system
The system addresses real-time cyberattack detection and response by integrating AI for rapid threat identification and human oversight, enhancing security measures through AI-human collaboration.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SOFTBANK GROUP CORP
- Filing Date
- 2024-12-18
- Publication Date
- 2026-06-30
AI Technical Summary
Existing systems struggle to detect cyberattacks in real time and implement immediate countermeasures effectively.
A system comprising a learning unit, detection unit, and countermeasure unit that uses AI for real-time threat detection and immediate response, combined with human monitoring for additional measures.
Enables rapid detection and response to cyberattacks, reducing detection time by 50% and improving incident resolution by 40%, while ensuring comprehensive security through AI-human collaboration.
Smart Images

Figure 2026108073000001_ABST
Abstract
Description
Technical Field
[0001] The technology of the present disclosure relates to a system.
Background Art
[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, and includes steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a character of the chatbot, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance as a response to the user utterance.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In the prior art, there was a problem that it was difficult to detect a cyber attack in real time and take immediate countermeasures.
[0005] The system according to the embodiment aims to detect a cyber attack in real time and take immediate countermeasures.
Means for Solving the Problems
[0006] The system according to this embodiment comprises a learning unit, a detection unit, a countermeasure unit, and a monitoring unit. The learning unit learns new threats. The detection unit detects cyberattacks in real time based on the information learned by the learning unit. The countermeasure unit immediately takes countermeasures against attacks detected by the detection unit. The monitoring unit monitors the results of the countermeasures taken by the countermeasure unit and takes additional countermeasures as necessary. [Effects of the Invention]
[0007] The system according to this embodiment can detect cyberattacks in real time and take immediate countermeasures. [Brief explanation of the drawing]
[0008] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10] This shows an emotion map where multiple emotions are mapped. [Modes for carrying out the invention]
[0009] Hereinafter, an example of an embodiment of the system relating to the technology of this disclosure will be described with reference to the attached drawings.
[0010] First, let's explain the terminology used in the following explanation.
[0011] In the following embodiments, the signed processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of multiple arithmetic units. Furthermore, the processor may be a single type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include CPU (Central Processing Unit), GPU (Graphics Processing Unit), GPGPU (General-Purpose computing on Graphics Processing Units), APU (Accelerated Processing Unit), or TPU (Tensor Processing Unit).
[0012] In the following embodiments, signed RAM (Random Access Memory) is a memory that temporarily stores information and is used as work memory by the processor.
[0013] In the following embodiments, the signed storage is one or more non-volatile storage devices that store various programs and various parameters. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes.
[0014] In the following embodiments, the labeled communication I / F (Interface) is an interface including a communication processor, an antenna, and the like. The communication I / F manages communication between a plurality of computers. Examples of communication standards applied to the communication I / F include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).
[0015] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B". That is, "A and / or B" means that it may be only A, only B, or a combination of A and B. Also, in this specification, when expressing three or more matters connected by "and / or", the same concept as "A and / or B" is applied.
[0016] [First Embodiment] FIG. 1 shows an example of the configuration of a data processing system 10 according to the first embodiment.
[0017] As shown in FIG. 1, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.
[0018] The data processing device 12 includes a computer 22, a database 24, and a communication I / F 26. The computer 22 includes a processor 28, a RAM 30, and a storage 32. The processor 28, the RAM 30, and the storage 32 are connected to a bus 34. Also, the database 24 and the communication I / F 26 are connected to the bus 34. The communication I / F 26 is connected to a network 54. Examples of the network 54 include a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0019] The smart device 14 comprises a computer 36, a receiving device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The receiving device 38, output device 40, and camera 42 are also connected to the bus 52.
[0020] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, and accepts user input. The touch panel 38A accepts user input via touch by detecting contact with an object (e.g., a pen or finger). The microphone 38B accepts user input via voice by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 (see Figure 2) acquires the data indicating the user input.
[0021] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user by outputting the data in a form perceptible to the user (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.
[0022] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.
[0023] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.
[0024] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0025] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0026] In the smart device 14, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The specific processing program 60 is used in conjunction with the specific processing program 56 by the data processing system 10. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 operating as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart device 14 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0027] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device (e.g., a generation server) may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device having the data generation model 58. The data processing device 12 may also be a server device or a terminal device owned by a user (e.g., a mobile phone, robot, home appliance, etc.). Next, an example of processing by the data processing system 10 according to the first embodiment will be described.
[0028] (Example of form 1) The security system according to an embodiment of the present invention is a system that can detect cyberattacks in real time using AI and take immediate countermeasures. In this security system, the AI learns new threats using machine learning, detects cyberattacks in real time, and takes immediate countermeasures. In addition, human experts monitor the AI's analysis results and take additional measures as needed. This makes it possible to implement more effective security measures by combining the predictive capabilities of AI with human insight. First, the AI learns new threats using machine learning. This enhances its ability to respond to unknown threats. For example, the AI analyzes past cyberattack data and learns attack patterns. This allows the AI to detect new attack patterns. Next, the AI detects cyberattacks in real time. For example, it monitors network traffic and detects abnormal activity. This can reduce the time to detect attacks by 50%. In response to detected attacks, the AI takes immediate countermeasures. For example, it blocks the IP address of the attacker or isolates the targeted system. This can improve the speed of resolving security incidents by 40%. Furthermore, human experts monitor the AI's analysis results and take additional measures as needed. For example, experts conduct detailed analysis of attacks detected by AI and implement additional defensive measures. This complements the AI's judgment and enables final decision-making. This system is designed to address the cybersecurity threats faced by businesses. It can meet the need for real-time attack detection and rapid response. It also provides a new form of security measure through collaboration between AI and humans, enabling an AI system that undergoes continuous learning and evolution. As a result, the security system can provide more effective security measures by combining the predictive capabilities of AI with human insight.
[0029] The security system according to this embodiment comprises a learning unit, a detection unit, a countermeasure unit, and a monitoring unit. The learning unit learns new threats. The learning unit, for example, analyzes past cyberattack data and learns attack patterns. The learning unit can, for example, use AI to analyze past cyberattack data and learn attack patterns. The detection unit detects cyberattacks in real time based on the information learned by the learning unit. The detection unit, for example, monitors network traffic and detects abnormal activity. The detection unit can, for example, use AI to monitor network traffic and detect abnormal activity. The countermeasure unit takes immediate countermeasures against attacks detected by the detection unit. The countermeasure unit, for example, blocks the IP address of the attacker. The countermeasure unit can, for example, use AI to block the IP address of the attacker. The monitoring unit monitors the results of the countermeasures taken by the countermeasure unit and takes additional countermeasures as necessary. The monitoring unit, for example, monitors the results of the AI analysis and takes additional defensive measures as necessary. The monitoring unit can, for example, use AI to monitor the results of the AI analysis and take additional defensive measures as necessary. As a result, the security system according to this embodiment can provide more effective security measures by combining the predictive capabilities of AI with human insight.
