danger.FormBIn information allow generate mixed form be to compare formA The more preferable concept danger triggering of those of expression.Mode 870C defines creative module 18 algorithm types currently in use.In this way, Intelligent selection device 870B is known which part is suitble to merge, this depends on application program currently in use.Example: mode is set It is set to ACT 866, therefore intelligent selection device 870B knows that there is expected input data danger DB to indicate (formA) and new publication Details (reaction that rule set triggers concept danger) (formB).Attributed scheme 870C defines how best to New data merges with legacy data to generate the method detailed of effective mixed form.Static criterion 870D is analyzed by conceptual data What personnel provided, it is should how mixed form provides general customization.These data may include Sort Priority, institute Desired data rate and data for directly merging, this depends on what mode 870C selected.Example: if by mould Formula 870C is selected as ACT 866, then should be able to seriously affect dangerous triggering DB from the information that the dangerous triggering of failure generates To change forming for such triggering strongly.If triggering continues failure after these variations, abandon triggering completely.To two Incoming form executes original 871 B of comparison, this depends on the static criterion 870D provided by conceptual data analysis personnel 867C.? After performing original comparison, most forms are all compatible according to static criterion 870D.It was found that unique difference be formA Response including being denoted as " external " by static criterion.This means that dangerous triggering DB representationBDo not include/indicate in formACertain exception of middle discovery.Any variation be important according to the static criterion 870D of offer by change of rank importance 871C, What changes unessential be ranked up.Example: due in formAIn have found in formBIn do not have indicate exception, so Static criterion 870D recognizes that this exception is vital, therefore it causes to have carried out modification outstanding in merging process To generate mixed formAB.At merging module 871D, it will be kept based on static state criterion 870D and mode 870C currently in use The constant data different with discovery are reassembled into mixed form.These variations may include the ratio distribution 872A of data, certain A little data have more important and data grids/correlation each other should be how.Example: the grade for receiving unusual combination is important Property.After making appropriate adjustment, with the process that static criterion 870D is guidance distinguish to abnormal reaction whether with data its His part is incompatible.Then, merging process modifies these pre-existing data, so that abnormal repair can effectively and in advance Existing data fusion.Overlay information amount is filtered according to the ratio 872A set by static criterion 870.If by ratio 872A It is set as big, then the form data being largely consistent is merged into mixed form.If ratio 872A setting is small, mostly Number mixed forms can all be configured to have to go over iteration with it and be very different.872 B of priority is in two datasets It competes in the case where defining a feature so as to same position in form, carries out the process of priority ordering to select which makes Feature is prominent, and makes which feature overlapping and hide.It (is protruded via rectangle when only one speciality can occupy some site Display) when, prioritisation process will occur to select which feature that can be inherited.872 C of pattern defines overlapping point and merges Mode.In most cases, there is the various ways that can occur specifically to merge, therefore static state 870 D of criterion and mode 870 C guides the module to tend to certain merging better than another.In most cases, there is the form of overlapping between the features, Therefore it can produce with the form for merging speciality.Example: it when triangle and circle are as input form, can produce " PAC-man " shape.

Figure 155-156 shows the LOM for being used as personal assistant.LOM is configured to manage the personification group in individual life It closes.One people can actively agree to that LOM registers the privacy details about their daily lifes, so that when individual is encountered a difficulty or ordered When topic, it provides for suggestion significant and appropriate.Its range can be working condition, eating habit, purchase decision etc.. LOM is received to draw a conclusion the initial problem 874B of 874C via the inside review process 874A of LOM.EPL 811B is used to test Card is by the LOM response generated based on morals, the compliance of law and privacy.In order to make LOM more personification, it be can connect To LAA 812D module, which is connected to the internet enabling equipment that LOM can receive from it data and control.(that is, working as you When reaching near your family, air-conditioning is opened).With PIP 802C, LOM receives personal information and user from user It can agreeable security ground tracking information.In this way, LOM can provide the accurate following response of more personification.With contextualized In the case where 874D, LOM can deduce the link of missing during constructing argument.LOM is decoded with its advanced logic Predicament caused by original assert is solved, it must know or assume first certain variables about situation.

Figure 157 shows the LOM for being used as research tool.LOM is used as investment tool in user.Due to asserting 875B It is to be proposed in a manner of objective and is impersonal, therefore LOM does not need the additional detail 875D of specific and isolated use-case to make It can form complicated opinion in this part thing.Therefore, draw a conclusion 875C in the case where no personification information.EPL 811B is used to verify by the LOM response generated based on morals, the compliance of law and privacy, and BM 819C is used to Monitoring represents user and implements illegal/immoral movable any conspiracy.

Figure 158-159 shows the benefit and disadvantage that LOM utilizes proposed 867B theory.Bit coin is a kind of equity dispersion Network, it verified in the open ledger of referred to as block chain encryption currency ownership.The bit coin of all generations is handed over Easily every 10 minutes are all recorded in by the primary block of Web Mining.The current hard coded limitation of bit coin core client is 1MB, This means that every 10 minutes can only existent value 1MB transaction (being indicated with data mode).Since nearest bit coin is as a kind of Assets are becoming increasingly popular, so block size, which is limited, causes pressure to system, the payment affirmation time is long, and the expense excavated It is more expensive.With contextualized 876D, LOM can deduce the link of missing during constructing argument.LOM is used Its advanced logic has decoded that solution is original to assert caused predicament, and it is big that it must know or assume that first who will increase block Small limitation.Therefore by LOM come the 876C that draws a conclusion.EPL 811B is used to verify by the LOM response generated based on morals, method The compliance of rule and privacy, and BM 819C is used to monitoring and represents illegal/immoral movable any conspiracy of user's implementation.

Figure 160-161 shows LOM as the manufacture of diplomatic maneuvres war game implementation strategy.The isolated and security instance of LOM can To be used on the hardware and facility of military approval.This makes LOM be able to access that it retains in (CKR) 806 in center knowledge World knowledge, while can in the local example of the local intelligent profile (PIP) of individual access it is military it is specific (and even It is classified as level of confidentiality) information.Due to the advanced intelligent capability of LOM, army personnel can run complicated war game, while energy Enough access general and concrete knowledge.Initial war game scene is using asserting that 877B and hard coded assume that 877E is proposed. Due to the complexity of war game scene, LOM is made a response with advanced details request 887D.LOM may determine to realize Complicated response, it must receive high-caliber information, such as 50, the detailed profile of 000 army.The transmitting of such information can be with It is carried out in the data of several Mbytes of magnitudes, the parallel processing for needing several days can just obtain complicated conclusion.All information all pass through 50,000 excel tables (are imported using the movement of single computer interface by format and the agreement transmitting of standardization and automation Lattice are up to two hours).In the case where BM 819C and EPL 811B, due to the sensibility of information, Safety Sweep covering is activated To disable such defencive function.War game simulate the problem of comprising may by BM 819C and EPL 811B indicate theme. EPL may prevent some useful information, these information can make eventually to produce the money of actual life and cost originally The raw simulation influenced is benefited.BM 819C may denote this theme, and be reported to 9 authorities of MNSP.Therefore, it fits When qualified military channel/tissue can authenticate their LOM session via PIP 802C, to allow in interference-free, harm Such sensitive theme is handled via LOM in the case where hindering or reporting to authorities.Due to such information (such as army's number and Position) it can be classified, so the covering for preventing completely BM 819C and EPL 811C may be implemented in certified session, in this way This sensitive information just enters external platform and each side (such as MNSP9) without departing from LOM forever.There is the case where PIP 802C Under, the authorization army personnel for being currently running this war game, which is used, has upgraded/special encryption and information the LOM that isolates Customize example.This may include curstomer's site storage solution, to ensure that it is public that sensitive military information never enters Cloud storage, and be maintained in the facility of military approval.Therefore, this information retained safely enables the inside of LOM to review 877A The itd is proposed war game of enough simulations.

Figure 162-163 shows the newspapers and periodicals task that LOM executes investigation property, such as discloses the identifiable thin of a people Section.The example of the use-case has followed the mystery that bit coin founder is surrounded as known to this acute hearing in assumed name.Bit coin community together with Many magazines and investigation reporter have paid very big effort to attempt to disclose his/her identity.However, LOM can be with one Kind automation and thorough mode maximize investigation effort.The needs that LOM may face in news mystery are found with can The specific part that accurately initial query is made a response.Therefore LOM can by customized information request scheduling to ARM805B, By information assimilation into CKR 806.With contextualized 879D, LOM does not require the additional of specific and isolated use-case Details is to allow it to form the complicated opinion about this affairs, because problem 878B is proposed in a manner of objective and is impersonal 's.LOM never can feel that ' being ashamed of ' makes a response because of not knowing or not knowing, because LOM has ' cruel honest ' ' personality '.Therefore, it is it can be seen how make the presence of inevitably leakage in evidence needed for disclosing the true identity of Satoshi Hole, such as at secondary conclusion 878E.When ARM 805B retrieves all known correct Emails for being attributed to Satoshi and chat When log, Style Science 808B is performed to confirm and define the true identity of Satoshi.Therefore, about investigation known to LOM All information of property newspapers and periodicals task are all rendered as conclusion 879C.

Figure 164-165 shows LOM and executes history verifying.LOM can be via the substantive test history text of narrators a series of The authenticity offered.Certain historical document (literally meaning ' news ' in Arabic) for being referred to as ' imperial edict ' have passed through card The confirmation of the real people of transmission news proves the promoter for being really attributed to it.Because imperial edict literature is initially in Arabic Its spoken context in stored and understood, therefore language construct 812A module references third party translation algorithm so as to directly with Its mother tongue understands literature.With contextualized 879D, LOM does not need the additional of a specific and isolated use-case Details, to allow it to form a complicated opinion with regard to this part thing, because problem 879B is with the proposition of objective and non-personal manner 's.With KCA 816D, the information of UKF cluster is compared, to confirm such as to be confirmed by a series of narrators The validity about reference (imperial edict) evidence.The algorithm considers reliability (the i.e. so-called imperial edict narration in attribute source Person), whens claiming, negate evidence as the proposition etc..From the data retrieved by ARM, the structure concept in CKR 806 surpasses LOM When, this facilitate the verification process of imperial edict.Such as ' what is imperial edict for inquiry? ', ' there are what variants for imperial edict? ', ' certification is most What best method? ' self propose the problem of.By inherent advanced reasoning, CKR 806 establishes powerful definition base Plinth, and it is able to demonstrate that any conclusion 879C of LOW output is reasonable.In the case where constructing 879C with cluster, CKR 806 obtain concept conclusion by " stacking " block of information (referred to as UKF cluster).These clusters include related with target information wide General metadata can belong to source, time of suspicious information creation etc..

