Fujitsu Laboratories Ltd. has announced that it has developed an AI technology that automatically determines whether action needs to be taken in response to a cyberattack.

 

When a business network has been hit with a cyberattack, various security appliances detect the attack on the network’s servers and devices. Conventionally, an expert in cyberattack analysis then manually investigates and checks the degree of threat, to determine whether action is needed to minimize damage.

 

To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has now developed a technology that identifies and extracts attack logs, which show the behavior of a cyberattack, from huge amounts of operations logs. It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This generates a sufficient amount of training data.

 

In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts’ conclusions regarding the need for action, and they did not miss any attack cases that required a response. The time necessary to reach a conclusion was also shortened from several hours to several minutes.

 

By using these technologies, countermeasures can quickly be put in place for cyberattacks that have been determined to require action, contributing to business continuity and the prevention of loss.

 

Development Background
In recent years, the number of cyberattacks against business networks continues to increase. With targeted attacks(1), which is a type of cyberattack, the attacker uses clever techniques to embed malware(2) that can be controlled remotely in an organization, and then remotely controls devices infected with malware to conduct intelligence activities. In defense, when a company discovers suspicious activities with such monitoring equipment as a security appliance, a security expert manually investigates the attack, and takes time to evaluate danger and risk, then determines the necessity to respond.

 

The decision to respond needs to be made carefully as the responses themselves may have consequences. For example, attacked business devices may need to be isolated, and the network reconstructed, resulting in operation stoppages that impact businesses.

 

According to statistics from Japan’s Ministry of Economy, Trade and Industry(3), by 2020 there will be a shortage of 193,000 security professionals in Japan. That being said, AI-based automation is expected to rapidly determine the necessity to respond to attack cases, making decisions on the same level as an expert who has advanced knowledge and insight on attacks.

 

Issues

 

In order to develop an AI-based model to make determinations, the following issues regarding training on attack information needed to be addressed:

 

1. The operations logs for normally functioning servers, devices, and network equipment coexist with the attack operations logs, and both logs are accumulated in great abundance. To conduct proper learning with AI, it is necessary to identify the traces of targeted attacks from the large number of logs. However, distinguishing between logs is difficult because intelligence activities via targeted attacks utilize OS commands and other methods.

 

2. It is extremely difficult to extract attack operations logs from the huge amounts of existing logs, while securing them in large quantities as training data. For AI technologies, it is possible to increase the small amounts of training data through procedures and conversions such as noise processing; however, such simple processing of the training data of targeted attacks can cause the attack characteristics to be lost, making data expansion difficult.

 

About the Newly Developed Technology

 

Fujitsu Laboratories has developed technologies to secure sufficient amounts of training data related to targeted attacks required for the creation of highly accurate, AI determination models. Features of the developed technologies are outlined below:

 

1. Training data extraction technology
Based on the know-how Fujitsu has accumulated in its security-related business and research, as well as from about seven years’ worth of actual attack analysis data, Fujitsu Laboratories has built a database of attack patterns that includes commands and parameters linked to intelligence activities of targeted attacks. By using this database, users can accurately identify and extract a series of intelligence activities from the vast amounts of logs.

 

2. Training data expansion technology
This technology generates simulations of new intelligence gathering activities – a type of targeted attack-without losing attack characteristics. The technology calculates attack levels and identifies the important commands of intelligence activities in the extracted targeted attack, then converts the parameters within the range existing in the attack pattern database. As a result, it becomes possible to expand the training data fourfold.

 

Effects

 

Fujitsu Laboratories combined the newly developed technologies with its own Deep Tensor AI technology, and ran evaluative testing on the determination model that had been trained on the new training data. Run in a simulation using about four months of data – 12,000 items – the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity. Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform(4) which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyberattacks targeting companies. The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness.

 

With these AI technologies, determinations of the necessity of action, which until now have taken an expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes. Furthermore, by combining these technologies with Fujitsu Laboratories’ high-speed forensic technology, which rapidly analyzes the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can be automated, enabling immediate responses to cyberattacks and minimizing damage.

 

Future Plans
Fujitsu aims to make use of these technologies within its Managed Security Services, as a response platform for cyberattacks.

 

  • [1] Targeted attack
    A cyberattack targeting a specific organization or individual, to relentlessly steal information or destroy systems.

 

  • [2] Malware
    Malicious software.

 

 

  • [4] STARDUST, the Cyber-Attack Enticement Platform
    a platform, which was developed by the National Institute of Information and Communications Technology (NICT), for the observation of cyberattacks. By enticing attackers to an environment that elaborately simulates organizations such as government and corporations, and observing over the long term the activities of attackers without them noticing, the platform aims to reveal the detailed behavior of attackers once they have penetrated an organization, to gather the information needed to establish cyberattack countermeasures and responses.

 

&


RECOMMENDED ARTICLE FOR TECHWORLD


 
Scammers Target Job Seekers with Sophisticated Money Stealing Scheme
Techworld Date Posted: 28 May 2019 4:43 PM | 35 Views
Kaspersky Lab experts detected a blast of sophisticated spam emails in the first quarter of 2019, featuring fake job offers that seemed to come from HR recruiters in large corporations that traditionally attract a.... See More
 
Scammers Target Job Seekers with Sophisticated Money Stealing Scheme
Techworld Date Posted: 4:43 PM | 35 Views
Kaspersky Lab experts detected a blast of sophisticated spam emails in the first quarter of 2019, featuring fake job offers that seemed to come from HR recruiters in large corporations that traditionally attract a...See More

