system
The cybersecurity training system addresses the lack of realism in cyberattack drills by using AI to generate scenarios, guide responses, and simulate attacks, enhancing vulnerability detection and response capabilities.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SOFTBANK GROUP CORP
- Filing Date
- 2024-12-18
- Publication Date
- 2026-06-30
AI Technical Summary
Conventional cyber attack drills lack realism, making it difficult to discover vulnerabilities and respond immediately.
A cybersecurity training system using AI to dynamically generate scenarios, guide responses, monitor activities, provide strategic advice, analyze performance, and conduct dummy attacks to simulate realistic cyberattacks.
Enables rapid vulnerability detection and effective initial responses, improving learning efficiency and skill development through realistic cyberattack exercises.
Smart Images

Figure 2026107827000001_ABST
Abstract
Description
Technical Field
[0001] The technology of the present disclosure relates to a system.
Background Art
[0002] Patent Document 1 discloses a method for controlling a persona chatbot performed by at least one processor, the method including: receiving a user utterance; adding the user utterance to a prompt including an instruction sentence related to an explanation of the chatbot's character; encoding the prompt; and inputting the encoded prompt into a language model to generate a chatbot utterance in response to the user utterance.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In the conventional technology, it is difficult to provide a realistic experience in cyber attack drills, and there is a problem that vulnerabilities cannot be discovered and initial responses cannot be made immediately.
[0005] The system according to the embodiment aims to provide a realistic cyber attack drill experience and quickly discover vulnerabilities and make initial responses.
Means for Solving the Problems
[0006] The system according to this embodiment comprises a generation unit, a discovery unit, a guide unit, a monitoring unit, an advice unit, an analysis unit, a report generation unit, an attack unit, and a support unit. The generation unit generates scenarios. The discovery unit discovers vulnerabilities based on the scenarios generated by the generation unit. The guide unit guides the response procedures for vulnerabilities discovered by the discovery unit. The monitoring unit monitors the team's activities based on the response procedures guided by the guide unit. The advice unit provides strategic advice based on the activities monitored by the monitoring unit. The analysis unit analyzes the performance of the exercise based on the strategies advised by the advice unit. The report generation unit generates a cyberattack analysis report based on the performance analyzed by the analysis unit. The attack unit carries out a dummy attack based on the report generated by the report generation unit. The support unit assists beginners based on the dummy attack carried out by the attack unit. [Effects of the Invention]
[0007] The system according to this embodiment provides a realistic cyberattack exercise experience, enabling rapid vulnerability detection and initial response. [Brief explanation of the drawing]
[0008] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6]This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10] This shows an emotion map where multiple emotions are mapped. [Modes for carrying out the invention]
[0009] Hereinafter, an example of an embodiment of the system relating to the technology of this disclosure will be described with reference to the attached drawings.
[0010] First, let's explain the terminology used in the following explanation.
[0011] In the following embodiments, the signed processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of multiple arithmetic units. Furthermore, the processor may be a single type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include CPU (Central Processing Unit), GPU (Graphics Processing Unit), GPGPU (General-Purpose computing on Graphics Processing Units), APU (Accelerated Processing Unit), or TPU (Tensor Processing Unit).
[0012] In the following embodiments, signed RAM (Random Access Memory) is a memory that temporarily stores information and is used as work memory by the processor.
[0013] In the following embodiments, the tagged storage is one or more non-volatile storage devices that store various programs, various parameters, and the like. Examples of non-volatile storage devices include flash memories (SSDs (Solid State Drives)), magnetic disks (e.g., hard disks), or magnetic tapes.
[0014] In the following embodiments, the tagged communication I / F (Interface) is an interface including a communication processor, an antenna, and the like. The communication I / F controls communication between a plurality of computers. Examples of communication standards applied to the communication I / F include wireless communication standards including 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).
[0015] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B". That is, "A and / or B" means that it may be only A, only B, or a combination of A and B. Also, in this specification, when expressing three or more matters connected by "and / or", the same concept as "A and / or B" is applied.
[0016] [First Embodiment] FIG. 1 shows an example of the configuration of a data processing system 10 according to the first embodiment. [[ID=十七]]
[0017] As shown in FIG. 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.
[0018] The data processing device 12 includes a computer 22, a database 24, and a communication I / F 26. The computer 22 includes a processor 28, a RAM 30, and a storage 32. The processor 28, the RAM 30, and the storage 32 are connected to a bus 34. Also, the database 24 and the communication I / F 26 are connected to the bus 34. The communication I / F 26 is connected to a network 54. Examples of the network 54 include a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0019] The smart device 14 includes a computer 36, a reception device 38, an output device 40, a camera 42, and a communication I / F 44. The computer 36 includes a processor 46, a RAM 48, and a storage 50. The processor 46, the RAM 48, and the storage 50 are connected to a bus 52. Also, the reception device 38, the output device 40, and the camera 42 are connected to the bus 52.
[0020] The reception device 38 includes a touch panel 38A and a microphone 38B, etc., and receives user input. The touch panel 38A receives user input by contact of an indicator (e.g., a pen or a finger, etc.) by detecting the contact of the indicator. The microphone 38B receives user input by voice by detecting the voice of the user. The control unit 46A transmits data indicating the user input received by the touch panel 38A and the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 (see FIG. 2) acquires data indicating the user input.
[0021] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user by outputting the data in a form perceptible to the user (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.
[0022] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.
[0023] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.
[0024] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0025] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0026] In the smart device 14, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The specific processing program 60 is used in conjunction with the specific processing program 56 by the data processing system 10. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 operating as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart device 14 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0027] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device (e.g., a generation server) may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device having the data generation model 58. The data processing device 12 may also be a server device or a terminal device owned by a user (e.g., a mobile phone, robot, home appliance, etc.). Next, an example of processing by the data processing system 10 according to the first embodiment will be described.
[0028] (Example of form 1) The cybersecurity training system according to an embodiment of the present invention is a system that supports cyberattack exercises in real time. This cybersecurity training system uses AI to dynamically generate scenarios and adjust them to the level of the participants. It discovers vulnerabilities in a simulation environment and guides participants through appropriate response procedures. The AI monitors team activities and provides strategic advice. After the exercise, it analyzes the performance of the exercise and generates a cyberattack analysis report. The AI conducts dummy attacks and assists beginners through support functions. This mechanism provides a realistic cyberattack exercise experience, enabling the formulation of effective vulnerability response and defense strategies, improving learning efficiency and skill development. For example, the AI dynamically generates scenarios and adjusts them to the level of the participants. It generates basic attack scenarios for beginners and complex attack scenarios for advanced users. This allows participants to receive exercises that match their level. It discovers vulnerabilities in a simulation environment and guides participants through appropriate response procedures. The AI scans the system for vulnerabilities and presents response procedures for the vulnerabilities found. This allows participants to learn actual vulnerability response. The AI monitors team activities and provides strategic advice. The AI monitors team actions in real time and proposes the optimal strategy. This allows the team to develop effective defense strategies. After the exercise, the performance of the exercise is analyzed and a cyberattack analysis report is generated. AI analyzes the exercise data and evaluates the performance of each participant. This allows participants to understand their strengths and weaknesses and identify areas for future improvement. AI conducts dummy attacks and supports beginners through support functions. AI conducts simple attack scenarios for beginners and guides them through appropriate response procedures. This allows beginners to learn by experiencing actual attack scenarios. This provides a realistic cyberattack exercise experience, enabling the development of effective vulnerability response and defense strategies, improving learning efficiency and skill development. For example, security teams can improve their ability to respond to actual cyberattacks by receiving practical training.IT educational institutions can provide students with practical cybersecurity training. This allows cybersecurity training systems to support real-time cyberattack exercises and enable the development of effective vulnerability response and defense strategies.
[0029] The cybersecurity training system according to this embodiment comprises a generation unit, a discovery unit, a guide unit, a monitoring unit, an advice unit, an analysis unit, a report generation unit, an attack unit, and a support unit. The generation unit generates scenarios. The generation unit dynamically generates scenarios, for example, using AI. The generation unit can also generate scenarios according to the level of the participants. For example, the generation unit generates basic attack scenarios for beginners and complex attack scenarios for advanced users. The discovery unit discovers vulnerabilities based on the scenarios generated by the generation unit. The discovery unit discovers vulnerabilities, for example, in a simulation environment. The discovery unit can scan for system vulnerabilities using AI and identify discovered vulnerabilities. The guide unit guides the response procedures for vulnerabilities discovered by the discovery unit. The guide unit presents, for example, response procedures for discovered vulnerabilities. The guide unit can use AI to guide appropriate response procedures. The monitoring unit monitors the team's activities based on the response procedures guided by the guide unit. The monitoring unit monitors the team's actions in real time, for example. The monitoring unit can use AI to monitor the team's activities. The Advice Unit provides strategic advice based on activities monitored by the Monitoring Unit. For example, the Advice Unit proposes the optimal strategy. The Advice Unit can provide strategic advice using AI. The Analysis Unit analyzes the performance of the exercise based on the strategies advised by the Advice Unit. For example, the Analysis Unit analyzes the exercise data and evaluates the performance of each participant. The Analysis Unit can analyze the performance of the exercise using AI. The Report Generation Unit generates a cyberattack analysis report based on the performance analyzed by the Analysis Unit. For example, the Report Generation Unit generates a cyberattack analysis report. The Report Generation Unit can generate a cyberattack analysis report using AI. The Attack Unit conducts a dummy attack based on the report generated by the Report Generation Unit. For example, the Attack Unit conducts a dummy attack. The Attack Unit can conduct a dummy attack using AI.The support unit assists beginners based on dummy attacks conducted by the attack unit. The support unit, for example, conducts simple attack scenarios for beginners and guides them through appropriate response procedures. The support unit can use AI to assist beginners. This enables the cybersecurity training system according to the embodiment to support cyber attack exercises in real time and to develop effective vulnerability response and defense strategies. Some or all of the above-described processes in the generation unit may be performed using, for example, a generation AI, or not. For example, the generation unit receives the prompt "Generate a basic attack scenario for beginners" as a prompt for scenario generation, and the generation AI generates the scenario. Some or all of the above-described processes in the discovery unit may be performed using, for example, AI, or not. For example, the discovery unit receives the prompt "Scan the system for vulnerabilities" as a prompt for system vulnerability scanning, and the AI discovers vulnerabilities. Some or all of the above-described processes in the guide unit may be performed using, for example, AI, or not. For example, the guidance unit inputs "Please provide the response procedures for the discovered vulnerability" as a prompt for the response procedure guide, and the AI guides the response procedures. Some or all of the above processing in the monitoring unit may be performed using AI, or not. For example, the monitoring unit inputs "Please monitor the team's actions in real time" as a prompt for monitoring team activities, and the AI monitors the team's activities. Some or all of the above processing in the advice unit may be performed using AI, or not. For example, the advice unit inputs "Please propose the optimal strategy" as a prompt for strategic advice, and the AI provides strategic advice. Some or all of the above processing in the analysis unit may be performed using AI, or not. For example, the analysis unit inputs "Please analyze the exercise data and evaluate each participant's performance" as a prompt for exercise data analysis, and the AI analyzes the exercise performance.Some or all of the above-described processes in the report generation unit may be performed using AI, or not. For example, the report generation unit inputs "Generate a cyberattack analysis report" as a prompt for report generation, and the AI generates the report. Some or all of the above-described processes in the attack unit may be performed using AI, or not. For example, the attack unit inputs "Execute a dummy attack" as a prompt for dummy attack execution, and the AI executes the dummy attack. Some or all of the above-described processes in the support unit may be performed using AI, or not. For example, the support unit inputs "Execute a simple attack scenario for beginners and guide them through appropriate response procedures" as a prompt for beginner support, and the AI assists beginners.
[0030] The generation unit generates scenarios. The generation unit dynamically generates scenarios, for example, using AI. The generation unit can also generate scenarios tailored to the participant's skill level. For example, it can generate basic attack scenarios for beginners and complex attack scenarios for advanced users. When generating scenarios using the generation AI, the generation unit is prompted with "Generate a basic attack scenario for beginners," and the generation AI generates the scenario. The generation AI has learned from past attack data and the latest cyberattack methods, and can generate appropriate scenarios in real time. For example, beginner scenarios include basic attack methods such as phishing attacks and password cracking, while advanced scenarios include complex attack methods such as zero-day attacks and advanced persistent threats (APTs). When generating scenarios, the generation unit can consider the participant's past performance data and current skill level to provide scenarios of optimal difficulty. This allows participants to receive appropriate training according to their skill level and effectively improve their cybersecurity knowledge and skills. Furthermore, the generation unit incorporates the latest cyberattack trends and threat intelligence into scenario generation, enabling it to provide training that is always up-to-date with the latest attack methods. This allows participants to improve their ability to respond to actual cyberattacks.
[0031] The detection unit discovers vulnerabilities based on scenarios generated by the generation unit. For example, the detection unit discovers vulnerabilities in a simulated environment. The detection unit can use AI to scan for system vulnerabilities and identify any vulnerabilities it finds. The detection unit can input "Scan the system for vulnerabilities" as a prompt for system vulnerability scanning, and the AI will discover vulnerabilities. The AI can refer to a database of known vulnerabilities and the latest vulnerability information to quickly and accurately identify vulnerabilities within the system. For example, the AI can perform network scans and port scans to identify open ports and services and detect vulnerabilities associated with them. The AI can also perform web application vulnerability scans to identify vulnerabilities such as SQL injection and cross-site scripting (XSS). Based on these scan results, the detection unit lists system vulnerabilities and identifies vulnerabilities that require attention according to priority. Furthermore, in discovering vulnerabilities, the detection unit can perform a comprehensive vulnerability assessment by considering system configuration, misconfigurations, and patch application status. This allows the detection unit to accurately understand the system's security status and provide information for taking appropriate countermeasures.
[0032] The Guidance Unit guides participants through the procedures for addressing vulnerabilities discovered by the Discovery Unit. For example, the Guidance Unit presents the procedures for addressing discovered vulnerabilities. The Guidance Unit can use AI to guide participants through appropriate procedures. The Guidance Unit can input "Please present the procedures for addressing discovered vulnerabilities" as a prompt for the procedure guide, and the AI will guide participants through the procedures. The AI can suggest the optimal procedures depending on the type and impact of the vulnerability. For example, the AI might recommend escaping input values and using parameterized queries for SQL injection vulnerabilities, and sanitizing and encoding input values for cross-site scripting (XSS) vulnerabilities. The AI can also provide detailed guidance on the specific procedures and tools required to fix the vulnerabilities. The Guidance Unit provides these procedures to participants and supports them in the actual system remediation work. Furthermore, the Guidance Unit can monitor the implementation status of the procedures in real time and provide additional advice and support as needed. In this way, the Guidance Unit can help participants address vulnerabilities appropriately and quickly, thereby improving system security.