Towards digitized language LAQIT。

The concept of Figure 166 introducing LAQIT.LAQIT be it is a kind of from trust and target side network in transmit information it is efficient And safety method.LAQIT, which is provided, to be emphasized readability and emphasize alternate extensive mode between safety.Linearly, former Son and quantum are different and difference information delivery formats, they provide the feature and application of variation.LAQIT is security information The final form of transmitting, because its most weak link is the privacy of brains.Analogue's risk is actually removed, because high The key that effect is easy to remember is only stored in the brains of recipient, and the message (makes according to the composition real time decrypting of key With human mind).Key only needs to transmit once, and is submitted to memory, therefore for the memory event of isolation, can use More detailed privacy measures transmit key in the case where phone shutdown, through ephemeral encryption Email etc. in person.Institute Some safety responsibilities are all in the restricted area of key.Because it is simple convenient for memory, most safety responsibility enough All it has been mitigated.Block 900A illustrates identical red, orange, blue, green colour sequential consistent with purple, these Colour sequential is repeated in the logical construction grammer of LAQIT and recurrence.Block 900B further illustrates colour sequential by recurrence Ground is used to be translated using The English alphabet.When constructing " basis " layer of alphabet, on the colour sequential and purple channel Shortening be used together again with differential weights.Retain the remaining space for the syntactic definition in purple channel, for potentially will To use and extend.Stage 901 indicates that a complicated algorithm reports its log event and state report using LAQIT.? In the scene, encryption is to be disabled according to selection, and the option encrypted is available.Stage A1 902A indicates state/log report That accuses automatically generates.Stage A2 903A indicates the conversion of state/Log Report to the text based LAQIT grammer that can be transported. Stage A3 904A indicates that the grammer that (such as original HTTP) channel transfer can be decrypted by digital encryption (i.e. VPN12) is uneasy The transmitting of full information.Encryption channel is preferred, but is not compulsory.Stage A4 905A indicates the text based that can be transported Conversion of the grammer to the readable LAQIT vision syntax (such as linear model) of height.Stage 911 indicates that intended recipient is expressed as The mankind design, are expected and optimize because LAQIT is non-computer/non-Al recipient for information.Stage 906 shows The sender of sensitive information is the mankind.Such mankind can represent the apparatus of information or informer's proposal.Such sender 906 LAQIT encryption key directly is disclosed to human recipient 911 via the tunnel of safety and ephemeral encryption, which is designed to It transmits such key 939 and leaves any trace in persistent storage.Ideally, human recipient 911 is by key 939 It submits to memory and removes all storage traces in any digital display circuit of key, a possibility that eliminate hacker attacks.This Because key 939 is optimized for human mind, because it is based on relatively short shape sequence.Stage B1 902B table Show the non-security text in local for the submission to recipient 911 inputted by sender 906.Stage B2 903B is indicated this The conversion of the class text 902B extremely LAQIT grammer based on the ciphertext that can be transported.Stage B3 904B indicates grammer security information Transmitting, the channel (such as original HTTP) can be decrypted by digital encryption (such as VPN) to transmit.Stage B4 905B table Show data to being hereafter presented to the LAQIT grammer of human recipient 911 visually encrypted (such as with encryption stage 8 Atomic mode) conversion.

Figure 167 shows all major type of available languages (or mode of information reception and registration) to compare them by using all Such as the effect of the information channel transmitting information of position, shape, color and sound.Most effective, efficient and practical language is can Effectively integrate and utilize the language of most channel quantity.Increment recognition effect (IRE) 907 is a kind of channel of information transmitting. It is characterized in that identifying its whole forms before information unit is completely delivered.Be similarly to main body complete word or It is completed before phrase.This effect that LAQIT is indexed by showing word to the transition between word come consolidated forecast.For For veteran LAQIT reader, they can be initially formed is showing when block is moved to position but not yet reaches Word.Proximal end recognition effect (PRE) 908 is a kind of channel of information transmitting.It is characterized in that the whole of identification information unit Form, and it otherwise be compromised, obscure or change.This can be in the spelling of english language ' character ' and ' chracaetr ' It writes to illustrate.The outer boundary of unit has been defined (first and last character), but mixed characters close to still It is so an entirety by word definitions.With written English 912, typical English text combines the position of letter Set, the shape of letter and identification to entire word, rather than as described in the IRE 907 it is each it is alphabetical together).? In the case where with conversational speech 913, common spoken conversation combines the position (sequence that they say) of word, indicates sound The shape of frequency modulation rate and audible emphasis.Morse code 915 is made of the binary location of the variation of sound.To letter The prediction cognition of breath recipient makes it possible IRE907, rather than as Morse code between proximal end gradually streaming letter Breath.With hand signal 915, the position of hands movement and formation (shape) determine information.This range can be transmission The signal for making that aircraft is mobile, truck stops etc..It is not much predictive ability, therefore without IRE 907 also without PRE 908. Compared with competing language 912 to 915, LAQIT 916 can utilize most information channels.This means that can be in less Jie In the case where matter (space i.e. on screen), more information are transmitted in a short time.This provides capacity headroom, makes it possible to It is effectively combined the complex characteristic of such as strong encryption etc.In the case where LAQIT Voice Encryption 909, LAQIT can utilize sound The further encryption information of the information channel of sound.Therefore this is believed to transmit information via sound, although it cannot be utilized Decryption communication is to do so.

Figure 168-169 shows the linear model of LAQIT, it is characterised in that its simplicity, easy to use, high information density and Lack encryption.Block 917 shows " basic rendering " version of linear model.Point 918 shows that it is not encrypted.Linear model is not permitted Perhaps the effective space distribution of 941 carry out is obscured to shape, this is the basis of the encryption in atomic mode.As replacement, linear mould Formula is optimized for dense information transmitting and the effective use of screen is presented.With word separator 919, the shape The color of shape indicates to follow the word and serves as the character of the separation between the word and next word.This is and atom journey The nuclear equivalent grammar of sequence.Indicate that the color code of question mark, exclamation mark, fullstop and comma is all suitable for.Singly check region 920 Showing basic rendering 917 and how to combine, there is bigger the smaller of letter to check region, and therefore every compared with advanced rendering 918 The information of a pixel is less.Such advanced rendering is characterized in that its pair checks region 922.In advanced rendering, each picture There are more movable alphabets for element, it is contemplated that LAQIT reader will be kept up with for speed.Therefore, in presentation speed and letter It ceases between density and there is compromise predicament.Masking covering 921 makes the letter being transferred into and out slow up, and makes the main note of observer Meaning power is placed on (one or more) and checks on region.Although covering, it is partially transparent, to allow the viewer to enough mention For predicting the ability of incoming word and verifying and the word for checking outflow.This is also referred to as increment recognition effect (IRE) 907.High density information transmitting 923 illustrates how using advanced rendering 918 that each letter is smaller and in identical space More letters are presented in amount, therefore each pixel conveys more information.

Figure 170 and 171 shows the characteristic of atomic mode, can be extensive encryption stage.The reference of 924 capital characters of primary colours will The general provisions for specifying which letter to be defined.Red primaries indicate the word according to the alphabetical A of alphabetical table reference 900B between F It is female.It is possible that the word for using primary colours (not impacting 925) is only read, because concluding the spelling that can be used to infer word. Encryption enabled can be carried out in the presence of five kinds of possible shapes in total.Impact 925 exists with color gamut identical with primary colours, and definite Define specific character.There is no impacts to have also indicated that a definition, i.e., is letter in individual red primaries (not impacting) A.To realize that encryption, impact can have in total five kinds of possible shapes 935 with encryption enabled.With read direction 926 In the case of, information delivering is read in the rectangular upper beginning in the top of orbit ring.Reading carries out in the direction of the clock.Once completing one A orbit ring, reader will be since the top of next sequence orbit ring (the second circle) be rectangular.Into/out entrance 927 It is the creation and breakdown point of character (its primary colours).The fresh character for belonging to related track will occur from entrance and slide into its clockwise Position.Atomic nucleus 928 defines the subsequent character of word.Usually this is a space, indicates the sentence after the presentation of this word It will continue to.It indicates that the color code of question mark, exclamation mark, fullstop and comma is all to be all suitable for.Whether also indicate the same word It will continue under new information state, because all three orbit rings have all had been filled with their maximum capacity.When a track When ring 929 is filled, letter is spilt on next (biggish) orbit ring.The limitation of orbit ring 1 is 7, and ring 2 is 15, and Ring 3 is 20.This makes intratomic be up to 42 characters (including potentially useless character).If reaching the limit of 42 characters System, then the word will be cut into 42 sections and core will indicate that next information state is the continuation of current word.It is single having In the case where word navigation 930, each piece indicates the entire word (or multiple words under molecular pattern) on the left of screen.When When showing word, corresponding block moves right outward, and when the word is completed, block is drawn back.The Color/Shape of navigation block It is identical as the primary colours of the first letter of word.With sentence navigation 931, each piece of expression word cluster. Cluster is the maximum word amount that can be adapted on word Navigation Pane.If individualism sentence navigation block or multiple In the last one, then it more likely would not indicate word cluster more smaller than maximum capacity.State of atom creation 932 is one Kind causes the transition of increment recognition effect (IRE) 907.In the case where such transition, primary colours 924 are from into/out entrance 927 occur, and hide their impact 925, and the position moved clockwise they are presented.In the transition period, skillfully LAQIT reader can predict part or whole word before impact 925 is exposed because of IRE 907.It is similarly to Most of search engines are automatically performed feature, they are with initial batch message come the surplus of estimated sequence.

State of atom extension 933 is the transition that one kind causes proximal end recognition effect (PRE) 908.Once primary colours arrived it Position, they will information state present ' extension ' sequence in be displaced outwardly.This reveals that impact 925 it is possible thereby to Being specifically defined for information state is presented.Skilled LAQIT reader will be needed not scroll through through each independent letter with gradually structure It builds word, but the meaning of the word for being attributed to PRE 908 is observed and be immediately appreciate that total as a whole. It is the transition that one kind causes increment recognition effect (IRE) 907 that state of atom, which destroys 934,.At this stage, primary colours 924 have been shunk (sequence spreading 933 of reversion) to cover impact 925 again.Their positive slidings clockwise are now to arrive into/exit Entrance.In the high speed rendering of information state, skilled LAQIT reader will complete the knowledge of word using transition is destroyed Not.This will be it is useful, when be used to watch extension state of atom (impact is shown) window of opportunity it is very narrow (score of second) When, this will be useful.

Figure 172-174 shows the general introduction of the encrypted feature of atomic mode.Due to LAQIT provide it is a kind of efficient and intensive Information transfer means, therefore have enough inromation bandwidth headroom to provide the realization of encryption.This grammer encryption is different from typical case Network security encryption, require expected receiver with memory key real time decrypting information wherein.Which reduce malice The risk of data in movement, data-at-rest, data in use is read and understood with unauthorized party.Cryptographic complexity is 9 Change between a standardized scale 940, is weighed between readable and security intensity.941 (grades are being obscured with shape In the case where 1-9), standard square is replaced by five visual different shapes.Change in shape in grammer allows in atom Useless (vacation) letter is inserted at the policy point of profile.Useless letter has obscured the true of message and expected meaning.Decode letter To be true or useless be all via safety and temporarily transmits decruption key is completed.If letter is simultaneous with key Hold, then it will be counted in the calculating of word.When key is incompatible, it will be ignored in calculating.It is reset having In the case where 942 (class 4s -9) of bonding, two letters are linked together and change reading process by bonding.When with typical When read mode clockwise starts, encounters initiation (beginning) and land upper (with reasonable/non-nothing in reasonable/non-useless letter Terminated with letter) on bonding by turn to read mode make its land letter on restore.With 943 (etc. of radioactivity element Grade 7-9) in the case where, some elements can " flurried ", this can make whether letter is that useless assessment inverts.Shape 935 is shown The shape that can be used for encrypting: triangle, circle, rectangular, pentagon and trapezoidal is gone out.Central factor 936, which is shown, to be defined immediately In the central factor of the track of the subsequent character of word.These elements are: being used to refer to the red of fullstop, are used to refer to comma Blue that is orange, being used to refer to space is used to refer to the green of question mark and is used to refer to the pink colour of exclamation mark.Encrypt example 937 show and obscure 941 suitable for the shape of secret grade 1-9.Central factor 936 is illustrated at the center of track, and useless Letter 938 is the primary encryption means that 941 are obscured using shape.The useless of the left side has sequence round-rectangular.The right it is useless With sequence it is rectangular-triangle.Since the two sequences are not present in encryption key 939, so reader can be by it Be identified as it is useless and therefore when calculate information state meaning when skip them.

