system
A multi-agent model with Red, Blue, and Purple agents, utilizing a local LLM trained with secure information, strengthens in-house system security by simulating attacks and defenses, and managing them effectively.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- SOFTBANK GROUP CORP
- Filing Date
- 2024-12-18
- Publication Date
- 2026-06-30
AI Technical Summary
Existing systems lack a robust multi-agent model for enhancing security, particularly in constructing a secure in-house system.
A system comprising Red agents for attacks, Blue agents for defenses, and Purple agents for management, utilizing a local LLM trained with secure information to create a security-focused multi-agent model.
Enhances the security of in-house systems by simulating attacks and defenses, providing comprehensive security assessments and real-time management, reducing the risk of security incidents.
Smart Images

Figure 2026108301000001_ABST
Abstract
Description
Technical Field
[0001] The technology of the present disclosure relates to a system.
Background Art
[0002] Patent Document 1 discloses a method for controlling a persona chatbot, which is performed by at least one processor, the method including steps of receiving a user utterance, adding the user utterance to a prompt including an instruction sentence related to an explanation of a character of the chatbot, encoding the prompt, and inputting the encoded prompt into a language model to generate a chatbot utterance in response to the user utterance.
Prior Art Documents
Patent Documents
[0003]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0004] In the prior art, a multi-agent model for strengthening the security of an in-house system has not been fully established, and there is room for improvement.
[0005] The system according to the embodiment aims to generate agents for attack, defense, and management in order to construct a robust in-house system. [[ID=4a]]
Means for Solving the Problems
[0006] The system according to this embodiment comprises a generation unit, a generation unit, and a generation unit. The generation unit generates Red agents that perform attacks. The generation unit generates Blue agents that perform defenses. The generation unit generates Purple agents that manage the Red agents and Blue agents. [Effects of the Invention]
[0007] The system according to this embodiment can generate agents that perform attack, defense, and management in order to build a robust internal system. [Brief explanation of the drawing]
[0008] [Figure 1] This is a conceptual diagram showing an example of the configuration of a data processing system according to the first embodiment. [Figure 2] This is a conceptual diagram showing an example of the essential functions of a data processing device and a smart device according to the first embodiment. [Figure 3] This is a conceptual diagram showing an example of the configuration of a data processing system according to the second embodiment. [Figure 4] This is a conceptual diagram showing an example of the main functions of a data processing device and smart glasses according to the second embodiment. [Figure 5] This is a conceptual diagram showing an example of the configuration of a data processing system according to the third embodiment. [Figure 6] This is a conceptual diagram showing an example of the main functions of a data processing device and a headset-type terminal according to the third embodiment. [Figure 7] This is a conceptual diagram showing an example of the configuration of a data processing system according to the fourth embodiment. [Figure 8] This is a conceptual diagram showing an example of the main functions of a data processing device and a robot according to the fourth embodiment. [Figure 9] This shows an emotion map where multiple emotions are mapped. [Figure 10] This shows an emotion map where multiple emotions are mapped. [Modes for carrying out the invention]
[0009] Hereinafter, an example of an embodiment of the system relating to the technology of this disclosure will be described with reference to the attached drawings.
[0010] First, let's explain the terminology used in the following explanation.
[0011] In the following embodiments, the signed processor (hereinafter simply referred to as "processor") may be a single arithmetic unit or a combination of multiple arithmetic units. Furthermore, the processor may be a single type of arithmetic unit or a combination of multiple types of arithmetic units. Examples of arithmetic units include CPU (Central Processing Unit), GPU (Graphics Processing Unit), GPGPU (General-Purpose computing on Graphics Processing Units), APU (Accelerated Processing Unit), or TPU (Tensor Processing Unit).
[0012] In the following embodiments, signed RAM (Random Access Memory) is a memory that temporarily stores information and is used as work memory by the processor.
[0013] In the following embodiments, the signed storage is one or more non-volatile storage devices that store various programs and various parameters. Examples of non-volatile storage devices include flash memory (SSD (Solid State Drive)), magnetic disks (e.g., hard disks), or magnetic tapes.
[0014] In the following embodiments, the labeled communication I / F (Interface) is an interface including a communication processor, an antenna, and the like. The communication I / F manages communication between a plurality of computers. Examples of communication standards applicable to the communication I / F include wireless communication standards such as 5G (5th Generation Mobile Communication System), Wi-Fi (registered trademark), or Bluetooth (registered trademark).
[0015] In the following embodiments, "A and / or B" is synonymous with "at least one of A and B". That is, "A and / or B" means that it may be only A, only B, or a combination of A and B. Also, in this specification, when expressing three or more matters connected by "and / or", the same concept as "A and / or B" is applied.
[0016] [First Embodiment] FIG. 1 shows an example of the configuration of a data processing system 10 according to the first embodiment.
[0017] As shown in FIG. 一, the data processing system 10 includes a data processing device 12 and a smart device 14. An example of the data processing device 12 is a server.
[0018] The data processing device 12 includes a computer 22, a database 24, and a communication I / F 26. The computer 22 includes a processor 28, a RAM 30, and a storage 32. The processor 28, the RAM 30, and the storage 32 are connected to a bus 34. Also, the database 24 and the communication I / F 26 are connected to the bus 34. The communication I / F 26 is connected to a network 54. Examples of the network 54 include a WAN (Wide Area Network) and / or a LAN (Local Area Network).
[0019] The smart device 14 comprises a computer 36, a receiving device 38, an output device 40, a camera 42, and a communication interface 44. The computer 36 comprises a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The receiving device 38, output device 40, and camera 42 are also connected to the bus 52.
[0020] The reception device 38 is equipped with a touch panel 38A and a microphone 38B, and accepts user input. The touch panel 38A accepts user input via touch by detecting contact with an object (e.g., a pen or finger). The microphone 38B accepts user input via voice by detecting the user's voice. The control unit 46A transmits data indicating the user input received by the touch panel 38A and microphone 38B to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 (see Figure 2) acquires the data indicating the user input.
[0021] The output device 40 includes a display 40A and a speaker 40B, and presents data to the user by outputting the data in a form perceptible to the user (e.g., audio and / or text). The display 40A displays visible information such as text and images according to instructions from the processor 46. The speaker 40B outputs audio according to instructions from the processor 46. The camera 42 is a small digital camera equipped with an optical system such as a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor.
[0022] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various types of information between processor 46 and processor 28 via network 54.
[0023] Figure 2 shows an example of the main functions of the data processing device 12 and the smart device 14.
[0024] As shown in Figure 2, in the data processing device 12, a specific processing is performed by the processor 28. A specific processing program 56 is stored in the storage 32. The specific processing program 56 is an example of a "program" related to the technology of this disclosure. The processor 28 reads the specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 operating as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0025] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0026] In the smart device 14, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The specific processing program 60 is used in conjunction with the specific processing program 56 by the data processing system 10. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 operating as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart device 14 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0027] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device (e.g., a generation server) may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device having the data generation model 58. The data processing device 12 may also be a server device or a terminal device owned by a user (e.g., a mobile phone, robot, home appliance, etc.). Next, an example of processing by the data processing system 10 according to the first embodiment will be described.
[0028] (Example of form 1) The system according to an embodiment of the present invention proposes a two-tiered model using multiple agents, generating a Red agent for attack, a Blue agent for defense, and a Purple agent for managing them, thereby realizing the construction of a robust in-house system. This system devises a security-focused multi-agent model by independently constructing a local LLM (generative AI) and training it with secure information such as the system's source code. For example, a two-tiered model using multiple agents is proposed. The Red agent performs attacks, the Blue agent performs defense, and the Purple agent manages them. This strengthens the security of the in-house system from both attack and defense perspectives. Next, a local LLM (generative AI) is independently constructed. Fine-tuning is performed based on an OSS LLM trained in the in-house secure environment to create a unique model specialized for security. This realizes a security-focused multi-agent model. Specifically, it consists of the following steps. First, the Red agent selects an attack-focused tool and executes the attack. Next, the Blue agent selects a defense-focused tool and executes the defense. The Purple agent manages these agents and monitors the overall security. Furthermore, by utilizing the local LLM, advanced security measures can be realized. For example, by training the system with secure information such as source code and vulnerability identifier lists, a security-focused multi-agent model can be built. This mechanism strengthens the security of internal systems from both offensive and defensive perspectives, reducing the risk of security incidents. Furthermore, by utilizing local LLM, it becomes possible to incorporate the latest security information and always implement the most up-to-date security measures. As a result, the system can strengthen the security of internal systems from both offensive and defensive perspectives, reducing the risk of security incidents.
[0029] The system according to this embodiment comprises a Red Agent Generation Unit, a Blue Agent Generation Unit, and a Purple Agent Generation Unit. The Red Agent Generation Unit generates Red Agents that perform attacks. The Red Agent Generation Unit generates Red Agents using, for example, a Generation AI. The Generation AI is, for example, a Text Generation AI (e.g., LLM) or a Multimodal Generation AI, but is not limited to such examples. The Red Agent Generation Unit inputs attack-related information into the Generation AI and generates Red Agents specialized for attacks. The Blue Agent Generation Unit generates Blue Agents that perform defenses. The Blue Agent Generation Unit generates Blue Agents using, for example, a Generation AI. The Generation AI is, for example, a Text Generation AI (e.g., LLM) or a Multimodal Generation AI, but is not limited to such examples. The Blue Agent Generation Unit inputs defense-related information into the Generation AI and generates Blue Agents specialized for defense. The Purple Agent Generation Unit generates Purple Agents that manage the Red Agents and Blue Agents. The Purple Agent Generation Unit generates Purple Agents using, for example, a Generation AI. The Generation AI is, for example, a Text Generation AI (e.g., LLM) or a Multimodal Generation AI, but is not limited to such examples. The Purple Agent Generation Unit inputs management-related information into the generation AI and generates a Purple agent specialized for management. As a result, the system according to this embodiment can generate attack, defense, and management agents, enabling the construction of a robust internal system.