[0033] The monitoring unit monitors the team's activities based on response procedures guided by the guidance unit. For example, the monitoring unit monitors the team's actions in real time. The monitoring unit can use AI to monitor the team's activities. The monitoring unit can input "Please monitor the team's actions in real time" as a prompt for monitoring the team's activities, and the AI will monitor the team's activities. The AI analyzes the team members' action logs and system change history in real time and monitors the implementation status of response procedures. For example, the AI verifies whether team members are properly performing vulnerability remediation work and following the remediation procedures, and detects abnormal behavior or mistakes. The AI can also analyze the team's communication logs and work progress to understand the level of cooperation within the team and identify problems. Based on this information, the monitoring unit can grasp the team's activity status in real time and issue alerts as needed. Furthermore, the monitoring unit can evaluate the team's performance based on past activity data and identify areas for improvement. This allows the monitoring unit to effectively monitor the team's activities and support appropriate responses.
[0034] The advisory department provides strategic advice based on activities monitored by the monitoring department. For example, the advisory department proposes the optimal strategy. The advisory department can use AI to provide strategic advice. The advisory department can input "Please propose the optimal strategy" as a prompt for strategic advice, and the AI will provide strategic advice. The AI analyzes the data provided by the monitoring department and evaluates the team's performance and vulnerability remediation status. For example, the AI evaluates the team's work efficiency and the accuracy of remediation, and identifies areas that need improvement. The AI can also propose the optimal remediation procedures and strategies based on historical data and best practices. The advisory department provides this advice to the team to support effective vulnerability remediation work. Furthermore, the advisory department can collect feedback from the team and continuously improve the accuracy and effectiveness of the advice. In this way, the advisory department can help the team implement the optimal strategy and improve system security.
[0035] The analysis department analyzes the performance of the exercises based on the strategies advised by the advisory department. For example, the analysis department analyzes the exercise data and evaluates the performance of each participant. The analysis department can use AI to analyze the performance of the exercises. The analysis department inputs "Analyze the exercise data and evaluate the performance of each participant" as a prompt for analyzing the exercise data, and the AI analyzes the performance of the exercises. Based on the data collected during the exercise, the AI analyzes in detail the actions and execution of each participant's response procedures. For example, the AI evaluates each participant's reaction time, the accuracy of their corrective work, and their level of cooperation, and calculates a performance score. The AI can also evaluate each participant's skill level and degree of growth by comparing it with past exercise data and benchmark data. Based on these evaluation results, the analysis department identifies each participant's strengths and areas for improvement and provides individual feedback. Furthermore, the analysis department can evaluate the overall performance of the exercises and identify the effectiveness and areas for improvement of the training program. This allows the analysis department to support the improvement of participants' skills and improve the quality of the training program.
[0036] The report generation unit generates cyberattack analysis reports based on performance analysis conducted by the analysis unit. For example, the report generation unit can generate cyberattack analysis reports using AI. The report generation unit receives a prompt such as "Generate a cyberattack analysis report," and the AI generates the report. Based on the data provided by the analysis unit, the AI provides a detailed description of each participant's performance and the overall results of the exercise. For example, the AI summarizes each participant's strengths and areas for improvement, vulnerabilities discovered during the exercise, and the implementation status of response procedures in the report. The AI can also analyze the overall evaluation of the exercise and the effectiveness of the training program, and suggest areas for improvement and recommendations for the future. Based on this information, the report generation unit generates a detailed and easy-to-understand cyberattack analysis report and provides it to participants and training administrators. Furthermore, the report generation unit can customize the report content and generate reports tailored to specific needs and requirements. This allows the report generation unit to effectively communicate training outcomes and use the results to improve future training programs.
[0037] The attack unit conducts dummy attacks based on reports generated by the report generation unit. For example, the attack unit can conduct dummy attacks using AI. The attack unit inputs "Please conduct a dummy attack" as a prompt to conduct a dummy attack, and the AI conducts the dummy attack. Based on the information provided by the report generation unit, the AI plans and executes a scenario-based dummy attack. For example, the AI can simulate various attack methods, such as attacks targeting specific vulnerabilities or DDoS attacks against the entire network. Through these dummy attacks, the attack unit allows participants to test their ability to respond to actual cyberattacks. The attack unit can also monitor the results of the dummy attacks in real time and evaluate the participants' response. Furthermore, the attack unit can customize the dummy attack scenarios and conduct attacks tailored to specific training objectives and the skill levels of the participants. This allows the attack unit to provide effective training to improve participants' ability to respond to actual cyberattacks.
[0038] The support team assists beginners based on dummy attacks conducted by the attack team. For example, the support team conducts simple attack scenarios for beginners and guides them through appropriate response procedures. The support team can use AI to assist beginners. The support team inputs "Conduct a simple attack scenario for beginners and guide them through appropriate response procedures" as a prompt for beginner assistance, and the AI assists the beginners. The AI generates beginner-friendly scenarios and explains basic attack methods and response procedures in an easy-to-understand manner. For example, the AI includes basic attack methods such as phishing attacks and password cracking in the scenarios so that beginners can learn how to respond to these attacks. The AI can also provide real-time advice and support when beginners actually deal with attack scenarios. Through this support, the support team helps beginners gain confidence in responding to cyberattacks and promotes skill improvement. Furthermore, the support team can collect feedback from beginners and continuously improve the content of the training program and support methods. This allows the support team to enable beginners to effectively acquire cybersecurity knowledge and skills and improve their ability to respond to actual cyberattacks.
[0039] The generation unit can generate scenarios tailored to the participants' skill levels. For example, it can generate basic attack scenarios for beginners and complex attack scenarios for advanced users. The generation unit can use AI to generate scenarios appropriate to the participants' skill levels. For example, the generation unit can receive the prompt "Generate a basic attack scenario for beginners," and the generation AI will generate the scenario. This allows for appropriate practice by providing scenarios tailored to the participants' skill levels.
[0040] The detection unit can discover vulnerabilities in a simulated environment. For example, the detection unit uses AI to scan for system vulnerabilities and identify any vulnerabilities it finds. By discovering vulnerabilities in a simulated environment, the detection unit can learn about actual vulnerability management. For example, the detection unit can input "Scan the system for vulnerabilities" as a vulnerability discovery prompt, and the AI will discover vulnerabilities. This allows the unit to learn about actual vulnerability management by discovering vulnerabilities in a simulated environment.
[0041] The guide unit can guide users through the procedures for addressing discovered vulnerabilities. For example, the guide unit can present the procedures for addressing a discovered vulnerability. The guide unit can use AI to guide users through the appropriate procedures. For example, the guide unit can input "Please present the procedures for addressing the discovered vulnerability" as a prompt for the procedure guide, and the AI will guide the user through the procedures. This allows for appropriate responses by guiding users through the procedures for addressing discovered vulnerabilities.
[0042] The monitoring unit can monitor the team's activities in real time. For example, the monitoring unit can monitor the team's actions in real time. The monitoring unit can use AI to monitor the team's activities. For example, the monitoring unit can input "Please monitor the team's actions in real time" as a prompt for monitoring the team's activities, and the AI will monitor the team's activities. This allows for the formulation of effective defense strategies by monitoring the team's activities in real time.
[0043] The advisory unit can propose the optimal strategy. For example, the advisory unit can propose the optimal strategy. The advisory unit can provide strategic advice using AI. For example, the advisory unit can receive the prompt "Please propose the optimal strategy," and the AI will provide strategic advice. This allows for the formulation of an effective defensive strategy by proposing the optimal strategy.
[0044] The analysis department can analyze exercise data and evaluate each participant's performance. For example, the analysis department can analyze exercise data and evaluate each participant's performance. The analysis department can also use AI to analyze exercise performance. For example, the analysis department can input "Analyze the exercise data and evaluate each participant's performance" as a prompt for exercise data analysis, and the AI will analyze the exercise performance. This allows for the identification of areas for future improvement by analyzing exercise data and evaluating each participant's performance.
[0045] The report generation unit can generate cyberattack analysis reports. For example, the report generation unit can generate cyberattack analysis reports. The report generation unit can also generate cyberattack analysis reports using AI. For example, the report generation unit can receive the prompt "Generate a cyberattack analysis report," and the AI will generate the report. This allows for understanding the results of the exercise and identifying areas for improvement by generating a cyberattack analysis report.
[0046] The attack unit can conduct a dummy attack. For example, the attack unit can conduct a dummy attack. The attack unit can conduct a dummy attack using AI. For example, the attack unit can input "Please conduct a dummy attack" as a prompt to conduct a dummy attack, and the AI will conduct the dummy attack. This allows beginners to learn by experiencing actual attack scenarios through conducting dummy attacks.
[0047] The support team can assist beginners. For example, the support team can run a simple attack scenario for beginners and guide them through the appropriate response procedures. The support team can also use AI to assist beginners. For example, the support team can input a prompt for beginner assistance such as, "Run a simple attack scenario for beginners and guide them through the appropriate response procedures," and the AI will assist the beginner. In this way, by assisting beginners, they can learn by experiencing actual attack scenarios.
[0048] The generation unit can refer to past exercise data and evolve scenarios in accordance with participants' skill improvements. For example, based on tasks participants have successfully completed in the past, the generation unit can provide more difficult tasks in the next scenario. Based on tasks participants have failed in the past, the generation unit can provide similar tasks again in the next scenario to encourage review. The generation unit can evaluate participants' skill improvements and provide scenarios for learning new skills at the appropriate time. The generation unit can use AI to refer to past exercise data and generate scenarios that correspond to participants' skill improvements. For example, the generation unit can be prompted with "Generate scenarios that correspond to participants' skill improvements based on past exercise data," and the generation AI will generate the scenarios. This allows the generation unit to provide scenarios that correspond to participants' skill improvements by referring to past exercise data.
[0049] The generation unit can create realistic attack scenarios by incorporating specific threat intelligence information during scenario generation. For example, the generation unit can generate scenarios that closely resemble real cyberattacks based on the latest threat intelligence information. The generation unit can incorporate threat information related to a specific industry and generate attack scenarios specific to that industry. The generation unit can generate scenarios using similar methods by referring to past cyberattack cases. The generation unit can use AI to incorporate specific threat intelligence information and generate scenarios. For example, the generation unit can be prompted with "Please generate a realistic attack scenario based on specific threat intelligence information," and the generation AI will generate the scenario. In this way, by incorporating specific threat intelligence information, it is possible to provide realistic attack scenarios.
[0050] The generation unit can customize scenarios according to the participants' duties and roles during the scenario generation process. For example, if a participant is a system administrator, the generation unit will generate scenarios related to system administration. If a participant is a network engineer, the generation unit will generate scenarios related to network security. If a participant is a developer, the generation unit will generate scenarios related to software security. The generation unit can use AI to generate scenarios tailored to the participants' duties and roles. For example, the generation unit can be prompted with "Generate scenarios tailored to the participants' duties and roles," and the generation AI will generate the scenarios. This allows for appropriate exercises by customizing scenarios according to the participants' duties and roles.
[0051] The generation unit can create scenarios that take into account the security requirements of different industries. For example, it can generate security scenarios related to financial transactions for the financial industry, security scenarios related to patient data protection for the healthcare industry, and security scenarios related to manufacturing processes for the manufacturing industry. The generation unit can use AI to generate scenarios that take into account the security requirements of different industries. For example, the generation unit can be prompted with "Generate scenarios that take into account the security requirements of different industries," and the generation AI will generate the scenarios. This allows for appropriate exercises by considering the security requirements of different industries.
[0052] The detection unit can improve its detection accuracy by incorporating new vulnerability information in real time when a vulnerability is discovered. For example, the detection unit can refer to a real-time vulnerability database to incorporate the latest vulnerability information. The detection unit can refer to a real-time security feed to incorporate new vulnerability information. The detection unit can refer to real-time threat intelligence information to improve detection accuracy. The detection unit can use AI to incorporate new vulnerability information in real time to improve detection accuracy. For example, the detection unit can input "Please incorporate new vulnerability information in real time to improve detection accuracy" as a vulnerability detection prompt, and the AI will discover the vulnerability. This allows for improved detection accuracy by incorporating new vulnerability information in real time.
[0053] The detection unit can determine the priority of vulnerability discovery by considering the system configuration and settings when a vulnerability is found. For example, the detection unit can determine the priority of vulnerability discovery based on the system's severity. The detection unit can determine the priority of vulnerability discovery based on the system's settings. The detection unit can determine the priority of vulnerability discovery based on the system's configuration. The detection unit can use AI to determine the priority of vulnerability discovery by considering the system's configuration and settings. For example, the detection unit can input "Please determine the priority of vulnerability discovery by considering the system's configuration and settings" as a vulnerability discovery prompt, and the AI will discover the vulnerability. This makes it possible to discover vulnerabilities appropriately by considering the system's configuration and settings.
[0054] The detection unit can improve its detection accuracy by coordinating with different security tools when a vulnerability is discovered. For example, the detection unit can improve the accuracy of vulnerability detection by coordinating multiple security tools. The detection unit can improve the accuracy of vulnerability detection by integrating the results from different security tools. The detection unit can obtain vulnerability information in real time using the APIs of security tools. The detection unit can improve detection accuracy by coordinating with different security tools using AI. For example, the detection unit can input "Please improve detection accuracy by coordinating with different security tools" as a vulnerability detection prompt, and the AI will find the vulnerability. In this way, detection accuracy can be improved by coordinating with different security tools.
[0055] The detection unit can improve the efficiency of vulnerability discovery by referring to a past vulnerability database when a vulnerability is found. For example, the detection unit can refer to a past vulnerability database to quickly find similar vulnerabilities. The detection unit analyzes a past vulnerability database to improve the efficiency of discovery. The detection unit uses a past vulnerability database to determine the priority of discoveries. The detection unit can use AI to refer to a past vulnerability database to improve the efficiency of discovery. For example, the detection unit can input "Refer to a past vulnerability database to improve the efficiency of discovery" as a vulnerability discovery prompt, and the AI will find the vulnerability. In this way, the efficiency of discovery can be improved by referring to a past vulnerability database.
[0056] The guidance unit can improve the accuracy of its guidance by incorporating new response procedures in real time during the guidance process. For example, the guidance unit can refer to a real-time response procedure database to incorporate the latest response procedures. The guidance unit can refer to a real-time security feed to incorporate new response procedures. The guidance unit can refer to real-time threat intelligence information to improve the accuracy of its guidance. The guidance unit can use AI to incorporate new response procedures in real time to improve the accuracy of its guidance. For example, the guidance unit can input "Improve the accuracy of the guidance by incorporating new response procedures in real time" as a prompt for the response procedure guidance, and the AI will guide the response procedure. This allows for improved guidance accuracy by incorporating new response procedures in real time.