Figure 175-176 diagram redirects the mechanism of bonding 942.Encryption example 944 shows redirection bonding 942 and 945.It deposits About ' the regulation rule ' for redirecting bonding:

1) it when reaching bonding, is followed by default value and therefore behavior is abandoned routine clockwise.

2) when following a paths: initiating one that alphabetical (letter that the path is started with it) is counted as sequence Point.

3) when following a paths: landing alphabetical (letter that the path is terminated with it), be counted as one of sequence Point.

4) paths can only be followed once.

5) alphabetical specific example can be only counted once.

6) if both initiation letter and land letter are not useless, path must comply with.

In the case where having redirection bonding 945, which is started with " initiation " letter and with " land " letter knot Beam, any of which may be useless or may not be useless.If no one of they be it is useless, The bonding changes read direction and position.If one or two be all it is useless, entire bonding must be ignored, otherwise disappears Breath will be decrypted improperly.Each individual bonding has the correct direction being read, but sequence is not explicitly described And it must be drawn according to the useless composition of current reading position and information state.Useless alphabetical 946 show the two nothings It is how to make decryption more complicated and therefore resist brute force attack now with letter.This is because bonding is obscured and redirected to shape Combination result in for brute force attack person exponentially be more difficult task.In the case where having bonding key definition 947, If must comply with bonding during reading information state, it is depended on whether in encryption key by specifically fixed Justice.Potential definition is: singly-bound closes, double bond is closed and three bondings.Illustrate that incorrect reading redirects key at 949 in incorrect explain Close the potential case of (because not knowing key 947).Such incorrect explanation 949 leads to message ' RDTNBAIB ', and correct The real message for explaining 948 is " RABBIT (rabbit) '.There are a variety of potential methods to redirect bonding improperly to explain 945, because shape, which is utilized, in they obscures 941 complexity to create safer message exponentially.There is only such as correct Explain a kind of correct way of the explanation true messages illustrated in 948.

The mechanism of Figure 177-178 diagram radioactivity element 943.Encryption example 950 shows radioactivity element 943 and 951.It deposits In ' the regulation rule ' about radioactivity element:

1) during the extension phase of information state, radioactivity element be considered as nonstatic or vibration.

2) radioactivity element can be radiological operations or hiding.

3) activity radioactive element indicates that it is in useless state and is inverted.I.e. if shape composition indicates that it is useless , then it is to report by mistake and be practically without to be counted as useless but be counted as real letter.If shape forms Indicate that it is that really, then it is to report and be counted as useless rather than real letter by mistake.

4) latent radioactivity element indicates that its state is that useless or real letter is not impacted.

5) radioactivity element cluster is existed by the continuous radioactivity in orbit ring to define.When radioactivity element each other When being neighbours' (in specific orbit ring), they define a cluster.If the neighbours of radioactivity element be it is non-radioactive, So here it is the limitations of the upper bound of the cluster.

6) it is movable and latent which cluster key, which limits,.I.e. if key indicates double clusters, all double collection Group is radioactive, and all single clusters and three clusters are all latent.

It is acutely shaken if radioactivity element 950 shows alphabetical during the extension phase that information is presented (or element), It is considered radioactive.Due to the classification of secret grade, the atom containing radioactivity element always has interatomic bonding. Because radioactivity element changes the classification of letter, i.e., whether they are useless, so obscuring into safely in exponential increase.It is double Cluster 952 is shown since there are two radioactivity elements in sequence and in same rail, so how they are counted as Cluster (double).No matter by encryption key 954 defines they be considered to be it is movable or latent.There is single cluster 953 In the case where, two neighbours be all it is non-radioactive, thus define the range of cluster.Because the specified double clusters of key are effective , so to be processed first be whether the element 953 is not radioactive.There is the case where double cluster key definition 954 Under, double clusters are limited to activity by key, therefore the cluster of every other size is considered as latent, while decrypting message. It is incorrect to explain that 956 show how double clusters 952 are not considered as reversion sequence (wrong report) by interpreter.This means that in rank Section 956A, correct answer is to ignore it, because while it is not useless, but it belongs to movable radioactivity cluster (by close Key 954 is verified), it indicates that decrypting process reversely explains letter.It is said from any practical significance, it is not known that the people of key cannot All potential combinations are guessed using brute force attack, and shape obscures 941, redirects bonding 942 and 943 quilt of radioactivity element It uses simultaneously.How the incorrect interpreter for explaining that 956 are shown without key 954, which is misled into, uses redirection bonding 956B, Explain that 955 should not follow redirection bonding according to correct.Which results in an entirely different message result ' RADIT ' It is not ' ARBBIT '.Illustrate that explanation is decrypted correctly the full details of the means of message in 955 in correct explain.

Figure 179 shows the molecular pattern of encryption enabled and streaming 959.There is the case where concealed dictionary attack resists 957 Under, the incorrect decryption of message will lead to " distracting attention " standby message.This be to bad one false impression of executor, They have been successfully decoded message, while they have had received the dummy message for acting as the shielding of real information.Every In the case that a molecule has multiple movable words 958, during molecular procedures, these words are presented parallel.Which increase The information of every surface area ratio, however there is consistent transition speed, this needs more skilled reader.Word navigation instruction is current There are movable four words.However, obscure due to redirecting bonding, the word of message by the not homoatomic across intramolecular with Part exists with as a whole.Binary system and streaming mode 959 show streaming mode, and read in the configuration of typical atom Mode is binary.Binary mode Deictic Center element defines word and is followed by which character (i.e. question mark, exclamation mark, sentence Number, space etc.).Molecular pattern is also binary；Except when enabling the encryption for abiding by streaming mode.Streaming mode is in-orbit Spcial character (such as question mark etc.) is referred in road.This is done because in encryption intramolecular, word will be across multiple originals Son exists and therefore specific central factor cannot be uniquely present in specific word.There is the case where molecular linkage 960 Under, the not unique encrypted feature of molecular information state encrypts the catalyst obscured.When being placed in ever-increasing molecule When in environment, all security intensities of three kinds of encryption modes (shape is obscured, redirection is bonded and radioactivity element) are all exponentially Increase.Read direction key 961 is shown on the 1st row, and the read direction of default is from left to right, then from a left side on the 2nd row To the right side, read direction can be encrypted replaced key.Which increase expected message obscure and therefore message privacy/safety Property.Redirecting bonding has prepreerence status, and the even super direction limited in key of taking over is not (as long as bonding is useless ).

(UBEC) is connected with all items of general BCHAIN that attachment integrated node (BCHAIN) is coordinated in basic connection It summarizes

Figure 180 shows the BCHAIN node 1001 for including and running the application program 1003 that BCHAIN is enabled.Communication gate (CG) 1000 be that BCHAIN node 1001 interacts the communication hereafter caused with other BCHAIN nodes 1001 with its hardware interface Main algorithm.Node statistics investigate (NSS) 1006, and it explains remote node behavior pattern.Node escape index 1006A tracking section A possibility that point neighbours will flee near sensing node.High escape index instruction solves the strategy refined is needed more Clutter environment.

Example: the smart phone in automobile on a highway will show high node escape index.Electricity in Startbuck Refrigerator will show low-down node escape index.

Node saturation index 1006B tracks the number of nodes in the detection range of sensing node.Higher saturation index Indicate the congested area with great deal of nodes.This may be because supply/demand tradeoff and performance generated actively and negatively affected The two, and more highdensity node region is expected to more stable/more predictable and therefore less confusion.

Example: the Startbuck positioned at downtown New York has high node saturation index.Tent in the middle part of desert will have Low-down saturation index.

The quality for the node serve that node consistency index 1006C tracking is such as explained by sensing node.High node consistency Neighbor node around index instruction often has more available uptime and consistency of performance.With dual mesh Node often there is lower index of conformity in use, and the node display dedicated for BCHAIN network is higher Value.

Example: with dual-purpose node (such as employee of company's computer) by with low index of conformity, because It at work between during available resource it is less and more in lunch break and the available resource of employee's period of absence.

The quantity for the overlapping nodes that node overlapping index 1006D tracking is such as explained mutually by sensing node.When overlapping index When tending to be related to saturation index, they are the difference is that serving as the common overlapping quantity between index instruction neighbours and satisfying Physical trends are pertained only to index, therefore, the high saturation index with long wireless range will lead to high weight on each device Folded index.

Example: as the new BCHAIN with high gain directional antenna and advanced beam-forming technology optimizes microchip (BOM) installation, equipment initially enter certain sectors of BCHAIN network.Therefore due to having the communication structure being more overlapped Node, the overlapping index in these sectors increase.

Figure 181 shows the core logic 1010 of BCHAIN agreement.Customize chain identification module (CRM) 1022 and previously by node The customization chain (it can be application program chain or micro- chain) of registration connects.Therefore the node have to the reading of such function, It writes and/or the encrypted access of managerial ability.When on the section of the application program chain in first chain emulator in first chain or micro- chain When detecting update, which notifies the rest part of BCHAIN agreement.Content claims that delivering (CCD) 1026 is received by verifying CCR 1018 and hereafter send correlation CCF 1024 come meet request.

Figure 182 shows dynamic strategy adaptation (DSA) 1008 of management strategy creation module (SCM) 1046.Strategy creation Module (SCM) 1046 is mixed by using creative module 18 via system via optimisation strategy selection algorithm (OSSA) 1042 preferred sophisticated strategies and the new policy deployment 1054 of dynamic generation.New strategy explains (FCI) according to by field chaos 1048 change.

Figure 183 shows various with being managed by graphic user interface (GUI) at UBEC platform interface (UPI) The password figure economy of economic personality 1058,1060,1062 and 1064 exchanges (CDEE) 1056.In the case where personality A1058, Node resource is consumed only to match (if present) with what you were consumed.Personality A, which is ideally directed to, slightly arrives medium letter The accidental thrifty consumer of breath amount transmitting.The real-time streams and precedence information of such as voip call (i.e. Skype) etc transmit It is the smallest.Personality B 1060 consumes resource as much as possible, as long as profit margin (can be with alternative currency (such as greater than X Password currency, legal tender, noble metal etc.) come the working cell of overtrading).Personality B, which is ideally directed to, to be configured to The in particular node of the infrastructure contribution profit motivation of BCHAIN network.Therefore, such node usually will be permanent Infrastructure installs (it is run by main power source, rather than battery powered equipment), and has powerful computer-internal structure Part (wireless capability, CPU intensity, hard disk size etc.), such as fixed equipment etc..Personality C 1062 is via transaction currency (password goods Coin, legal tender, noble metal etc.) working cell is paid, allow to consume content while spending less node resource. Personality C is ideally directed to consumer or those equipment for wanting to benefit but be not desired to them from BCHAIN network of heavy information transmitting Resource is depleted the people of (i.e. smart phone consumption battery speed is fast and to warm up in pocket).The personality D 1064 the case where Under, node resource is spent as much as possible, and is not limited by any desired return, either consumption content or money Compensation.Personality D is someone selection (i.e. core exploit person of BCHAIN network of the intensity of BCHAIN network by its maximum benefit Member can purchase and install node, it is only for Strengthens network, rather than perhaps make money in consuming).Current working status solution The economic section of infrastructure that (CWSI) 1066 is released with reference to first chain determines the node working as in terms of work credit is completed Preceding surplus or deficit.Economically think that work forces (ECWI) 1068 to consider in the case where work at present surplus/deficit Whether selected economic personality should execute more work at present with assessment.