 
Realme Philippines Offers Wide-Activities for Lazada 12.12 Including Whole-Day Sale of Php5,490 for Realme C1
Techworld Date Posted: 10 December 2018 1:34 PM | 438 Views
The Realme C1, the #RealEntryLevelKing, redefines the benchmark for entry-level smartphones, packing software and hardware features previously not available in devices in the same price segment.. See More
 
Realme Philippines Offers Wide-Activities for Lazada 12.12 Including Whole-Day Sale of Php5,490 for Realme C1
Techworld Date Posted: 1:34 PM | 438 Views
The Realme C1, the #RealEntryLevelKing, redefines the benchmark for entry-level smartphones, packing software and hardware features previously not available in devices in the same price segment.See More

 
Get Your Hands on the Lenovo IdeaPad Gaming 330 Now
Techworld Date Posted: 14 February 2019 8:47 AM | 66 Views
Looking for a powerful gaming laptop but on a budget? Lenovo has got you covered as the global innovation leader is offering its IdeaPad Gaming 330 laptop at a discounted price for a limited.... See More
 
Get Your Hands on the Lenovo IdeaPad Gaming 330 Now
Techworld Date Posted: 8:47 AM | 66 Views
Looking for a powerful gaming laptop but on a budget? Lenovo has got you covered as the global innovation leader is offering its IdeaPad Gaming 330 laptop at a discounted price for a limited...See More

 
Epson Teams Up with DENR-EMB’s GREENducation PH for Its 1st EcoVision Short Film Competition for Students with an Extended Deadline
Techworld Date Posted: 23 January 2019 2:44 PM | 29 Views
Epson, in partnership with DENR-EMB (Environmental Management Bureau) and GREENducation Philippines, is extending the submission period for its 1st EcoVision Short Film Competition to February 19, 2019. . See More
 
Epson Teams Up with DENR-EMB’s GREENducation PH for Its 1st EcoVision Short Film Competition for Students with an Extended Deadline
Techworld Date Posted: 2:44 PM | 29 Views
Epson, in partnership with DENR-EMB (Environmental Management Bureau) and GREENducation Philippines, is extending the submission period for its 1st EcoVision Short Film Competition to February 19, 2019. See More

Frank Emmanuel Trazo
Summer Loving in VR: Summer Lesson
Techworld • By: Frank Emmanuel Trazo | Date Posted: 27 June 2017 10:55 AM | 932 Views
Summer is one of the most magical and memorable seasons for the youth as it lets them experience love. As VR technology is becoming more reachable for public consumption and you can live in.... See More
Frank Emmanuel Trazo
Summer Loving in VR: Summer Lesson
Techworld • By: Frank Emmanuel Trazo | Date Posted: 10:55 AM | 932 Views
Summer is one of the most magical and memorable seasons for the youth as it lets them experience love. As VR technology is becoming more reachable for public consumption and you can live in...See More

 
COLORFUL Readies World’s Most Unique RTX 2080 Ti along with New Products
Techworld Date Posted: 1 June 2019 11:34 AM | 47 Views
Colorful Technology Company Limited, a professional manufacturer of graphics cards, motherboards, and high-performance storage solutions, is pleased to showcase its greatest products yet. . See More
 
COLORFUL Readies World’s Most Unique RTX 2080 Ti along with New Products
Techworld Date Posted: 11:34 AM | 47 Views
Colorful Technology Company Limited, a professional manufacturer of graphics cards, motherboards, and high-performance storage solutions, is pleased to showcase its greatest products yet. See More

 
Nokia 8 Flagship Android Smartphone Arrives in PH
Techworld Date Posted: 30 September 2017 11:39 AM | 361 Views
Ending weeks of anticipation, HMD Global unveils Nokia's new flagship smartphone, the Nokia 8, today at the Intramuros Ballroom, Manila House, Taguig.. See More
 
Nokia 8 Flagship Android Smartphone Arrives in PH
Techworld Date Posted: 11:39 AM | 361 Views
Ending weeks of anticipation, HMD Global unveils Nokia's new flagship smartphone, the Nokia 8, today at the Intramuros Ballroom, Manila House, Taguig.See More

 
NVIDIA® Sponsors Dota 2 Hotshots TNC Pro Team
Techworld Date Posted: 19 January 2018 5:00 PM | 1439 Views
NVIDIA® today announced its sponsorship of TNC Pro Team, a leading team of gamers in Defense of the Ancients 2, commonly known as Dota 2.. See More
 
NVIDIA® Sponsors Dota 2 Hotshots TNC Pro Team
Techworld Date Posted: 5:00 PM | 1439 Views
NVIDIA® today announced its sponsorship of TNC Pro Team, a leading team of gamers in Defense of the Ancients 2, commonly known as Dota 2.See More

 
Nokia Gets into the Beat of the New Year
Techworld Date Posted: 9 January 2018 1:36 PM | 434 Views
Get into the Beat this new year with HMD Global, the home of Nokia phones. With any purchase of a Nokia Android smartphone, consumers will receive a free JBL GO Portable Bluetooth Speaker.. See More
 
Nokia Gets into the Beat of the New Year
Techworld Date Posted: 1:36 PM | 434 Views
Get into the Beat this new year with HMD Global, the home of Nokia phones. With any purchase of a Nokia Android smartphone, consumers will receive a free JBL GO Portable Bluetooth Speaker.See More

 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 19 October 2017 5:27 PM | 471 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of.... See More
 
Fujitsu Selects Cebu for Philippines Expansion
Techworld Date Posted: 5:27 PM | 471 Views
From L-R:Arlene Gregorio, Head of Fujitsu's Global Delivery Center in the Philippines, Hidenori Furuta, Executive Vice President and Head of Global Delivery, Monchito Ibrahim: Undersecretary of the Department of Information and Communications Technology of...See More


Power by

Download Free AZ | Free Wordpress Themes