[0057] The guidance unit can determine the priority of the guidance when guiding the response procedure, taking into account the system configuration and settings. For example, the guidance unit can determine the priority of the response procedure based on the importance of the system. The guidance unit can determine the priority of the response procedure based on the system settings. The guidance unit can determine the priority of the response procedure based on the system configuration. The guidance unit can use AI to determine the priority of the response procedure, taking into account the system configuration and settings. For example, the guidance unit can input "Please determine the priority of the response procedure, taking into account the system configuration and settings" as a prompt for the response procedure guidance, and the AI will guide the response procedure. This makes it possible to provide appropriate response procedure guidance by taking into account the system configuration and settings.
[0058] The guidance unit can improve the accuracy of its response procedure guidance by coordinating with different security tools. For example, the guidance unit can improve the accuracy of the response procedure guidance by coordinating multiple security tools. The guidance unit can improve the accuracy of the response procedure guidance by integrating the results of different security tools. The guidance unit can obtain response procedure information in real time using the APIs of security tools. The guidance unit can improve the accuracy of its guidance by coordinating with different security tools using AI. For example, the guidance unit can input "Please coordinate with different security tools to improve the accuracy of the guidance" as a prompt for the response procedure guidance, and the AI will guide the response procedure. In this way, the accuracy of the guidance can be improved by coordinating with different security tools.
[0059] The guide unit can improve the efficiency of its guidance by referring to a database of past response procedures during the guidance process. For example, the guide unit can refer to the database of past response procedures and quickly provide similar response procedures. The guide unit can analyze the database of past response procedures to improve the efficiency of its guidance. The guide unit can use the database of past response procedures to determine the priority of the guidance. The guide unit can use AI to refer to the database of past response procedures to improve the efficiency of its guidance. For example, the guide unit can input "Refer to the database of past response procedures to improve the efficiency of the guidance" as a prompt for the response procedure guidance, and the AI will guide the response procedure. In this way, the efficiency of the guidance can be improved by referring to the database of past response procedures.
[0060] The monitoring unit can improve accuracy by incorporating new monitoring data in real time during monitoring. For example, the monitoring unit can refer to real-time monitoring data to incorporate the latest information. The monitoring unit can refer to real-time security feeds to incorporate new monitoring data. The monitoring unit can refer to real-time threat intelligence information to improve monitoring accuracy. The monitoring unit can use AI to incorporate new monitoring data in real time to improve accuracy. For example, the monitoring unit can input "Improve accuracy by incorporating new monitoring data in real time" as a monitoring prompt, and the AI will perform the monitoring. This allows for improved monitoring accuracy by incorporating new monitoring data in real time.
[0061] The monitoring unit can determine monitoring priorities by considering the team's composition and roles during monitoring. For example, the monitoring unit can determine monitoring priorities based on the importance of the team. The monitoring unit can determine monitoring priorities based on the team's roles. The monitoring unit can determine monitoring priorities based on the team's composition. The monitoring unit can use AI to determine monitoring priorities by considering the team's composition and roles. For example, the monitoring unit can input "Please determine monitoring priorities by considering the team's composition and roles" as a monitoring prompt, and the AI will perform the monitoring. This enables appropriate monitoring by considering the team's composition and roles.
[0062] The monitoring unit can improve monitoring accuracy by coordinating with different security tools during monitoring. For example, the monitoring unit can improve monitoring accuracy by coordinating multiple security tools. The monitoring unit can improve monitoring accuracy by integrating results from different security tools. The monitoring unit can acquire monitoring data in real time using the APIs of security tools. The monitoring unit can improve monitoring accuracy by coordinating with different security tools using AI. For example, the monitoring unit can input "Please improve monitoring accuracy by coordinating with different security tools" as a monitoring prompt, and the AI will perform the monitoring. This allows for improved monitoring accuracy by coordinating with different security tools.
[0063] The monitoring unit can improve monitoring efficiency by referring to past monitoring databases during monitoring. For example, the monitoring unit can refer to past monitoring databases and quickly perform similar monitoring. The monitoring unit analyzes past monitoring databases to improve monitoring efficiency. The monitoring unit uses past monitoring databases to determine monitoring priorities. The monitoring unit can use AI to refer to past monitoring databases and improve monitoring efficiency. For example, the monitoring unit can input "Refer to past monitoring databases to improve monitoring efficiency" as a monitoring prompt, and the AI will perform the monitoring. This allows for improved monitoring efficiency by referring to past monitoring databases.
[0064] The advisory unit can improve the accuracy of its advice by incorporating new strategic information in real time. For example, the advisory unit can refer to real-time strategic information to provide the latest advice. The advisory unit can refer to real-time security feeds to incorporate new strategic information. The advisory unit can refer to real-time threat intelligence information to improve the accuracy of its advice. The advisory unit can use AI to incorporate new strategic information in real time to improve the accuracy of its advice. For example, the advisory unit can input "Please incorporate new strategic information in real time to improve the accuracy of the advice" as an advice prompt, and the AI will provide advice. This allows the accuracy of the advice to be improved by incorporating new strategic information in real time.
[0065] The advice unit can prioritize advice by considering the team's composition and roles when providing advice. For example, the advice unit can prioritize advice based on the importance of the team. The advice unit can prioritize advice based on the team's roles. The advice unit can prioritize advice based on the team's composition. The advice unit can use AI to prioritize advice by considering the team's composition and roles. For example, the advice unit can input "Please prioritize advice by considering the team's composition and roles" as an advice prompt, and the AI will provide advice. This allows for appropriate advice by considering the team's composition and roles.
[0066] The advisory unit can improve the accuracy of its advice by coordinating with different security tools during the advice-giving process. For example, the advisory unit can improve the accuracy of its advice by coordinating multiple security tools. The advisory unit can improve the accuracy of its advice by integrating the results of different security tools. The advisory unit can obtain advice information in real time using the APIs of security tools. The advisory unit can improve the accuracy of its advice by coordinating with different security tools using AI. For example, the advisory unit can input "Improve the accuracy of advice by coordinating with different security tools" as an advice prompt, and the AI will provide advice. This allows for improved advice accuracy by coordinating with different security tools.
[0067] The advice unit can improve the efficiency of its advice by referring to a database of past advice. For example, the advice unit can refer to the database of past advice and quickly provide similar advice. The advice unit analyzes the database of past advice to improve the efficiency of its advice. The advice unit uses the database of past advice to determine the priority of advice. The advice unit can use AI to refer to the database of past advice to improve the efficiency of its advice. For example, the advice unit can input "Refer to the database of past advice to improve the efficiency of the advice" as an advice prompt, and the AI will provide advice. This allows the advice unit to improve the efficiency of its advice by referring to the database of past advice.
[0068] The analysis department can improve accuracy by incorporating new analysis data in real time during analysis. For example, the analysis department can refer to real-time analysis data to incorporate the latest information. The analysis department can refer to real-time security feeds to incorporate new analysis data. The analysis department can refer to real-time threat intelligence information to improve the accuracy of the analysis. The analysis department can use AI to incorporate new analysis data in real time to improve accuracy. For example, the analysis department can input "Improve accuracy by incorporating new analysis data in real time" as an analysis prompt, and the AI will perform the analysis. This allows for improved analysis accuracy by incorporating new analysis data in real time.
[0069] The analysis unit can prioritize analyses by considering the skill levels of the participants. For example, the analysis unit can prioritize analyses based on the participants' skill levels, their roles, or their past performance. The analysis unit can also use AI to prioritize analyses by considering the skill levels of the participants. For example, the analysis unit can input "Please prioritize analyses by considering the skill levels of the participants" as an analysis prompt, and the AI will perform the analysis. This allows for more appropriate analysis by taking the participants' skill levels into account.
[0070] The analysis department can improve the accuracy of its analysis by integrating with different security tools during the analysis process. For example, the analysis department can improve the accuracy of its analysis by integrating multiple security tools. The analysis department can improve the accuracy of its analysis by integrating the results from different security tools. The analysis department can obtain analysis data in real time using the APIs of security tools. The analysis department can improve the accuracy of its analysis by using AI to integrate with different security tools. For example, the analysis department can input "Improve the accuracy of the analysis by integrating with different security tools" as an analysis prompt, and the AI will perform the analysis. This allows for improved accuracy of the analysis by integrating with different security tools.
[0071] The analysis department can improve the efficiency of analysis by referring to past analysis databases during the analysis process. For example, the analysis department can refer to past analysis databases and perform similar analyses quickly. The analysis department analyzes past analysis databases to improve the efficiency of analysis. The analysis department uses past analysis databases to determine analysis priorities. The analysis department can use AI to refer to past analysis databases and improve the efficiency of analysis. For example, the analysis department can input "Refer to past analysis databases to improve the efficiency of analysis" as an analysis prompt, and the AI will perform the analysis. In this way, the efficiency of analysis can be improved by referring to past analysis databases.
[0072] The report generation unit can improve accuracy by incorporating new report data in real time during report generation. For example, the report generation unit can refer to real-time report data to incorporate the latest information. The report generation unit can refer to real-time security feeds to incorporate new report data. The report generation unit can refer to real-time threat intelligence information to improve report accuracy. The report generation unit can use AI to incorporate new report data in real time to improve accuracy. For example, the report generation unit can input "Please incorporate new report data in real time to improve accuracy" as a prompt for report generation, and the AI will generate the report. This allows for improved report accuracy by incorporating new report data in real time.
[0073] The report generation unit can prioritize reports by considering the skill levels of the participants during report generation. For example, the report generation unit can prioritize reports based on the participants' skill levels, their roles, or their past performance. The report generation unit can also use AI to prioritize reports by considering the skill levels of the participants. For example, the report generation unit can receive the prompt "Please prioritize reports by considering the skill levels of the participants," and the AI will generate the reports. This ensures that appropriate reports are generated by considering the skill levels of the participants.
[0074] The report generation unit can improve the accuracy of reports by coordinating with different security tools during report generation. For example, the report generation unit can improve report accuracy by coordinating multiple security tools. The report generation unit can improve report accuracy by integrating results from different security tools. The report generation unit can obtain report data in real time using the APIs of security tools. The report generation unit can improve report accuracy by coordinating with different security tools using AI. For example, the report generation unit can input "Improve report accuracy by coordinating with different security tools" as a prompt for report generation, and the AI will generate the report. This allows for improved report accuracy by coordinating with different security tools.
[0075] The report generation unit can improve report efficiency by referencing a database of past reports during report generation. For example, the report generation unit can refer to a database of past reports and quickly generate similar reports. The report generation unit analyzes a database of past reports to improve report efficiency. The report generation unit uses a database of past reports to determine report priorities. The report generation unit can use AI to refer to a database of past reports and improve report efficiency. For example, the report generation unit can input "Refer to a database of past reports to improve report efficiency" as a prompt for report generation, and the AI will generate the report. This allows for improved report efficiency by referencing a database of past reports.
[0076] The attack unit can improve accuracy by incorporating new attack methods in real time during dummy attacks. For example, the attack unit can refer to real-time attack method data to incorporate the latest information. The attack unit can refer to real-time security feeds to incorporate new attack methods. The attack unit can refer to real-time threat intelligence information to improve the accuracy of attacks. The attack unit can use AI to incorporate new attack methods in real time to improve accuracy. For example, the attack unit can input "Improve accuracy by incorporating new attack methods in real time" as a prompt for a dummy attack, and the AI will carry out the attack. This allows for improved attack accuracy by incorporating new attack methods in real time.
[0077] The attack unit can determine attack priorities during a dummy attack by considering the skill levels of the participants. For example, the attack unit can determine attack priorities based on the participants' skill levels. The attack unit can determine attack priorities based on the participants' roles. The attack unit can determine attack priorities based on the participants' past performance. The attack unit can use AI to determine attack priorities by considering the skill levels of the participants. For example, the attack unit can input "Please determine attack priorities considering the skill levels of the participants" as a prompt for a dummy attack, and the AI will perform the attack. This allows for appropriate attacks by considering the skill levels of the participants.
[0078] The attack unit can improve the accuracy of its attacks by coordinating with different security tools during dummy attacks. For example, the attack unit can improve the accuracy of its attacks by coordinating multiple security tools. The attack unit can improve the accuracy of its attacks by integrating the results of different security tools. The attack unit can obtain attack data in real time using the APIs of security tools. The attack unit can improve the accuracy of its attacks by coordinating with different security tools using AI. For example, the attack unit can input "Please improve the accuracy of the attack by coordinating with different security tools" as a prompt for a dummy attack, and the AI will carry out the attack. This allows the attack to improve its accuracy by coordinating with different security tools.
[0079] The attack unit can improve the efficiency of its attacks by referring to a database of past attacks during dummy attacks. For example, the attack unit can refer to the database of past attacks and quickly execute a similar attack. The attack unit analyzes the database of past attacks to improve the efficiency of its attacks. The attack unit uses the database of past attacks to determine attack priorities. The attack unit can use AI to refer to the database of past attacks and improve the efficiency of its attacks. For example, the attack unit can input "Refer to the database of past attacks to improve the efficiency of the attack" as a prompt for a dummy attack, and the AI will execute the attack. In this way, the efficiency of the attack can be improved by referring to the database of past attacks.
[0080] The support department can improve accuracy by incorporating new support data in real time during support. For example, the support department can refer to real-time support data to incorporate the latest information. The support department can refer to real-time security feeds to incorporate new support data. The support department can refer to real-time threat intelligence information to improve the accuracy of support. The support department can use AI to incorporate new support data in real time to improve accuracy. For example, the support department can input "Please incorporate new support data in real time to improve accuracy" as a support prompt, and the AI will provide support. This allows for improved support accuracy by incorporating new support data in real time.
[0081] The support department can prioritize support by considering the skill level of the participants. For example, the support department can prioritize support based on the participant's skill level, the participant's role, or the participant's past performance. The support department can also use AI to prioritize support by considering the participant's skill level. For example, the support department can input "Please prioritize support considering the participant's skill level" as a support prompt, and the AI will provide the support. This allows for appropriate support by considering the participant's skill level.
[0082] The support department can improve the accuracy of support by coordinating with different security tools during support. For example, the support department can improve the accuracy of support by coordinating multiple security tools. The support department can improve the accuracy of support by integrating the results of different security tools. The support department can obtain support data in real time using the APIs of security tools. The support department can improve the accuracy of support by coordinating with different security tools using AI. For example, the support department can input "Please improve the accuracy of support by coordinating with different security tools" as a support prompt, and the AI will provide support. This allows for improved support accuracy by coordinating with different security tools.
[0083] The support department can improve the efficiency of support by referring to a database of past support activities. For example, the support department can refer to the database of past support activities and quickly provide similar support. The support department can analyze the database of past support activities to improve the efficiency of support. The support department can use the database of past support activities to determine the priority of support activities. The support department can use AI to refer to the database of past support activities and improve the efficiency of support. For example, the support department can input "Please refer to the database of past support activities to improve the efficiency of support activities" as a support prompt, and the AI will provide the support. In this way, the efficiency of support activities can be improved by referring to the database of past support activities.
[0084] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.