Figure 184 is shown as the Trinity relationship so that between the three kinds of algorithms of different that can grow up in intelligence each other The intelligently progress (SRIA) of symbiosis recurrence.LIZARD 16 can be by understanding code purpose (including their own) come innovatory algorithm Source code.I²GE 21 can be with the generation of simulation virtual program iteration, therefore selects strongest program version.The BCHAIH net Network is the huge network that can run the node of chaotic connection of complicated data-intensive program with a scattered manner.

Claims (76)

1. the computer safety system based on artificial intelligence, wherein the system includes the memory of storage programming instruction；Processing Device is coupled to memory and executes programming instruction；And at least one database, wherein the system includes providing to specify The computer-implemented system of function.

2. system according to claim 1, wherein the computer-implemented system is the information security being layered by cloud & (CTIS) critical infrastructures protection & punishment (CIPR) further comprises:

A) credible platform comprising report the network of the spy of activities of hacker；

B) the network & security service provider (MNSP) managed provides the encryption safe of management, connectivity & compliance solves Scheme & service；

Wherein virtual private network (VPN) connection MNSP and credible platform, wherein VPN is provided to and the communication from credible platform Channel, wherein MNSP is adapted to all business in analysis enterprise network, and wherein the business is routed to MSNP.

3. system according to claim 2, wherein the MNSP includes:

A) the priori Real-time defence (LIZARD) in reasoning zero data library exports purpose and function from foreign code, and Therefore there are malicious intent or there is no preventing it in the case where lawful cause, and in the feelings without reference to priori historical data Therein and their own threat is analyzed under condition；

B) artificial security threat (AST), provides the hypothesis security scenario for being used to test the effect of safety regulation collection；

C) creative module executes the process of the new mixed form except intelligence creation transcendental form；

D) conspiracy detection, identifying information cooperates and extracts the mode of safety-related behavior, and mentions for multiple conspiratorial security incidents For routine background inspection, and attempt to determine the mode and correlation seemed between incoherent security incident；

E) safety behavior, storage event and their security response and speciality simultaneously index to them, wherein the response bag Include prevention/approval decision；

F) iteration intelligence growth/intelligence evolution (I²GE), identified using big data and malware signature, and by utilizing AST The future potential variation of Malware is simulated with creative module；And

G) critical thinking, memory, perception (CTMP) criticize prevention/approval decision and serve as safe supplemental layers, and utilize From I²The cross reference intelligence of GE, LIZARD and credible platform, wherein CTMP estimates that own forms objective making decision to item Ability, and will avoid safeguarding the decision made in the case where internal low confidence.

4. system according to claim 3, wherein LIZARD scaled-down version client is adapted to the equipment in enterprise network Middle operation, with the LIZARD secure communication in MNSP.

5. system according to claim 3 further comprises demilitarized zone (DMZ) comprising sub-network, the sub-network packet Containing the HTTP server with safety responsibility more higher than normal computer, so that the remainder of enterprise network will not undertake Such safety responsibility.

6. system according to claim 3, wherein I²GE includes iteration evolution, wherein the mature simultaneously quilt of parallel evolving path Selection, generation of iteration are suitable for identical artificial security threat (AST), and the path with optimal personality trait is finally most Security threat can be resisted.

7. system according to claim 3, wherein the LIZARD include:

A) grammar module provides the frame that computer code is write for reading &；

B) purpose module exports purpose using grammar module from code, and exports purpose with its complicated purpose format；

C) virtually obscure, be cloned in virtual environment in wherein enterprise network and database, and sensitive data is replaced with into void False (vacation) data, wherein the behavior according to target, environment can include more false elements or whole by dynamic change in real time More true elements of a system；

D) signal imitation provides a kind of punishment form when having obtained the analysis conclusion virtually obscured；

E) internal consistency inspection checks all intrinsic functions of significant foreign code；

F) foreign code is rewritten, and is dropped foreign code at complicated purpose format using grammar module and purpose module；

G) concealed code detection, detection secret are embedded in the code in data & transmission grouping；

H) it needs to map matching, is the hierarchical structure for the mapping for needing & purpose and is referenced to whether determine foreign code The overall goal of adaptation system；

Wherein for writing, grammar module receives complex format purpose from purpose module, then with arbitrary code grammer volume Code is write, then the arbitrary code is translated into practical executable code by help function；Wherein for reading, grammar module The grammar explanation of code is provided for purpose module to export purpose for the function of such code；

Wherein the signal imitation understands the communication grammer of Malware Yu its hacker using grammar module, then as abduction Communication is to provide false impression to Malware, i.e., sensitive data is successfully sent back to hacker by it, wherein hacker The error code of Malware is sent by LIZARD, so that it is appeared to from Malware；

Wherein foreign code rewrites using purpose derived from institute and constructs code set, so that it is guaranteed that only carrying out in enterprise desired And understanding foreign code purpose, and any unexpected function executes the access that cannot all obtain to system.

8. system according to claim 7, wherein reproducing foreign code with grammer in order to rewrite foreign code to mitigate Potentially the purpose of statement is not compared and is matched with derived purpose by detected malice vulnerability exploit, combined method, Wherein purpose module is used to purpose format complicated for operation, wherein needing to map matching in the case where having export purpose and protecting Hierarchical structure is held to safeguard the jurisdiction needed to all enterprises, so that the purpose of code block is defined and proves that rationally this takes Certainly in jurisdiction come orient needs map in vacancy, wherein input purpose be recurrence debugging process introducing.

9. system according to claim 8, wherein recurrence debugging cycles through code segment and comes test errors and application error It repairs, wherein entire code segment is replaced by original foreign code section, wherein source code section if mistake exists It is then flagged for obscuring and behavioural analysis in virtually, wherein with foreign code, the reset condition of code By for code rewriting purpose module and grammar module explain, wherein because being needed in rewritable versions there are permanent error In the case that original foreign code section is installed, foreign code is directly referred to by debugger, wherein at re-written code, Duan Youxu Quasi- runtime environment is tested to check code error, and wherein environment executes code segment when virtual operation, and when checking operation Mistake, wherein with code error, the mistake that is generated in environment when being defined on virtual operation in range and type Accidentally, wherein the potential solution of code error is led again by the purpose from elaboration in the case where being aligned with purpose Code is out come what is formulated, and wherein the range of code error is rewritten with alternate formats to avoid such mistake, wherein potential solution Certainly scheme is exported, and wherein if not retaining solution, loses the code rewriting to the code segment and most Whole code is concentrated use in the source code section directly from foreign code.

10. system according to claim 8, wherein for needing to map matched operation, LIZARD cloud and LIZARD essence Simplified version refers to the level mapping of enterprise's jurisdiction branch, wherein no matter inputting purpose is stated or exports via purpose module, It needs to map matching and demonstrates execution code/function reasonable ground in business system, wherein the primary copy quilt of level mapping It is stored on the LIZARD cloud in MNSP, needs to index in matching wherein calculating by reference to primary copy and needing to map, The needs index of middle pre-optimized is distributed between all addressable endpoint client ends, and wherein needs mapping matching is received to whole What a system most suitably needed needs to request, wherein corresponding output is the complicated purpose format for indicating suitably to need.

11. system according to claim 3, wherein the entire LAN infrastructure of enterprise is rebuild substantially in MNSP, In then hacker be exposed in the element of true LAN infrastructure and virtual clone's version when system process performing is analyzed, In, if this alanysis the result shows that risk, hacker increases the exposure of virtual clonal basis facility, to reduce true number According to and/or the risk that is compromised of equipment.

12. system according to claim 3, wherein providing Malware root signature to AST so that forming Malware Iteration/variant of root signature, wherein providing the polymorphie variant of Malware as from I²The output of GE is simultaneously transferred into Malware detection.

13. system according to claim 12, wherein malware detection is deployed in all three of the composition of computer In level, including user's space, kernel spacing and firmware/hardware space, all spaces are all supervised by Lizard scaled-down version spy Depending on.

14. system according to claim 1, wherein the computer-implemented system is by the secret behaviour in cyberspace Secret intelligence (MACINT) the & punishment of the machine of work further comprises:

A) intelligent information and configuration management (I²CM), intelligent information management is provided, checks and controls；And

B) console (MC) is managed, provides a user input/output channel:

Wherein I²CM includes:

I) it polymerize, inessential and redundancy information is filtered out using general purpose grade criterion, merges and label comes from multiple platforms Information flow；

Ii) configuration and deployment services comprising for disposing the new spectra network being arranged with predetermined security configuration and connectivity Equipment and the interface of the deployment for managing new user account；

Iii it) is separated by jurisdiction, wherein according to the information of the special separation marking of related jurisdiction of management console user Pond；

Iv it) by separation is threatened, is threatened according to individual come organizational information；

And

V) automation control, access MNSP cloud, credible platform or additional third party's service.

15. system according to claim 14, wherein behavioural analysis observation is when Malware is in false number in MNSP cloud Malware state in which and performed movement when according in environment；Wherein when Malware attempts to send false data to hacker When, the signal of sending is re-routed so that it is received by false hacker；The wherein code structure of hacker's interface Malware And reverse-engineering is carried out to export hacker's interface to the internal structure of Malware, wherein emulating vacation in virtualized environment Hacker and false Malware；The false hacker wherein virtualized sends response signal to real Malware, to observe malice Next behavior pattern of software, wherein giving the not associated spurious response code of behavior/state of hacker and true Malware.

16. system according to claim 14, wherein the ability of vulnerability exploit scanning recognition crime assets and characteristic and For resulting scanning result by vulnerability exploit management, which is by credible platform via infiltration target crime system The program that vulnerability exploit database is sent is punished, wherein punishment vulnerability exploit database includes that a kind of vulnerability exploit is supplied by hardware The means for the criminal activity that quotient is provided in the form of established back door and known bugs, wherein unified court evidence database Include the compilation court evidence from multiple sources across multiple enterprises.

17. system according to claim 14, wherein when the suspend mode spy from crime system captures the text of enterprise network When part, firewall generates the log for being forwarded to log aggregation, and wherein data category is divided into long-term/depth and swept by log aggregation It retouches and in real time/surface scan.

18. system according to claim 17, wherein depth scan facilitates big data and participates in big data, while benefit With conspiracy detection subalgorithm and external entity management subalgorithm；Wherein the standard logs from security checkpoints are at log aggregation It polymerize and is selected using lower limit filter；Wherein case index+tracking stores event details；Wherein abnormality detection according to by The intermediate data that depth scan module provides comes using case index and safety behavior with any potential risks event of determination；Its In external entity management and conspiracy detection be involved in the analysis of event.

19. system according to claim 17, wherein credible platform searches any computer to check itself or its server Whether relatives/neighbours (other servers connected to it) were in the past that credible platform establishes double agent or treble agent；Its In indexed in credible double spies+track cloud and credible treble agent index+track at cloud execute spy search check；Wherein by appoint The double agent that computer is trusted that anticipates pushes vulnerability exploit by its trusted channel, and wherein the vulnerability exploit attempts to search sensitive text Part is isolated it, its exact state is sent back to credible platform, and then attempts to wipe it from crime computer It removes.

20. system according to claim 19, wherein ISP API request is via credible platform and in network monitoring network Arbitrary system is made at log, and finds the potential file for being transferred to crime computer, wherein metadata is used to determine The important confidence level of any platform computer is sent the file to, wherein the network details of network monitoring discovery crime computer, and will These information are re-routed to credible platform, and wherein the credible platform is used to the peace for participating in being provided by software and hardware supplier Full API can help any established back door of the judicial inquiry so as to utilization.