[0030] The learning unit learns about new threats. For example, it analyzes past cyberattack data to learn attack patterns. Specifically, the learning unit collects a vast amount of past cyberattack data and inputs it into an AI algorithm. The AI analyzes this data and extracts attack characteristics and patterns. For example, it identifies attacks concentrated in specific time periods or repeated attacks from specific IP addresses. Furthermore, based on these patterns, the AI can predict new and mutated attack methods. The learning unit regularly updates these learning results to reflect the latest threat information. This ensures that the learning unit is always prepared to respond to the latest attack methods and improves the overall system's defense capabilities. In addition, the learning unit can integrate information from different data sources to perform more comprehensive threat analysis. For example, by combining and analyzing network traffic data, system logs, and user behavior data, it becomes possible to learn attack patterns with greater accuracy. This allows the learning unit to learn about threats from multiple perspectives, without relying on a single data source, and to provide more effective security measures.
[0031] The detection unit detects cyberattacks in real time based on information learned by the learning unit. Specifically, the detection unit monitors network traffic and detects abnormal activity. By using AI, it can quickly identify abnormal traffic that differs from normal traffic patterns. For example, it can detect abnormal data transfers using specific protocols or large-scale data transmissions that deviate from normal usage patterns. The detection unit detects these anomalies in real time and immediately issues alerts. Furthermore, the detection unit can predict new attack methods based on past attack patterns and automatically generate rules to respond to them. This allows the detection unit to respond quickly not only to known attacks but also to unknown attacks. In addition, the detection unit continuously learns and optimizes its detection algorithm to improve the accuracy of anomaly detection. This reduces false positives and enables accurate attack detection. Furthermore, the detection unit can share the results of anomaly detection with other systems to improve the overall security level. For example, it can send the results of anomaly detection to a security information and event management (SIEM) system and integrate with other security measures to achieve more comprehensive security measures.
[0032] The countermeasures unit immediately takes action against attacks detected by the detection unit. Specifically, the countermeasures unit blocks the IP address of the attacker. By using AI, it can quickly analyze the characteristics of the attack and automatically select the optimal countermeasure. For example, if it detects abnormal traffic from a specific IP address, it immediately blocks that IP address with a firewall. Furthermore, the countermeasures unit can take different measures depending on the type of attack. For example, against DDoS attacks, it may restrict traffic and distribute resources, and against phishing attacks, it may quarantine suspicious emails. In addition, the countermeasures unit can monitor the progress of the attack in real time and strengthen countermeasures as needed. For example, if the attack is ongoing, it can take additional defensive measures to ensure the security of the system. The countermeasures unit can also analyze the results of past countermeasures and evaluate their effectiveness to improve the accuracy of future countermeasures. As a result, the countermeasures unit can respond to attacks quickly and effectively and maintain the security of the system.
[0033] The monitoring department monitors the results of countermeasures taken by the countermeasures department and implements additional measures as needed. Specifically, the monitoring department monitors the results of AI analysis and implements additional defensive measures as necessary. For example, if abnormal traffic continues even after the countermeasures department has blocked the IP address of the attacker, the monitoring department will take measures such as blocking additional IP addresses. The monitoring department also evaluates the effectiveness of the countermeasures and provides feedback to improve the accuracy of the countermeasures. For example, if the countermeasures were insufficient, the cause will be analyzed and reflected in the next countermeasures. Furthermore, the monitoring department continuously monitors the security status of the entire system and responds immediately if an anomaly occurs. This allows the monitoring department to maintain the security of the system and enable a rapid response to attacks. In addition, the monitoring department can collect and analyze security incident logs to take preventive measures against future attacks. For example, by predicting specific attack patterns based on past incident logs and taking countermeasures in advance, the damage from attacks can be minimized. This allows the monitoring department to continuously improve the security of the system and provide more effective security measures.
[0034] The learning unit can analyze past cyberattack data and learn attack patterns. For example, the learning unit can analyze past cyberattack data and learn attack patterns. The learning unit can, for example, use AI to analyze past cyberattack data and learn attack patterns. This enhances the ability to respond to unknown threats by analyzing past cyberattack data.
[0035] The detection unit can monitor network traffic and detect abnormal activity. For example, the detection unit can monitor network traffic and detect abnormal activity. For example, the detection unit can use AI to monitor network traffic and detect abnormal activity. This allows for real-time detection of cyberattacks by monitoring network traffic.
[0036] The countermeasures department can block the IP address of the attacker. The countermeasures department can, for example, block the IP address of the attacker. The countermeasures department can, for example, use AI to block the IP address of the attacker. By blocking the IP address of the attacker, the speed of resolving security incidents is improved.
[0037] The countermeasures department can isolate the targeted system. For example, the countermeasures department can isolate the targeted system. For example, the countermeasures department can isolate the targeted system using AI. By isolating the targeted system, the impact of the security incident can be minimized.
[0038] The monitoring unit can monitor the AI's analysis results and take additional defensive measures as needed. For example, the monitoring unit can use AI to monitor the AI's analysis results and take additional defensive measures as needed. This allows the monitoring unit to complement the AI's judgments and make final decisions by monitoring the AI's analysis results.
[0039] The learning unit can learn not only from past cyberattack data but also from real-time threat intelligence information. For example, the learning unit can learn the latest attack methods based on threat intelligence information collected in real time. For example, the learning unit can learn more accurate attack patterns by combining past cyberattack data with real-time threat intelligence information. For example, the learning unit can periodically update real-time threat intelligence information and incorporate it as learning data. This allows it to respond to the latest attack methods by incorporating real-time threat intelligence information.
[0040] The learning unit can compare and analyze cyberattack data from different industries and regions, and learn attack patterns specific to those industries or regions. For example, the learning unit can compare cyberattack data from different industries to learn attack patterns specific to a particular industry. For example, the learning unit can compare cyberattack data from different regions to learn attack patterns specific to a particular region. For example, the learning unit can integrate cyberattack data from different industries and regions to learn comprehensive attack patterns. This allows for more accurate security measures by learning attack patterns specific to particular industries or regions.
[0041] The learning unit can incorporate not only cyberattack data but also physical security incident data for learning. For example, the learning unit can combine cyberattack data and physical security incident data to learn comprehensive security measures. For example, the learning unit can learn how to detect early signs of cyberattacks based on physical security incident data. For example, the learning unit can integrate cyberattack data and physical security incident data to learn interrelated attack patterns. This enables comprehensive security measures by incorporating physical security incident data.
[0042] The learning unit can combine different AI algorithms to increase the diversity of learning. For example, the learning unit can combine different AI algorithms to learn more accurate attack patterns. For example, the learning unit can use different AI algorithms to increase the diversity of training data. For example, the learning unit can combine different AI algorithms to improve the efficiency of learning. As a result, combining different AI algorithms improves the accuracy and efficiency of learning.
[0043] The detection unit can detect anomalies by monitoring not only network traffic but also endpoint behavior. For example, the detection unit can detect anomalies by combining network traffic and endpoint behavior. For example, the detection unit can monitor endpoint behavior to detect network traffic anomalies early. For example, the detection unit can integrate network traffic and endpoint behavior to perform comprehensive anomaly detection. This allows for more comprehensive anomaly detection by also monitoring endpoint behavior.
[0044] The detection unit can learn normal network activity patterns at different times of day and on different days of the week, and detect anomalies based on that. For example, the detection unit can learn network activity patterns at different times of day and on different days of the week and detect anomalies. For example, the detection unit can detect abnormal activity early based on normal network activity patterns. For example, the detection unit can integrate network activity patterns at different times of day and on different days of the week to perform comprehensive anomaly detection. This allows for early detection of abnormal activity by learning normal network activity patterns.