[0085] The generation unit can customize scenarios by referencing participants' past behavioral history during scenario generation. For example, the generation unit can analyze attack and defense methods previously used by participants and generate new scenarios based on that analysis. This allows participants to receive exercises based on their past actions, enabling them to acquire more practical skills. The generation unit can also provide scenarios to strengthen specific weaknesses based on participants' behavioral history. For example, if a participant was vulnerable to a particular attack method in the past, it can generate a scenario to strengthen their defenses against that method. Furthermore, the generation unit can provide scenarios that promote team collaboration based on participants' behavioral history. For example, it can recreate scenarios in which team members have previously collaborated successfully, thereby strengthening team coordination. This allows participants to receive more effective training by leveraging their past behavioral history.
[0086] The monitoring department can improve the accuracy of monitoring by coordinating with different security tools when monitoring team activities in real time. For example, the monitoring department can link multiple security tools and integrate the results of each tool to monitor team activities. This improves the accuracy of monitoring and allows for a more precise understanding of team activities. The monitoring department can also use the APIs of security tools to obtain monitoring data in real time. This allows for monitoring team activities based on the latest information and enables a rapid response. Furthermore, the monitoring department can analyze the results of different security tools and propose the optimal monitoring method. This allows for effective monitoring of team activities and the formulation of appropriate defense strategies.
[0087] The analysis department can improve the efficiency of its analysis by referring to past analysis databases when analyzing exercise data. For example, the analysis department can refer to past exercise data to quickly identify similar patterns. This improves the efficiency of the analysis and enables a quicker response. The analysis department can also evaluate each participant's performance based on past data and identify areas for future improvement. Furthermore, the analysis department can propose response procedures for specific vulnerabilities based on past data. This improves the efficiency of the analysis and enables an appropriate response.
[0088] The attack team can improve the accuracy of dummy attacks by incorporating new attack methods in real time. For example, the attack team can refer to real-time attack method data and conduct dummy attacks based on the latest information. This improves the accuracy of the attacks and enables more realistic exercises. The attack team can also refer to real-time security feeds and incorporate new attack methods. This allows for dummy attacks that address the latest threats and improves the skills of participants. Furthermore, the attack team can refer to real-time threat intelligence information to improve the accuracy of the attacks. This allows for more effective dummy attacks and enhances the learning effect for participants.
[0089] The generation unit can create realistic attack scenarios by incorporating specific threat intelligence information during scenario generation. For example, it can generate scenarios that closely resemble real cyberattacks based on the latest threat intelligence information. This allows participants to receive exercises that address the latest threats and acquire practical skills. The generation unit can also incorporate threat information related to specific industries and generate attack scenarios tailored to those industries. For example, it can generate attack scenarios related to financial transactions for the financial industry and attack scenarios related to patient data protection for the healthcare industry. Furthermore, the generation unit can generate scenarios using similar methods based on past cyberattack cases. This allows participants to learn real-world attack methods and develop effective defense strategies.
[0090] The following briefly describes the processing flow for example form 1.
[0091] Step 1: The generation unit generates scenarios. The generation unit can dynamically generate scenarios using, for example, AI, and can generate scenarios tailored to the participants' skill levels. For example, it can generate basic attack scenarios for beginners and complex attack scenarios for advanced users. Step 2: The discovery unit discovers vulnerabilities based on the scenarios generated by the generation unit. For example, the discovery unit can discover vulnerabilities in a simulation environment, scan the system for vulnerabilities using AI, and identify the discovered vulnerabilities. Step 3: The guide unit guides the user through the steps to address the vulnerabilities discovered by the discovery unit. For example, the guide unit can present the steps to address the discovered vulnerabilities and use AI to guide the user through the appropriate steps. Step 4: The monitoring unit monitors the team's activities based on the response procedures guided by the guiding unit. The monitoring unit can, for example, monitor the team's actions in real time and use AI to monitor the team's activities. Step 5: The advisory department provides strategic advice based on the activities monitored by the monitoring department. For example, the advisory department can propose the optimal strategy and provide strategic advice using AI. Step 6: The analysis department analyzes the exercise performance based on the strategies advised by the advice department. For example, the analysis department can analyze the exercise data, evaluate the performance of each participant, and use AI to analyze the exercise performance. Step 7: The report generation unit generates a cyberattack analysis report based on the performance analyzed by the analysis unit. The report generation unit can, for example, generate a cyberattack analysis report, and can also generate a cyberattack analysis report using AI. Step 8: The attack unit executes a dummy attack based on the report generated by the report generation unit. The attack unit can, for example, execute a dummy attack, or it can execute a dummy attack using AI. Step 9: The support team assists beginners based on the dummy attacks conducted by the attack team. For example, the support team can conduct simple attack scenarios for beginners, guide them through appropriate response procedures, and use AI to assist them.
[0092] (Example of form 2) The cybersecurity training system according to an embodiment of the present invention is a system that supports cyberattack exercises in real time. This cybersecurity training system uses AI to dynamically generate scenarios and adjust them to the level of the participants. It discovers vulnerabilities in a simulation environment and guides participants through appropriate response procedures. The AI monitors team activities and provides strategic advice. After the exercise, it analyzes the performance of the exercise and generates a cyberattack analysis report. The AI conducts dummy attacks and assists beginners through support functions. This mechanism provides a realistic cyberattack exercise experience, enabling the formulation of effective vulnerability response and defense strategies, improving learning efficiency and skill development. For example, the AI dynamically generates scenarios and adjusts them to the level of the participants. It generates basic attack scenarios for beginners and complex attack scenarios for advanced users. This allows participants to receive exercises that match their level. It discovers vulnerabilities in a simulation environment and guides participants through appropriate response procedures. The AI scans the system for vulnerabilities and presents response procedures for the vulnerabilities found. This allows participants to learn actual vulnerability response. The AI monitors team activities and provides strategic advice. The AI monitors team actions in real time and proposes the optimal strategy. This allows the team to develop effective defense strategies. After the exercise, the performance of the exercise is analyzed and a cyberattack analysis report is generated. AI analyzes the exercise data and evaluates the performance of each participant. This allows participants to understand their strengths and weaknesses and identify areas for future improvement. AI conducts dummy attacks and supports beginners through support functions. AI conducts simple attack scenarios for beginners and guides them through appropriate response procedures. This allows beginners to learn by experiencing actual attack scenarios. This provides a realistic cyberattack exercise experience, enabling the development of effective vulnerability response and defense strategies, improving learning efficiency and skill development. For example, security teams can improve their ability to respond to actual cyberattacks by receiving practical training.IT educational institutions can provide students with practical cybersecurity training. This allows cybersecurity training systems to support real-time cyberattack exercises and enable the development of effective vulnerability response and defense strategies.
[0093] The cybersecurity training system according to this embodiment comprises a generation unit, a discovery unit, a guide unit, a monitoring unit, an advice unit, an analysis unit, a report generation unit, an attack unit, and a support unit. The generation unit generates scenarios. The generation unit dynamically generates scenarios, for example, using AI. The generation unit can also generate scenarios according to the level of the participants. For example, the generation unit generates basic attack scenarios for beginners and complex attack scenarios for advanced users. The discovery unit discovers vulnerabilities based on the scenarios generated by the generation unit. The discovery unit discovers vulnerabilities, for example, in a simulation environment. The discovery unit can scan for system vulnerabilities using AI and identify discovered vulnerabilities. The guide unit guides the response procedures for vulnerabilities discovered by the discovery unit. The guide unit presents, for example, response procedures for discovered vulnerabilities. The guide unit can use AI to guide appropriate response procedures. The monitoring unit monitors the team's activities based on the response procedures guided by the guide unit. The monitoring unit monitors the team's actions in real time, for example. The monitoring unit can use AI to monitor the team's activities. The Advice Unit provides strategic advice based on activities monitored by the Monitoring Unit. For example, the Advice Unit proposes the optimal strategy. The Advice Unit can provide strategic advice using AI. The Analysis Unit analyzes the performance of the exercise based on the strategies advised by the Advice Unit. For example, the Analysis Unit analyzes the exercise data and evaluates the performance of each participant. The Analysis Unit can analyze the performance of the exercise using AI. The Report Generation Unit generates a cyberattack analysis report based on the performance analyzed by the Analysis Unit. For example, the Report Generation Unit generates a cyberattack analysis report. The Report Generation Unit can generate a cyberattack analysis report using AI. The Attack Unit conducts a dummy attack based on the report generated by the Report Generation Unit. For example, the Attack Unit conducts a dummy attack. The Attack Unit can conduct a dummy attack using AI.The support unit assists beginners based on dummy attacks conducted by the attack unit. The support unit, for example, conducts simple attack scenarios for beginners and guides them through appropriate response procedures. The support unit can use AI to assist beginners. This enables the cybersecurity training system according to the embodiment to support cyber attack exercises in real time and to develop effective vulnerability response and defense strategies. Some or all of the above-described processes in the generation unit may be performed using, for example, a generation AI, or not. For example, the generation unit receives the prompt "Generate a basic attack scenario for beginners" as a prompt for scenario generation, and the generation AI generates the scenario. Some or all of the above-described processes in the discovery unit may be performed using, for example, AI, or not. For example, the discovery unit receives the prompt "Scan the system for vulnerabilities" as a prompt for system vulnerability scanning, and the AI discovers vulnerabilities. Some or all of the above-described processes in the guide unit may be performed using, for example, AI, or not. For example, the guidance unit inputs "Please provide the response procedures for the discovered vulnerability" as a prompt for the response procedure guide, and the AI guides the response procedures. Some or all of the above processing in the monitoring unit may be performed using AI, or not. For example, the monitoring unit inputs "Please monitor the team's actions in real time" as a prompt for monitoring team activities, and the AI monitors the team's activities. Some or all of the above processing in the advice unit may be performed using AI, or not. For example, the advice unit inputs "Please propose the optimal strategy" as a prompt for strategic advice, and the AI provides strategic advice. Some or all of the above processing in the analysis unit may be performed using AI, or not. For example, the analysis unit inputs "Please analyze the exercise data and evaluate each participant's performance" as a prompt for exercise data analysis, and the AI analyzes the exercise performance.Some or all of the above-described processes in the report generation unit may be performed using AI, or not. For example, the report generation unit inputs "Generate a cyberattack analysis report" as a prompt for report generation, and the AI generates the report. Some or all of the above-described processes in the attack unit may be performed using AI, or not. For example, the attack unit inputs "Execute a dummy attack" as a prompt for dummy attack execution, and the AI executes the dummy attack. Some or all of the above-described processes in the support unit may be performed using AI, or not. For example, the support unit inputs "Execute a simple attack scenario for beginners and guide them through appropriate response procedures" as a prompt for beginner support, and the AI assists beginners.
[0094] The generation unit generates scenarios. The generation unit dynamically generates scenarios, for example, using AI. The generation unit can also generate scenarios tailored to the participant's skill level. For example, it can generate basic attack scenarios for beginners and complex attack scenarios for advanced users. When generating scenarios using the generation AI, the generation unit is prompted with "Generate a basic attack scenario for beginners," and the generation AI generates the scenario. The generation AI has learned from past attack data and the latest cyberattack methods, and can generate appropriate scenarios in real time. For example, beginner scenarios include basic attack methods such as phishing attacks and password cracking, while advanced scenarios include complex attack methods such as zero-day attacks and advanced persistent threats (APTs). When generating scenarios, the generation unit can consider the participant's past performance data and current skill level to provide scenarios of optimal difficulty. This allows participants to receive appropriate training according to their skill level and effectively improve their cybersecurity knowledge and skills. Furthermore, the generation unit incorporates the latest cyberattack trends and threat intelligence into scenario generation, enabling it to provide training that is always up-to-date with the latest attack methods. This allows participants to improve their ability to respond to actual cyberattacks.
[0095] The detection unit discovers vulnerabilities based on scenarios generated by the generation unit. For example, the detection unit discovers vulnerabilities in a simulated environment. The detection unit can use AI to scan for system vulnerabilities and identify any vulnerabilities it finds. The detection unit can input "Scan the system for vulnerabilities" as a prompt for system vulnerability scanning, and the AI will discover vulnerabilities. The AI can refer to a database of known vulnerabilities and the latest vulnerability information to quickly and accurately identify vulnerabilities within the system. For example, the AI can perform network scans and port scans to identify open ports and services and detect vulnerabilities associated with them. The AI can also perform web application vulnerability scans to identify vulnerabilities such as SQL injection and cross-site scripting (XSS). Based on these scan results, the detection unit lists system vulnerabilities and identifies vulnerabilities that require attention according to priority. Furthermore, in discovering vulnerabilities, the detection unit can perform a comprehensive vulnerability assessment by considering system configuration, misconfigurations, and patch application status. This allows the detection unit to accurately understand the system's security status and provide information for taking appropriate countermeasures.
[0096] The Guidance Unit guides participants through the procedures for addressing vulnerabilities discovered by the Discovery Unit. For example, the Guidance Unit presents the procedures for addressing discovered vulnerabilities. The Guidance Unit can use AI to guide participants through appropriate procedures. The Guidance Unit can input "Please present the procedures for addressing discovered vulnerabilities" as a prompt for the procedure guide, and the AI will guide participants through the procedures. The AI can suggest the optimal procedures depending on the type and impact of the vulnerability. For example, the AI might recommend escaping input values and using parameterized queries for SQL injection vulnerabilities, and sanitizing and encoding input values for cross-site scripting (XSS) vulnerabilities. The AI can also provide detailed guidance on the specific procedures and tools required to fix the vulnerabilities. The Guidance Unit provides these procedures to participants and supports them in the actual system remediation work. Furthermore, the Guidance Unit can monitor the implementation status of the procedures in real time and provide additional advice and support as needed. In this way, the Guidance Unit can help participants address vulnerabilities appropriately and quickly, thereby improving system security.
[0097] The monitoring unit monitors the team's activities based on response procedures guided by the guidance unit. For example, the monitoring unit monitors the team's actions in real time. The monitoring unit can use AI to monitor the team's activities. The monitoring unit can input "Please monitor the team's actions in real time" as a prompt for monitoring the team's activities, and the AI will monitor the team's activities. The AI analyzes the team members' action logs and system change history in real time and monitors the implementation status of response procedures. For example, the AI verifies whether team members are properly performing vulnerability remediation work and following the remediation procedures, and detects abnormal behavior or mistakes. The AI can also analyze the team's communication logs and work progress to understand the level of cooperation within the team and identify problems. Based on this information, the monitoring unit can grasp the team's activity status in real time and issue alerts as needed. Furthermore, the monitoring unit can evaluate the team's performance based on past activity data and identify areas for improvement. This allows the monitoring unit to effectively monitor the team's activities and support appropriate responses.