21. system according to claim 14, wherein software or firmware update are pushed to crime computer by credible platform To establish new back door, wherein placebo updates the similar machine near being pushed to keep stealthy, and wherein target identities are thin Section be sent to credible platform, wherein credible platform communicated with software/firmware maintenance personnel so as to by placebo update and back door Update is pushed to correlation computer, and wherein back door updates the software upgrading system pre-established by using installation on computers New back door is introduced into crime system for computer by system, and wherein placebo update has ignored back door, and wherein maintenance personnel will Back door is transferred to target, and with the computer being higher than to the mean exposure measurement of target, wherein more newly arriving reality via back door When applying vulnerability exploit, sensitive document is isolated and is replicated, then to analyze its metadata usage history, wherein It collects the forensic data of any supplement and sends it to the vulnerability exploit contact point at credible platform.

22. system according to claim 14, wherein long-term Priority flag is pushed on credible platform with the criminal of monitoring Any and all variation/updates of guilty system, wherein business system submits target to authorization module, and authorization module scanning is all Subsystem input is to obtain any association of defined target, wherein then information will be passed if there is any matching Onto business system, which, which limits, authorizes and attempts to permeate target, wherein input is transferred to desired analysis module, the mould Block keeps mutually beneficial security information synchronous.

23. system according to claim 1, wherein the computer-implemented system is the priori in reasoning zero data library Real-time defence (LIZARD) further comprises:

A) static core (SC), mainly includes fixed program module；

B) iteration module, amendment create and destroy the module on dynamic shell, and wherein iteration module is used for safety using AST The reference of energy, and automatic code write method is handled using iteration core；

C) differential amendment symbol algorithm, is modified primary iteration according to the defect that AST has found, wherein patrolling applying differential After volume, proposes a kind of new iteration, at this moment, recursive call iteration core and undergo the identical process tested by AST；

D) logical deduction algorithm receives the known safe response of dynamic shell iteration from AST, and wherein what code set LDA deduces Constituting will realize to correctly responding known to security scenario；

E) dynamic shell (DS) mainly includes via the dynamic routine module of iteration module (IM) automated programming；

F) code-insulated isolates foreign code in the virtual environment of constraint；

G) concealed code detection detects the code in concealed embedding data and transmission grouping；And

H) foreign code rewrite, after exporting foreign code purpose, the part or whole code of re-written code itself and Allow only to rewrite and be performed；

Wherein all business equipments by LIZARD route, wherein operation business equipment all softwares and firmware be typically hard coded with Any kind of download/upload is executed via the LIZARD as lasting agent, wherein LIZARD with include movement in number According to the data interaction of the three types of data and data-at-rest in, use, wherein LIZARD with include file, Email, The data medium interaction of network, mobile device, cloud and removable medium.

24. system according to claim 23, further comprises:

A) AST overflows repeater, wherein data are relayed to AST to be used for when system can only execute low confidence decision Further iteration is improved；

B) internal consistency inspection checks whether all intrinsic functions of foreign code block are meaningful；

C) mirror image is tested, check to ensure that the input/output dynamic of rewriting with it is original identical, to make in source code Any hiding vulnerability exploit is all redundancy and never executes；

D) it needs to map matching comprising be referenced to the needs and mesh of the overall goal for determining whether foreign code adapts to system Mapping hierarchical structure；

E) truthful data synchronizer, selection will be given the data for merging environment and thus make in what priority suspicious Malware can not access sensitive information；

F) data management system is go-between's interface between entity and data outside virtual environment；

G) virtually obscure, obscure and limit generation by the way that code gradually and to be partly immersed into the false environment of virtualization Code；

Malware stealthily and is discretely transferred in false data environment by h) secret transmissions module；And

I) data readjustment tracking tracks all information for uploading and being downloaded to suspicious entity from suspicious entity.

25. system according to claim 24 further comprises purpose comparison module, different types of by four kinds wherein Purpose is compared, with ensure entity presence and behavior be in the production towards the overall goal of system LIZARD it is deserved and Understand.

26. system according to claim 25, wherein the iteration module is come to return to repeater according to from data using SC (DRR) purpose limited in carries out grammer amendment to the code library of DS, wherein the revised version of LIZARD and multiple parallel Pressure test is carried out, and security scenario is changed by AST.

27. system according to claim 26, wherein logical derivation is exported from initial simpler function inside SC Thus required function in logic constructs entire function dependency tree from the complicated purpose of elaboration；

Wherein any universal code directly understood by grammar module function is converted to the known meter of any selection by code translation Calculation machine language, and also execute the inverse operation by known computer language translation for arbitrary code；

Wherein logic reduces will drop the mapping that the function of interconnection is generated at simpler form with the logic of written in code；

Wherein complicated purpose format is the storage format for storing the interconnection specific item for indicating overall purpose；

It is that the behavior of what function and type refers to the hard coded reference of what kind of purpose that wherein purpose, which is associated with,；

Wherein iteration extends through reference purpose association to add details and complexity, so that simple target is evolved into complexity Purpose；

Wherein iteration, which is explained, traverses all interconnection functions, and generates task of explanation by reference to purpose association；

Wherein outer kernel is made of grammer and purpose module, these modules work unknown to export as logic purpose together Foreign code, and executable code is generated according to the function code target of elaboration；

Wherein foreign code is the unknown code of LIZARD and function and expected purpose are unknown, and foreign code is to inside Purpose derived from the input of core and institute is output, wherein derived from purpose be the given code estimated by purpose module meaning Figure, wherein purpose derived from institute is returned with complicated purpose format.

28. system according to claim 27, wherein IM is used for the reference of security performance using AST, and uses iteration core Handle automatic code write method, wherein at DRR, when LIZARD must not without recourse to when being made decisions with low confidence, Data about malicious attack and bad actor are relayed to AST；Wherein inside iteration core, differential amendment symbol algorithm (DMA) Grammer/purpose program capability and aims of systems guidance are received from inner core, and is sent out using such code set according to AST 17 Existing defect corrects primary iteration；Wherein safe result defect is intuitively showed, with instruction in operation virtual execution The security threat shifted when environment by primary iteration.

29. system according to claim 28, wherein current state indicates there is symbolically related shape inside DMA The dynamic shell code set of shape, size and location, wherein the different configuration instruction safe and intelligents of these shapes and the difference of reaction are matched Set, wherein AST provide by chance it is incorrect and it is correct response be what current state any potential response；

Wherein vector of attack serves as the symbolic demonstration of network security threats, wherein direction, size and color all with such as attack Vector, the size of Malware are related to the security attribute of the hypothesis of the type of Malware, and wherein vector of attack is symbolically The security response to indicate code set is popped up from code set；

Wherein correct status indicates that the code block of the slave dynamic shell of DMA generates the most termination of the process of desired security response Fruit, wherein the difference between current state and correct status causes different vector of attack to respond；

Wherein AST provides known safety defect together with correct security response, and wherein logical deduction algorithm uses the previous of DS Iteration generates the iteration that is more excellent and more preferably equipping of the dynamic shell of referred to as correct security response program.

30. system according to claim 26, wherein suspect code is reconditely assigned to a ring in virtually obscuring In border, in this environment, the data of half intelligently merge with false data, wherein what is operated in real system appoints What main body can easily and reconditely be transferred to partially or completely false data environment because of virtual isolated；Wherein false number Use truthful data synchronizer as the template for creating personation & hash according to generator；What is wherein perceived is incoming outer The confidence level risk come in the perception of code will affect LIZARD selection obscure grade；Wherein to the high confidence level of malicious code It will call to the distribution of the environment comprising a large amount of false datas；Wherein the low confidence of malicious code can be called to true system The distribution of system or 100% false data environment.

31. system according to claim 30, wherein data are recalled tracking and are kept to uploading and download from suspicious entity To the tracking of all information of suspicious entity；Wherein in the case where false data has been sent to legitimate enterprise entity, execute back The readjustment of all false datas is adjusted, and sends truthful data as replacement；Implement readjustment trigger wherein so as to legal enterprise Industry entity holds fire until it is not false for there are confirmation data to certain information.

32. system according to claim 31, wherein behavioural analysis tracks the downloading of suspicious entity and uploads behavior, with true Fixed potential correction movement, wherein real system includes the original truthful data existed entirely in except virtualized environment, wherein The truthful data of replacement false data is the place that truthful data is supplied to data without filtering and recalls tracking, so as to Truthful data patch is made to use truthful data physically suspicious in the past to replace false data；Wherein it is immersed in virtual orphan Data management system in vertical environment receives the truthful data patch that tracking is recalled from data；Wherein when behavioural analysis is by nothing When evil code is cleared to malicious code, execution correction movement is replaced with the false data in former suspicious entity represented by it Truthful data；Wherein secret token be the security string for being generated and being distributed by LIZARD allow really harmless entity not into Its work of row；Wherein if token lost, this indicate the legal entity may because its be Malware risk assessment due to by Hereafter there is the possibility scene being placed in the false data environment of part once in a while the delayed conversation of delay interface to be activated；Wherein, such as Fruit discovery token then this show that server environment is that true and therefore any delay session is all deactivated.

33. system according to claim 31, wherein purpose mapping is to confer to entire business system inside behavioural analysis The hierarchical structure of the aims of systems of purpose, it is said that wherein stated, activity and code library purpose are being done with suspicious entity Anything built-in system needs be compared；Depositing for suspicious entity is wherein monitored with activity monitoring Storage, CPU processing and network activity, wherein grammar module explained according to desired function these activity, wherein these functions with The expected purpose in behavior is translated as by purpose module afterwards, wherein code library is the source code/programming structure and quilt of suspicious entity It is forwarded to grammar module, wherein grammar module understands Encoding syntax and programming code and symbol active are reduced in interconnection function Between map, the perception that wherein purpose module generates suspicious entity, output code library purpose and activity purpose is intended to, wherein code library Purpose includes known purpose, function, jurisdiction and the power of the entity as derived from the grammer program capability as LIZARD, wherein living Dynamic purpose include as by LIZARD its storage, handle and the known purpose of entity that the understanding of network activity is understood, function, Jurisdiction and power, wherein the purpose stated be the hypothesis purpose of the entity such as stated by entity itself, function, jurisdiction and Power, needed for purpose include business system required by expected purpose, function, jurisdiction and power, wherein all mesh Be all compared in comparison module, wherein between purpose it is any it is inconsistent will all cause the deviation in purpose scene, this Correction is caused to act.

34. system according to claim 1, wherein the computer-implemented system is critical thinking memory & perception (CTMP), further comprise:

A) Being Critical rule range expander (CRSE) using known sensing range and is upgraded to batch including perception The property sentenced thinking range；

B) correct rule, instruction derived correct rule by using the critical thinking range of perception；

C) rule executes (RE), executes and has been confirmed to be rule that are existing and realizing according to memory to the scanning of chaos field Then to generate desired and relevant critical thinking decision；

D) Being Critical decision exports, and generates use by comparing the conclusion obtained by perception observer's emulator (POE) and RE In the final logic totally exported for determining CTMP；

Wherein the POE generates the emulation of observer, and tested in the case where these variations of observer's emulation/more all latent Perception point；

Wherein the RE includes chessboard plane, is used to track the conversion of rule set, and wherein the object on the disk indicates any given The complexity of unsafe condition, and these objects indicate the response by safety regulation collection across the movement of ' safe chessboard ' to manage The evolution of unsafe condition.