[0045] The detection unit can also monitor data from cloud environments and IoT devices. For example, the detection unit can monitor data from cloud environments and detect anomalies. For example, the detection unit can monitor data from IoT devices and detect anomalies. For example, the detection unit can integrate data from cloud environments and IoT devices to perform comprehensive anomaly detection. This enables comprehensive anomaly detection by monitoring data from cloud environments and IoT devices.
[0046] The detection unit can collaborate with different security tools and platforms to share information and detect anomalies. For example, the detection unit can collaborate with different security tools to detect anomalies. The detection unit can share information with different platforms to detect anomalies. For example, the detection unit can integrate information from security tools and platforms to perform comprehensive anomaly detection. This improves the accuracy of anomaly detection by collaborating with different security tools and platforms.
[0047] The countermeasures unit can block not only the IP address of the attacker, but also the domain and URL of the attacker. For example, the countermeasures unit can block the IP address of the attacker to prevent the attack. For example, the countermeasures unit can block the domain of the attacker to prevent the attack. For example, the countermeasures unit can block the URL of the attacker to prevent the attack. By blocking the domain and URL of the attacker, a more comprehensive countermeasure becomes possible.
[0048] The countermeasures unit can not only isolate the targeted system but also automatically collect and analyze the logs of the targeted system. For example, the countermeasures unit can isolate the targeted system and prevent the attack. For example, the countermeasures unit can automatically collect logs from the targeted system and analyze the details of the attack. For example, the countermeasures unit can analyze the logs of the targeted system and prepare for future attacks. In this way, by collecting and analyzing the logs of the targeted system, it is possible to understand the details of the attack and prepare for future attacks.
[0049] The countermeasures unit can not only block the IP address of the attacker, but also set traps against the IP address of the attacker. For example, the countermeasures unit can block the IP address of the attacker to prevent the attack. For example, the countermeasures unit can set traps against the IP address of the attacker to identify the attacker. For example, the countermeasures unit can set traps against the IP address of the attacker to analyze the details of the attack. In this way, by setting traps against the IP address of the attacker, it is possible to identify the attacker and analyze the details of the attack.
[0050] The countermeasure unit can not only isolate the targeted system but also automatically create backups of the targeted system. For example, the countermeasure unit can isolate the targeted system and prevent the attack. For example, the countermeasure unit can automatically create backups of the targeted system and prevent data loss. For example, the countermeasure unit can create backups of the targeted system and quickly recover after the attack. In this way, by creating backups of the targeted system, data loss can be prevented and recovery after the attack can be quickly carried out.
[0051] The monitoring unit can integrate and monitor not only the analysis results of AI but also the analysis results of other security tools. For example, the monitoring unit can integrate the analysis results of AI and other security tools to perform comprehensive monitoring. For example, the monitoring unit can supplement the analysis results of AI based on the analysis results of other security tools. For example, the monitoring unit can combine the analysis results of AI and other security tools to detect anomalies at an early stage. This enables comprehensive monitoring by integrating the analysis results of other security tools.
[0052] The monitoring unit can learn the normal system behavior at different times of day and on different days of the week, and monitor for anomalies based on that learning. For example, the monitoring unit can learn the system behavior at different times of day and on different days of the week and monitor for anomalies. For example, the monitoring unit can detect abnormal behavior early based on normal system behavior. For example, the monitoring unit can integrate the system behavior at different times of day and on different days of the week to perform comprehensive anomaly monitoring. This allows for early detection of abnormal behavior by learning normal system behavior.
[0053] The monitoring unit can also monitor data from cloud environments and IoT devices. For example, the monitoring unit can monitor data from cloud environments and detect anomalies. For example, the monitoring unit can monitor data from IoT devices and detect anomalies. For example, the monitoring unit can integrate data from cloud environments and IoT devices to perform comprehensive anomaly monitoring. This enables comprehensive anomaly monitoring by monitoring data from cloud environments and IoT devices.
[0054] The monitoring unit can collaborate with different security tools and platforms to share information and monitor for anomalies. For example, the monitoring unit can collaborate with different security tools to monitor for anomalies. The monitoring unit can, for example, share information with different platforms to monitor for anomalies. The monitoring unit can, for example, integrate information from security tools and platforms to perform comprehensive anomaly monitoring. This improves the accuracy of anomaly monitoring by collaborating with different security tools and platforms.
[0055] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.
[0056] Security systems can also include a predictive unit. This unit can predict future attack patterns based on historical cyberattack data and real-time threat intelligence. For example, it can analyze historical data to predict attack trends over a specific period. It can also incorporate real-time threat intelligence to predict the latest attack methods. Furthermore, it can compare data from different industries and regions to predict attack patterns specific to those industries or regions. This enables proactive measures against future attacks.
[0057] The security system may also include an analysis unit. The analysis unit can perform a detailed analysis of anomalies detected by the detection unit, gaining a detailed understanding of the attack. For example, the analysis unit can analyze the IP address and domain of the attacking source to attempt to identify the attacker. It can also analyze attack methods and patterns to propose countermeasures against future attacks. Furthermore, it can analyze the scope of the attack's impact and implement measures to prevent further damage. This allows for more effective security measures through detailed analysis.
[0058] The security system may also include a recovery unit. The recovery unit can assist in the recovery of a system damaged by an attack. For example, the recovery unit can automatically create backups of the attacked system to facilitate rapid recovery after an attack. The recovery unit can, for example, restore data lost due to an attack and restore normal system operation. The recovery unit can, for example, take measures to minimize the impact of the attack and ensure system stability. This enables rapid recovery after an attack and minimizes system downtime.
[0059] The security system may also include an evaluation unit. This unit can assess the effectiveness of security measures and suggest improvements. For example, it can evaluate the effectiveness of current security measures based on past attack data. It can also incorporate real-time threat intelligence to evaluate the effectiveness of countermeasures against the latest attack methods. Furthermore, it can compare data from different industries and regions to evaluate the effectiveness of measures tailored to specific industries or regions. This allows for continuous evaluation and improvement of the effectiveness of security measures.
[0060] The security system can also include an integration unit. This integration unit can collaborate with different security tools and platforms, sharing information. For example, it can work with different security tools to detect anomalies. It can share information with different platforms to perform comprehensive anomaly detection. It can integrate information from security tools and platforms to improve the accuracy of anomaly detection. Thus, collaboration with different security tools and platforms improves the accuracy of anomaly detection.
[0061] Security systems can also include an integration unit. This unit can consolidate information from different data sources to provide comprehensive security measures. For example, it can integrate data from cloud environments and IoT devices to detect anomalies. It can also integrate data from different industries and regions to learn attack patterns specific to those industries or regions. Furthermore, it can incorporate real-time threat intelligence to respond to the latest attack methods. This integration of information from different data sources enables comprehensive security measures.
[0062] The following briefly describes the processing flow for example form 1.