[0098] The advisory department provides strategic advice based on activities monitored by the monitoring department. For example, the advisory department proposes the optimal strategy. The advisory department can use AI to provide strategic advice. The advisory department can input "Please propose the optimal strategy" as a prompt for strategic advice, and the AI will provide strategic advice. The AI analyzes the data provided by the monitoring department and evaluates the team's performance and vulnerability remediation status. For example, the AI evaluates the team's work efficiency and the accuracy of remediation, and identifies areas that need improvement. The AI can also propose the optimal remediation procedures and strategies based on historical data and best practices. The advisory department provides this advice to the team to support effective vulnerability remediation work. Furthermore, the advisory department can collect feedback from the team and continuously improve the accuracy and effectiveness of the advice. In this way, the advisory department can help the team implement the optimal strategy and improve system security.
[0099] The analysis department analyzes the performance of the exercises based on the strategies advised by the advisory department. For example, the analysis department analyzes the exercise data and evaluates the performance of each participant. The analysis department can use AI to analyze the performance of the exercises. The analysis department inputs "Analyze the exercise data and evaluate the performance of each participant" as a prompt for analyzing the exercise data, and the AI analyzes the performance of the exercises. Based on the data collected during the exercise, the AI analyzes in detail the actions and execution of each participant's response procedures. For example, the AI evaluates each participant's reaction time, the accuracy of their corrective work, and their level of cooperation, and calculates a performance score. The AI can also evaluate each participant's skill level and degree of growth by comparing it with past exercise data and benchmark data. Based on these evaluation results, the analysis department identifies each participant's strengths and areas for improvement and provides individual feedback. Furthermore, the analysis department can evaluate the overall performance of the exercises and identify the effectiveness and areas for improvement of the training program. This allows the analysis department to support the improvement of participants' skills and improve the quality of the training program.
[0100] The report generation unit generates cyberattack analysis reports based on performance analysis conducted by the analysis unit. For example, the report generation unit can generate cyberattack analysis reports using AI. The report generation unit receives a prompt such as "Generate a cyberattack analysis report," and the AI generates the report. Based on the data provided by the analysis unit, the AI provides a detailed description of each participant's performance and the overall results of the exercise. For example, the AI summarizes each participant's strengths and areas for improvement, vulnerabilities discovered during the exercise, and the implementation status of response procedures in the report. The AI can also analyze the overall evaluation of the exercise and the effectiveness of the training program, and suggest areas for improvement and recommendations for the future. Based on this information, the report generation unit generates a detailed and easy-to-understand cyberattack analysis report and provides it to participants and training administrators. Furthermore, the report generation unit can customize the report content and generate reports tailored to specific needs and requirements. This allows the report generation unit to effectively communicate training outcomes and use the results to improve future training programs.
[0101] The attack unit conducts dummy attacks based on reports generated by the report generation unit. For example, the attack unit can conduct dummy attacks using AI. The attack unit inputs "Please conduct a dummy attack" as a prompt to conduct a dummy attack, and the AI conducts the dummy attack. Based on the information provided by the report generation unit, the AI plans and executes a scenario-based dummy attack. For example, the AI can simulate various attack methods, such as attacks targeting specific vulnerabilities or DDoS attacks against the entire network. Through these dummy attacks, the attack unit allows participants to test their ability to respond to actual cyberattacks. The attack unit can also monitor the results of the dummy attacks in real time and evaluate the participants' response. Furthermore, the attack unit can customize the dummy attack scenarios and conduct attacks tailored to specific training objectives and the skill levels of the participants. This allows the attack unit to provide effective training to improve participants' ability to respond to actual cyberattacks.
[0102] The support team assists beginners based on dummy attacks conducted by the attack team. For example, the support team conducts simple attack scenarios for beginners and guides them through appropriate response procedures. The support team can use AI to assist beginners. The support team inputs "Conduct a simple attack scenario for beginners and guide them through appropriate response procedures" as a prompt for beginner assistance, and the AI assists the beginners. The AI generates beginner-friendly scenarios and explains basic attack methods and response procedures in an easy-to-understand manner. For example, the AI includes basic attack methods such as phishing attacks and password cracking in the scenarios so that beginners can learn how to respond to these attacks. The AI can also provide real-time advice and support when beginners actually deal with attack scenarios. Through this support, the support team helps beginners gain confidence in responding to cyberattacks and promotes skill improvement. Furthermore, the support team can collect feedback from beginners and continuously improve the content of the training program and support methods. This allows the support team to enable beginners to effectively acquire cybersecurity knowledge and skills and improve their ability to respond to actual cyberattacks.
[0103] The generation unit can generate scenarios tailored to the participants' skill levels. For example, it can generate basic attack scenarios for beginners and complex attack scenarios for advanced users. The generation unit can use AI to generate scenarios appropriate to the participants' skill levels. For example, the generation unit can receive the prompt "Generate a basic attack scenario for beginners," and the generation AI will generate the scenario. This allows for appropriate practice by providing scenarios tailored to the participants' skill levels.
[0104] The detection unit can discover vulnerabilities in a simulated environment. For example, the detection unit uses AI to scan for system vulnerabilities and identify any vulnerabilities it finds. By discovering vulnerabilities in a simulated environment, the detection unit can learn about actual vulnerability management. For example, the detection unit can input "Scan the system for vulnerabilities" as a vulnerability discovery prompt, and the AI will discover vulnerabilities. This allows the unit to learn about actual vulnerability management by discovering vulnerabilities in a simulated environment.
[0105] The guide unit can guide users through the procedures for addressing discovered vulnerabilities. For example, the guide unit can present the procedures for addressing a discovered vulnerability. The guide unit can use AI to guide users through the appropriate procedures. For example, the guide unit can input "Please present the procedures for addressing the discovered vulnerability" as a prompt for the procedure guide, and the AI will guide the user through the procedures. This allows for appropriate responses by guiding users through the procedures for addressing discovered vulnerabilities.
[0106] The monitoring unit can monitor the team's activities in real time. For example, the monitoring unit can monitor the team's actions in real time. The monitoring unit can use AI to monitor the team's activities. For example, the monitoring unit can input "Please monitor the team's actions in real time" as a prompt for monitoring the team's activities, and the AI will monitor the team's activities. This allows for the formulation of effective defense strategies by monitoring the team's activities in real time.
[0107] The advisory unit can propose the optimal strategy. For example, the advisory unit can propose the optimal strategy. The advisory unit can provide strategic advice using AI. For example, the advisory unit can receive the prompt "Please propose the optimal strategy," and the AI will provide strategic advice. This allows for the formulation of an effective defensive strategy by proposing the optimal strategy.
[0108] The analysis department can analyze exercise data and evaluate each participant's performance. For example, the analysis department can analyze exercise data and evaluate each participant's performance. The analysis department can also use AI to analyze exercise performance. For example, the analysis department can input "Analyze the exercise data and evaluate each participant's performance" as a prompt for exercise data analysis, and the AI will analyze the exercise performance. This allows for the identification of areas for future improvement by analyzing exercise data and evaluating each participant's performance.
[0109] The report generation unit can generate cyberattack analysis reports. For example, the report generation unit can generate cyberattack analysis reports. The report generation unit can also generate cyberattack analysis reports using AI. For example, the report generation unit can receive the prompt "Generate a cyberattack analysis report," and the AI will generate the report. This allows for understanding the results of the exercise and identifying areas for improvement by generating a cyberattack analysis report.
[0110] The attack unit can conduct a dummy attack. For example, the attack unit can conduct a dummy attack. The attack unit can conduct a dummy attack using AI. For example, the attack unit can input "Please conduct a dummy attack" as a prompt to conduct a dummy attack, and the AI will conduct the dummy attack. This allows beginners to learn by experiencing actual attack scenarios through conducting dummy attacks.
[0111] The support team can assist beginners. For example, the support team can run a simple attack scenario for beginners and guide them through the appropriate response procedures. The support team can also use AI to assist beginners. For example, the support team can input a prompt for beginner assistance such as, "Run a simple attack scenario for beginners and guide them through the appropriate response procedures," and the AI will assist the beginner. In this way, by assisting beginners, they can learn by experiencing actual attack scenarios.
[0112] The generation unit can estimate the user's emotions and adjust the difficulty of the scenario based on those emotions. For example, if the user is stressed, the generation unit will lower the difficulty of the scenario and provide an easy task. If the user is relaxed, the generation unit will increase the difficulty of the scenario and provide a challenging task. If the user is excited, the generation unit will moderately adjust the difficulty of the scenario and provide a balanced task. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or a generation AI. The generation AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for appropriate exercises by adjusting the difficulty of the scenario according to the user's emotions.
[0113] The generation unit can refer to past exercise data and evolve scenarios in accordance with participants' skill improvements. For example, based on tasks participants have successfully completed in the past, the generation unit can provide more difficult tasks in the next scenario. Based on tasks participants have failed in the past, the generation unit can provide similar tasks again in the next scenario to encourage review. The generation unit can evaluate participants' skill improvements and provide scenarios for learning new skills at the appropriate time. The generation unit can use AI to refer to past exercise data and generate scenarios that correspond to participants' skill improvements. For example, the generation unit can be prompted with "Generate scenarios that correspond to participants' skill improvements based on past exercise data," and the generation AI will generate the scenarios. This allows the generation unit to provide scenarios that correspond to participants' skill improvements by referring to past exercise data.
[0114] The generation unit can create realistic attack scenarios by incorporating specific threat intelligence information during scenario generation. For example, the generation unit can generate scenarios that closely resemble real cyberattacks based on the latest threat intelligence information. The generation unit can incorporate threat information related to a specific industry and generate attack scenarios specific to that industry. The generation unit can generate scenarios using similar methods by referring to past cyberattack cases. The generation unit can use AI to incorporate specific threat intelligence information and generate scenarios. For example, the generation unit can be prompted with "Please generate a realistic attack scenario based on specific threat intelligence information," and the generation AI will generate the scenario. In this way, by incorporating specific threat intelligence information, it is possible to provide realistic attack scenarios.
[0115] The generation unit can estimate the user's emotions and select a scenario theme based on the estimated emotions. For example, if the user is stressed, the generation unit will select a scenario with a relaxing theme. If the user is excited, the generation unit will select a scenario with a challenging and stimulating theme. If the user is relaxed, the generation unit will select a scenario with a theme that is highly effective for learning. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or a generative AI. The generative AI is not limited to, but may include, text generation AI (e.g., LLM) or multimodal generation AI. This allows for appropriate exercises by selecting a scenario theme according to the user's emotions.
[0116] The generation unit can customize scenarios according to the participants' duties and roles during the scenario generation process. For example, if a participant is a system administrator, the generation unit will generate scenarios related to system administration. If a participant is a network engineer, the generation unit will generate scenarios related to network security. If a participant is a developer, the generation unit will generate scenarios related to software security. The generation unit can use AI to generate scenarios tailored to the participants' duties and roles. For example, the generation unit can be prompted with "Generate scenarios tailored to the participants' duties and roles," and the generation AI will generate the scenarios. This allows for appropriate exercises by customizing scenarios according to the participants' duties and roles.
[0117] The generation unit can create scenarios that take into account the security requirements of different industries. For example, it can generate security scenarios related to financial transactions for the financial industry, security scenarios related to patient data protection for the healthcare industry, and security scenarios related to manufacturing processes for the manufacturing industry. The generation unit can use AI to generate scenarios that take into account the security requirements of different industries. For example, the generation unit can be prompted with "Generate scenarios that take into account the security requirements of different industries," and the generation AI will generate the scenarios. This allows for appropriate exercises by considering the security requirements of different industries.
[0118] The detection unit can estimate the user's emotions and adjust the vulnerability detection method based on the estimated emotions. For example, if the user is stressed, the detection unit provides a simple vulnerability detection method. If the user is relaxed, the detection unit provides a detailed vulnerability detection method. If the user is excited, the detection unit provides a challenging vulnerability detection method. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for appropriate vulnerability detection by adjusting the vulnerability detection method according to the user's emotions.
[0119] The detection unit can improve its detection accuracy by incorporating new vulnerability information in real time when a vulnerability is discovered. For example, the detection unit can refer to a real-time vulnerability database to incorporate the latest vulnerability information. The detection unit can refer to a real-time security feed to incorporate new vulnerability information. The detection unit can refer to real-time threat intelligence information to improve detection accuracy. The detection unit can use AI to incorporate new vulnerability information in real time to improve detection accuracy. For example, the detection unit can input "Please incorporate new vulnerability information in real time to improve detection accuracy" as a vulnerability detection prompt, and the AI will discover the vulnerability. This allows for improved detection accuracy by incorporating new vulnerability information in real time.
[0120] The detection unit can determine the priority of vulnerability discovery by considering the system configuration and settings when a vulnerability is found. For example, the detection unit can determine the priority of vulnerability discovery based on the system's severity. The detection unit can determine the priority of vulnerability discovery based on the system's settings. The detection unit can determine the priority of vulnerability discovery based on the system's configuration. The detection unit can use AI to determine the priority of vulnerability discovery by considering the system's configuration and settings. For example, the detection unit can input "Please determine the priority of vulnerability discovery by considering the system's configuration and settings" as a vulnerability discovery prompt, and the AI will discover the vulnerability. This makes it possible to discover vulnerabilities appropriately by considering the system's configuration and settings.
[0121] The discovery unit can estimate the user's emotions and adjust how it displays vulnerability findings based on those emotions. For example, if the user is stressed, the discovery unit provides a simple and highly visible display. If the user is relaxed, it provides a display that includes detailed information. If the user is in a hurry, it provides a concise display. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting how vulnerability findings are displayed according to the user's emotions.
[0122] The detection unit can improve its detection accuracy by coordinating with different security tools when a vulnerability is discovered. For example, the detection unit can improve the accuracy of vulnerability detection by coordinating multiple security tools. The detection unit can improve the accuracy of vulnerability detection by integrating the results from different security tools. The detection unit can obtain vulnerability information in real time using the APIs of security tools. The detection unit can improve detection accuracy by coordinating with different security tools using AI. For example, the detection unit can input "Please improve detection accuracy by coordinating with different security tools" as a vulnerability detection prompt, and the AI will find the vulnerability. In this way, detection accuracy can be improved by coordinating with different security tools.
[0123] The detection unit can improve the efficiency of vulnerability discovery by referring to a past vulnerability database when a vulnerability is found. For example, the detection unit can refer to a past vulnerability database to quickly find similar vulnerabilities. The detection unit analyzes a past vulnerability database to improve the efficiency of discovery. The detection unit uses a past vulnerability database to determine the priority of discoveries. The detection unit can use AI to refer to a past vulnerability database to improve the efficiency of discovery. For example, the detection unit can input "Refer to a past vulnerability database to improve the efficiency of discovery" as a vulnerability discovery prompt, and the AI will find the vulnerability. In this way, the efficiency of discovery can be improved by referring to a past vulnerability database.
[0124] The guide unit can estimate the user's emotions and adjust the explanation of the response procedure based on the estimated emotions. For example, if the user is nervous, the guide unit will provide a simple and easy-to-understand explanation. If the user is relaxed, the guide unit will provide an explanation that includes detailed information. If the user is in a hurry, the guide unit will provide an explanation that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the explanation of the response procedure according to the user's emotions.