35. system according to claim 34, further comprises:

A) subjective opinion decision is the decision provided by selected pattern matching algorithm (SPMA)；

B) input system metadata comprising the original metadata from SPMA, the original metadata describe the machinery of algorithm Process and its how to obtain these decisions；

C) reasoning is handled, and is asserted by comparing property qualitative attribution logically to understand；

D) rule process, using derived result rule, the reference point as the range for being used to determine current problem；

E) remember net, scan market variables log to obtain achievable rule；

F) raw sensed generates, and receives metadata log from SPMA, wherein being parsed and being formed to log indicates this calculation The perception of the perception of method, wherein to perceive complex format (PCF) to store the perception, and emulated by POE；Wherein application sense Know the perception angle that angle instruction has been applied and utilized by SPMA；

G) automatic sensing discovery mechanism (APDM), using creative module, which generates perceives according to by application Angle provide input and formed mixing perception, so as to increase the range of perception；

H) self-criticism sex knowledge density (SCKD), estimation can report potential unknown knowledge that log can not obtain range and Type, thus CTMP subsequent critical thinking feature can use the potential range of related to knowledge；Wherein Being Critical Thinking indicates the external shell jurisdiction of rule-based thinking；

I) it implies and derives (ID), the angle for the perception data that may be implied from current application perception angle export；

Wherein SPMA is via perception and rule and critical thinking juxtaposition performed by CTMP.

36. system according to claim 35, further comprises:

A) resource management distribution (RMA) is used to execute the perception amount of observer's emulation in wherein adjustable strategy instruction, wherein The priority of selected perception is selected according to the weight of descending, wherein the then mode of strategy instruction selection truncation, Rather than selection percentage, fixed number or more complicated algorithm；

B) storage search (SS), use CVF derived from data enhancing log perceptually store the database lookup of (PS) In criterion, wherein in PS, other than its relevant weight, perception is also to be stored as its index than variable format (CVF)；

C) measurement is handled, the reverse-engineering for distributing the variable from SPMA；

D) perception is deduced (PD), and the original sense of assignment response is replicated using assignment response and its corresponding system metadata Know；

Debugging and algorithm keeps track are divided into not by e) meta data category module (MCM) wherein using the information based on grammer to classify Same classification, wherein the category is used for tissue and generates different assignment response relevant to risk and chance；

Perception angle is divided into the classification of measurement by f) measurement combination；

The reversion of each measurement is returned to entire perception angle by g) measurement conversion；

The measurement category of multiple and variation perception angle is stored in each database by h) metric extension (ME)；

I) it may compare variable format generator (CVFG), information flow be changed to comparable variable format (CVF).

37. system according to claim 36, further comprises:

A) perception matching 503, CVF is formed by deriving (RSD) received perception from rule syntax wherein；Wherein new shape At CVF be utilized to similar index and search relevant perception in PS, wherein potential matching is returned to regular language Method generates (RSG)；

B) memory identification (MR), wherein by entering data to form chaos field 613；

C) remember conceptual index, entire concept individually is optimized for indexing wherein, wherein index be used to by alphabetical scanner and The interaction of chaos field；

D) rule realizes resolver (RFP), receives the various pieces of the rule with identification label, wherein each part is logical Memory identification is crossed to be labeled as being had been found in chaos field or not being found；Wherein RFP logically deduces in chaos Sufficiently identified the whole rule of deserved which of RE in field, it is all they part combination；

E) rule syntax format separation (RSFS), correct rule is separated and is organized by type wherein, thus everything, property Matter, condition and object are separately stacked；

F) rule syntax derives, and ' the black and white ' rule of logic is converted into the perception based on measurement wherein, thus multiple rules Complex arrangement be converted into multiple measurements via variable gradient to state single uniform perceptual；

G) rule syntax generates (RSG), receives the perception previously confirmed, these perception are stored in perception with perceiving format During portion's measurement is constituted and the internal metric perceived composition is participated in, wherein this measurement based on gradient of measurement is converted to emulation The binary system and logic rules collection of the input/output information flow of raw sensed；

H) rule syntax format separation (RSFS) meets the rule set of the reality of observed object in wherein correct Rule Expression Accurate representation form, thus correct rule is separated and is organized by type and therefore all movement, property, condition and object are divided Reactor startup is folded, so that system can be distinguished has found which part and which part are not found in chaos field；

I) internal logic is deduced, and uses logic theory, so that fallacy is avoided, it is what kind of regular by accurate earth's surface to deduce Show many measurement gradients in perception；

J) contextual analysis is measured, the interconnected relationship in assay measures perception, some of them measurement, which can rely on, has difference Other measurements of degree magnitude are closed wherein this contextualized is used to supplement mirror image interconnection of the rule in ' number ' rule set format System；

K) rule syntax format conversion (RSFC), the grammer in accordance with rule syntax format (RSF) are classified and are divided to rule From；

Wherein intuitive decision making is via using participation critical thinking is perceived, and wherein thinking decision participates in Being Critical via using rule Thinking, wherein perception is according to the format syntax defined with internal form from the received data of intuitive decision making, wherein the rule met It is then from the received data of thinking decision, which is the set of the achievable rule set from RE, wherein data root According to the format syntax transmitting limited in internal form；

Wherein movement instruction may have been carried out, will be performed, the movement for the activation that is being considered, and wherein property indicates certain Similarity qualitative attribution, the attribute description other business, no matter it is movement, condition or object, and conditional indicates logic fortune Calculation or operator, wherein object instruction can have the target for the attribute that can be applied to it；

The rule schemata wherein separated is used as the output from rule syntax format separation (RSFS), is considered as pre- memory Cognitive phase, and as the output for carrying out Self-memory identification (MR), be considered as cognitive phase after remembering.

38. the system according to claim 37, further comprises:

A) chaos field parsing (CFP), by the format combination of log at single scannable chaos field 613；

B) additional rule is generated from memory identification (MR) to supplement correct rule；

Wherein internal in perception matching (PM), measure statistical is provided from perception storage, mistake manages parsing grammer and/or is originated from The statistical information of the logic error of any of each measurement, isolated measurement is isolated by each individual measurement, because they It is combined in the individual unit as input perception in the past, node comparison algorithm (NCA) receives the node of two or more CVF It constitutes, wherein the degree of each node representation property magnitude of CVF, wherein executing similitude ratio based on individual nodes Compared with, and population variance is calculated, wherein lesser square margin indicates closer matching.

39. the system according to claim 38, further comprises:

A) raw sensed-intuitive thought (simulation) is perceived according to ' simulation ' format analysis processing, wherein simulation lattice relevant to decision Formula perception is stored in the gradient on no rank smoothed curve；

B) original rule-logical thinking (number) handles rule according to number format, wherein number format relevant to decision Original rule is stored as small to not having the rank of ' gray area '；

Wherein unconsummated rule is the interdependent rule set not being adequately identified in chaos field of logic according to them, and The rule of realization is to be identified as available enough rule set in chaos field 613 according to their logic is interdependent；

Wherein queue management (QM) using grammatical relation reconstruct (SRR) with each individual part of the sequence analysis for being best suitable for logic, And memory identification (MR) is accessed as a result, it is possible thereby to answer binary Yes/No process problem and take movement appropriate, wherein QM checks each regular segment stage by stage, if lacking single section in chaos field and there is no relationship appropriate with other sections, Rule set is denoted as being not implemented；

40. system according to claim 39, sequential memory tissue is the optimization information storage of in-order information " chain ", Wherein in memory access point, width means observer in each of each node (block) is straight to the object (node) remembered Accessibility is connect, wherein each letter indicates its direct memory access point to observer in the range of accessibility, In larger range of accessibility indicate each sequential node there are more accessibility point, wherein only quoting ' in order ' more As soon as quoting in sequence rather than from any randomly selected node, then the range of accessibility is narrower (relative to sequence Column size, wherein in the case where nested sub-sequence layers, show strong inhomogeneities sequence be by a series of interconnection compared with What small subsequence was constituted.

41. system according to claim 39, wherein non-sequential memory organization handles the information storage of non-sequential continuous item, Wherein invertibity indicates non-sequential arrangement and uniform range, wherein non-sequential relationship by the relatively wide access point of each node Lai Instruction, wherein there are identical uniformities when the sequence of node is reshuffled, wherein core subject be associated with, it is same Number of Node is repeated but has different cores (center object), wherein kernel representation main subject matter, remaining node serve as pair It can more easily be accessed in the memory neighbours of the main subject matter relative to there is no the core subject of definition Memory neighbours.

42. system according to claim 39, wherein memory identification (MR) scanning chaos field to be to identify known concept, Middle chaos field is ' field ' for the concept being arbitrarily immersed in ' white noise ' information, is ready to wherein memory concept retains storage The recognizable concept of index and reference field inspection wherein 3 alphabetical scanners scan the chaos field, and checks and corresponds to target 3 alphabetical sections, wherein 5 alphabetical scanners scan the chaos field, and check 5 that correspond to target alphabetical sections, but this The section that the secondary each single item progress with throughout field checks together is entire word, and wherein chaos field is segmented for by different proportion It is scanned, wherein accuracy increases with the diminution of scanning range, wherein the increase in the field field with scanner, more Big alphabetical scanner is more efficiently used for executing identification, and cost is accuracy, wherein memory conceptual index (MCI) is in response to it The not processed memory concept that leaves and alternately change the size of scanner, wherein MCI 500 is with maximum available scanning Device starts and is gradually reduced, and checks that smaller memory concept target is potentially present of so as to find more computing resources.

43. system according to claim 39, wherein field interpretation logic (FIL) operation is for managing sweeping for different in width The logistics of device is retouched, wherein general range scanning is started with big letter scanning, and with the less large-scale word of resource detailed survey Section, cost is small scale accuracy, wherein when important region is positioned use specific range scans, and need by ' amplification ', so that it is guaranteed that expensive accurate scanning is not executed in redundancy and unbending position, wherein receiving in chaos field Additional identification indication field range to memory concept includes the intensive saturation of memory concept.

44. system according to claim 39, wherein perceiving angle by including in automatic sensing discovery mechanism (APDM) Range, type, multiple measurements of intensity and consistency are limited by composition, these define the multiple of the perception for constituting overall recognition Aspect, wherein creative module produces complicated change perceived, wherein perception weight defines perception when being emulated by POE pair Perception has how many relative effect, and the weight of two of them input perception is all under consideration, also defines the perception of new iteration Weight, it includes the hybrid metrics by previous generation sensation influence.

It is that indicate must be by institute wherein the input for CVFG is batch data 45. system according to claim 39 The node of the CVF of generation is constituted come the arbitrary collection of the data indicated, wherein by each unit defined by batch data Each execute sequential advancement, wherein data cell is converted into node format, have with as referenced by the final CVF Information identical composition, wherein when check the node after conversion the stage there are when it is temporarily stored in during node retains, Wherein if can not find them, creates them and update them using the statistical information including occurring and using, wherein having All nodes retained are assembled and are that module exports as CVF push.

46. system according to claim 39, interior joint comparison algorithm compares two sections read from original CVF Point is constituted, wherein with partial match pattern (PMM), if there are active nodes in a CVF, and at it Compare and do not find its (node is in latent) in candidate, then the comparison impunity, wherein with entire match pattern In the case where WMM, if there are active nodes in a CVF, and do not find it (at the node in it is more candidate In latent), then it punishes to comparing.

47. input system separated from meta-data is by system according to claim 39, wherein system metadata separation (SMS) Significant safe causality, wherein with three dimension scanning/assimilation, using pre-production classification container and Original analysis from categorization module extracts the main body of unsafe condition/suspect from system metadata, and wherein main body is used as leading Security response/variable relation Primary Reference point out, wherein using pre-production in the case where scanning/assimilating with risk Classification container extract from the risk factors for extracting unsafe condition in system metadata and from categorization module original analysis, Risk is associated with showing or being exposed to the target subject of such risk, wherein in the case where having response scanning/assimilation, Extract the response of the unsafe condition by input Algorithm constitution from system metadata using the classification container of pre-production, and from Original analysis is extracted in categorization module, it is said that wherein response is associated with deserved such security principal responded.