[0063] Step 1: The learning unit learns about new threats. For example, it analyzes past cyberattack data and learns attack patterns. The learning unit can use AI to analyze past cyberattack data and learn attack patterns. Step 2: The detection unit detects cyberattacks in real time based on the information learned by the learning unit. For example, it monitors network traffic and detects abnormal activity. The detection unit can use AI to monitor network traffic and detect abnormal activity. Step 3: The countermeasures unit immediately takes action against the attack detected by the detection unit. For example, it blocks the IP address of the attacker. The countermeasures unit can use AI to block the IP address of the attacker. Step 4: The monitoring unit monitors the results of the countermeasures taken by the countermeasures unit and takes additional measures as needed. For example, it monitors the AI analysis results and takes additional defensive measures as needed. The monitoring unit can use AI to monitor the AI analysis results and take additional defensive measures as needed.
[0064] (Example of form 2) The security system according to an embodiment of the present invention is a system that can detect cyberattacks in real time using AI and take immediate countermeasures. In this security system, the AI learns new threats using machine learning, detects cyberattacks in real time, and takes immediate countermeasures. In addition, human experts monitor the AI's analysis results and take additional measures as needed. This makes it possible to implement more effective security measures by combining the predictive capabilities of AI with human insight. First, the AI learns new threats using machine learning. This enhances its ability to respond to unknown threats. For example, the AI analyzes past cyberattack data and learns attack patterns. This allows the AI to detect new attack patterns. Next, the AI detects cyberattacks in real time. For example, it monitors network traffic and detects abnormal activity. This can reduce the time to detect attacks by 50%. In response to detected attacks, the AI takes immediate countermeasures. For example, it blocks the IP address of the attacker or isolates the targeted system. This can improve the speed of resolving security incidents by 40%. Furthermore, human experts monitor the AI's analysis results and take additional measures as needed. For example, experts conduct detailed analysis of attacks detected by AI and implement additional defensive measures. This complements the AI's judgment and enables final decision-making. This system is designed to address the cybersecurity threats faced by businesses. It can meet the need for real-time attack detection and rapid response. It also provides a new form of security measure through collaboration between AI and humans, enabling an AI system that undergoes continuous learning and evolution. As a result, the security system can provide more effective security measures by combining the predictive capabilities of AI with human insight.
[0065] The security system according to this embodiment comprises a learning unit, a detection unit, a countermeasure unit, and a monitoring unit. The learning unit learns new threats. The learning unit, for example, analyzes past cyberattack data and learns attack patterns. The learning unit can, for example, use AI to analyze past cyberattack data and learn attack patterns. The detection unit detects cyberattacks in real time based on the information learned by the learning unit. The detection unit, for example, monitors network traffic and detects abnormal activity. The detection unit can, for example, use AI to monitor network traffic and detect abnormal activity. The countermeasure unit takes immediate countermeasures against attacks detected by the detection unit. The countermeasure unit, for example, blocks the IP address of the attacker. The countermeasure unit can, for example, use AI to block the IP address of the attacker. The monitoring unit monitors the results of the countermeasures taken by the countermeasure unit and takes additional countermeasures as necessary. The monitoring unit, for example, monitors the results of the AI analysis and takes additional defensive measures as necessary. The monitoring unit can, for example, use AI to monitor the results of the AI analysis and take additional defensive measures as necessary. As a result, the security system according to this embodiment can provide more effective security measures by combining the predictive capabilities of AI with human insight.
[0066] The learning unit learns about new threats. For example, it analyzes past cyberattack data to learn attack patterns. Specifically, the learning unit collects a vast amount of past cyberattack data and inputs it into an AI algorithm. The AI analyzes this data and extracts attack characteristics and patterns. For example, it identifies attacks concentrated in specific time periods or repeated attacks from specific IP addresses. Furthermore, based on these patterns, the AI can predict new and mutated attack methods. The learning unit regularly updates these learning results to reflect the latest threat information. This ensures that the learning unit is always prepared to respond to the latest attack methods and improves the overall system's defense capabilities. In addition, the learning unit can integrate information from different data sources to perform more comprehensive threat analysis. For example, by combining and analyzing network traffic data, system logs, and user behavior data, it becomes possible to learn attack patterns with greater accuracy. This allows the learning unit to learn about threats from multiple perspectives, without relying on a single data source, and to provide more effective security measures.
[0067] The detection unit detects cyberattacks in real time based on information learned by the learning unit. Specifically, the detection unit monitors network traffic and detects abnormal activity. By using AI, it can quickly identify abnormal traffic that differs from normal traffic patterns. For example, it can detect abnormal data transfers using specific protocols or large-scale data transmissions that deviate from normal usage patterns. The detection unit detects these anomalies in real time and immediately issues alerts. Furthermore, the detection unit can predict new attack methods based on past attack patterns and automatically generate rules to respond to them. This allows the detection unit to respond quickly not only to known attacks but also to unknown attacks. In addition, the detection unit continuously learns and optimizes its detection algorithm to improve the accuracy of anomaly detection. This reduces false positives and enables accurate attack detection. Furthermore, the detection unit can share the results of anomaly detection with other systems to improve the overall security level. For example, it can send the results of anomaly detection to a security information and event management (SIEM) system and integrate with other security measures to achieve more comprehensive security measures.
[0068] The countermeasures unit immediately takes action against attacks detected by the detection unit. Specifically, the countermeasures unit blocks the IP address of the attacker. By using AI, it can quickly analyze the characteristics of the attack and automatically select the optimal countermeasure. For example, if it detects abnormal traffic from a specific IP address, it immediately blocks that IP address with a firewall. Furthermore, the countermeasures unit can take different measures depending on the type of attack. For example, against DDoS attacks, it may restrict traffic and distribute resources, and against phishing attacks, it may quarantine suspicious emails. In addition, the countermeasures unit can monitor the progress of the attack in real time and strengthen countermeasures as needed. For example, if the attack is ongoing, it can take additional defensive measures to ensure the security of the system. The countermeasures unit can also analyze the results of past countermeasures and evaluate their effectiveness to improve the accuracy of future countermeasures. As a result, the countermeasures unit can respond to attacks quickly and effectively and maintain the security of the system.
[0069] The monitoring department monitors the results of countermeasures taken by the countermeasures department and implements additional measures as needed. Specifically, the monitoring department monitors the results of AI analysis and implements additional defensive measures as necessary. For example, if abnormal traffic continues even after the countermeasures department has blocked the IP address of the attacker, the monitoring department will take measures such as blocking additional IP addresses. The monitoring department also evaluates the effectiveness of the countermeasures and provides feedback to improve the accuracy of the countermeasures. For example, if the countermeasures were insufficient, the cause will be analyzed and reflected in the next countermeasures. Furthermore, the monitoring department continuously monitors the security status of the entire system and responds immediately if an anomaly occurs. This allows the monitoring department to maintain the security of the system and enable a rapid response to attacks. In addition, the monitoring department can collect and analyze security incident logs to take preventive measures against future attacks. For example, by predicting specific attack patterns based on past incident logs and taking countermeasures in advance, the damage from attacks can be minimized. This allows the monitoring department to continuously improve the security of the system and provide more effective security measures.
[0070] The learning unit can analyze past cyberattack data and learn attack patterns. For example, the learning unit can analyze past cyberattack data and learn attack patterns. The learning unit can, for example, use AI to analyze past cyberattack data and learn attack patterns. This enhances the ability to respond to unknown threats by analyzing past cyberattack data.
[0071] The detection unit can monitor network traffic and detect abnormal activity. For example, the detection unit can monitor network traffic and detect abnormal activity. For example, the detection unit can use AI to monitor network traffic and detect abnormal activity. This allows for real-time detection of cyberattacks by monitoring network traffic.