[0125] The guidance unit can improve the accuracy of its guidance by incorporating new response procedures in real time during the guidance process. For example, the guidance unit can refer to a real-time response procedure database to incorporate the latest response procedures. The guidance unit can refer to a real-time security feed to incorporate new response procedures. The guidance unit can refer to real-time threat intelligence information to improve the accuracy of its guidance. The guidance unit can use AI to incorporate new response procedures in real time to improve the accuracy of its guidance. For example, the guidance unit can input "Improve the accuracy of the guidance by incorporating new response procedures in real time" as a prompt for the response procedure guidance, and the AI will guide the response procedure. This allows for improved guidance accuracy by incorporating new response procedures in real time.
[0126] The guidance unit can determine the priority of the guidance when guiding the response procedure, taking into account the system configuration and settings. For example, the guidance unit can determine the priority of the response procedure based on the importance of the system. The guidance unit can determine the priority of the response procedure based on the system settings. The guidance unit can determine the priority of the response procedure based on the system configuration. The guidance unit can use AI to determine the priority of the response procedure, taking into account the system configuration and settings. For example, the guidance unit can input "Please determine the priority of the response procedure, taking into account the system configuration and settings" as a prompt for the response procedure guidance, and the AI will guide the response procedure. This makes it possible to provide appropriate response procedure guidance by taking into account the system configuration and settings.
[0127] The guide unit can estimate the user's emotions and adjust the display method of the response procedure based on the estimated user emotions. For example, if the user is nervous, the guide unit provides a simple and highly visible display method. If the user is relaxed, the guide unit provides a display method that includes detailed information. If the user is in a hurry, the guide unit provides a display method that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the display method of the response procedure according to the user's emotions.
[0128] The guidance unit can improve the accuracy of its response procedure guidance by coordinating with different security tools. For example, the guidance unit can improve the accuracy of the response procedure guidance by coordinating multiple security tools. The guidance unit can improve the accuracy of the response procedure guidance by integrating the results of different security tools. The guidance unit can obtain response procedure information in real time using the APIs of security tools. The guidance unit can improve the accuracy of its guidance by coordinating with different security tools using AI. For example, the guidance unit can input "Please coordinate with different security tools to improve the accuracy of the guidance" as a prompt for the response procedure guidance, and the AI will guide the response procedure. In this way, the accuracy of the guidance can be improved by coordinating with different security tools.
[0129] The guide unit can improve the efficiency of its guidance by referring to a database of past response procedures during the guidance process. For example, the guide unit can refer to the database of past response procedures and quickly provide similar response procedures. The guide unit can analyze the database of past response procedures to improve the efficiency of its guidance. The guide unit can use the database of past response procedures to determine the priority of the guidance. The guide unit can use AI to refer to the database of past response procedures to improve the efficiency of its guidance. For example, the guide unit can input "Refer to the database of past response procedures to improve the efficiency of the guidance" as a prompt for the response procedure guidance, and the AI will guide the response procedure. In this way, the efficiency of the guidance can be improved by referring to the database of past response procedures.
[0130] The monitoring unit can estimate the user's emotions and adjust the monitoring method based on the estimated emotions. For example, if the user is nervous, the monitoring unit provides a simple and highly visible monitoring method. If the user is relaxed, the monitoring unit provides a monitoring method that includes detailed information. If the user is in a hurry, the monitoring unit provides a concise monitoring method. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the monitoring method according to the user's emotions.
[0131] The monitoring unit can improve accuracy by incorporating new monitoring data in real time during monitoring. For example, the monitoring unit can refer to real-time monitoring data to incorporate the latest information. The monitoring unit can refer to real-time security feeds to incorporate new monitoring data. The monitoring unit can refer to real-time threat intelligence information to improve monitoring accuracy. The monitoring unit can use AI to incorporate new monitoring data in real time to improve accuracy. For example, the monitoring unit can input "Improve accuracy by incorporating new monitoring data in real time" as a monitoring prompt, and the AI will perform the monitoring. This allows for improved monitoring accuracy by incorporating new monitoring data in real time.
[0132] The monitoring unit can determine monitoring priorities by considering the team's composition and roles during monitoring. For example, the monitoring unit can determine monitoring priorities based on the importance of the team. The monitoring unit can determine monitoring priorities based on the team's roles. The monitoring unit can determine monitoring priorities based on the team's composition. The monitoring unit can use AI to determine monitoring priorities by considering the team's composition and roles. For example, the monitoring unit can input "Please determine monitoring priorities by considering the team's composition and roles" as a monitoring prompt, and the AI will perform the monitoring. This enables appropriate monitoring by considering the team's composition and roles.
[0133] The monitoring unit can estimate the user's emotions and adjust the display method of the monitoring results based on the estimated emotions. For example, if the user is tense, the monitoring unit provides a simple and highly visible display method. If the user is relaxed, the monitoring unit provides a display method that includes detailed information. If the user is in a hurry, the monitoring unit provides a display method that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the display method of the monitoring results according to the user's emotions.
[0134] The monitoring unit can improve monitoring accuracy by coordinating with different security tools during monitoring. For example, the monitoring unit can improve monitoring accuracy by coordinating multiple security tools. The monitoring unit can improve monitoring accuracy by integrating results from different security tools. The monitoring unit can acquire monitoring data in real time using the APIs of security tools. The monitoring unit can improve monitoring accuracy by coordinating with different security tools using AI. For example, the monitoring unit can input "Please improve monitoring accuracy by coordinating with different security tools" as a monitoring prompt, and the AI will perform the monitoring. This allows for improved monitoring accuracy by coordinating with different security tools.
[0135] The monitoring unit can improve monitoring efficiency by referring to past monitoring databases during monitoring. For example, the monitoring unit can refer to past monitoring databases and quickly perform similar monitoring. The monitoring unit analyzes past monitoring databases to improve monitoring efficiency. The monitoring unit uses past monitoring databases to determine monitoring priorities. The monitoring unit can use AI to refer to past monitoring databases and improve monitoring efficiency. For example, the monitoring unit can input "Refer to past monitoring databases to improve monitoring efficiency" as a monitoring prompt, and the AI will perform the monitoring. This allows for improved monitoring efficiency by referring to past monitoring databases.
[0136] The advice unit can estimate the user's emotions and adjust its advice based on those emotions. For example, if the user is nervous, the advice unit will provide simple and easy-to-understand advice. If the user is relaxed, the advice unit will provide advice with more detailed information. If the user is in a hurry, the advice unit will provide concise advice. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting the advice method according to the user's emotions.
[0137] The advisory unit can improve the accuracy of its advice by incorporating new strategic information in real time. For example, the advisory unit can refer to real-time strategic information to provide the latest advice. The advisory unit can refer to real-time security feeds to incorporate new strategic information. The advisory unit can refer to real-time threat intelligence information to improve the accuracy of its advice. The advisory unit can use AI to incorporate new strategic information in real time to improve the accuracy of its advice. For example, the advisory unit can input "Please incorporate new strategic information in real time to improve the accuracy of the advice" as an advice prompt, and the AI will provide advice. This allows the accuracy of the advice to be improved by incorporating new strategic information in real time.
[0138] The advice unit can prioritize advice by considering the team's composition and roles when providing advice. For example, the advice unit can prioritize advice based on the importance of the team. The advice unit can prioritize advice based on the team's roles. The advice unit can prioritize advice based on the team's composition. The advice unit can use AI to prioritize advice by considering the team's composition and roles. For example, the advice unit can input "Please prioritize advice by considering the team's composition and roles" as an advice prompt, and the AI will provide advice. This allows for appropriate advice by considering the team's composition and roles.
[0139] The advice section can estimate the user's emotions and adjust how advice is displayed based on those emotions. For example, if the user is nervous, the advice section provides a simple and highly visible display. If the user is relaxed, the advice section provides a display that includes detailed information. If the user is in a hurry, the advice section provides a concise display. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting how advice is displayed according to the user's emotions.
[0140] The advisory unit can improve the accuracy of its advice by coordinating with different security tools during the advice-giving process. For example, the advisory unit can improve the accuracy of its advice by coordinating multiple security tools. The advisory unit can improve the accuracy of its advice by integrating the results of different security tools. The advisory unit can obtain advice information in real time using the APIs of security tools. The advisory unit can improve the accuracy of its advice by coordinating with different security tools using AI. For example, the advisory unit can input "Improve the accuracy of advice by coordinating with different security tools" as an advice prompt, and the AI will provide advice. This allows for improved advice accuracy by coordinating with different security tools.
[0141] The advice unit can improve the efficiency of its advice by referring to a database of past advice. For example, the advice unit can refer to the database of past advice and quickly provide similar advice. The advice unit analyzes the database of past advice to improve the efficiency of its advice. The advice unit uses the database of past advice to determine the priority of advice. The advice unit can use AI to refer to the database of past advice to improve the efficiency of its advice. For example, the advice unit can input "Refer to the database of past advice to improve the efficiency of the advice" as an advice prompt, and the AI will provide advice. This allows the advice unit to improve the efficiency of its advice by referring to the database of past advice.
[0142] The analysis unit can estimate the user's emotions and adjust the analysis method based on the estimated emotions. For example, if the user is nervous, the analysis unit provides a simple and easy-to-understand analysis method. If the user is relaxed, the analysis unit provides an analysis method that includes detailed information. If the user is in a hurry, the analysis unit provides a concise analysis method. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting the analysis method according to the user's emotions.
[0143] The analysis department can improve accuracy by incorporating new analysis data in real time during analysis. For example, the analysis department can refer to real-time analysis data to incorporate the latest information. The analysis department can refer to real-time security feeds to incorporate new analysis data. The analysis department can refer to real-time threat intelligence information to improve the accuracy of the analysis. The analysis department can use AI to incorporate new analysis data in real time to improve accuracy. For example, the analysis department can input "Improve accuracy by incorporating new analysis data in real time" as an analysis prompt, and the AI will perform the analysis. This allows for improved analysis accuracy by incorporating new analysis data in real time.
[0144] The analysis unit can prioritize analyses by considering the skill levels of the participants. For example, the analysis unit can prioritize analyses based on the participants' skill levels, their roles, or their past performance. The analysis unit can also use AI to prioritize analyses by considering the skill levels of the participants. For example, the analysis unit can input "Please prioritize analyses by considering the skill levels of the participants" as an analysis prompt, and the AI will perform the analysis. This allows for more appropriate analysis by taking the participants' skill levels into account.
[0145] The analysis unit can estimate the user's emotions and adjust the display method of the analysis results based on the estimated emotions. For example, if the user is nervous, the analysis unit provides a simple and highly visible display method. If the user is relaxed, the analysis unit provides a display method that includes detailed information. If the user is in a hurry, the analysis unit provides a display method that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the display method of the analysis results according to the user's emotions.
[0146] The analysis department can improve the accuracy of its analysis by integrating with different security tools during the analysis process. For example, the analysis department can improve the accuracy of its analysis by integrating multiple security tools. The analysis department can improve the accuracy of its analysis by integrating the results from different security tools. The analysis department can obtain analysis data in real time using the APIs of security tools. The analysis department can improve the accuracy of its analysis by using AI to integrate with different security tools. For example, the analysis department can input "Improve the accuracy of the analysis by integrating with different security tools" as an analysis prompt, and the AI will perform the analysis. This allows for improved accuracy of the analysis by integrating with different security tools.
[0147] The analysis department can improve the efficiency of analysis by referring to past analysis databases during the analysis process. For example, the analysis department can refer to past analysis databases and perform similar analyses quickly. The analysis department analyzes past analysis databases to improve the efficiency of analysis. The analysis department uses past analysis databases to determine analysis priorities. The analysis department can use AI to refer to past analysis databases and improve the efficiency of analysis. For example, the analysis department can input "Refer to past analysis databases to improve the efficiency of analysis" as an analysis prompt, and the AI will perform the analysis. In this way, the efficiency of analysis can be improved by referring to past analysis databases.
[0148] The report generation unit can estimate the user's emotions and adjust the report content based on the estimated emotions. For example, if the user is stressed, the report generation unit will provide a simple and easy-to-read report. If the user is relaxed, the report generation unit will provide a report with detailed information. If the user is in a hurry, the report generation unit will provide a report that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the report content according to the user's emotions.
[0149] The report generation unit can improve accuracy by incorporating new report data in real time during report generation. For example, the report generation unit can refer to real-time report data to incorporate the latest information. The report generation unit can refer to real-time security feeds to incorporate new report data. The report generation unit can refer to real-time threat intelligence information to improve report accuracy. The report generation unit can use AI to incorporate new report data in real time to improve accuracy. For example, the report generation unit can input "Please incorporate new report data in real time to improve accuracy" as a prompt for report generation, and the AI will generate the report. This allows for improved report accuracy by incorporating new report data in real time.
[0150] The report generation unit can prioritize reports by considering the skill levels of the participants during report generation. For example, the report generation unit can prioritize reports based on the participants' skill levels, their roles, or their past performance. The report generation unit can also use AI to prioritize reports by considering the skill levels of the participants. For example, the report generation unit can receive the prompt "Please prioritize reports by considering the skill levels of the participants," and the AI will generate the reports. This ensures that appropriate reports are generated by considering the skill levels of the participants.
[0151] The report generation unit can estimate the user's emotions and adjust the report display method based on the estimated emotions. For example, if the user is stressed, the report generation unit provides a simple and highly visible display method. If the user is relaxed, the report generation unit provides a display method that includes detailed information. If the user is in a hurry, the report generation unit provides a concise display method. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the report display method according to the user's emotions.
[0152] The report generation unit can improve the accuracy of reports by coordinating with different security tools during report generation. For example, the report generation unit can improve report accuracy by coordinating multiple security tools. The report generation unit can improve report accuracy by integrating results from different security tools. The report generation unit can obtain report data in real time using the APIs of security tools. The report generation unit can improve report accuracy by coordinating with different security tools using AI. For example, the report generation unit can input "Improve report accuracy by coordinating with different security tools" as a prompt for report generation, and the AI will generate the report. This allows for improved report accuracy by coordinating with different security tools.
[0153] The report generation unit can improve report efficiency by referencing a database of past reports during report generation. For example, the report generation unit can refer to a database of past reports and quickly generate similar reports. The report generation unit analyzes a database of past reports to improve report efficiency. The report generation unit uses a database of past reports to determine report priorities. The report generation unit can use AI to refer to a database of past reports and improve report efficiency. For example, the report generation unit can input "Refer to a database of past reports to improve report efficiency" as a prompt for report generation, and the AI will generate the report. This allows for improved report efficiency by referencing a database of past reports.
[0154] The attack unit can estimate the user's emotions and adjust the dummy attack method based on the estimated emotions. For example, if the user is nervous, the attack unit will provide a simple and highly visible dummy attack. If the user is relaxed, the attack unit will provide a dummy attack with detailed information. If the user is in a hurry, the attack unit will provide a dummy attack that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting the dummy attack method according to the user's emotions.