48. system according to claim 39, wherein format separation is according to the rule and language that can recognize format in MCM Method is separated and is classified to metadata, and wherein local format rule and grammer include that MCM module is enable to identify preformat The definition of the metadata streams of change, wherein debugging tracking is to provide used variable, function, method and type and their own The tracking of types of variables/content code level is output and input, wherein algorithm keeps track is software levels tracking, provides and analyzes with algorithm The secure data combined, how which provide resulting security decisions (approval/prevention) reaches the decision together with it Trace (reasonable ground) and each factor to the appropriate weight for making the security decision role.

49. system according to claim 39, wherein security response X indicates series of factors in measurement processing (MP), These factors facilitate the security response obtained by the SPMA result selected, and wherein initial weight is determined by SPMA, wherein feeling Know deduction (PD) and replicate using a part of security response and its corresponding system metadata the raw sensed of security response, How display PD, which will receive the security response of SPMA and by relevant input system member number, wherein is explained to the perception of dimension sequence According to associating to re-create the full scope such as the intelligence ' number perceives ' initially used by SPMA, wherein shape filling, Stacking amount and dimension are to capture the number perception of intelligent algorithm ' perspective view '.

50. system according to claim 49, wherein in PD, using security response X as input be forwarded to reasonable ground/ In reasoning and calculation, the security response of SPMA is being determined just by reducing the intention supply of (IOR) module using input/output Work as reason, wherein IOR module is output and input using the separation of the various function calls listed in metadata, wherein metadata Separation is executed by MCM.

51. system according to claim 39, wherein input system metadata is that raw sensed generates for POE (RP2) for generating the initial input of perception in CVF, wherein enhancing in the case where having storage search (SS) from data Derived CVF is used as the criterion in the database lookup of perception storage (PS) in log, wherein perception is basis in ranking Their final weight sequence, wherein the log of data enhancing is applied to for generating prevention/approval suggestion perception, Middle SCKD marks log to limit the expection upper range of unknown knowledge, and wherein data parsing is to data enhancing log and input system System metadata carries out basic explanation to export such as by the original SPMA original approval determined or prevention decision, and wherein CTMP is according to sense Know and criticize decision in POE, and decision is criticized to execute in rule according to the rule logically defined in (RE).

52. system according to claim 36, wherein circular extraneous expression is about a in the case where measuring complexity The peak value of the known knowledge of body measurement, wherein circular external margin indicates more measurement complexity, and center indicates less Measurement complexity, wherein center light gray indicate application perception angle present batch measurement combination, and outside Dark grey Indicate that wherein the target of ID is the complexity of increase calculation of correlation generally by system storage and known measurement complexity, so that Perception angle can be multiplied in complexity and quantitative aspects, and Oxford gray surface region indicates working as application perception angle The total size of preceding batch, and the quantity of the range left according to the known upper limit is more than, wherein abundant in enhancing and complexity When measurement is returned as measurement complexity, as measurement conversion input and transmit, it is inverted to the whole of perception for individual A angle, so that final output is assembled into implicit perception angle.

53. system according to claim 39, wherein for SCKD, it is known that data classification (KDC) by Given information with it is defeated Enter category separation, so as to execute DB analogy appropriate inquiry, and information be separated into classification, wherein isolated classification to CVFG provides input, and CVFG is used to check given data range DB by storage search (SS) with CVF format output category information In similitude, wherein the relevant range of labeled its given data according to SS result of each classification, wherein each classification The label range of unknown message be re-assembled in the identical original incoming stream for returning to unknown data combiner (UDC).

54. system according to claim 1, wherein the computer-implemented system is that vocabulary objectivity excavates (LOM), into One step includes:

A) initial query reasoning (IQR), problem is transferred to wherein, and it retains (CKR) using center knowledge to decode to reason The vital missing details for solving and answering a question/problem is made a response；

B) investigation clarification (SC), problem and supplemental queries data are transferred to wherein, and it is received from the defeated of human subject Enter and send output to the mankind, and forms clear problem/assert；

C) assert construction (AC), by assert or problem in the form of receive and propose, and provide relevant to such proposal concept Output；

D) response is presented, and is for appealing that the interface by the AC conclusion drawn is presented in both (RA) to human subject and rationality；

E) level mapping (HM) maps associated concept to find the problem/assert the confirmation or conflict of consistency, and calculates The interests and risk of certain position are taken on the theme；

F) center knowledge retains (CKR), is the major database for being referenced for the knowledge of LOM；

G) knowledge verification (KV), the knowledge for receiving high confidence level and criticizing in advance, these knowledge are needed for the inquiry energy in CKR Power is logically separated with assimilation；

H) receive response, this is to give a kind of selection of human subject to be used to or receive the response of LOM or to criticize Appeal, wherein being handled by KV, if response is received so that (high confidence level) knowledge store as confirmation exists In CKR, wherein forward them to RA if human subject does not receive response, which is checked and criticism provides by the mankind The reasons why appealing；

I) the artificial intelligence service provider (MAISP) managed, it runs the internet mysorethorn of the LOM of the master instance with CKR Example, and LOM is connected to interdependent front end services, back-end services, third party application, information source and MNSP cloud.

55. system according to claim 54, wherein front end services include human intelligence personal assistance, communication application program With agreement, home automation and medical applications, wherein back-end services include online shopping, transport, medicine prescription are ordered online Purchase, wherein front-end and back-end service are interacted via the API infrastructure of documentation with LOM, this realizes information transmitting and association The standardization of view, wherein LOM is via automation research mechanism (ARM) from oracle retrieval knowledge.

56. system according to claim 55, wherein language construct (LC) is explained from human subject and parallel modules Primal problem/assert input, to generate the logical separation of language syntax；Wherein concept discovery (CD) clarification the problem of/assert Interior reception point of interest and by exporting associated concept using CKR；Wherein, concept priority (CP) receives related notion, and They are ranked up in the logical layer for indicating specificity and versatility；Wherein response separation logic (RSL) is managed using LC Mankind's response is solved, and related and effective response is associated with preliminary clarification request, to realize the target of SC；Wherein so It includes by the received supplemental information of SC that LC, which is re-used to modify primal problem/assert during output stage, afterwards；Wherein Context construction (CC) uses original from asserting that the metadata of construction (AC) and the evidence from human subject are provided to CTMP The fact is to carry out critical thinking；Wherein decision comparison (DC) has determined the overlapping before criticism and after criticism between decision；Wherein The concept that conceptual compatibility detection (CCD) is compared from primal problem/asserted is derived to determine logical compatibility result；It is wherein sharp Benefit/exposure calculator (BRC) receives compatibility results from CCD, and weighs interests and risk, with formed include during concept is constituted it is hidden The unified decision of the gradient of the variable contained；Wherein concept interaction (CI) will attribute related with AC concept distribute to via investigate it is clear (SC) each section of information for being collected from human body main body clearly.

57. system according to claim 56, wherein inside IQR, LC receives original problem/assert；The problem exists It is separation and IQR on language using CKR individual word and/or phrase per treatment；By reference to CKR, IQR considers potential Option, they may consider word and/or phrase ambiguity.

58. system according to claim 56, inputs wherein investigation clarification (SC) is received from IQR, the wherein input includes Requested clarification series, human subject will be asked for the objective answer for the primal problem to be obtained/assert come what is answered The clarification series asked, wherein the response provided for clarification is forwarded to response separation logic (RSL), it asks response with clarification Ask associated；Wherein concurrently with the requested clarification that is handling, clarification language association is provided to LC, wherein association includes Internal relations between requested clarification and language construction, this enables RSL to modify primal problem/assert, so that LC is defeated The problem of having clarified out.

59. system according to claim 56, wherein asserting construction, LC for receive the problem of having clarified/assert By PROBLEM DECOMPOSITION be point of interest, these point be passed on concept discovery, wherein CD by using CKR export associated concepts, Concept is ordered into logical layer by middle concept prioritization (CP), and wherein top layer is designated as concept most typically, and lower Layer is assigned more and more specific concept, and wherein top layer is transferred to level mapping (HM) as modularization input；Wherein believing In the parallel transfer of breath, HM receives point of interest, which is handled by its interdependent modular concept interaction (CI), and wherein CI passes through visit Ask that attribute is distributed to point of interest by the index information at CKR, wherein final output is exporting when HM completes its internal procedure Concept have been subjected to the interests/risk for returning to AC after compatibility test, and weighing and return position.

60. system according to claim 59, wherein for HM, CI is to the compatibility/conflict distinguished between two concepts The CCD of grade provides input, and wherein compatibility/colliding data is forwarded to BRC, and the BRC property of would be compatible with and conflict are translated as The interests and risk of whole consistent position are taken in this problem, wherein using position together with their risk/advantage factors as mould The problem of blockization output is transmitted to AC, and wherein system is recycled comprising information flow, indicates as the objective response gradually built up/disconnected The subjective quality of speech and the intelligent gradient gradually supplemented；Wherein CI receive point of interest and according to the top layer of the concept of prioritization come Explain each point of interest.

61. system according to claim 56, wherein for RA, language text of the core logical process by conversion, and return It returns as a result, wherein if the result is that high confidence level, result is transmitted on knowledge verification (KV), is arrived correctly to assimilate In CKR, wherein if the result is that result, is transmitted to the circulation for continuing self-criticism on AC by low confidence, wherein Core logic is received from LC in the form of the pre- criticism decision of not language elements and is inputted, wherein turning the decision as subjective opinion CTMP is issued, wherein decision is also forwarded to context construction (CC), which constructs (CC) and use the metadata from AC The brute facts as input ' objective fact ' are provided to CTMP with the potential evidence from human subject, wherein having connect in CTMP In the case where receiving two mandatory input, these information best attempt processed for reaching ' objective opinion ' to export it, Opinion is handled inside RA as the decision after criticism wherein, is all forwarded wherein criticizing both decisions after preceding and criticism Give decision comparison (DC), which determines the overlapping range between two decisions, wherein then appeal argument or Recognize to be true or improve and review a little to explain why invalid appealing is, wherein to recognizing or improve the disinterested feelings of scene Under condition, the result of high confidence level is transmitted on KV and the result of low confidence is transmitted on AC 808 for further dividing Analysis.

62. system according to claim 56, wherein information unit is stored in unit knowledge format (UKF) for CKR In, wherein rule syntax format (RSF) is one group for tracking the grammer standard of reference rule, wherein multiple rules in RSF Unit can be utilized to describe single object or movement；Wherein source attribute is the set of complex data, tracer request protection Information source, wherein UKF cluster is made of a succession of UKF variant linked, to be limited to independent information in jurisdiction, Middle UKF2 includes main target information, and wherein UKF 1 includes timestamp information and omits timestamp field itself therefore to keep away Exempt from infinite regression, wherein UKF 3 includes source attribute information and omits source field itself therefore to avoid infinite regression；It is wherein every A UKF2 must be accompanied by least one UKF1 and UKF3, and otherwise cluster (sequence) is considered incomplete and therein Information can't be handled by LOM total system generic logic；Wherein central UKF2 and its corresponding UKF1 and UKF3 unit it Between in, there may be the UKF2 units for serving as link bridge, wherein a series of UKF clusters will be handled by KCA to form derived break Speech, wherein knowledge validation analysis (KCA) is compared UKF cluster information to be used to confirm the evidence about viewpoint position Place, wherein after the completion of the processing of KCA, CKR can export the conclusive dogmatic position to theme.