[0030] The Red Agent Generation Unit generates Red agents to perform attacks. The Red Agent Generation Unit generates Red agents using, for example, a generation AI. The generation AI may be, but is not limited to, a text generation AI (e.g., LLM) or a multimodal generation AI. The Red Agent Generation Unit inputs attack-related information into the generation AI to generate attack-specific Red agents. Specifically, the Red Agent Generation Unit provides the generation AI with detailed data on attack scenarios and attack methods. For example, it inputs information on attack methods such as phishing attacks, malware deployment, and network intrusion. Based on this information, the generation AI generates the optimal Red agent according to the attack objective, method, and target. The generated Red agents can execute attacks in a simulated environment to verify system vulnerabilities. Furthermore, the Red Agent Generation Unit evaluates the performance of the generated Red agents and provides feedback to the generation AI as needed. This allows for continuous improvement of the accuracy and effectiveness of the Red agents. To ensure diversity in attack scenarios, the Red Agent Generation Unit can generate agents for different attack methods and targets. This enables a comprehensive security assessment of the entire system.
[0031] The Blue Agent Generation Unit generates Blue agents for defense. The Blue Agent Generation Unit generates Blue agents using, for example, a generation AI. The generation AI may be, but is not limited to, a text generation AI (e.g., LLM) or a multimodal generation AI. The Blue Agent Generation Unit inputs defense-related information into the generation AI to generate defense-specific Blue agents. Specifically, the Blue Agent Generation Unit provides the generation AI with detailed data on defense strategies and methods. For example, it inputs information on defense methods such as firewall settings, intrusion detection system construction, and data encryption methods. Based on this information, the generation AI generates the optimal Blue agent according to the defense objective, method, and target. The generated Blue agent can be used to perform defense in a simulation environment and verify the system's defense capabilities. Furthermore, the Blue Agent Generation Unit evaluates the performance of the generated Blue agent and provides feedback to the generation AI as needed. This allows for continuous improvement of the accuracy and effectiveness of the Blue agent. To ensure diversity in defense scenarios, the Blue Agent Generation Unit can generate agents for different defense methods and targets. This enables comprehensive enhancement of the overall system security.
[0032] The Purple Agent Generation Unit generates Purple agents to manage Red and Blue agents. The Purple Agent Generation Unit generates Purple agents using, for example, a Generative AI. The Generative AI may be, but is not limited to, a Text Generating AI (e.g., LLM) or a Multimodal Generating AI. The Purple Agent Generation Unit inputs management information into the Generative AI to generate management-specific Purple agents. Specifically, the Purple Agent Generation Unit provides the Generative AI with detailed data to monitor and adjust the activities of Red and Blue agents. For example, it inputs management information such as attack and defense scenarios, communication protocols between agents, and resource allocation. Based on this information, the Generative AI generates Purple agents with optimal management strategies. The generated Purple agents monitor the activities of Red and Blue agents in real time and make adjustments as needed. Furthermore, the Purple Agent Generation Unit evaluates the performance of the generated Purple agents and provides feedback to the Generative AI as needed. This allows for continuous improvement of the accuracy and effectiveness of the Purple agents. To ensure diversity in management scenarios, the Purple Agent Generation Unit can generate agents for different management methods and targets. This makes it possible to comprehensively manage the security of the entire system.
[0033] The system further includes a learning unit that independently constructs a local LLM and learns secure information. The learning unit constructs the local LLM using, for example, a generative AI. The generative AI is, for example, a text generation AI (e.g., an LLM) or a multimodal generation AI, but is not limited to these examples. The learning unit inputs secure information into the generative AI and constructs a security-specific local LLM. The secure information includes, for example, the system's source code or a list of vulnerability identifiers, but is not limited to these examples. By learning secure information, the learning unit realizes a security-specific multi-agent model. Thus, the system can realize a security-specific multi-agent model by learning secure information.
[0034] The Red Agent can select and execute attack-specific tools. For example, the Red Agent can execute attacks using malware, phishing tools, or DDoS attack tools. This allows the Red Agent to perform effective attacks by selecting attack-specific tools.
[0035] The Blue Agent can select and execute defense-specific tools. For example, the Blue Agent can use a firewall, antivirus software, or intrusion detection systems. This allows the Blue Agent to provide effective defense by selecting defense-specific tools.
[0036] The Purple agent can manage the Red and Blue agents and monitor overall security. For example, the Purple agent can manage the Red and Blue agents and monitor overall security. For example, the Purple agent can monitor overall security using system administration tools. For example, the Purple agent can monitor overall security using resource management tools. For example, the Purple agent can monitor overall security using network monitoring tools. Thus, the Purple agent can monitor overall security by managing the Red and Blue agents.
[0037] Local LLM can create a unique security-focused model by performing fine-tuning on an open-source LLM trained in a secure internal environment. Local LLM performs fine-tuning using, for example, generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Local LLM inputs security-related information into the generative AI and performs fine-tuning. Fine-tuning may include, but is not limited to, security threat information or vulnerability information. As a result, Local LLM can create a unique security-focused model by performing fine-tuning.
[0038] The Red Agent generation unit can select the optimal attack method by referring to past attack data. For example, the Red Agent generation unit analyzes past attack data using a generation AI. This generation AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit selects the optimal attack method by referring to past attack data. For example, it analyzes past attack data and selects attack methods with a high success rate. It selects an effective attack method for a specific system from past attack data. It optimizes the timing and method of attacks based on past attack data. Thus, the Red Agent generation unit can select the optimal attack method by referring to past attack data.
[0039] The Red Agent generation unit can apply different attack algorithms depending on the characteristics of the target system. For example, the Red Agent generation unit analyzes the characteristics of the target system using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit applies different attack algorithms depending on the characteristics of the target system. For example, if the target system is Windows®, it applies an attack algorithm targeting a specific vulnerability. If the target system is Linux®, it applies an attack algorithm targeting a specific vulnerability. If the target system is in a cloud environment, it applies an attack algorithm targeting a specific vulnerability. In this way, the Red Agent generation unit can perform effective attacks by applying attack algorithms according to the characteristics of the system.
[0040] The Red Agent generation unit can select an attack method by considering the geographical location of the target. The Red Agent generation unit analyzes geographical location information using, for example, a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit selects an attack method by considering the geographical location of the target. For example, if the target is in a specific country, the attack method is selected considering the security measures of that country. If the target is in a specific city, the attack method is selected considering the infrastructure of that city. If the target is in a specific region, the attack method is selected considering the network characteristics of that region. In this way, the Red Agent generation unit can select the optimal attack method by considering geographical location information.
[0041] The Red Agent generation unit can analyze the social media activity of a target and select relevant attack methods. For example, the Red Agent generation unit analyzes social media activity using a generative AI. This generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit analyzes the social media activity of a target and selects relevant attack methods. For example, it can select an attack method targeting a specific vulnerability from the target's social media activity. It can also select an attack method to be carried out during a specific time period from the target's social media activity. Furthermore, it can select an attack method to be carried out in conjunction with a specific event from the target's social media activity. In this way, the Red Agent generation unit can select the optimal attack method by analyzing social media activity.
[0042] The Blue Agent generation unit can select the optimal defense method by referring to past defense data. For example, the Blue Agent generation unit analyzes past defense data using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Blue Agent generation unit selects the optimal defense method by referring to past defense data. For example, it analyzes past defense data and selects a defense method with a high success rate. It selects an effective defense method for a specific system from past defense data. It optimizes the timing and method of defense based on past defense data. Thus, the Blue Agent generation unit can select the optimal defense method by referring to past defense data.
[0043] The Blue Agent generation unit can apply different defense algorithms depending on the characteristics of the system being protected. For example, the Blue Agent generation unit analyzes the characteristics of the system being protected using a generation AI. This generation AI could be, for example, a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to these examples. The Blue Agent generation unit applies different defense algorithms depending on the characteristics of the system being protected. For example, if the system being protected is Windows, it applies a defense algorithm targeting a specific vulnerability. If the system being protected is Linux, it applies a defense algorithm targeting a specific vulnerability. If the system being protected is in a cloud environment, it applies a defense algorithm targeting a specific vulnerability. This allows the Blue Agent generation unit to apply a defense algorithm according to the characteristics of the system, enabling effective protection.
[0044] The Blue Agent generation unit can select a defense method by considering the geographical location information of the target to be protected. The Blue Agent generation unit analyzes geographical location information using, for example, a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Blue Agent generation unit selects a defense method by considering the geographical location information of the target to be protected. For example, if the target to be protected is in a specific country, the defense method will be selected considering the security measures of that country. If the target to be protected is in a specific city, the defense method will be selected considering the infrastructure of that city. If the target to be protected is in a specific region, the defense method will be selected considering the network characteristics of that region. In this way, the Blue Agent generation unit can select the optimal defense method by considering geographical location information.
[0045] The Blue Agent generation unit can analyze the social media activity of the target and select relevant defense methods. For example, the Blue Agent generation unit analyzes social media activity using a generation AI. This generation AI could be, but is not limited to, a text generation AI (e.g., LLM) or a multimodal generation AI. The Blue Agent generation unit analyzes the social media activity of the target and selects relevant defense methods. For example, it can select a defense method targeting a specific vulnerability from the social media activity of the target. It can select a defense method to perform during a specific time period from the social media activity of the target. It can select a defense method to perform in conjunction with a specific event from the social media activity of the target. In this way, the Blue Agent generation unit can select the optimal defense method by analyzing social media activity.
[0046] The Purple agent generation unit can select the optimal management method by referring to past management data. For example, the Purple agent generation unit analyzes past management data using a generation AI. This generation AI could be, for example, a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to these examples. The Purple agent generation unit selects the optimal management method by referring to past management data. For example, it analyzes past management data and selects a management method with a high success rate. It selects an effective management method for a specific system from past management data. It optimizes the timing and methods of management based on past management data. Thus, the Purple agent generation unit can select the optimal management method by referring to past management data.
[0047] The Purple agent generation unit can apply different management algorithms depending on the characteristics of the managed system. For example, the Purple agent generation unit analyzes the characteristics of the managed system using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Purple agent generation unit applies different management algorithms depending on the characteristics of the managed system. For example, if the managed system is Windows, it applies a management algorithm targeting a specific vulnerability. If the managed system is Linux, it applies a management algorithm targeting a specific vulnerability. If the managed system is in a cloud environment, it applies a management algorithm targeting a specific vulnerability. This allows the Purple agent generation unit to effectively manage systems by applying management algorithms according to their characteristics.