[0155] The attack unit can improve accuracy by incorporating new attack methods in real time during dummy attacks. For example, the attack unit can refer to real-time attack method data to incorporate the latest information. The attack unit can refer to real-time security feeds to incorporate new attack methods. The attack unit can refer to real-time threat intelligence information to improve the accuracy of attacks. The attack unit can use AI to incorporate new attack methods in real time to improve accuracy. For example, the attack unit can input "Improve accuracy by incorporating new attack methods in real time" as a prompt for a dummy attack, and the AI will carry out the attack. This allows for improved attack accuracy by incorporating new attack methods in real time.
[0156] The attack unit can determine attack priorities during a dummy attack by considering the skill levels of the participants. For example, the attack unit can determine attack priorities based on the participants' skill levels. The attack unit can determine attack priorities based on the participants' roles. The attack unit can determine attack priorities based on the participants' past performance. The attack unit can use AI to determine attack priorities by considering the skill levels of the participants. For example, the attack unit can input "Please determine attack priorities considering the skill levels of the participants" as a prompt for a dummy attack, and the AI will perform the attack. This allows for appropriate attacks by considering the skill levels of the participants.
[0157] The attack unit can estimate the user's emotions and adjust how the dummy attack is displayed based on the estimated emotions. For example, if the user is tense, the attack unit provides a simple and highly visible display. If the user is relaxed, the attack unit provides a display that includes detailed information. If the user is in a hurry, the attack unit provides a display that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting how the dummy attack is displayed according to the user's emotions.
[0158] The attack unit can improve the accuracy of its attacks by coordinating with different security tools during dummy attacks. For example, the attack unit can improve the accuracy of its attacks by coordinating multiple security tools. The attack unit can improve the accuracy of its attacks by integrating the results of different security tools. The attack unit can obtain attack data in real time using the APIs of security tools. The attack unit can improve the accuracy of its attacks by coordinating with different security tools using AI. For example, the attack unit can input "Please improve the accuracy of the attack by coordinating with different security tools" as a prompt for a dummy attack, and the AI will carry out the attack. This allows the attack to improve its accuracy by coordinating with different security tools.
[0159] The attack unit can improve the efficiency of its attacks by referring to a database of past attacks during dummy attacks. For example, the attack unit can refer to the database of past attacks and quickly execute a similar attack. The attack unit analyzes the database of past attacks to improve the efficiency of its attacks. The attack unit uses the database of past attacks to determine attack priorities. The attack unit can use AI to refer to the database of past attacks and improve the efficiency of its attacks. For example, the attack unit can input "Refer to the database of past attacks to improve the efficiency of the attack" as a prompt for a dummy attack, and the AI will execute the attack. In this way, the efficiency of the attack can be improved by referring to the database of past attacks.
[0160] The support unit can estimate the user's emotions and adjust its support methods based on those emotions. For example, if the user is nervous, the support unit provides simple and easily understandable support methods. If the user is relaxed, the support unit provides support methods that include detailed information. If the user is in a hurry, the support unit provides concise support methods. Emotion estimation is achieved using emotion estimation functions, such as emotion engines or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This allows for the provision of appropriate information by adjusting support methods according to the user's emotions.
[0161] The support department can improve accuracy by incorporating new support data in real time during support. For example, the support department can refer to real-time support data to incorporate the latest information. The support department can refer to real-time security feeds to incorporate new support data. The support department can refer to real-time threat intelligence information to improve the accuracy of support. The support department can use AI to incorporate new support data in real time to improve accuracy. For example, the support department can input "Please incorporate new support data in real time to improve accuracy" as a support prompt, and the AI will provide support. This allows for improved support accuracy by incorporating new support data in real time.
[0162] The support department can prioritize support by considering the skill level of the participants. For example, the support department can prioritize support based on the participant's skill level, the participant's role, or the participant's past performance. The support department can also use AI to prioritize support by considering the participant's skill level. For example, the support department can input "Please prioritize support considering the participant's skill level" as a support prompt, and the AI will provide the support. This allows for appropriate support by considering the participant's skill level.
[0163] The support unit can estimate the user's emotions and adjust the display method of the support results based on the estimated emotions. For example, if the user is nervous, the support unit provides a simple and highly visible display method. If the user is relaxed, the support unit provides a display method that includes detailed information. If the user is in a hurry, the support unit provides a display method that gets straight to the point. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. This makes it possible to provide appropriate information by adjusting the display method of the support results according to the user's emotions.
[0164] The support department can improve the accuracy of support by coordinating with different security tools during support. For example, the support department can improve the accuracy of support by coordinating multiple security tools. The support department can improve the accuracy of support by integrating the results of different security tools. The support department can obtain support data in real time using the APIs of security tools. The support department can improve the accuracy of support by coordinating with different security tools using AI. For example, the support department can input "Please improve the accuracy of support by coordinating with different security tools" as a support prompt, and the AI will provide support. This allows for improved support accuracy by coordinating with different security tools.
[0165] The support department can improve the efficiency of support by referring to a database of past support activities. For example, the support department can refer to the database of past support activities and quickly provide similar support. The support department can analyze the database of past support activities to improve the efficiency of support. The support department can use the database of past support activities to determine the priority of support activities. The support department can use AI to refer to the database of past support activities and improve the efficiency of support. For example, the support department can input "Please refer to the database of past support activities to improve the efficiency of support activities" as a support prompt, and the AI will provide the support. In this way, the efficiency of support activities can be improved by referring to the database of past support activities.
[0166] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.
[0167] The generation unit can customize scenarios by referencing participants' past behavioral history during scenario generation. For example, the generation unit can analyze attack and defense methods previously used by participants and generate new scenarios based on that analysis. This allows participants to receive exercises based on their past actions, enabling them to acquire more practical skills. The generation unit can also provide scenarios to strengthen specific weaknesses based on participants' behavioral history. For example, if a participant was vulnerable to a particular attack method in the past, it can generate a scenario to strengthen their defenses against that method. Furthermore, the generation unit can provide scenarios that promote team collaboration based on participants' behavioral history. For example, it can recreate scenarios in which team members have previously collaborated successfully, thereby strengthening team coordination. This allows participants to receive more effective training by leveraging their past behavioral history.
[0168] The vulnerability detection unit can estimate the user's emotions when discovering vulnerabilities and adjust the priority of discoveries based on those emotions. For example, if the user is stressed, the detection unit will prioritize discovering simpler vulnerabilities to reduce the user's burden. If the user is relaxed, the detection unit will prioritize discovering more complex vulnerabilities to promote skill improvement. Furthermore, if the user is excited, the detection unit will perform a balanced vulnerability discovery to maintain the user's motivation. This enables vulnerability discovery tailored to the user's emotions and provides appropriate training.
[0169] The guidance unit can estimate the user's emotions during the response procedure guidance and adjust the guidance method based on the estimated emotions. For example, if the user is nervous, the guidance unit will provide a simple and easy-to-understand guide to reduce the user's burden. If the user is relaxed, the guidance unit will provide a guide with detailed information to deepen the user's understanding. Furthermore, if the user is in a hurry, the guidance unit will provide a concise guide to support a quick response. This enables response procedure guidance that is tailored to the user's emotions, ensuring that appropriate information is provided.
[0170] The monitoring department can improve the accuracy of monitoring by coordinating with different security tools when monitoring team activities in real time. For example, the monitoring department can link multiple security tools and integrate the results of each tool to monitor team activities. This improves the accuracy of monitoring and allows for a more precise understanding of team activities. The monitoring department can also use the APIs of security tools to obtain monitoring data in real time. This allows for monitoring team activities based on the latest information and enables a rapid response. Furthermore, the monitoring department can analyze the results of different security tools and propose the optimal monitoring method. This allows for effective monitoring of team activities and the formulation of appropriate defense strategies.
[0171] The advice unit can estimate the user's emotions and adjust the content of the advice based on those emotions. For example, if the user is stressed, the advice unit will provide simple, easy-to-understand advice to reduce the user's burden. If the user is relaxed, the advice unit will provide advice with more detailed information to deepen the user's understanding. Furthermore, if the user is in a hurry, the advice unit will provide concise advice to support a quick response. This enables advice tailored to the user's emotions, ensuring that appropriate information is provided.
[0172] The analysis department can improve the efficiency of its analysis by referring to past analysis databases when analyzing exercise data. For example, the analysis department can refer to past exercise data to quickly identify similar patterns. This improves the efficiency of the analysis and enables a quicker response. The analysis department can also evaluate each participant's performance based on past data and identify areas for future improvement. Furthermore, the analysis department can propose response procedures for specific vulnerabilities based on past data. This improves the efficiency of the analysis and enables an appropriate response.
[0173] The report generation unit can estimate the user's emotions and adjust the report content based on those estimates. For example, if the user is stressed, the report generation unit provides a simple and easy-to-read report to reduce the user's burden. If the user is relaxed, the report generation unit provides a report with detailed information to deepen the user's understanding. Furthermore, if the user is in a hurry, the report generation unit provides a concise report to support a quick response. This enables reports tailored to the user's emotions, ensuring that appropriate information is provided.
[0174] The attack team can improve the accuracy of dummy attacks by incorporating new attack methods in real time. For example, the attack team can refer to real-time attack method data and conduct dummy attacks based on the latest information. This improves the accuracy of the attacks and enables more realistic exercises. The attack team can also refer to real-time security feeds and incorporate new attack methods. This allows for dummy attacks that address the latest threats and improves the skills of participants. Furthermore, the attack team can refer to real-time threat intelligence information to improve the accuracy of the attacks. This allows for more effective dummy attacks and enhances the learning effect for participants.
[0175] The support team can estimate the user's emotions and adjust the support method based on those estimates. For example, if the user is stressed, the support team provides simple, easy-to-understand support to reduce the user's burden. If the user is relaxed, the support team provides support that includes detailed information to deepen the user's understanding. Furthermore, if the user is in a hurry, the support team provides concise support to facilitate a quick response. This enables support that is tailored to the user's emotions and ensures that appropriate information is provided.
[0176] The generation unit can create realistic attack scenarios by incorporating specific threat intelligence information during scenario generation. For example, it can generate scenarios that closely resemble real cyberattacks based on the latest threat intelligence information. This allows participants to receive exercises that address the latest threats and acquire practical skills. The generation unit can also incorporate threat information related to specific industries and generate attack scenarios tailored to those industries. For example, it can generate attack scenarios related to financial transactions for the financial industry and attack scenarios related to patient data protection for the healthcare industry. Furthermore, the generation unit can generate scenarios using similar methods based on past cyberattack cases. This allows participants to learn real-world attack methods and develop effective defense strategies.
[0177] The following briefly describes the processing flow for example form 2.
[0178] Step 1: The generation unit generates scenarios. The generation unit can dynamically generate scenarios using, for example, AI, and can generate scenarios tailored to the participants' skill levels. For example, it can generate basic attack scenarios for beginners and complex attack scenarios for advanced users. Step 2: The discovery unit discovers vulnerabilities based on the scenarios generated by the generation unit. For example, the discovery unit can discover vulnerabilities in a simulation environment, scan the system for vulnerabilities using AI, and identify the discovered vulnerabilities. Step 3: The guide unit guides the user through the steps to address the vulnerabilities discovered by the discovery unit. For example, the guide unit can present the steps to address the discovered vulnerabilities and use AI to guide the user through the appropriate steps. Step 4: The monitoring unit monitors the team's activities based on the response procedures guided by the guiding unit. The monitoring unit can, for example, monitor the team's actions in real time and use AI to monitor the team's activities. Step 5: The advisory department provides strategic advice based on the activities monitored by the monitoring department. For example, the advisory department can propose the optimal strategy and provide strategic advice using AI. Step 6: The analysis department analyzes the exercise performance based on the strategies advised by the advice department. For example, the analysis department can analyze the exercise data, evaluate the performance of each participant, and use AI to analyze the exercise performance. Step 7: The report generation unit generates a cyberattack analysis report based on the performance analyzed by the analysis unit. The report generation unit can, for example, generate a cyberattack analysis report, and can also generate a cyberattack analysis report using AI. Step 8: The attack unit executes a dummy attack based on the report generated by the report generation unit. The attack unit can, for example, execute a dummy attack, or it can execute a dummy attack using AI. Step 9: The support team assists beginners based on the dummy attacks conducted by the attack team. For example, the support team can conduct simple attack scenarios for beginners, guide them through appropriate response procedures, and use AI to assist them.
[0179] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.
[0180] Data generation model 58 is a form of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> Examples of generative AI include text generation AI, image generation AI, and multimodal generation AI. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats from audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVMs), k-means clustering, convolutional neural networks (CNNs), recurrent neural networks (RNNs), generative adversarial networks (GANs), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each of the above parts is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example.Furthermore, processing performed by AI, including generative AI, may be replaced with rule-based processing, and rule-based processing may be replaced with processing performed by AI, including generative AI.
[0181] Furthermore, the processing performed by the data processing system 10 described above is carried out by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart device 14, but it may also be carried out by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart device 14. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart device 14 or an external device, and the smart device 14 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0182] Each of the multiple elements described above, including the generation unit, discovery unit, guide unit, monitoring unit, advice unit, analysis unit, report generation unit, attack unit, and support unit, is implemented in at least one of the smart device 14 and the data processing unit 12. For example, the generation unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing unit 12. The discovery unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing unit 12. The guide unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing unit 12. The monitoring unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing unit 12. The advice unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing unit 12. The analysis unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing unit 12. The report generation unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing device 12. The attack unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing device 12. The support unit is implemented by the control unit 46A of the smart device 14 or the specific processing unit 290 of the data processing device 12. The correspondence between each unit and the device or control unit is not limited to the example described above and can be changed in various ways.
[0183] [Second Embodiment] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.
[0184] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.
[0185] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0186] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.
[0187] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0188] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0189] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0190] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing by the processor 28. The storage 32 stores the specific processing program 56.
[0191] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0192] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0193] In the smart glasses 214, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart glasses 214 also have a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0194] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0195] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0196] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0197] The data processing system 210 according to the second embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 210 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart glasses 214, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart glasses 214. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart glasses 214 or an external device, and the smart glasses 214 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0198] Each of the multiple elements described above, including the generation unit, discovery unit, guide unit, monitoring unit, advice unit, analysis unit, report generation unit, attack unit, and support unit, is implemented by, for example, at least one of the smart glasses 214 and the data processing unit 12. For example, the generation unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing unit 12. The discovery unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing unit 12. The guide unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing unit 12. The monitoring unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing unit 12. The advice unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing unit 12. The analysis unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing unit 12. The report generation unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing device 12. The attack unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing device 12. The support unit is implemented by the control unit 46A of the smart glasses 214 or the specific processing unit 290 of the data processing device 12. The correspondence between each unit and the device or control unit is not limited to the example described above and can be modified in various ways.