63. system according to claim 56, wherein for ARM, wherein user is general with LOM as indicated by User Activity The interaction of thought is directly or indirectly brought to related in problem/assert to answer/response, and wherein User Activity is estimated eventually produces Raw CKR has a low relevant information or the not concept of relevant information, such as by request but the list of not available concept meaning Show, wherein receiving concept definition in the case where arranging & prioritization (CSP) with concept from single independent source and inciting somebody to action They polymerize so that the resource to information request divides priority, wherein what is requested according to them by the data that information source provides Concept definition and received and parsed at Information Aggregator (IA), and relevant metadata is saved, wherein information is sent Analyze (CRA) to cross reference, there by knowledge existing for the received information of institute and previous from CKR compare and Consider to construct the received information of institute in the case where the previous existing knowledge from CKR.

64. system according to claim 56, wherein personal intelligence configuration file (PIP) is via multiple potential ends It puts with front end and stores the place of the personal information of individual, wherein their information is opened with CKR points, but can be used for LOM total system Generic logic, wherein personal information related with artificial intelligence application is encrypted and is stored in personal UKF cluster pond with UKF format In, wherein information is added after being deprived of any personal recognizable information with information anonymity processing (IAP) To CKR, wherein in the case where analyzing (CRA) with cross reference, by received information with it is previous existing from CKR Knowledge compares and received information of construction institute in the case where considering the previous existing knowledge from CKR.

65. system according to claim 56, wherein the interconnection on life supervision & automation (LAA) connection linking platform Net enable equipment and service, wherein active decision (ADM) according to fund appropriation rule management (FARM) consider front end services, Back-end services, IoT equipment, the availability and function of expenditure rule and quantity available；FARM is received to module and is limited criterion, limitation It inputs with the mankind of range to inform that its movable jurisdiction of ADM is, wherein password money-capital is stored in digital money Bao Zhong, wherein which IoT equipment available database is IoT interactive module (IIM) safeguard, wherein data feeding indicates that IoT is enabled Equipment when to LAA send information.

66. system according to claim 54 further comprises behavior monitoring (BM), monitor that individual from the user can The request of data of identification is to check immoral and/or illegal material, wherein in the case where polymerizeing (MDA) with metadata from outer Portion's service aggregating user related data is concluded/is drilled wherein this information is passed to so as to establish the digital identity of user It unravels silk, and is finally PCD, utilize the confirmation from MNSP because usually executing complicated analysis there；Wherein from using PIP as mesh The user by authentication on ground all pass through information trace (IT), and checked according to behavior blacklist, wherein violating Information is deduced and concluded before guilty at detection (PCD) to be merged and analyze to obtain the conclusion before crime, wherein PCD utilizes CTMP, It directly verifies conclusion and the position generated of deducing with reference to behavior blacklist, and wherein blacklist maintenance authorization (BMA) is in MNSP Cloud service frame in operation.

67. system according to claim 65, wherein LOM is configured to manage the personification combination in individual life, Middle LOM receives the initial problem drawn a conclusion via the inside review process of LOM, and wherein it is connected to LAA module, the module Data can be received from it and control the internet enabling equipment of data by being connected to LOM, wherein with contextualized, LOM deduces the link that lacks during construct argument, wherein LOM with its logic decoded solution it is original assert it is caused Predicament, it must know or assume first certain variables about situation.

68. system according to claim 1, wherein the computer-implemented system is linear atoms Multi cavity atom model (LAQIT), comprising:

A) identical consistent color list is recursively repeated in logical construction grammer；And

B) it is recursively translated using the sequence using The English alphabet；

Wherein when constructing ' basis ' layer of alphabet, shortens on color channel and unequal weight uses colored sequence Column, and retain remaining space for the syntactic definition in color channel for using and extending from now on；

Wherein, complicated algorithm reports its log event and state report using LAQIT, automatically generates state/Log Report, wherein State/Log Report is converted into the text based LAQIT grammer that can be transported, wherein grammatically unsafe information passes through number Word transmitting, wherein the text based grammer that can be transported is converted into the readable LAQIT vision syntax (linear model) of height, Middle key is optimized for human mind, and based on relatively short shape sequence；

Wherein, the non-security text in part is by sender's input to submit to recipient, and wherein text, which is converted into, to transmit Encryption text based LAQIT grammer, wherein grammer security information by digital form transmit, wherein data are converted into The LAQIT grammer visually encrypted；

Wherein increment recognition effect (IRE) is the channel of information transmitting, and just identifies before information unit delivers completely Its complete form, wherein merging this effect of predictive index by the transition between display word and word, wherein closely End recognition effect (PRE) is the channel of information transmitting, and the identification information unit when information unit is destroyed, merges or changes Complete form.

69. system according to claim 68, wherein block shows the ' basic of linear model in the linear model of LAQIT It rendering ' version and puts display it is not encrypted, wherein with word separator, the color of shape indicates word Subsequent character, and the separation between word and next word is served as, wherein singly checking that region merging technique has bigger letter It is smaller to check region, and the information of therefore each pixel is less, and wherein checking in region double, each pixel exists more Movable alphabet, wherein shade covering makes the letter being transferred into and out slow up, so that the principal focal point of observer checks area On domain.

70. system according to claim 68, wherein in the atomic mode with broad range encryption stage, the main word of primary colours Symbol reference will define the general rule of which letter, wherein there is impact identical with primary colours color gamut, and It definitely defines specific character, wherein information delivering is read on the top of an orbit ring with read direction The rectangular upper beginning in portion, once it reads from the rectangular continuation in top of next sequence orbit ring wherein orbit ring is completed, wherein Into/out entrance is the creation and breakdown point of character (its primary colours), wherein belonging to the fresh character of related track will go out from entrance Now and slid clockwise is to its position, and wherein atomic nucleus defines the subsequent character of word；

Wherein in the case where navigating with word, each piece of entire word indicated on the left of screen is (or under molecular pattern Multiple words), wherein corresponding block moves to the right outwardly when showing word, and when the word is completed, block is backward It moves back, wherein the Color/Shape of primary colours of first letter of Color/Shape and word of navigation block is identical；Wherein with language In the case where sentence navigation, each piece of expression word cluster, wherein cluster is the maximum that can be adapted on word Navigation Pane Word amount, wherein state of atom creation is the transition that one kind causes increment recognition effect (IRE), wherein the base under such transition Color occurs from into/out entrance, hides their impact, and the position moved clockwise to assume them；Wherein atom Conditional extensions are the transition that one kind causes proximal end recognition effect (PRE), once wherein primary colours reach their position, they will It is displaced outwardly in ' extension ' sequence that information state is presented, it discloses impact it is possible thereby to which the specific fixed of information state is presented Justice；Wherein state of atom destruction is the transition that one kind causes increment recognition effect (IRE), and wherein primary colours have shunk (reversion Sequence spreading) to cover impact again, wherein their positive slidings clockwise now with arrive into/exit entrance.

71. system according to claim 70, wherein standard square is replaced by five in the case where obscuring with shape A visual different shape, wherein useless (vacation) is inserted into the change in shape permission in grammer at the policy point of atom profile Letter, and useless letter has obscured the true of message and expected meaning, wherein to decode letter be true or useless is all The decruption key that via safety and temporarily transmits is completed；

Wherein, in the case where having redirection bonding, two letters are linked together and change reading process by bonding, wherein When being started with typical read mode clockwise, encounters initiation (beginning) and land upper (with this in reasonable/non-useless letter Rationally/non-useless letter terminates) on bonding will turn to read mode and restore it on land letter；

Wherein in the case where radioactivity element, some elements can " flurried ", this can make whether letter is useless assessment Reversion, wherein shape shows the shape that can be used for encrypting, and wherein central factor, which is shown, defines immediately in the subsequent character of word Track central factor.

72. system according to claim 71, wherein the bonding is in the case where having redirection bonding with " initiation " word Mother is started and is terminated with " land " letter, and any of which may be useless or may not be useless, wherein If no one of they are useless, bonding change read direction and position, wherein if one or two is all Useless, then entire bonding must be ignored, and otherwise message will be decrypted improperly, wherein having bonding key definition In the case of, if must comply with bonding during reading information state, it is depended on whether in encryption key It is specifically defined.

73. system according to claim 71, wherein two neighbours are on-radiations in the case where having single cluster , therefore range is limited for cluster, wherein since double clusters are appointed as effectively by key, so if element is not to radiate first Property if then the element it is to be processed, wherein in the case where having double clusters, key definition double clusters are limited to it is movable, Therefore while decrypt message the cluster of every other size be considered as it is latent, wherein it is incorrect explain show Why not interpreter is as by double clusters being considered as antitone sequence (wrong report).

74. system according to claim 71, wherein there is concealed word under encryption enabled and the molecular pattern of streaming In the case that allusion quotation attack is resisted, the incorrect decryption of message will lead to " distracting attention " standby message, wherein in each molecule In the case where with multiple movable words, during molecular procedures, these words are presented parallel, to increase every surface area The information of ratio, however there is consistent transition speed, wherein binary system and streaming mode show streaming mode, and typical former Read mode is binary in son configuration, and wherein binary mode Deictic Center element defines which character word is followed by, Wherein molecular pattern is also binary；Except when enabling the encryption for abiding by streaming mode, wherein streaming mode is in orbit Spcial character is referred to.

75. system according to claim 1, wherein the computer-implemented system is that there is basic connection to coordinate attachment collection (UBEC) system is connected at all items of the general BCHAIN of node, which further comprises:

A) communication gate (CG) is the main algorithm that BCHAIN node is interacted with its hardware interface, hereafter cause with it is other The communication of BCHAIN node；

B) remote node behavior pattern is explained in node statistics investigation (NSS)；

C) a possibility that node escape index, tracking nodes neighbors will be fled near sensing node；

D) node saturation index tracks the number of nodes in the detection range of sensing node；

E) node consistency index tracks the quality for the node serve such as explained by sensing node, wherein high node consistency Neighbor node around index instruction often has more available uptime and consistency of performance, wherein having double The node of weight purpose often has lower index of conformity in use, wherein dedicated for the node display of BCHAIN network Higher value；And

F) node overlapping index tracks the quantity for the overlapping nodes such as explained mutually by sensing node.

76. the system according to claim 75, further comprises:

A) customize chain identification module (CRM), with include previously by the application program chain of Node registry or the customization chain of micro- chain Connection, wherein when detecting update on the section of the application program chain in first chain emulator in first chain or micro- chain, CRM notice The rest part of BCHAIN agreement；

B) content is claimed delivering (CCD), is received the CCR by verifying and is sent correlation CCF hereafter to meet request；

C) dynamic strategy adaptation (DSA), management strategy creation module (SCM) are dynamically given birth to by using creative module The policy deployment of Cheng Xin is so that the system is mixed via the preferred sophisticated strategies of optimisation strategy selection algorithm (OSSA), wherein newly Strategy changes according to the input provided is explained by field chaos；

D) close with the various economic personalities that are managed by graphic user interface (GUI) at UBEC platform interface (UPI) Code digital economy exchange (CDEE)；Wherein in the case where personality A, consumes node resource and only matches with what you were consumed, As long as wherein personality B consumes resource profit margin as much as possible greater than predetermined value, wherein personality C is paid via transaction currency Working cell, wherein node resource is spent as much as possible in the case where personality D, and not by the limit of any desired return System, either consumption content or pecuniary compensation；

E) current working status explains (CWSI), determines that the node is being completed with reference to the economic section of infrastructure of first chain The current surplus or deficit of the aspect for the credit that works；

F) economically consider that (ECWI) is forced in work, considers selected warp in the case where work at present surplus/deficit Whether Ji personality should execute more work at present with assessment；And

G) symbiosis recurrence intelligently progress (SRIA), being includes a kind of Trinitarian pass between the algorithms of different of LIZARD System, by understanding code purpose come the source code of innovatory algorithm, the I of the generation including their own, simulation virtual iteration²GE、 And BCHAIH network, the BCHAIH network are the chaotic connections that can run complicated data-intensive program with a scattered manner Node huge network.