[0072] The countermeasures department can block the IP address of the attacker. The countermeasures department can, for example, block the IP address of the attacker. The countermeasures department can, for example, use AI to block the IP address of the attacker. By blocking the IP address of the attacker, the speed of resolving security incidents is improved.
[0073] The countermeasures department can isolate the targeted system. For example, the countermeasures department can isolate the targeted system. For example, the countermeasures department can isolate the targeted system using AI. By isolating the targeted system, the impact of the security incident can be minimized.
[0074] The monitoring unit can monitor the AI's analysis results and take additional defensive measures as needed. For example, the monitoring unit can use AI to monitor the AI's analysis results and take additional defensive measures as needed. This allows the monitoring unit to complement the AI's judgments and make final decisions by monitoring the AI's analysis results.
[0075] The learning unit can estimate the user's emotions and select training data based on the estimated emotions. For example, if the user is feeling anxious, the learning unit will prioritize selecting data on past major cyberattacks as training data. For example, if the user is relaxed, the learning unit can select data on minor cyberattacks as training data. For example, if the user is excited, the learning unit can select data on the most recent cyberattacks as training data. This allows for more effective learning by selecting training data based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0076] The learning unit can learn not only from past cyberattack data but also from real-time threat intelligence information. For example, the learning unit can learn the latest attack methods based on threat intelligence information collected in real time. For example, the learning unit can learn more accurate attack patterns by combining past cyberattack data with real-time threat intelligence information. For example, the learning unit can periodically update real-time threat intelligence information and incorporate it as learning data. This allows it to respond to the latest attack methods by incorporating real-time threat intelligence information.
[0077] The learning unit can compare and analyze cyberattack data from different industries and regions, and learn attack patterns specific to those industries or regions. For example, the learning unit can compare cyberattack data from different industries to learn attack patterns specific to a particular industry. For example, the learning unit can compare cyberattack data from different regions to learn attack patterns specific to a particular region. For example, the learning unit can integrate cyberattack data from different industries and regions to learn comprehensive attack patterns. This allows for more accurate security measures by learning attack patterns specific to particular industries or regions.
[0078] The learning unit can estimate the user's emotions and adjust the learning frequency based on the estimated emotions. For example, if the user is feeling anxious, the learning unit can increase the learning frequency to quickly incorporate the latest threat information. For example, if the user is relaxed, the learning unit can decrease the learning frequency to reduce the system load. For example, if the user is excited, the learning unit can adjust the learning frequency to perform learning at the optimal time. In this way, the system load can be optimized by adjusting the learning frequency based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0079] The learning unit can incorporate not only cyberattack data but also physical security incident data for learning. For example, the learning unit can combine cyberattack data and physical security incident data to learn comprehensive security measures. For example, the learning unit can learn how to detect early signs of cyberattacks based on physical security incident data. For example, the learning unit can integrate cyberattack data and physical security incident data to learn interrelated attack patterns. This enables comprehensive security measures by incorporating physical security incident data.
[0080] The learning unit can combine different AI algorithms to increase the diversity of learning. For example, the learning unit can combine different AI algorithms to learn more accurate attack patterns. For example, the learning unit can use different AI algorithms to increase the diversity of training data. For example, the learning unit can combine different AI algorithms to improve the efficiency of learning. As a result, combining different AI algorithms improves the accuracy and efficiency of learning.
[0081] The detection unit can estimate the user's emotions and adjust the alert level based on the estimated emotions. For example, if the user is feeling anxious, the detection unit can set a higher alert level to encourage a quick response. For example, if the user is relaxed, the detection unit can set a lower alert level to avoid excessive warnings. For example, if the user is excited, the detection unit can adjust the alert level to issue a warning at the optimal time. In this way, appropriate warnings can be issued by adjusting the alert level based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0082] The detection unit can detect anomalies by monitoring not only network traffic but also endpoint behavior. For example, the detection unit can detect anomalies by combining network traffic and endpoint behavior. For example, the detection unit can monitor endpoint behavior to detect network traffic anomalies early. For example, the detection unit can integrate network traffic and endpoint behavior to perform comprehensive anomaly detection. This allows for more comprehensive anomaly detection by also monitoring endpoint behavior.
[0083] The detection unit can learn normal network activity patterns at different times of day and on different days of the week, and detect anomalies based on that. For example, the detection unit can learn network activity patterns at different times of day and on different days of the week and detect anomalies. For example, the detection unit can detect abnormal activity early based on normal network activity patterns. For example, the detection unit can integrate network activity patterns at different times of day and on different days of the week to perform comprehensive anomaly detection. This allows for early detection of abnormal activity by learning normal network activity patterns.
[0084] The detection unit can estimate the user's emotions and adjust the notification method based on the estimated emotions. For example, if the user is feeling anxious, the detection unit can select a rapid notification method to prompt immediate action. For example, if the user is relaxed, the detection unit can adjust the notification method to avoid excessive warnings. For example, if the user is excited, the detection unit can adjust the notification method to issue a warning at the optimal time. In this way, by adjusting the notification method based on the user's emotions, warnings can be issued at the appropriate time. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0085] The detection unit can also monitor data from cloud environments and IoT devices. For example, the detection unit can monitor data from cloud environments and detect anomalies. For example, the detection unit can monitor data from IoT devices and detect anomalies. For example, the detection unit can integrate data from cloud environments and IoT devices to perform comprehensive anomaly detection. This enables comprehensive anomaly detection by monitoring data from cloud environments and IoT devices.
[0086] The detection unit can collaborate with different security tools and platforms to share information and detect anomalies. For example, the detection unit can collaborate with different security tools to detect anomalies. The detection unit can share information with different platforms to detect anomalies. For example, the detection unit can integrate information from security tools and platforms to perform comprehensive anomaly detection. This improves the accuracy of anomaly detection by collaborating with different security tools and platforms.
[0087] The response unit can estimate the user's emotions and determine the priority of countermeasures based on the estimated emotions. For example, if the user is feeling anxious, the response unit will prioritize implementing critical countermeasures. For example, if the user is relaxed, the response unit can prioritize implementing minor countermeasures. For example, if the user is agitated, the response unit can adjust the priority of countermeasures and execute them at the optimal time. This allows for the rapid implementation of appropriate countermeasures by determining the priority of countermeasures based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0088] The countermeasures unit can block not only the IP address of the attacker, but also the domain and URL of the attacker. For example, the countermeasures unit can block the IP address of the attacker to prevent the attack. For example, the countermeasures unit can block the domain of the attacker to prevent the attack. For example, the countermeasures unit can block the URL of the attacker to prevent the attack. By blocking the domain and URL of the attacker, a more comprehensive countermeasure becomes possible.
[0089] The countermeasures unit can not only isolate the targeted system but also automatically collect and analyze the logs of the targeted system. For example, the countermeasures unit can isolate the targeted system and prevent the attack. For example, the countermeasures unit can automatically collect logs from the targeted system and analyze the details of the attack. For example, the countermeasures unit can analyze the logs of the targeted system and prepare for future attacks. In this way, by collecting and analyzing the logs of the targeted system, it is possible to understand the details of the attack and prepare for future attacks.