[0048] The Purple Agent Generation Unit can select a management method considering the geographical location information of the managed object. For example, the Purple Agent Generation Unit analyzes geographical location information using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Purple Agent Generation Unit selects a management method considering the geographical location information of the managed object. For example, if the managed object is located in a specific country, the management method is selected considering the security measures of that country. If the managed object is located in a specific city, the management method is selected considering the infrastructure of that city. If the managed object is located in a specific region, the management method is selected considering the network characteristics of that region. In this way, the Purple Agent Generation Unit can select the optimal management method by considering geographical location information.
[0049] The Purple Agent Generation Unit can analyze the social media activity being managed and select relevant management methods. For example, the Purple Agent Generation Unit analyzes social media activity using generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Purple Agent Generation Unit analyzes the social media activity being managed and selects relevant management methods. For example, it can select management methods targeting specific vulnerabilities from the social media activity being managed. It can select management methods to be performed during specific time periods from the social media activity being managed. It can select management methods to be performed in accordance with specific events from the social media activity being managed. In this way, the Purple Agent Generation Unit can select the optimal management method by analyzing social media activity.
[0050] Local LLMs can optimize their learning algorithms by referencing past training data. For example, a local LLM might analyze past training data using a generative AI. Generative AIs could be, but are not limited to, text generation AIs (e.g., LLMs) or multimodal generation AIs. A local LLM selects the optimal learning algorithm by referencing past training data. For example, it might analyze past training data to select the optimal learning algorithm. It might select a learning algorithm effective for a specific field from past training data. It might optimize the timing and methods of learning based on past training data. Thus, a local LLM can select the optimal learning algorithm by referencing past training data.
[0051] Local LLMs can update their learning models by incorporating new security-related information. For example, a local LLM can use generative AI to collect new information and update its learning model. Generative AIs include, but are not limited to, text generation AI (e.g., LLMs) and multimodal generation AIs. Local LLMs can update their learning models by incorporating new security-related information. For example, they can update their learning models by incorporating the latest security threat information, new vulnerability information, and the latest security countermeasures information. This allows local LLMs to implement the latest security measures by incorporating new information.
[0052] Local LLMs can select training data considering the geographical location of the target of learning. Local LLMs analyze geographical location information using, for example, generative AI. Generative AIs include, but are not limited to, text generation AI (e.g., LLM) and multimodal generation AI. Local LLMs select training data considering the geographical location of the target of learning. For example, if the target of learning is in a specific country, the training data is selected considering the security measures of that country. If the target of learning is in a specific city, the training data is selected considering the infrastructure of that city. If the target of learning is in a specific region, the training data is selected considering the network characteristics of that region. In this way, local LLMs can select optimal training data by considering geographical location information.
[0053] A local LLM can analyze social media activity to be trained and select relevant training data. For example, a local LLM can analyze social media activity using generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The local LLM analyzes social media activity to be trained and selects relevant training data. For example, it can select training data targeting specific vulnerabilities from the social media activity to be trained. It can select data to be trained during specific time periods from the social media activity to be trained. It can select data to be trained in conjunction with specific events from the social media activity to be trained. In this way, a local LLM can select optimal training data by analyzing social media activity.
[0054] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.
[0055] The Red Agent generation unit can apply different attack algorithms depending on the characteristics of the target system. For example, if the target system is Windows, it applies an attack algorithm targeting a specific vulnerability. If the target system is Linux, it applies an attack algorithm targeting a specific vulnerability. If the target system is in a cloud environment, it applies an attack algorithm targeting a specific vulnerability. In this way, the Red Agent generation unit can perform effective attacks by applying attack algorithms according to the characteristics of the system.
[0056] The Purple agent generation unit can select the optimal management method by referring to past management data. For example, it can analyze past management data and select management methods with a high success rate. It can select effective management methods for a specific system from past management data. It can optimize the timing and methods of management based on past management data. In this way, the Purple agent generation unit can select the optimal management method by referring to past management data.
[0057] The Red Agent generation unit can select an attack method by considering the geographical location of the target. For example, if the target is in a specific country, the attack method will be selected considering the security measures of that country. If the target is in a specific city, the attack method will be selected considering the infrastructure of that city. If the target is in a specific region, the attack method will be selected considering the network characteristics of that region. In this way, the Red Agent generation unit can select the optimal attack method by considering geographical location information.
[0058] The Blue Agent generation unit can select the optimal defense method by referring to past defense data. For example, it can analyze past defense data and select defense methods with a high success rate. It can select effective defense methods for a specific system from past defense data. It can optimize the timing and methods of defense based on past defense data. In this way, the Blue Agent generation unit can select the optimal defense method by referring to past defense data.
[0059] Local LLMs can update their learning models by incorporating new security-related information. For example, they can update their learning models by incorporating the latest security threat information, new vulnerability information, and the latest security countermeasures information. This allows local LLMs to implement the latest security measures by incorporating new information.
[0060] The Blue Agent generation unit can analyze the social media activity of the target and select relevant defense methods. For example, it can select defense methods that target specific vulnerabilities from the social media activity of the target. It can select defense methods that are performed during specific time periods from the social media activity of the target. It can select defense methods that are performed in conjunction with specific events from the social media activity of the target. In this way, the Blue Agent generation unit can select the optimal defense method by analyzing social media activity.
[0061] The following briefly describes the processing flow for example form 1.
[0062] Step 1: The Red Agent Generation Unit generates attacking Red Agents. The Red Agent Generation Unit generates Red Agents using a Generation AI. The Generation AI can be a text generation AI (e.g., LLM) or a multimodal generation AI. Information about the attack is input to the Generation AI, and an attack-specific Red Agent is generated. Step 2: The Blue Agent Generation Unit generates Blue Agents for defense. The Blue Agent Generation Unit generates Blue Agents using a generation AI. The generation AI can be a text generation AI (e.g., LLM) or a multimodal generation AI. Information related to defense is input into the generation AI to generate Blue Agents specialized for defense. Step 3: The Purple Agent Generation Unit generates Purple Agents to manage Red Agents and Blue Agents. The Purple Agent Generation Unit generates Purple Agents using a generation AI. The generation AI can be a text generation AI (e.g., LLM) or a multimodal generation AI. Information related to management is input into the generation AI to generate a Purple Agent specialized for management.
[0063] (Example of form 2) The system according to an embodiment of the present invention proposes a two-tiered model using multiple agents, generating a Red agent for attack, a Blue agent for defense, and a Purple agent for managing them, thereby realizing the construction of a robust in-house system. This system devises a security-focused multi-agent model by independently constructing a local LLM (generative AI) and training it with secure information such as the system's source code. For example, a two-tiered model using multiple agents is proposed. The Red agent performs attacks, the Blue agent performs defense, and the Purple agent manages them. This strengthens the security of the in-house system from both attack and defense perspectives. Next, a local LLM (generative AI) is independently constructed. Fine-tuning is performed based on an OSS LLM trained in the in-house secure environment to create a unique model specialized for security. This realizes a security-focused multi-agent model. Specifically, it consists of the following steps. First, the Red agent selects an attack-focused tool and executes the attack. Next, the Blue agent selects a defense-focused tool and executes the defense. The Purple agent manages these agents and monitors the overall security. Furthermore, by utilizing the local LLM, advanced security measures can be realized. For example, by training the system with secure information such as source code and vulnerability identifier lists, a security-focused multi-agent model can be built. This mechanism strengthens the security of internal systems from both offensive and defensive perspectives, reducing the risk of security incidents. Furthermore, by utilizing local LLM, it becomes possible to incorporate the latest security information and always implement the most up-to-date security measures. As a result, the system can strengthen the security of internal systems from both offensive and defensive perspectives, reducing the risk of security incidents.
[0064] The system according to this embodiment comprises a Red Agent Generation Unit, a Blue Agent Generation Unit, and a Purple Agent Generation Unit. The Red Agent Generation Unit generates Red Agents that perform attacks. The Red Agent Generation Unit generates Red Agents using, for example, a Generation AI. The Generation AI is, for example, a Text Generation AI (e.g., LLM) or a Multimodal Generation AI, but is not limited to such examples. The Red Agent Generation Unit inputs attack-related information into the Generation AI and generates Red Agents specialized for attacks. The Blue Agent Generation Unit generates Blue Agents that perform defenses. The Blue Agent Generation Unit generates Blue Agents using, for example, a Generation AI. The Generation AI is, for example, a Text Generation AI (e.g., LLM) or a Multimodal Generation AI, but is not limited to such examples. The Blue Agent Generation Unit inputs defense-related information into the Generation AI and generates Blue Agents specialized for defense. The Purple Agent Generation Unit generates Purple Agents that manage the Red Agents and Blue Agents. The Purple Agent Generation Unit generates Purple Agents using, for example, a Generation AI. The Generation AI is, for example, a Text Generation AI (e.g., LLM) or a Multimodal Generation AI, but is not limited to such examples. The Purple Agent Generation Unit inputs management-related information into the generation AI and generates a Purple agent specialized for management. As a result, the system according to this embodiment can generate attack, defense, and management agents, enabling the construction of a robust internal system.
[0065] The Red Agent Generation Unit generates Red agents to perform attacks. The Red Agent Generation Unit generates Red agents using, for example, a generation AI. The generation AI may be, but is not limited to, a text generation AI (e.g., LLM) or a multimodal generation AI. The Red Agent Generation Unit inputs attack-related information into the generation AI to generate attack-specific Red agents. Specifically, the Red Agent Generation Unit provides the generation AI with detailed data on attack scenarios and attack methods. For example, it inputs information on attack methods such as phishing attacks, malware deployment, and network intrusion. Based on this information, the generation AI generates the optimal Red agent according to the attack objective, method, and target. The generated Red agents can execute attacks in a simulated environment to verify system vulnerabilities. Furthermore, the Red Agent Generation Unit evaluates the performance of the generated Red agents and provides feedback to the generation AI as needed. This allows for continuous improvement of the accuracy and effectiveness of the Red agents. To ensure diversity in attack scenarios, the Red Agent Generation Unit can generate agents for different attack methods and targets. This enables a comprehensive security assessment of the entire system.