[0199] [Third Embodiment] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.
[0200] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.
[0201] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0202] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.
[0203] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0204] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0205] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0206] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0207] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0208] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0209] In the headset terminal 314, specific processing is performed by the processor 46. The storage 50 stores a specific program 60. The processor 46 reads the specific program 60 from the storage 50 and executes the read specific program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific program 60 executed on the RAM 48. The headset terminal 314 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0210] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0211] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0212] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0213] The data processing system 310 according to the third embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 310 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the headset terminal 314, but may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the headset terminal 314. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the headset terminal 314 or an external device, and the headset terminal 314 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0214] Each of the multiple elements described above, including the generation unit, discovery unit, guide unit, monitoring unit, advice unit, analysis unit, report generation unit, attack unit, and support unit, is implemented by at least one of the headset terminal 314 and the data processing unit 12. For example, the generation unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing unit 12. The discovery unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing unit 12. The guide unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing unit 12. The monitoring unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing unit 12. The advice unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing unit 12. The analysis unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing unit 12. The report generation unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing device 12. The attack unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing device 12. The support unit is implemented by the control unit 46A of the headset terminal 314 or the specific processing unit 290 of the data processing device 12. The correspondence between each unit and the device or control unit is not limited to the example described above and can be modified in various ways.
[0215] [Fourth Embodiment] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.
[0216] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.
[0217] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0218] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.
[0219] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0220] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS image sensor or CCD image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0221] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0222] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. The robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.
[0223] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0224] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0225] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0226] In robot 414, specific processing is performed by processor 46. A specific program 60 is stored in storage 50. Processor 46 reads the specific program 60 from storage 50 and executes it on RAM 48. The specific processing is achieved by processor 46 acting as a control unit 46A according to the specific program 60 executed on RAM 48. Robot 414 also has data generation model 58 and emotion identification model 59, similar to those of the robot, and can perform processing similar to that of the specific processing unit 290 using these models.
[0227] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0228] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0229] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0230] The data processing system 410 according to the fourth embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 410 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the robot 414, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the robot 414. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the robot 414 or an external device, and the robot 414 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0231] Each of the multiple elements described above, including the generation unit, discovery unit, guide unit, monitoring unit, advice unit, analysis unit, report generation unit, attack unit, and support unit, is implemented by, for example, at least one of the robot 414 and the data processing unit 12. For example, the generation unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing unit 12. The discovery unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing unit 12. The guide unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing unit 12. The monitoring unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing unit 12. The advice unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing unit 12. The analysis unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing unit 12. The report generation unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing device 12. The attack unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing device 12. The support unit is implemented by the control unit 46A of the robot 414 or the specific processing unit 290 of the data processing device 12. The correspondence between each unit and the devices and control units is not limited to the example described above and can be modified in various ways.
[0232] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.
[0233] Figure 9 shows the emotion map 400, in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.
[0234] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.
[0235] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.
[0236] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, and motorcycles, emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated based, for example, on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.
[0237] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."
[0238] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.
[0239] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing method for the specific process may be used, which includes computer 22 and multiple other computers.
[0240] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.
[0241] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.
[0242] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.
[0243] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.
[0244] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.
[0245] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.
[0246] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.
[0247] Furthermore, although the above-described examples were divided into four embodiments, some or all of these embodiments may be combined. Also, the smart device 14, smart glasses 214, headset terminal 314, and robot 414 are just examples, and they may be combined, or other devices may be used. Also, although the above-described examples were divided into two embodiments, Embodiment 1 and Embodiment 2, these may be combined.
[0248] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and other things that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.
[0249] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.
[0250] (Note 1) A generation unit that generates scenarios, A discovery unit that discovers vulnerabilities based on the scenarios generated by the generation unit, A guide unit that guides the procedure for addressing vulnerabilities discovered by the discovery unit, A monitoring unit that monitors the team's activities based on the response procedures guided by the aforementioned guide unit, An advisory unit provides strategic advice based on the activities monitored by the aforementioned monitoring unit, An analysis unit analyzes the performance of the exercise based on the strategy advised by the aforementioned advice unit, A report generation unit generates a cyberattack analysis report based on the performance analyzed by the aforementioned analysis unit, An attack unit that carries out a dummy attack based on the report generated by the report generation unit, The system includes a support unit that assists beginners based on a dummy attack carried out by the attack unit. A system characterized by the following features. (Note 2) The generating unit is Generate scenarios tailored to the participants' skill levels. The system described in Appendix 1, characterized by the features described herein. (Note 3) The aforementioned detection unit is Discover vulnerabilities in a simulation environment. The system described in Appendix 1, characterized by the features described herein. (Note 4) The aforementioned guide section is This guide will show you the steps to take to address the vulnerabilities that have been discovered. The system described in Appendix 1, characterized by the features described herein. (Note 5) The monitoring unit, Monitor team activities in real time. The system described in Appendix 1, characterized by the features described herein. (Note 6) The aforementioned advice section, We propose the optimal strategy. The system described in Appendix 1, characterized by the features described herein. (Note 7) The aforementioned analysis unit is Analyze the exercise data and evaluate each participant's performance. The system described in Appendix 1, characterized by the features described herein. (Note 8) The report generation unit, Generate a cyberattack analysis report The system described in Appendix 1, characterized by the features described herein. (Note 9) The aforementioned attack unit, Conduct a dummy attack The system described in Appendix 1, characterized by the features described herein. (Note 10) The aforementioned support unit, Supporting beginners The system described in Appendix 1, characterized by the features described herein. (Note 11) The generating unit is The system estimates the user's emotions and adjusts the difficulty of the scenario based on those emotions. The system described in Appendix 1, characterized by the features described herein. (Note 12) The generating unit is Refer to past exercise data and evolve the scenario according to the participants' skill improvement. The system described in Appendix 1, characterized by the features described herein. (Note 13) The generating unit is During scenario generation, specific threat intelligence information is incorporated to create realistic attack scenarios. The system described in Appendix 1, characterized by the features described herein. (Note 14) The generating unit is The system estimates the user's emotions and selects a scenario theme based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 15) The generating unit is When generating a scenario, customize it according to the participants' job duties and roles. The system according to appendix 1, characterized in that... (Appendix 16) The generation unit creates a scenario considering security requirements of different industries during scenario generation The system according to appendix 1, characterized in that... (Appendix 17) The discovery unit estimates the user's emotion and adjusts the vulnerability discovery method based on the estimated user's emotion The system according to appendix 1, characterized in that... (Appendix 18) The discovery unit incorporates new vulnerability information in real time to improve the discovery accuracy when discovering vulnerabilities The system according to appendix 1, characterized in that... (Appendix 19) The discovery unit determines the discovery priority considering the system configuration and settings when discovering vulnerabilities The system according to appendix 1, characterized in that... (Appendix 20) The discovery unit estimates the user's emotion and adjusts the method of displaying the vulnerability discovery result based on the estimated user's emotion The system according to appendix 1, characterized in that... (Appendix 21) The discovery unit cooperates with different security tools to improve the discovery accuracy when discovering vulnerabilities The system according to appendix 1, characterized in that... (Appendix 22) The discovery unit refers to the past vulnerability database to enhance the discovery efficiency when discovering vulnerabilities The system according to appendix 1, characterized in that... (Appendix 23) The guidance unit estimates the user's emotion and adjusts the method of explaining the response procedure based on the estimated user's emotion The system described in Appendix 1, characterized by the features described herein. (Note 24) The aforementioned guide section is During the process of creating a response procedure guide, we incorporate new procedures in real time to improve the accuracy of the guide. The system described in Appendix 1, characterized by the features described herein. (Note 25) The aforementioned guide section is When creating a troubleshooting guide, the system configuration and settings are taken into consideration when determining the priority of the guide. The system described in Appendix 1, characterized by the features described herein. (Note 26) The aforementioned guide section is The system estimates the user's emotions and adjusts how the response steps are displayed based on those emotions. The system described in Appendix 1, characterized by the features described herein. (Note 27) The aforementioned guide section is When creating a response procedure guide, we integrate it with different security tools to improve the accuracy of the guide. The system described in Appendix 1, characterized by the features described herein. (Note 28) The aforementioned guide section is When creating a response procedure guide, refer to a database of past response procedures to improve the efficiency of the guide. The system described in Appendix 1, characterized by the features described herein. (Note 29) The monitoring unit, We estimate the user's emotions and adjust the monitoring method based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 30) The monitoring unit, During monitoring, new monitoring data is incorporated in real time to improve accuracy. The system described in Appendix 1, characterized by the features described herein. (Note 31) The monitoring unit, When monitoring, determine the monitoring priority considering the team composition and roles. The system according to Appendix 1, characterized by this. (Appendix 32) The monitoring unit Estimates the user's emotion and adjusts the display method of the monitoring result based on the estimated user emotion. The system according to Appendix 1, characterized by this. (Appendix 33) The monitoring unit When monitoring, cooperate with different security tools to improve the accuracy of monitoring. The system according to Appendix 1, characterized by this. (Appendix 34) The monitoring unit When monitoring, refer to the past monitoring database to improve the efficiency of monitoring. The system according to Appendix 1, characterized by this. (Appendix 35) The advice unit Estimates the user's emotion and adjusts the advice method based on the estimated user emotion. The system according to Appendix 1, characterized by this. (Appendix 36) The advice unit When giving advice, incorporate new strategic information in real time to improve the accuracy of advice. The system according to Appendix 1, characterized by this. (Appendix 37) The advice unit When giving advice, determine the advice priority considering the team composition and roles. The system according to Appendix 1, characterized by this. (Appendix 38) The advice unit Estimates the user's emotion and adjusts the display method of advice based on the estimated user emotion. The system according to Appendix 1, characterized by this. (Appendix 39) The aforementioned advice section, When providing advice, we integrate with different security tools to improve the accuracy of the advice. The system described in Appendix 1, characterized by the features described herein. (Note 40) The aforementioned advice section, When giving advice, refer to a database of past advice to improve the efficiency of the advice. The system described in Appendix 1, characterized by the features described herein. (Note 41) The aforementioned analysis unit is It estimates the user's emotions and adjusts the analysis method based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 42) The aforementioned analysis unit is During analysis, new analytical data is incorporated in real time to improve accuracy. The system described in Appendix 1, characterized by the features described herein. (Note 43) The aforementioned analysis unit is When conducting the analysis, prioritize the analysis by considering the skill levels of the participants. The system described in Appendix 1, characterized by the features described herein. (Note 44) The aforementioned analysis unit is It estimates the user's emotions and adjusts how the analysis results are displayed based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 45) The aforementioned analysis unit is During analysis, we integrate with different security tools to improve the accuracy of the analysis. The system described in Appendix 1, characterized by the features described herein. (Note 46) The aforementioned analysis unit is During analysis, referencing past analysis databases improves the efficiency of the analysis. The system described in Appendix 1, characterized by the features described herein. (Note 47) The report generation unit, It estimates the user's emotions and adjusts the report content based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 48) The report generation unit, When generating reports, new report data is incorporated in real time to improve accuracy. The system described in Appendix 1, characterized by the features described herein. (Note 49) The report generation unit, When generating reports, the report prioritization is determined by considering the skill levels of the participants. The system described in Appendix 1, characterized by the features described herein. (Note 50) The report generation unit, It estimates user sentiment and adjusts how reports are displayed based on the estimated user sentiment. The system described in Appendix 1, characterized by the features described herein. (Note 51) The report generation unit, During report generation, we integrate with different security tools to improve the accuracy of the reports. The system described in Appendix 1, characterized by the features described herein. (Note 52) The report generation unit, When generating reports, refer to the past report database to improve report efficiency. The system described in Appendix 1, characterized by the features described herein. (Note 53) The aforementioned attack unit, It estimates the user's emotions and adjusts the dummy attack method based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 54) The aforementioned attack unit, During dummy attacks, new attack methods are incorporated in real time to improve accuracy. The system described in Appendix 1, characterized by the features described herein. (Note 55) The aforementioned attack unit, During dummy attacks, the attack priority is determined by considering the skill level of the participants. The system described in Appendix 1, characterized by the features described herein. (Note 56) The aforementioned attack unit, It estimates the user's emotions and adjusts how dummy attacks are displayed based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 57) The aforementioned attack unit, During dummy attacks, we integrate with different security tools to improve the accuracy of the attacks. The system described in Appendix 1, characterized by the features described herein. (Note 58) The aforementioned attack unit, During dummy attacks, the system references a database of past attacks to improve attack efficiency. The system described in Appendix 1, characterized by the features described herein. (Note 59) The aforementioned support unit, It estimates the user's emotions and adjusts the support method based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 60) The aforementioned support unit, During support, new support data is incorporated in real time to improve accuracy. The system described in Appendix 1, characterized by the features described herein. (Note 61) The aforementioned support unit, When providing support, we prioritize assistance based on the participants' skill levels. The system described in Appendix 1, characterized by the features described herein. (Note 62) The aforementioned support unit, The system estimates the user's emotions and adjusts how the support results are displayed based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 63) The aforementioned support unit, During support, we integrate with different security tools to improve the accuracy of the support. The system described in Appendix 1, characterized by the features described herein. (Note 64) The aforementioned support unit, When providing support, refer to past support databases to improve the efficiency of the support provided. The system described in Appendix 1, characterized by the features described herein. [Explanation of symbols]
[0251] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots
Claims
1. A generation unit that generates scenarios, A discovery unit that discovers vulnerabilities based on the scenarios generated by the generation unit, A guide unit that guides the procedure for addressing vulnerabilities discovered by the discovery unit, A monitoring unit that monitors the team's activities based on the response procedures guided by the aforementioned guide unit, An advisory unit provides strategic advice based on the activities monitored by the aforementioned monitoring unit, An analysis unit analyzes the performance of the exercise based on the strategy advised by the aforementioned advice unit, A report generation unit generates a cyberattack analysis report based on the performance analyzed by the aforementioned analysis unit, An attack unit that carries out a dummy attack based on the report generated by the report generation unit, The system includes a support unit that assists beginners based on a dummy attack carried out by the attack unit. A system characterized by the following features.
2. The generating unit is Generate scenarios tailored to the participants' skill levels. The system according to feature 1.
3. The aforementioned detection unit is Discover vulnerabilities in a simulation environment. The system according to feature 1.
4. The aforementioned guide section is This guide will show you the steps to take to address the vulnerabilities that have been discovered. The system according to feature 1.
5. The monitoring unit, Monitor team activities in real time. The system according to feature 1.
6. The aforementioned advice section, We propose the optimal strategy. The system according to feature 1.
7. The aforementioned analysis unit is Analyze the exercise data and evaluate each participant's performance. The system according to feature 1.
8. The report generation unit, Generate a cyberattack analysis report The system according to feature 1.