[0090] The response unit can estimate the user's emotions and adjust the timing of response execution based on the estimated emotions. For example, if the user is feeling anxious, the response unit will execute a response quickly. For example, if the user is relaxed, the response unit can adjust the timing of response execution to reduce the system load. For example, if the user is excited, the response unit can adjust the timing of response execution to execute it at the optimal time. In this way, by adjusting the timing of response execution based on the user's emotions, the system load can be optimized and responses can be executed at the appropriate time. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0091] The countermeasures unit can not only block the IP address of the attacker, but also set traps against the IP address of the attacker. For example, the countermeasures unit can block the IP address of the attacker to prevent the attack. For example, the countermeasures unit can set traps against the IP address of the attacker to identify the attacker. For example, the countermeasures unit can set traps against the IP address of the attacker to analyze the details of the attack. In this way, by setting traps against the IP address of the attacker, it is possible to identify the attacker and analyze the details of the attack.
[0092] The countermeasure unit can not only isolate the targeted system but also automatically create backups of the targeted system. For example, the countermeasure unit can isolate the targeted system and prevent the attack. For example, the countermeasure unit can automatically create backups of the targeted system and prevent data loss. For example, the countermeasure unit can create backups of the targeted system and quickly recover after the attack. In this way, by creating backups of the targeted system, data loss can be prevented and recovery after the attack can be quickly carried out.
[0093] The monitoring unit can estimate the user's emotions and adjust the monitoring frequency based on the estimated emotions. For example, if the user is feeling anxious, the monitoring unit can increase the monitoring frequency to enhance real-time monitoring. For example, if the user is relaxed, the monitoring unit can decrease the monitoring frequency to reduce the system load. For example, if the user is excited, the monitoring unit can adjust the monitoring frequency to perform monitoring at the optimal time. In this way, by adjusting the monitoring frequency based on the user's emotions, the system load can be optimized and monitoring can be performed at the appropriate time. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0094] The monitoring unit can integrate and monitor not only the analysis results of AI but also the analysis results of other security tools. For example, the monitoring unit can integrate the analysis results of AI and other security tools to perform comprehensive monitoring. For example, the monitoring unit can supplement the analysis results of AI based on the analysis results of other security tools. For example, the monitoring unit can combine the analysis results of AI and other security tools to detect anomalies at an early stage. This enables comprehensive monitoring by integrating the analysis results of other security tools.
[0095] The monitoring unit can learn the normal system behavior at different times of day and on different days of the week, and monitor for anomalies based on that learning. For example, the monitoring unit can learn the system behavior at different times of day and on different days of the week and monitor for anomalies. For example, the monitoring unit can detect abnormal behavior early based on normal system behavior. For example, the monitoring unit can integrate the system behavior at different times of day and on different days of the week to perform comprehensive anomaly monitoring. This allows for early detection of abnormal behavior by learning normal system behavior.
[0096] The monitoring unit can estimate the user's emotions and adjust the notification method based on the estimated emotions. For example, if the user is feeling anxious, the monitoring unit can select a rapid notification method to prompt immediate action. For example, if the user is relaxed, the monitoring unit can adjust the notification method to avoid excessive warnings. For example, if the user is excited, the monitoring unit can adjust the notification method to issue a warning at the optimal time. In this way, by adjusting the notification method based on the user's emotions, warnings can be issued at the appropriate time. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI is, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0097] The monitoring unit can also monitor data from cloud environments and IoT devices. For example, the monitoring unit can monitor data from cloud environments and detect anomalies. For example, the monitoring unit can monitor data from IoT devices and detect anomalies. For example, the monitoring unit can integrate data from cloud environments and IoT devices to perform comprehensive anomaly monitoring. This enables comprehensive anomaly monitoring by monitoring data from cloud environments and IoT devices.
[0098] The monitoring unit can collaborate with different security tools and platforms to share information and monitor for anomalies. For example, the monitoring unit can collaborate with different security tools to monitor for anomalies. The monitoring unit can, for example, share information with different platforms to monitor for anomalies. The monitoring unit can, for example, integrate information from security tools and platforms to perform comprehensive anomaly monitoring. This improves the accuracy of anomaly monitoring by collaborating with different security tools and platforms.
[0099] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.
[0100] Security systems can also include a predictive unit. This unit can predict future attack patterns based on historical cyberattack data and real-time threat intelligence. For example, it can analyze historical data to predict attack trends over a specific period. It can also incorporate real-time threat intelligence to predict the latest attack methods. Furthermore, it can compare data from different industries and regions to predict attack patterns specific to those industries or regions. This enables proactive measures against future attacks.
[0101] The security system may also include a notification unit. The notification unit can provide appropriate notifications to the user when the detection unit detects an anomaly. For example, the notification unit can estimate the user's emotions and adjust the content and method of the notification based on those emotions. For instance, if the user is feeling anxious, the notification unit can provide detailed information to encourage a quick response. If the user is relaxed, the notification unit can provide a concise notification, avoiding excessive warnings. If the user is excited, the notification unit can adjust the timing of the notification to issue a warning at the optimal moment. This enables appropriate notifications tailored to the user's emotions.
[0102] The security system may also include an analysis unit. The analysis unit can perform a detailed analysis of anomalies detected by the detection unit, gaining a detailed understanding of the attack. For example, the analysis unit can analyze the IP address and domain of the attacking source to attempt to identify the attacker. It can also analyze attack methods and patterns to propose countermeasures against future attacks. Furthermore, it can analyze the scope of the attack's impact and implement measures to prevent further damage. This allows for more effective security measures through detailed analysis.
[0103] The security system may also include a recovery unit. The recovery unit can assist in the recovery of a system damaged by an attack. For example, the recovery unit can automatically create backups of the attacked system to facilitate rapid recovery after an attack. The recovery unit can, for example, restore data lost due to an attack and restore normal system operation. The recovery unit can, for example, take measures to minimize the impact of the attack and ensure system stability. This enables rapid recovery after an attack and minimizes system downtime.
[0104] The security system can also include an education department. This department can provide security education to users and improve their security awareness. For example, the education department can estimate the user's emotions and adjust the educational content based on those emotions. For instance, if a user is feeling anxious, the education department can provide specific countermeasures to reassure them. If a user is relaxed, the education department can provide basic security knowledge to deepen their understanding. If a user is excited, the education department can introduce the latest security trends to pique their interest. This enables effective security education tailored to the user's emotions.
[0105] The security system may also include an evaluation unit. This unit can assess the effectiveness of security measures and suggest improvements. For example, it can evaluate the effectiveness of current security measures based on past attack data. It can also incorporate real-time threat intelligence to evaluate the effectiveness of countermeasures against the latest attack methods. Furthermore, it can compare data from different industries and regions to evaluate the effectiveness of measures tailored to specific industries or regions. This allows for continuous evaluation and improvement of the effectiveness of security measures.
[0106] The security system can also include a customization section. This customization section can estimate the user's emotions and customize the system settings based on those emotions. For example, if the user is feeling anxious, the customization section can set a higher security level to provide a sense of security. If the user is relaxed, the customization section can adjust the security level to reduce the system load. If the user is excited, the customization section can adjust the system settings to provide optimal performance. This allows for system customization in response to the user's emotions.