[0066] The Blue Agent Generation Unit generates Blue agents for defense. The Blue Agent Generation Unit generates Blue agents using, for example, a generation AI. The generation AI may be, but is not limited to, a text generation AI (e.g., LLM) or a multimodal generation AI. The Blue Agent Generation Unit inputs defense-related information into the generation AI to generate defense-specific Blue agents. Specifically, the Blue Agent Generation Unit provides the generation AI with detailed data on defense strategies and methods. For example, it inputs information on defense methods such as firewall settings, intrusion detection system construction, and data encryption methods. Based on this information, the generation AI generates the optimal Blue agent according to the defense objective, method, and target. The generated Blue agent can be used to perform defense in a simulation environment and verify the system's defense capabilities. Furthermore, the Blue Agent Generation Unit evaluates the performance of the generated Blue agent and provides feedback to the generation AI as needed. This allows for continuous improvement of the accuracy and effectiveness of the Blue agent. To ensure diversity in defense scenarios, the Blue Agent Generation Unit can generate agents for different defense methods and targets. This enables comprehensive enhancement of the overall system security.
[0067] The Purple Agent Generation Unit generates Purple agents to manage Red and Blue agents. The Purple Agent Generation Unit generates Purple agents using, for example, a Generative AI. The Generative AI may be, but is not limited to, a Text Generating AI (e.g., LLM) or a Multimodal Generating AI. The Purple Agent Generation Unit inputs management information into the Generative AI to generate management-specific Purple agents. Specifically, the Purple Agent Generation Unit provides the Generative AI with detailed data to monitor and adjust the activities of Red and Blue agents. For example, it inputs management information such as attack and defense scenarios, communication protocols between agents, and resource allocation. Based on this information, the Generative AI generates Purple agents with optimal management strategies. The generated Purple agents monitor the activities of Red and Blue agents in real time and make adjustments as needed. Furthermore, the Purple Agent Generation Unit evaluates the performance of the generated Purple agents and provides feedback to the Generative AI as needed. This allows for continuous improvement of the accuracy and effectiveness of the Purple agents. To ensure diversity in management scenarios, the Purple Agent Generation Unit can generate agents for different management methods and targets. This makes it possible to comprehensively manage the security of the entire system.
[0068] The system further includes a learning unit that independently constructs a local LLM and learns secure information. The learning unit constructs the local LLM using, for example, a generative AI. The generative AI is, for example, a text generation AI (e.g., an LLM) or a multimodal generation AI, but is not limited to these examples. The learning unit inputs secure information into the generative AI and constructs a security-specific local LLM. The secure information includes, for example, the system's source code or a list of vulnerability identifiers, but is not limited to these examples. By learning secure information, the learning unit realizes a security-specific multi-agent model. Thus, the system can realize a security-specific multi-agent model by learning secure information.
[0069] The Red Agent can select and execute attack-specific tools. For example, the Red Agent can execute attacks using malware, phishing tools, or DDoS attack tools. This allows the Red Agent to perform effective attacks by selecting attack-specific tools.
[0070] The Blue Agent can select and execute defense-specific tools. For example, the Blue Agent can use a firewall, antivirus software, or intrusion detection systems. This allows the Blue Agent to provide effective defense by selecting defense-specific tools.
[0071] The Purple agent can manage the Red and Blue agents and monitor overall security. For example, the Purple agent can manage the Red and Blue agents and monitor overall security. For example, the Purple agent can monitor overall security using system administration tools. For example, the Purple agent can monitor overall security using resource management tools. For example, the Purple agent can monitor overall security using network monitoring tools. Thus, the Purple agent can monitor overall security by managing the Red and Blue agents.
[0072] Local LLM can create a unique security-focused model by performing fine-tuning on an open-source LLM trained in a secure internal environment. Local LLM performs fine-tuning using, for example, generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. Local LLM inputs security-related information into the generative AI and performs fine-tuning. Fine-tuning may include, but is not limited to, security threat information or vulnerability information. As a result, Local LLM can create a unique security-focused model by performing fine-tuning.
[0073] The Red Agent generation unit can estimate the user's emotions and adjust the Red Agent's attack methods based on the estimated emotions. The Red Agent generation unit estimates the user's emotions using, for example, an emotion estimation algorithm. This emotion estimation algorithm could be, but is not limited to, facial recognition, speech analysis, or text analysis. Based on the estimated emotions, the Red Agent generation unit adjusts the Red Agent's attack methods. For example, if the user is stressed, the Red Agent selects a fast and effective attack method. If the user is relaxed, the Red Agent selects a careful and planned attack method. If the user is excited, the Red Agent selects a bold and aggressive attack method. This allows the Red Agent generation unit to perform more effective attacks by adjusting its attack methods based on the user's emotions. Emotion estimation is achieved using, for example, an emotion engine or generative AI. Generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0074] The Red Agent generation unit can select the optimal attack method by referring to past attack data. For example, the Red Agent generation unit analyzes past attack data using a generation AI. This generation AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit selects the optimal attack method by referring to past attack data. For example, it analyzes past attack data and selects attack methods with a high success rate. It selects an effective attack method for a specific system from past attack data. It optimizes the timing and method of attacks based on past attack data. Thus, the Red Agent generation unit can select the optimal attack method by referring to past attack data.
[0075] The Red Agent generation unit can apply different attack algorithms depending on the characteristics of the target system. For example, the Red Agent generation unit analyzes the characteristics of the target system using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit applies different attack algorithms depending on the characteristics of the target system. For example, if the target system is Windows, it applies an attack algorithm targeting a specific vulnerability. If the target system is Linux, it applies an attack algorithm targeting a specific vulnerability. If the target system is in a cloud environment, it applies an attack algorithm targeting a specific vulnerability. In this way, the Red Agent generation unit can perform effective attacks by applying attack algorithms according to the characteristics of the system.
[0076] The Red Agent generation unit can estimate the user's emotions and adjust the timing of the Red Agent's attacks based on the estimated emotions. The Red Agent generation unit estimates the user's emotions using, for example, an emotion estimation algorithm. This emotion estimation algorithm could be, but is not limited to, facial recognition, speech analysis, or text analysis. Based on the estimated emotions, the Red Agent generation unit adjusts the timing of the Red Agent's attacks. For example, if the user is tense, the Red Agent will launch a rapid attack. If the user is relaxed, the Red Agent will carefully select the timing of its attack. If the user is excited, the Red Agent will launch an aggressive attack. This allows the Red Agent generation unit to launch more effective attacks by adjusting the timing of its attacks based on the user's emotions. Emotion estimation is achieved using, for example, an emotion engine or generative AI. Generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0077] The Red Agent generation unit can select an attack method by considering the geographical location of the target. The Red Agent generation unit analyzes geographical location information using, for example, a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit selects an attack method by considering the geographical location of the target. For example, if the target is in a specific country, the attack method is selected considering the security measures of that country. If the target is in a specific city, the attack method is selected considering the infrastructure of that city. If the target is in a specific region, the attack method is selected considering the network characteristics of that region. In this way, the Red Agent generation unit can select the optimal attack method by considering geographical location information.
[0078] The Red Agent generation unit can analyze the social media activity of a target and select relevant attack methods. For example, the Red Agent generation unit analyzes social media activity using a generative AI. This generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Red Agent generation unit analyzes the social media activity of a target and selects relevant attack methods. For example, it can select an attack method targeting a specific vulnerability from the target's social media activity. It can also select an attack method to be carried out during a specific time period from the target's social media activity. Furthermore, it can select an attack method to be carried out in conjunction with a specific event from the target's social media activity. In this way, the Red Agent generation unit can select the optimal attack method by analyzing social media activity.
[0079] The Blue Agent generation unit can estimate the user's emotions and adjust the Blue Agent's defense methods based on the estimated user emotions. The Blue Agent generation unit estimates the user's emotions using, for example, an emotion estimation algorithm. This emotion estimation algorithm could be, but is not limited to, facial recognition, speech analysis, or text analysis. Based on the estimated user emotions, the Blue Agent generation unit adjusts the Blue Agent's defense methods. For example, if the user is stressed, the Blue Agent selects a quick and effective defense method. If the user is relaxed, the Blue Agent selects a careful and planned defense method. If the user is excited, the Blue Agent selects a bold and aggressive defense method. This allows the Blue Agent generation unit to provide more effective defense by adjusting its defense methods based on the user's emotions. Emotion estimation is achieved using, for example, an emotion engine or generative AI. Generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0080] The Blue Agent generation unit can select the optimal defense method by referring to past defense data. For example, the Blue Agent generation unit analyzes past defense data using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Blue Agent generation unit selects the optimal defense method by referring to past defense data. For example, it analyzes past defense data and selects a defense method with a high success rate. It selects an effective defense method for a specific system from past defense data. It optimizes the timing and method of defense based on past defense data. Thus, the Blue Agent generation unit can select the optimal defense method by referring to past defense data.
[0081] The Blue Agent generation unit can apply different defense algorithms depending on the characteristics of the system being protected. For example, the Blue Agent generation unit analyzes the characteristics of the system being protected using a generation AI. This generation AI could be, for example, a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to these examples. The Blue Agent generation unit applies different defense algorithms depending on the characteristics of the system being protected. For example, if the system being protected is Windows, it applies a defense algorithm targeting a specific vulnerability. If the system being protected is Linux, it applies a defense algorithm targeting a specific vulnerability. If the system being protected is in a cloud environment, it applies a defense algorithm targeting a specific vulnerability. This allows the Blue Agent generation unit to apply a defense algorithm according to the characteristics of the system, enabling effective protection.
[0082] The Blue Agent generation unit can estimate the user's emotions and adjust the Blue Agent's defense timing based on the estimated user emotions. The Blue Agent generation unit estimates the user's emotions using, for example, an emotion estimation algorithm. The emotion estimation algorithm is, for example, facial recognition, speech analysis, or text analysis, but is not limited to these examples. The Blue Agent generation unit adjusts the Blue Agent's defense timing based on the estimated user emotions. For example, if the user is tense, the Blue Agent will start defense quickly. If the user is relaxed, the Blue Agent will carefully select the timing of defense. If the user is excited, the Blue Agent will start defense aggressively. In this way, the Blue Agent generation unit can perform more effective defense by adjusting the defense timing based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, an emotion engine or a generative AI. The generative AI is, for example, a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to these examples.