[0107] The security system can also include an integration unit. This integration unit can collaborate with different security tools and platforms, sharing information. For example, it can work with different security tools to detect anomalies. It can share information with different platforms to perform comprehensive anomaly detection. It can integrate information from security tools and platforms to improve the accuracy of anomaly detection. Thus, collaboration with different security tools and platforms improves the accuracy of anomaly detection.
[0108] The security system may also include a reporting unit. This unit can record the activities of the detection and response units and provide regular reports to the user. For example, the reporting unit can record details of detected anomalies and the measures taken, and report them to the user. The reporting unit can, for example, estimate the user's emotions and adjust the report content based on the estimated emotions. For example, if the user is feeling anxious, the reporting unit can provide a detailed report to reassure them. For example, if the user is relaxed, the reporting unit can provide a concise report, avoiding excessive information. This enables appropriate reporting tailored to the user's emotions.
[0109] Security systems can also include an integration unit. This unit can consolidate information from different data sources to provide comprehensive security measures. For example, it can integrate data from cloud environments and IoT devices to detect anomalies. It can also integrate data from different industries and regions to learn attack patterns specific to those industries or regions. Furthermore, it can incorporate real-time threat intelligence to respond to the latest attack methods. This integration of information from different data sources enables comprehensive security measures.
[0110] The following briefly describes the processing flow for example form 2.
[0111] Step 1: The learning unit learns about new threats. For example, it analyzes past cyberattack data and learns attack patterns. The learning unit can use AI to analyze past cyberattack data and learn attack patterns. Step 2: The detection unit detects cyberattacks in real time based on the information learned by the learning unit. For example, it monitors network traffic and detects abnormal activity. The detection unit can use AI to monitor network traffic and detect abnormal activity. Step 3: The countermeasures unit immediately takes action against the attack detected by the detection unit. For example, it blocks the IP address of the attacker. The countermeasures unit can use AI to block the IP address of the attacker. Step 4: The monitoring unit monitors the results of the countermeasures taken by the countermeasures unit and takes additional measures as needed. For example, it monitors the AI analysis results and takes additional defensive measures as needed. The monitoring unit can use AI to monitor the AI analysis results and take additional defensive measures as needed.
[0112] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.
[0113] Data generation model 58 is a form of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> Examples of generative AI include text generation AI, image generation AI, and multimodal generation AI. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats from audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVMs), k-means clustering, convolutional neural networks (CNNs), recurrent neural networks (RNNs), generative adversarial networks (GANs), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each of the above parts is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example.Furthermore, processing performed by AI, including generative AI, may be replaced with rule-based processing, and rule-based processing may be replaced with processing performed by AI, including generative AI.
[0114] Furthermore, the processing performed by the data processing system 10 described above is carried out by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart device 14, but it may also be carried out by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart device 14. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart device 14 or an external device, and the smart device 14 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0115] Each of the multiple elements described above, including the learning unit, detection unit, countermeasure unit, and monitoring unit, is implemented in at least one of the smart device 14 and the data processing unit 12. For example, the learning unit is implemented by the specific processing unit 290 of the data processing unit 12, which analyzes past cyberattack data and learns attack patterns. The detection unit is implemented by the control unit 46A of the smart device 14, which monitors network traffic and detects abnormal activity. The countermeasure unit is implemented by the specific processing unit 290 of the data processing unit 12, which blocks the IP address of the attack source. The monitoring unit is implemented by the control unit 46A of the smart device 14, which monitors the AI analysis results and takes additional defensive measures as needed. The correspondence between each unit and the device or control unit is not limited to the example described above, and various modifications are possible.
[0116] [Second Embodiment] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.
[0117] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.
[0118] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0119] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.
[0120] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0121] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0122] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0123] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing by the processor 28. The storage 32 stores the specific processing program 56.
[0124] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0125] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0126] In the smart glasses 214, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart glasses 214 also have a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0127] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0128] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0129] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0130] The data processing system 210 according to the second embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 210 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart glasses 214, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart glasses 214. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart glasses 214 or an external device, and the smart glasses 214 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0131] Each of the multiple elements described above, including the learning unit, detection unit, countermeasure unit, and monitoring unit, is implemented in at least one of the smart glasses 214 and the data processing unit 12. For example, the learning unit is implemented by the specific processing unit 290 of the data processing unit 12, which analyzes past cyberattack data and learns attack patterns. The detection unit is implemented by the control unit 46A of the smart glasses 214, which monitors network traffic and detects abnormal activity. The countermeasure unit is implemented by the specific processing unit 290 of the data processing unit 12, which blocks the IP address of the attack source. The monitoring unit is implemented by the control unit 46A of the smart glasses 214, which monitors the AI analysis results and takes additional defensive measures as needed. The correspondence between each unit and the device or control unit is not limited to the example described above, and various modifications are possible.
[0132] [Third Embodiment] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.
[0133] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.
[0134] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0135] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.
[0136] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0137] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0138] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0139] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0140] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0141] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0142] In the headset terminal 314, specific processing is performed by the processor 46. The storage 50 stores a specific program 60. The processor 46 reads the specific program 60 from the storage 50 and executes the read specific program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific program 60 executed on the RAM 48. The headset terminal 314 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0143] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0144] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0145] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0146] The data processing system 310 according to the third embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 310 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the headset terminal 314, but may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the headset terminal 314. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the headset terminal 314 or an external device, and the headset terminal 314 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0147] Each of the multiple elements described above, including the learning unit, detection unit, countermeasure unit, and monitoring unit, is implemented in at least one of the headset terminal 314 and the data processing unit 12. For example, the learning unit is implemented by the specific processing unit 290 of the data processing unit 12, which analyzes past cyberattack data and learns attack patterns. The detection unit is implemented by the control unit 46A of the headset terminal 314, which monitors network traffic and detects abnormal activity. The countermeasure unit is implemented by the specific processing unit 290 of the data processing unit 12, which blocks the IP address of the attack source. The monitoring unit is implemented by the control unit 46A of the headset terminal 314, which monitors the AI analysis results and takes additional defensive measures as needed. The correspondence between each unit and the device or control unit is not limited to the example described above, and various modifications are possible.
[0148] [Fourth Embodiment] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.
[0149] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.
[0150] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0151] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.
[0152] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0153] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS image sensor or CCD image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0154] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0155] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. The robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.
[0156] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0157] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0158] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0159] In robot 414, specific processing is performed by processor 46. A specific program 60 is stored in storage 50. Processor 46 reads the specific program 60 from storage 50 and executes it on RAM 48. The specific processing is achieved by processor 46 acting as a control unit 46A according to the specific program 60 executed on RAM 48. Robot 414 also has data generation model 58 and emotion identification model 59, similar to those of the robot, and can perform processing similar to that of the specific processing unit 290 using these models.
[0160] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0161] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0162] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0163] The data processing system 410 according to the fourth embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 410 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the robot 414, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the robot 414. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the robot 414 or an external device, and the robot 414 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0164] Each of the multiple elements described above, including the learning unit, detection unit, countermeasure unit, and monitoring unit, is implemented in at least one of the following: the robot 414 and the data processing unit 12. For example, the learning unit is implemented by the specific processing unit 290 of the data processing unit 12, which analyzes past cyberattack data and learns attack patterns. The detection unit is implemented by the control unit 46A of the robot 414, which monitors network traffic and detects abnormal activity. The countermeasure unit is implemented by the specific processing unit 290 of the data processing unit 12, which blocks the IP address of the attack source. The monitoring unit is implemented by the control unit 46A of the robot 414, which monitors the AI analysis results and takes additional defensive measures as needed. The correspondence between each unit and the device or control unit is not limited to the example described above, and various modifications are possible.
[0165] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.
[0166] Figure 9 shows the emotion map 400, in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.
[0167] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.
[0168] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.
[0169] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, and motorcycles, emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated based, for example, on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.
[0170] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."
[0171] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.
[0172] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing method for the specific process may be used, which includes computer 22 and multiple other computers.
[0173] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.
[0174] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.
[0175] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.
[0176] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.
[0177] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.
[0178] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.
[0179] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.
[0180] Furthermore, although the above-described examples were divided into four embodiments, some or all of these embodiments may be combined. Also, the smart device 14, smart glasses 214, headset terminal 314, and robot 414 are just examples, and they may be combined, or other devices may be used. Also, although the above-described examples were divided into two embodiments, Embodiment 1 and Embodiment 2, these may be combined.
[0181] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and other things that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.
[0182] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.
[0183] (Note 1) A learning department that studies new threats, A detection unit that detects cyberattacks in real time based on the information learned by the learning unit, A countermeasure unit that immediately takes countermeasures against attacks detected by the aforementioned detection unit, The system includes a monitoring unit that monitors the results of the countermeasures taken by the countermeasures unit and takes additional measures as necessary. A system characterized by the following features. (Note 2) The aforementioned learning unit, Analyze past cyberattack data to learn attack patterns. The system described in Appendix 1, characterized by the features described herein. (Note 3) The detection unit is Monitor network traffic and detect abnormal activity. The system described in Appendix 1, characterized by the features described herein. (Note 4) The aforementioned countermeasures unit, Block the IP address of the attacker. The system described in Appendix 1, characterized by the features described herein. (Note 5) The aforementioned countermeasures unit, Isolate the system under attack. The system described in Appendix 1, characterized by the features described herein. (Note 6) The aforementioned monitoring unit, Monitor the AI analysis results and take additional protective measures as needed. The system described in Appendix 1, characterized by the features described herein. (Note 7) The aforementioned learning unit, The system estimates the user's emotions and selects training data based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 8) The aforementioned learning unit, It learns not only from past cyberattack data, but also from real-time threat intelligence information. The system described in Appendix 1, characterized by the features described herein. (Note 9) The aforementioned learning unit, By comparing and analyzing cyberattack data from different industries and regions, we can learn attack patterns specific to particular industries and regions. The system described in Appendix 1, characterized by the features described herein. (Note 10) The aforementioned learning unit, It estimates the user's emotions and adjusts the learning frequency based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 11) The aforementioned learning unit, The system incorporates not only cyberattack data but also physical security incident data for learning. The system described in Appendix 1, characterized by the features described herein. (Note 12) The aforementioned learning unit, By combining different AI algorithms, we can increase the diversity of learning. The system described in Appendix 1, characterized by the features described herein. (Note 13) The detection unit is It estimates the user's sentiment and adjusts the detection alert level based on the estimated user sentiment. The system described in Appendix 1, characterized by the features described herein. (Note 14) The detection unit is It monitors not only network traffic but also endpoint behavior to detect anomalies. The system described in Appendix 1, characterized by the features described herein. (Note 15) The detection unit is It learns normal network activity patterns at different times of day and on different days of the week, and uses that information to detect anomalies. The system described in Appendix 1, characterized by the features described herein. (Note 16) The detection unit is It estimates the user's emotions and adjusts the detection notification method based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 17) The detection unit is Data from cloud environments and IoT devices will also be included in the monitoring scope. The system described in Appendix 1, characterized by the features described herein. (Note 18) The detection unit is It collaborates with different security tools and platforms to share information and detect anomalies. The system described in Appendix 1, characterized by the features described herein. (Note 19) The aforementioned countermeasures unit, It estimates user sentiment and determines the priority of countermeasures based on the estimated user sentiment. The system described in Appendix 1, characterized by the features described herein. (Note 20) The aforementioned countermeasures unit, In addition to blocking the IP address of the attacker, the domain and URL of the attacker are also blocked. The system described in Appendix 1, characterized by the features described herein. (Note 21) The aforementioned countermeasures unit, In addition to isolating the target system, it automatically collects and analyzes logs from the target system. The system described in Appendix 1, characterized by the features described herein. (Note 22) The aforementioned countermeasures unit, It estimates the user's emotions and adjusts the timing of countermeasures based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 23) The aforementioned countermeasures unit, In addition to blocking the attacking IP address, we also set traps against the attacking IP address. The system described in Appendix 1, characterized by the features described herein. (Note 24) The aforementioned countermeasures unit, In addition to isolating the targeted system, it automatically creates backups of the targeted system. The system described in Appendix 1, characterized by the features described herein. (Note 25) The aforementioned monitoring unit, It estimates the user's emotions and adjusts the monitoring frequency based on the estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 26) The aforementioned monitoring unit, In addition to AI analysis results, the system integrates and monitors analysis results from other security tools. The system described in Appendix 1, characterized by the features described herein. (Note 27) The aforementioned monitoring unit, It learns the normal system behavior at different times of day and on different days of the week, and monitors for anomalies based on that. The system described in Appendix 1, characterized by the features described herein. (Note 28) The aforementioned monitoring unit, It estimates the user's sentiment and adjusts the monitoring notification method based on the estimated user sentiment. The system described in Appendix 1, characterized by the features described herein. (Note 29) The aforementioned monitoring unit, Data from cloud environments and IoT devices will also be included in the monitoring scope. The system described in Appendix 1, characterized by the features described herein. (Note 30) The aforementioned monitoring unit, It collaborates with different security tools and platforms to share information and monitor for anomalies. The system described in Appendix 1, characterized by the features described herein. [Explanation of Symbols]
[0184] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots
Claims
1. A learning department that studies new threats, A detection unit that detects cyberattacks in real time based on the information learned by the learning unit, A countermeasure unit that immediately takes countermeasures against attacks detected by the aforementioned detection unit, The system includes a monitoring unit that monitors the results of the countermeasures taken by the countermeasures unit and takes additional measures as necessary. A system characterized by the following features.
2. The aforementioned learning unit, Analyze past cyberattack data to learn attack patterns. The system according to feature 1.
3. The detection unit is Monitor network traffic and detect abnormal activity. The system according to feature 1.
4. The aforementioned countermeasures unit, Block the IP address of the attacker. The system according to feature 1.
5. The aforementioned countermeasures unit, Isolate the system under attack. The system according to feature 1.
6. The aforementioned monitoring unit, Monitor the AI analysis results and take additional defensive measures as needed. The system according to feature 1.
7. The aforementioned learning unit, The system estimates the user's emotions and selects training data based on those estimated emotions. The system according to feature 1.
8. The aforementioned learning unit, It learns not only from past cyberattack data, but also from real-time threat intelligence information. The system according to feature 1.
9. The aforementioned learning unit, By comparing and analyzing cyberattack data from different industries and regions, we can learn attack patterns specific to particular industries and regions. The system according to feature 1.
10. The aforementioned learning unit, It estimates the user's emotions and adjusts the learning frequency based on the estimated user emotions. The system according to feature 1.