[0083] The Blue Agent generation unit can select a defense method by considering the geographical location information of the target to be protected. The Blue Agent generation unit analyzes geographical location information using, for example, a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Blue Agent generation unit selects a defense method by considering the geographical location information of the target to be protected. For example, if the target to be protected is in a specific country, the defense method will be selected considering the security measures of that country. If the target to be protected is in a specific city, the defense method will be selected considering the infrastructure of that city. If the target to be protected is in a specific region, the defense method will be selected considering the network characteristics of that region. In this way, the Blue Agent generation unit can select the optimal defense method by considering geographical location information.
[0084] The Blue Agent generation unit can analyze the social media activity of the target and select relevant defense methods. For example, the Blue Agent generation unit analyzes social media activity using a generation AI. This generation AI could be, but is not limited to, a text generation AI (e.g., LLM) or a multimodal generation AI. The Blue Agent generation unit analyzes the social media activity of the target and selects relevant defense methods. For example, it can select a defense method targeting a specific vulnerability from the social media activity of the target. It can select a defense method to perform during a specific time period from the social media activity of the target. It can select a defense method to perform in conjunction with a specific event from the social media activity of the target. In this way, the Blue Agent generation unit can select the optimal defense method by analyzing social media activity.
[0085] The Purple Agent generation unit can estimate the user's emotions and adjust the Purple Agent's management method based on the estimated user emotions. The Purple Agent generation unit estimates the user's emotions using, for example, an emotion estimation algorithm. This emotion estimation algorithm could be, but is not limited to, facial recognition, speech analysis, or text analysis. Based on the estimated user emotions, the Purple Agent generation unit adjusts the Purple Agent's management method. For example, if the user is stressed, the Purple Agent selects a quick and effective management method. If the user is relaxed, the Purple Agent selects a careful and planned management method. If the user is excited, the Purple Agent selects a bold and aggressive management method. This allows the Purple Agent generation unit to provide more effective management by adjusting the management method based on the user's emotions. Emotion estimation is achieved using, for example, an emotion engine or generative AI. Generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0086] The Purple agent generation unit can select the optimal management method by referring to past management data. For example, the Purple agent generation unit analyzes past management data using a generation AI. This generation AI could be, for example, a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to these examples. The Purple agent generation unit selects the optimal management method by referring to past management data. For example, it analyzes past management data and selects a management method with a high success rate. It selects an effective management method for a specific system from past management data. It optimizes the timing and methods of management based on past management data. Thus, the Purple agent generation unit can select the optimal management method by referring to past management data.
[0087] The Purple agent generation unit can apply different management algorithms depending on the characteristics of the managed system. For example, the Purple agent generation unit analyzes the characteristics of the managed system using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Purple agent generation unit applies different management algorithms depending on the characteristics of the managed system. For example, if the managed system is Windows, it applies a management algorithm targeting a specific vulnerability. If the managed system is Linux, it applies a management algorithm targeting a specific vulnerability. If the managed system is in a cloud environment, it applies a management algorithm targeting a specific vulnerability. This allows the Purple agent generation unit to effectively manage systems by applying management algorithms according to their characteristics.
[0088] The Purple Agent generation unit can estimate the user's emotions and adjust the timing of the Purple Agent's management based on the estimated emotions. The Purple Agent generation unit estimates the user's emotions using, for example, an emotion estimation algorithm. The emotion estimation algorithm is, for example, facial recognition, speech analysis, or text analysis, but is not limited to these examples. The Purple Agent generation unit adjusts the timing of the Purple Agent's management based on the estimated emotions of the user. For example, if the user is tense, the Purple Agent will start managing quickly. If the user is relaxed, the Purple Agent will carefully select the timing of management. If the user is excited, the Purple Agent will start managing proactively. In this way, the Purple Agent generation unit can provide more effective management by adjusting the timing of management based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, an emotion engine or a generative AI. The generative AI is, for example, a text generation AI (e.g., LLM) or a multimodal generation AI, but is not limited to these examples.
[0089] The Purple Agent Generation Unit can select a management method considering the geographical location information of the managed object. For example, the Purple Agent Generation Unit analyzes geographical location information using a generation AI. The generation AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Purple Agent Generation Unit selects a management method considering the geographical location information of the managed object. For example, if the managed object is located in a specific country, the management method is selected considering the security measures of that country. If the managed object is located in a specific city, the management method is selected considering the infrastructure of that city. If the managed object is located in a specific region, the management method is selected considering the network characteristics of that region. In this way, the Purple Agent Generation Unit can select the optimal management method by considering geographical location information.
[0090] The Purple Agent Generation Unit can analyze the social media activity being managed and select relevant management methods. For example, the Purple Agent Generation Unit analyzes social media activity using generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The Purple Agent Generation Unit analyzes the social media activity being managed and selects relevant management methods. For example, it can select management methods targeting specific vulnerabilities from the social media activity being managed. It can select management methods to be performed during specific time periods from the social media activity being managed. It can select management methods to be performed in accordance with specific events from the social media activity being managed. In this way, the Purple Agent Generation Unit can select the optimal management method by analyzing social media activity.
[0091] A local LLM can estimate a user's emotions and select training data based on those estimated emotions. For example, a local LLM might estimate a user's emotions using an emotion estimation algorithm. These algorithms could include, but are not limited to, facial recognition, speech analysis, or text analysis. Based on the estimated emotions, the local LLM selects training data. For example, if a user is stressed, the local LLM selects simple and easy-to-understand training data. If a user is relaxed, the local LLM selects detailed and in-depth training data. If a user is excited, the local LLM selects visually stimulating training data. This allows the local LLM to learn more effectively by selecting training data based on user emotions. Emotion estimation can be achieved using emotion estimation functions, such as an emotion engine or generative AI. Generative AI could include, but is not limited to, text generation AI (e.g., an LLM) or multimodal generation AI.
[0092] Local LLMs can optimize their learning algorithms by referencing past training data. For example, a local LLM might analyze past training data using a generative AI. Generative AIs could be, but are not limited to, text generation AIs (e.g., LLMs) or multimodal generation AIs. A local LLM selects the optimal learning algorithm by referencing past training data. For example, it might analyze past training data to select the optimal learning algorithm. It might select a learning algorithm effective for a specific field from past training data. It might optimize the timing and methods of learning based on past training data. Thus, a local LLM can select the optimal learning algorithm by referencing past training data.
[0093] Local LLMs can update their learning models by incorporating new security-related information. For example, a local LLM can use generative AI to collect new information and update its learning model. Generative AIs include, but are not limited to, text generation AI (e.g., LLMs) and multimodal generation AIs. Local LLMs can update their learning models by incorporating new security-related information. For example, they can update their learning models by incorporating the latest security threat information, new vulnerability information, and the latest security countermeasures information. This allows local LLMs to implement the latest security measures by incorporating new information.
[0094] A local LLM can estimate a user's emotions and adjust the learning frequency based on the estimated emotions. For example, a local LLM estimates a user's emotions using an emotion estimation algorithm. This algorithm could be, but is not limited to, facial recognition, speech analysis, or text analysis. Based on the estimated emotions, the local LLM adjusts the learning frequency. For example, if the user is nervous, the local LLM increases the learning frequency to accelerate learning. If the user is relaxed, the local LLM decreases the learning frequency to slow down learning. If the user is excited, the local LLM adjusts the learning frequency to learn efficiently. This allows the local LLM to learn more effectively by adjusting the learning frequency based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI could be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0095] Local LLMs can select training data considering the geographical location of the target of learning. Local LLMs analyze geographical location information using, for example, generative AI. Generative AIs include, but are not limited to, text generation AI (e.g., LLM) and multimodal generation AI. Local LLMs select training data considering the geographical location of the target of learning. For example, if the target of learning is in a specific country, the training data is selected considering the security measures of that country. If the target of learning is in a specific city, the training data is selected considering the infrastructure of that city. If the target of learning is in a specific region, the training data is selected considering the network characteristics of that region. In this way, local LLMs can select optimal training data by considering geographical location information.
[0096] A local LLM can analyze social media activity to be trained and select relevant training data. For example, a local LLM can analyze social media activity using generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI. The local LLM analyzes social media activity to be trained and selects relevant training data. For example, it can select training data targeting specific vulnerabilities from the social media activity to be trained. It can select data to be trained during specific time periods from the social media activity to be trained. It can select data to be trained in conjunction with specific events from the social media activity to be trained. In this way, a local LLM can select optimal training data by analyzing social media activity.
[0097] The system according to the embodiment is not limited to the example described above, and various modifications are possible, for example, as follows.
[0098] The Red Agent generation unit can apply different attack algorithms depending on the characteristics of the target system. For example, if the target system is Windows, it applies an attack algorithm targeting a specific vulnerability. If the target system is Linux, it applies an attack algorithm targeting a specific vulnerability. If the target system is in a cloud environment, it applies an attack algorithm targeting a specific vulnerability. In this way, the Red Agent generation unit can perform effective attacks by applying attack algorithms according to the characteristics of the system.
[0099] The Blue Agent generation unit can estimate the user's emotions and adjust the Blue Agent's defense methods based on the estimated emotions. For example, if the user is stressed, the Blue Agent will select a quick and effective defense method. If the user is relaxed, the Blue Agent will select a careful and planned defense method. If the user is excited, the Blue Agent will select a bold and aggressive defense method. In this way, the Blue Agent generation unit can provide more effective defense by adjusting the defense method based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0100] The Purple agent generation unit can select the optimal management method by referring to past management data. For example, it can analyze past management data and select management methods with a high success rate. It can select effective management methods for a specific system from past management data. It can optimize the timing and methods of management based on past management data. In this way, the Purple agent generation unit can select the optimal management method by referring to past management data.
[0101] A local LLM can estimate a user's emotions and select training data based on those emotions. For example, if a user is stressed, the local LLM will select simple and easy-to-understand training data. If a user is relaxed, the local LLM will select detailed and in-depth training data. If a user is excited, the local LLM will select visually stimulating training data. This allows the local LLM to learn more effectively by selecting training data based on the user's emotions. Emotion estimation is achieved using emotion estimation functions, such as emotion engines or generative AI. Generative AI includes, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0102] The Red Agent generation unit can select an attack method by considering the geographical location of the target. For example, if the target is in a specific country, the attack method will be selected considering the security measures of that country. If the target is in a specific city, the attack method will be selected considering the infrastructure of that city. If the target is in a specific region, the attack method will be selected considering the network characteristics of that region. In this way, the Red Agent generation unit can select the optimal attack method by considering geographical location information.
[0103] The Blue Agent generation unit can select the optimal defense method by referring to past defense data. For example, it can analyze past defense data and select defense methods with a high success rate. It can select effective defense methods for a specific system from past defense data. It can optimize the timing and methods of defense based on past defense data. In this way, the Blue Agent generation unit can select the optimal defense method by referring to past defense data.
[0104] The Purple Agent generation unit can estimate the user's emotions and adjust its management approach based on those emotions. For example, if the user is stressed, the Purple Agent will select a quick and effective management approach. If the user is relaxed, the Purple Agent will select a careful and planned management approach. If the user is excited, the Purple Agent will select a bold and aggressive management approach. This allows the Purple Agent generation unit to provide more effective management by adjusting its approach based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, such as an emotion engine or generative AI. Generative AI may include, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0105] Local LLMs can update their learning models by incorporating new security-related information. For example, they can update their learning models by incorporating the latest security threat information, new vulnerability information, and the latest security countermeasures information. This allows local LLMs to implement the latest security measures by incorporating new information.
[0106] The Red Agent generation unit can estimate the user's emotions and adjust the timing of the Red Agent's attacks based on the estimated emotions. For example, if the user is tense, the Red Agent will launch an attack quickly. If the user is relaxed, the Red Agent will carefully select the timing of its attack. If the user is excited, the Red Agent will launch an attack aggressively. In this way, the Red Agent generation unit can launch more effective attacks by adjusting the timing of its attacks based on the user's emotions. Emotion estimation is achieved using an emotion estimation function, for example, using an emotion engine or generative AI. Generative AI may be, but is not limited to, text generation AI (e.g., LLM) or multimodal generation AI.
[0107] The Blue Agent generation unit can analyze the social media activity of the target and select relevant defense methods. For example, it can select defense methods that target specific vulnerabilities from the social media activity of the target. It can select defense methods that are performed during specific time periods from the social media activity of the target. It can select defense methods that are performed in conjunction with specific events from the social media activity of the target. In this way, the Blue Agent generation unit can select the optimal defense method by analyzing social media activity.
[0108] The following briefly describes the processing flow for example form 2.
[0109] Step 1: The Red Agent Generation Unit generates attacking Red Agents. The Red Agent Generation Unit generates Red Agents using a Generation AI. The Generation AI can be a text generation AI (e.g., LLM) or a multimodal generation AI. Information about the attack is input to the Generation AI, and an attack-specific Red Agent is generated. Step 2: The Blue Agent Generation Unit generates Blue Agents for defense. The Blue Agent Generation Unit generates Blue Agents using a generation AI. The generation AI can be a text generation AI (e.g., LLM) or a multimodal generation AI. Information related to defense is input into the generation AI to generate Blue Agents specialized for defense. Step 3: The Purple Agent Generation Unit generates Purple Agents to manage Red Agents and Blue Agents. The Purple Agent Generation Unit generates Purple Agents using a generation AI. The generation AI can be a text generation AI (e.g., LLM) or a multimodal generation AI. Information related to management is input into the generation AI to generate a Purple Agent specialized for management.
[0110] The specific processing unit 290 transmits the result of the specific processing to the smart device 14. In the smart device 14, the control unit 46A causes the output device 40 to output the result of the specific processing. The microphone 38B acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 38B to the data processing device 12. In the data processing device 12, the specific processing unit 290 acquires the audio data.
[0111] Data generation model 58 is a form of so-called generative AI (Artificial Intelligence). An example of data generation model 58 is ChatGPT (registered trademark) (Internet search).<URL: https: / / openai.com / blog / chatgpt> Examples of generative AI include text generation AI, image generation AI, and multimodal generation AI. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and with inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats from audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVMs), k-means clustering, convolutional neural networks (CNNs), recurrent neural networks (RNNs), generative adversarial networks (GANs), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each of the above parts is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example.Furthermore, processing performed by AI, including generative AI, may be replaced with rule-based processing, and rule-based processing may be replaced with processing performed by AI, including generative AI.
[0112] Furthermore, the processing performed by the data processing system 10 described above is carried out by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart device 14, but it may also be carried out by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart device 14. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart device 14 or an external device, and the smart device 14 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0113] Each of the multiple elements described above, including the Red agent generation unit, Blue agent generation unit, Purple agent generation unit, and learning unit, is implemented in at least one of the smart device 14 and the data processing unit 12. For example, the Red agent generation unit is implemented by the control unit 46A of the smart device 14 and generates attack-specialized Red agents using generated AI. The Blue agent generation unit is implemented by the specific processing unit 290 of the data processing unit 12 and generates defense-specialized Blue agents. The Purple agent generation unit is implemented by the control unit 46A of the smart device 14 and generates Purple agents that manage the Red and Blue agents. The learning unit is implemented by the specific processing unit 290 of the data processing unit 12 and builds a security-specialized local LLM by learning secure information. The correspondence between each unit and the device or control unit is not limited to the example described above and can be changed in various ways.
[0114] [Second Embodiment] Figure 3 shows an example of the configuration of the data processing system 210 according to the second embodiment.
[0115] As shown in Figure 3, the data processing system 210 includes a data processing device 12 and smart glasses 214. An example of the data processing device 12 is a server.
[0116] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0117] The smart glasses 214 include a computer 36, a microphone 238, a speaker 240, a camera 42, and a communication interface 44. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, and camera 42 are also connected to the bus 52.
[0118] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0119] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0120] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0121] Figure 4 shows an example of the main functions of the data processing device 12 and the smart glasses 214. As shown in Figure 4, the data processing device 12 performs specific processing by the processor 28. The storage 32 stores the specific processing program 56.
[0122] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0123] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0124] In the smart glasses 214, specific processing is performed by the processor 46. The storage 50 stores a specific processing program 60. The processor 46 reads the specific processing program 60 from the storage 50 and executes the read specific processing program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific processing program 60 executed on the RAM 48. The smart glasses 214 also have a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0125] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0126] The specific processing unit 290 transmits the result of the specific processing to the smart glasses 214. In the smart glasses 214, the control unit 46A causes the speaker 240 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0127] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0128] The data processing system 210 according to the second embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 210 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the smart glasses 214, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the smart glasses 214. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the smart glasses 214 or an external device, and the smart glasses 214 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0129] Each of the multiple elements described above, including the Red Agent Generation Unit, Blue Agent Generation Unit, Purple Agent Generation Unit, and Learning Unit, is implemented in at least one of the smart glasses 214 and the data processing unit 12. For example, the Red Agent Generation Unit is implemented by the control unit 46A of the smart glasses 214 and generates attack-specialized Red agents using a generation AI. The Blue Agent Generation Unit is implemented by the specific processing unit 290 of the data processing unit 12 and generates defense-specialized Blue agents. The Purple Agent Generation Unit is implemented by the control unit 46A of the smart glasses 214 and generates Purple agents that manage the Red and Blue agents. The Learning Unit is implemented by the specific processing unit 290 of the data processing unit 12 and builds a security-specialized local LLM by learning secure information. The correspondence between each unit and the device or control unit is not limited to the example described above and can be changed in various ways.
[0130] [Third Embodiment] Figure 5 shows an example of the configuration of the data processing system 310 according to the third embodiment.
[0131] As shown in Figure 5, the data processing system 310 includes a data processing device 12 and a headset terminal 314. An example of the data processing device 12 is a server.
[0132] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0133] The headset terminal 314 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a display 343. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and display 343 are also connected to the bus 52.
[0134] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0135] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS (Complementary Metal-Oxide-Semiconductor) image sensor or a CCD (Charge Coupled Device) image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0136] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0137] Figure 6 shows an example of the main functions of the data processing device 12 and the headset terminal 314. As shown in Figure 6, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0138] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0139] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0140] In the headset terminal 314, specific processing is performed by the processor 46. The storage 50 stores a specific program 60. The processor 46 reads the specific program 60 from the storage 50 and executes the read specific program 60 on the RAM 48. The specific processing is realized by the processor 46 acting as a control unit 46A according to the specific program 60 executed on the RAM 48. The headset terminal 314 also has a data generation model 58 and an emotion identification model 59, similar to the data generation model and emotion identification model 59, and can perform processing similar to that of the specific processing unit 290 using these models.
[0141] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0142] The specific processing unit 290 transmits the result of the specific processing to the headset terminal 314. In the headset terminal 314, the control unit 46A causes the speaker 240 and display 343 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0143] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0144] The data processing system 310 according to the third embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 310 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the headset terminal 314, but may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the headset terminal 314. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the headset terminal 314 or an external device, and the headset terminal 314 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0145] Each of the multiple elements described above, including the Red agent generation unit, Blue agent generation unit, Purple agent generation unit, and learning unit, is implemented in at least one of the headset terminal 314 and the data processing unit 12. For example, the Red agent generation unit is implemented by the control unit 46A of the headset terminal 314 and generates attack-specialized Red agents using a generation AI. The Blue agent generation unit is implemented by the specific processing unit 290 of the data processing unit 12 and generates defense-specialized Blue agents. The Purple agent generation unit is implemented by the control unit 46A of the headset terminal 314 and generates Purple agents that manage the Red and Blue agents. The learning unit is implemented by the specific processing unit 290 of the data processing unit 12 and builds a security-specialized local LLM by learning secure information. The correspondence between each unit and the device or control unit is not limited to the example described above and can be changed in various ways.
[0146] [Fourth Embodiment] Figure 7 shows an example of the configuration of the data processing system 410 according to the fourth embodiment.
[0147] As shown in Figure 7, the data processing system 410 includes a data processing device 12 and a robot 414. An example of the data processing device 12 is a server.
[0148] The data processing device 12 comprises a computer 22, a database 24, and a communication interface 26. The computer 22 comprises a processor 28, RAM 30, and storage 32. The processor 28, RAM 30, and storage 32 are connected to a bus 34. The database 24 and the communication interface 26 are also connected to the bus 34. The communication interface 26 is connected to a network 54. An example of the network 54 is a WAN and / or LAN.
[0149] The robot 414 includes a computer 36, a microphone 238, a speaker 240, a camera 42, a communication interface 44, and a controlled object 443. The computer 36 includes a processor 46, RAM 48, and storage 50. The processor 46, RAM 48, and storage 50 are connected to a bus 52. The microphone 238, speaker 240, camera 42, and controlled object 443 are also connected to the bus 52.
[0150] The microphone 238 receives voice signals from the user and accepts instructions from the user. The microphone 238 captures the voice signals from the user, converts the captured voice into audio data, and outputs it to the processor 46. The speaker 240 outputs audio according to the instructions from the processor 46.
[0151] Camera 42 is a small digital camera equipped with an optical system including a lens, aperture, and shutter, and an image sensor such as a CMOS image sensor or CCD image sensor, which captures images of the area around the user (for example, an imaging range defined by a field of view equivalent to the field of vision of a typical healthy person).
[0152] Communication interface 44 is connected to network 54. Communication interfaces 44 and 26 are responsible for the exchange of various information between processor 46 and processor 28 via network 54. The exchange of various information between processor 46 and processor 28 using communication interfaces 44 and 26 is performed in a secure manner.
[0153] The controlled object 443 includes a display device, LEDs in the eyes, and motors that drive the arms, hands, and feet. The posture and gestures of the robot 414 are controlled by controlling the motors of the arms, hands, and feet. Some of the robot 414's emotions can be expressed by controlling these motors. The robot 414's facial expressions can also be expressed by controlling the illumination state of the LEDs in its eyes.
[0154] Figure 8 shows an example of the main functions of the data processing device 12 and the robot 414. As shown in Figure 8, the data processing device 12 performs specific processing using the processor 28. The storage 32 stores the specific processing program 56.
[0155] The processor 28 reads a specific processing program 56 from the storage 32 and executes the read specific processing program 56 on the RAM 30. The specific processing is realized by the processor 28 acting as a specific processing unit 290 according to the specific processing program 56 executed on the RAM 30.
[0156] Storage 32 stores the data generation model 58 and the emotion identification model 59. The data generation model 58 and the emotion identification model 59 are used by the identification processing unit 290. The identification processing unit 290 can estimate the user's emotions using the emotion identification model 59 and perform identification processing using the user's emotions. The emotion estimation function (emotion identification function) using the emotion identification model 59 performs various estimations and predictions regarding the user's emotions, including but not limited to these examples. Furthermore, emotion estimation and prediction also include, for example, emotion analysis.
[0157] In robot 414, specific processing is performed by processor 46. A specific program 60 is stored in storage 50. Processor 46 reads the specific program 60 from storage 50 and executes it on RAM 48. The specific processing is achieved by processor 46 acting as a control unit 46A according to the specific program 60 executed on RAM 48. Robot 414 also has data generation model 58 and emotion identification model 59, similar to those of the robot, and can perform processing similar to that of the specific processing unit 290 using these models.
[0158] Furthermore, other devices besides the data processing device 12 may also have the data generation model 58. For example, a server device may have the data generation model 58. In this case, the data processing device 12 obtains processing results (such as prediction results) using the data generation model 58 by communicating with the server device that has the data generation model 58. Also, the data processing device 12 may be a server device or a terminal device owned by the user (for example, a mobile phone, robot, home appliance, etc.).
[0159] The specific processing unit 290 transmits the result of the specific processing to the robot 414. In the robot 414, the control unit 46A causes the speaker 240 and the controlled object 443 to output the result of the specific processing. The microphone 238 acquires audio indicating user input for the result of the specific processing. The control unit 46A transmits the audio data indicating user input acquired by the microphone 238 to the data processing unit 12. In the data processing unit 12, the specific processing unit 290 acquires the audio data.
[0160] The data generation model 58 is a so-called generative AI. An example of a data generation model 58 is a generative AI such as ChatGPT. The data generation model 58 is obtained by performing deep learning on a neural network. The data generation model 58 is input with prompts containing instructions, and inference data such as audio data representing speech, text data representing text, and image data representing images (e.g., still image data or video data). The data generation model 58 infers from the input inference data according to the instructions indicated by the prompts, and outputs the inference result in one or more data formats such as audio data, text data, and image data. The data generation model 58 includes, for example, text generation AI, image generation AI, and multimodal generation AI. Here, inference refers to, for example, analysis, classification, prediction, and / or summarization. The specific processing unit 290 performs the specific processing described above using the data generation model 58. The data generation model 58 may be a fine-tuned model that outputs inference results from prompts that do not contain instructions, in which case the data generation model 58 can output inference results from prompts that do not contain instructions. In the data processing device 12, etc., there are multiple types of data generation models 58, and the data generation model 58 includes AI other than generative AI. AI other than generative AI includes, for example, linear regression, logistic regression, decision trees, random forests, support vector machines (SVM), k-means clustering, convolutional neural networks (CNN), recurrent neural networks (RNN), generative adversarial networks (GAN), or naive Bayes, and can perform various processes, but is not limited to these examples. Also, the AI may be an AI agent. Furthermore, when the processing of each part described above is performed by the AI, the processing may be performed by the AI in part or in whole, but is not limited to this example. Also, processing performed by an AI including a generative AI may be replaced by rule-based processing, and rule-based processing may be replaced by processing performed by an AI including a generative AI.
[0161] The data processing system 410 according to the fourth embodiment performs the same processing as the data processing system 10 according to the first embodiment. The processing by the data processing system 410 is performed by the specific processing unit 290 of the data processing device 12 or the control unit 46A of the robot 414, but it may also be performed by the specific processing unit 290 of the data processing device 12 and the control unit 46A of the robot 414. In addition, the specific processing unit 290 of the data processing device 12 acquires or collects information necessary for processing from the robot 414 or an external device, and the robot 414 acquires or collects information necessary for processing from the data processing device 12 or an external device.
[0162] Each of the multiple elements described above, including the Red agent generation unit, Blue agent generation unit, Purple agent generation unit, and learning unit, is implemented in at least one of the following: the robot 414 and the data processing unit 12. For example, the Red agent generation unit is implemented by the control unit 46A of the robot 414 and generates attack-specialized Red agents using generated AI. The Blue agent generation unit is implemented by the specific processing unit 290 of the data processing unit 12 and generates defense-specialized Blue agents. The Purple agent generation unit is implemented by the control unit 46A of the robot 414 and generates Purple agents that manage the Red and Blue agents. The learning unit is implemented by the specific processing unit 290 of the data processing unit 12 and builds a security-specialized local LLM by learning secure information. The correspondence between each unit and the device or control unit is not limited to the example described above and can be changed in various ways.
[0163] Furthermore, the emotion identification model 59, acting as an emotion engine, may determine the user's emotion according to a specific mapping. Specifically, the emotion identification model 59 may determine the user's emotion according to a specific mapping, which is an emotion map (see Figure 9). Similarly, the emotion identification model 59 may also determine the robot's emotion, and the identification processing unit 290 may perform identification processing using the robot's emotion.
[0164] Figure 9 shows the emotion map 400, in which multiple emotions are mapped. In the emotion map 400, emotions are arranged in concentric circles radiating from the center. The closer to the center of the concentric circles, the more primitive the emotions are located. Further out of the concentric circles, emotions representing states and actions arising from mental states are located. Emotion is a concept that includes feelings and mental states. On the left side of the concentric circles, emotions that are generally generated from reactions occurring in the brain are located. On the right side of the concentric circles, emotions that are generally induced by situational judgment are located. Above and below the concentric circles, emotions that are generally generated from reactions occurring in the brain and induced by situational judgment are located. In addition, the emotion of "pleasure" is located on the upper side of the concentric circles, and the emotion of "displeasure" is located on the lower side. Thus, in the emotion map 400, multiple emotions are mapped based on the structure in which emotions arise, and emotions that are likely to occur simultaneously are mapped close together.
[0165] These emotions are distributed at the 3 o'clock position on the Emotion Map 400, and usually fluctuate between feelings of security and anxiety. In the right half of the Emotion Map 400, situational awareness takes precedence over internal feelings, resulting in a calm impression.
[0166] The inside of the Emotion Map 400 represents inner thoughts, while the outside represents actions. Therefore, the further you go from the outside of the Emotion Map 400, the more visible (expressed in actions) your emotions become.
[0167] Here, human emotions are based on various balances, such as posture and blood sugar levels. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. Similarly, in robots, cars, and motorcycles, emotions can be created based on various balances, such as posture and battery level. When these balances deviate from the ideal, it results in discomfort, and when they approach the ideal, it results in pleasure. The emotion map can be generated based, for example, on Dr. Mitsuyoshi's emotion map (Research on a system for analyzing brain physiological signals of speech emotion recognition and emotion, Tokushima University, doctoral dissertation: https: / / ci.nii.ac.jp / naid / 500000375379). The left half of the emotion map contains emotions belonging to a region called "response," where sensation is dominant. The right half of the emotion map contains emotions belonging to a region called "situation," where situational awareness is dominant.
[0168] The emotion map defines two emotions that promote learning. One is the emotion around the middle of the negative "repentance" and "reflection" on the situation side. In other words, it is when the robot experiences negative emotions such as "I never want to feel this way again" or "I don't want to be scolded again." The other is the emotion around the positive "desire" on the reaction side. In other words, it is when the robot has positive feelings such as "I want more" or "I want to know more."
[0169] The emotion identification model 59 inputs user input into a pre-trained neural network, obtains emotion values representing each emotion shown in the emotion map 400, and determines the user's emotion. This neural network is pre-trained based on multiple training data sets, which are combinations of user input and emotion values representing each emotion shown in the emotion map 400. Furthermore, this neural network is trained so that emotions located close together have similar values, as shown in the emotion map 900 in Figure 10. Figure 10 shows an example where multiple emotions such as "reassured," "calm," and "confident" have similar emotion values.
[0170] In the above embodiment, an example was given in which a specific process is performed by a single computer 22. However, the technology of this disclosure is not limited thereto, and a distributed processing method for the specific process may be used, which includes computer 22 and multiple other computers.
[0171] In the above embodiment, an example was given in which the specific processing program 56 is stored in the storage 32, but the technology of this disclosure is not limited thereto. For example, the specific processing program 56 may be stored in a portable, computer-readable, non-temporary storage medium such as a USB (Universal Serial Bus) memory. The specific processing program 56 stored in the non-temporary storage medium is installed in the computer 22 of the data processing device 12. The processor 28 executes specific processing according to the specific processing program 56.
[0172] Alternatively, the specific processing program 56 may be stored in a storage device such as a server connected to the data processing device 12 via the network 54, and the specific processing program 56 may be downloaded and installed on the computer 22 in response to a request from the data processing device 12.
[0173] Furthermore, it is not necessary to store the entirety of the specific processing program 56 in a storage device such as a server connected to the data processing device 12 via the network 54, or to store the entirety of the specific processing program 56 in the storage 32; it is acceptable to store only a portion of the specific processing program 56.
[0174] The following types of processors can be used as hardware resources to perform specific processing. Examples of processors include a CPU, a general-purpose processor that functions as a hardware resource to perform specific processing by executing software, i.e., a program. Other examples of processors include dedicated electrical circuits, such as FPGAs (Field-Programmable Gate Arrays), PLDs (Programmable Logic Devices), or ASICs (Application Specific Integrated Circuits), which have circuit configurations specifically designed to perform specific processing. All of these processors have built-in or connected memory, and all of them perform specific processing by using memory.
[0175] The hardware resource that performs a specific process may consist of one of these various processors, or it may consist of a combination of two or more processors of the same or different types (for example, a combination of multiple FPGAs, or a combination of a CPU and an FPGA). Alternatively, the hardware resource that performs a specific process may consist of a single processor.
[0176] Examples of configurations using a single processor include, firstly, a configuration in which one or more CPUs and software are combined to form a single processor, and this processor functions as a hardware resource that performs a specific process. Secondly, there is a configuration using a processor that realizes the functions of the entire system, including multiple hardware resources that perform a specific process, on a single IC chip, as exemplified by SoCs (System-on-a-chip). In this way, a specific process is realized using one or more of the above types of processors as hardware resources.
[0177] Furthermore, the hardware structure of these various processors can more specifically utilize electrical circuits that combine circuit elements such as semiconductor devices. Also, the specific processing described above is merely an example. Therefore, it goes without saying that unnecessary steps can be deleted, new steps added, or the processing order rearranged, as long as it does not deviate from the main purpose.
[0178] Furthermore, although the above-described examples were divided into four embodiments, some or all of these embodiments may be combined. Also, the smart device 14, smart glasses 214, headset terminal 314, and robot 414 are just examples, and they may be combined, or other devices may be used. Also, although the above-described examples were divided into two embodiments, Embodiment 1 and Embodiment 2, these may be combined.
[0179] The descriptions and illustrations presented above are detailed explanations of the technical aspects of this disclosure and are merely examples of the technical aspects. For example, the above descriptions of the structure, function, operation, and effect are examples of the structure, function, operation, and effect of the technical aspects of this disclosure. Therefore, it goes without saying that you may delete unnecessary parts, add new elements, or replace elements in the descriptions and illustrations presented above, as long as you do not deviate from the essence of the technical aspects of this disclosure. Furthermore, in order to avoid confusion and facilitate understanding of the technical aspects of this disclosure, explanations of common technical knowledge and other things that do not require special explanation to enable the implementation of the technical aspects of this disclosure have been omitted from the descriptions and illustrations presented above.
[0180] All documents, patent applications, and technical standards described herein are incorporated by reference to the same extent as if each individual document, patent application, and technical standard were specifically and individually noted to be incorporated by reference.
[0181] (Note 1) A generation unit that generates Red agents to carry out attacks, A generation unit that generates Blue agents to perform defense, The system includes a generation unit that generates a Purple agent that manages the Red agent and the Blue agent. A system characterized by the following features. (Note 2) It features a custom-built local LLM and an additional learning unit for training secure information. The system described in Appendix 1, characterized by the features described herein. (Note 3) The PreRed agent, Select an attack-specific tool and execute the attack. The system described in Appendix 1, characterized by the features described herein. (Note 4) The aforementioned Blue agent, Select a tool specifically designed for defense and execute your defense. The system described in Appendix 1, characterized by the features described herein. (Note 5) The aforementioned Purple agent, Manages the aforementioned Red Agent and Blue Agent, and monitors overall security. The system described in Appendix 1, characterized by the features described herein. (Note 6) The aforementioned local LLM is We will fine-tune a proprietary model specifically for security-related matters based on an open-source LLM that has been trained in our company's secure environment. The system described in Appendix 2, characterized by the features described herein. (Note 7) The aforementioned page agent generation unit, The system estimates the user's emotions and adjusts the Red agent's attack methods based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 8) The aforementioned page agent generation unit, Select the optimal attack method by referring to past attack data. The system described in Appendix 1, characterized by the features described herein. (Note 9) The aforementioned page agent generation unit, Apply different attack algorithms depending on the characteristics of the target system. The system described in Appendix 1, characterized by the features described herein. (Note 10) The aforementioned page agent generation unit, The system estimates the user's emotions and adjusts the timing of Red Agent attacks based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 11) The aforementioned page agent generation unit, The attack method is selected considering the geographical location of the target. The system described in Appendix 1, characterized by the features described herein. (Note 12) The aforementioned page agent generation unit, Analyze the target's social media activity and select the appropriate attack method. The system described in Appendix 1, characterized by the features described herein. (Note 13) The Blue agent generation unit is The Blue agent estimates the user's emotions and adjusts its defense methods based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 14) The Blue agent generation unit is Select the optimal defense method by referring to past defense data. The system described in Appendix 1, characterized by the features described herein. (Note 15) The Blue agent generation unit is Apply different defense algorithms depending on the characteristics of the system being defended. The system described in Appendix 1, characterized by the features described herein. (Note 16) The Blue agent generation unit is The system estimates the user's emotions and adjusts the Blue agent's defense timing based on those estimated emotions. The system described in Appendix 1, characterized by the features described herein. (Note 17) The Blue agent generation unit is The defense method is selected considering the geographical location information of the target of defense. The system described in Appendix 1, characterized by the features described herein. (Note 18) The Blue agent generation unit is Analyze the social media activity being protected and select the appropriate protection methods. The system described in Appendix 1, characterized by the features described herein. (Note 19) The Purple agent generation unit is: It estimates the user's emotions and adjusts the Purple Agent's management methods based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 20) The Purple agent generation unit is: Select the optimal management method by referring to past management data. The system described in Appendix 1, characterized by the features described herein. (Note 21) The Purple agent generation unit is: Apply different management algorithms depending on the characteristics of the system being managed. The system described in Appendix 1, characterized by the features described herein. (Note 22) The Purple agent generation unit is: It estimates the user's emotions and adjusts the timing of Purple Agent management based on the estimated user emotions. The system described in Appendix 1, characterized by the features described herein. (Note 23) The Purple agent generation unit is: Select a management method that takes into account the geographical location information of the items to be managed. The system described in Appendix 1, characterized by the features described herein. (Note 24) The Purple agent generation unit is: Analyze the social media activity being managed and select the appropriate management methods. The system described in Appendix 1, characterized by the features described herein. (Note 25) The aforementioned local LLM is The system estimates the user's emotions and selects training data based on those estimated emotions. The system described in Appendix 2, characterized by the features described herein. (Note 26) The aforementioned local LLM is Optimize the learning algorithm by referring to past training data. The system described in Appendix 2, characterized by the features described herein. (Note 27) The aforementioned local LLM is Update the learning model by incorporating new security-related information. The system described in Appendix 2, characterized by the features described herein. (Note 28) The aforementioned local LLM is It estimates the user's emotions and adjusts the learning frequency based on the estimated user emotions. The system described in Appendix 2, characterized by the features described herein. (Note 29) The aforementioned local LLM is Select training data considering the geographical location information of the subjects being studied. The system described in Appendix 2, characterized by the features described herein. (Note 30) The aforementioned local LLM is Analyze the social media activities of the target group and select relevant learning data. The system described in Appendix 2, characterized by the features described herein. [Explanation of Symbols]
[0182] 10, 210, 310, 410 Data Processing Systems 12 Data Processing Devices 14 Smart Devices 214 Smart Glasses 314 Headset-type terminal 414 Robots
Claims
1. A generation unit that generates Red agents to carry out attacks, A generation unit that generates Blue agents to perform defense, The system includes a generation unit that generates a Purple agent that manages the Red agent and the Blue agent. A system characterized by the following features.
2. It features a custom-built local LLM and an additional learning unit for training secure information. The system according to feature 1.
3. The PreRed agent, Select an attack-specific tool and execute the attack. The system according to feature 1.
4. The aforementioned Blue agent, Select a tool specifically designed for defense and execute your defense. The system according to feature 1.
5. The aforementioned Purple agent, Manages the aforementioned Red Agent and Blue Agent, and monitors overall security. The system according to feature 1.
6. The aforementioned local LLM is We will fine-tune a proprietary model specifically for security-related matters based on an open-source LLM that has been trained in our company's secure environment. The system according to feature 2.
7. The aforementioned page agent generation unit, The system estimates the user's emotions and adjusts the Red agent's attack methods based on those estimated emotions. The system according to feature 1.
8. The aforementioned page agent generation unit, Select the optimal attack method by referring to past attack data. The system according to feature 1.
9. The aforementioned page agent generation unit, Apply different attack algorithms depending on the characteristics of the target system. The system according to feature 1.
10. The aforementioned page agent generation unit, The system estimates the user's emotions and adjusts the timing of Red Agent attacks based on those estimated emotions. The system according to feature 1.