Fujitsu Laboratories Ltd. has announced that it has developed an AI technology that automatically determines whether action needs to be taken in response to a cyberattack.

 

When a business network has been hit with a cyberattack, various security appliances detect the attack on the network’s servers and devices. Conventionally, an expert in cyberattack analysis then manually investigates and checks the degree of threat, to determine whether action is needed to minimize damage.

 

To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has now developed a technology that identifies and extracts attack logs, which show the behavior of a cyberattack, from huge amounts of operations logs. It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This generates a sufficient amount of training data.

 

In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts’ conclusions regarding the need for action, and they did not miss any attack cases that required a response. The time necessary to reach a conclusion was also shortened from several hours to several minutes.

 

By using these technologies, countermeasures can quickly be put in place for cyberattacks that have been determined to require action, contributing to business continuity and the prevention of loss.

 

Development Background
In recent years, the number of cyberattacks against business networks continues to increase. With targeted attacks(1), which is a type of cyberattack, the attacker uses clever techniques to embed malware(2) that can be controlled remotely in an organization, and then remotely controls devices infected with malware to conduct intelligence activities. In defense, when a company discovers suspicious activities with such monitoring equipment as a security appliance, a security expert manually investigates the attack, and takes time to evaluate danger and risk, then determines the necessity to respond.

 

The decision to respond needs to be made carefully as the responses themselves may have consequences. For example, attacked business devices may need to be isolated, and the network reconstructed, resulting in operation stoppages that impact businesses.

 

According to statistics from Japan’s Ministry of Economy, Trade and Industry(3), by 2020 there will be a shortage of 193,000 security professionals in Japan. That being said, AI-based automation is expected to rapidly determine the necessity to respond to attack cases, making decisions on the same level as an expert who has advanced knowledge and insight on attacks.

 

Issues

 

In order to develop an AI-based model to make determinations, the following issues regarding training on attack information needed to be addressed:

 

1. The operations logs for normally functioning servers, devices, and network equipment coexist with the attack operations logs, and both logs are accumulated in great abundance. To conduct proper learning with AI, it is necessary to identify the traces of targeted attacks from the large number of logs. However, distinguishing between logs is difficult because intelligence activities via targeted attacks utilize OS commands and other methods.

 

2. It is extremely difficult to extract attack operations logs from the huge amounts of existing logs, while securing them in large quantities as training data. For AI technologies, it is possible to increase the small amounts of training data through procedures and conversions such as noise processing; however, such simple processing of the training data of targeted attacks can cause the attack characteristics to be lost, making data expansion difficult.

 

About the Newly Developed Technology

 

Fujitsu Laboratories has developed technologies to secure sufficient amounts of training data related to targeted attacks required for the creation of highly accurate, AI determination models. Features of the developed technologies are outlined below:

 

1. Training data extraction technology
Based on the know-how Fujitsu has accumulated in its security-related business and research, as well as from about seven years’ worth of actual attack analysis data, Fujitsu Laboratories has built a database of attack patterns that includes commands and parameters linked to intelligence activities of targeted attacks. By using this database, users can accurately identify and extract a series of intelligence activities from the vast amounts of logs.

 

2. Training data expansion technology
This technology generates simulations of new intelligence gathering activities – a type of targeted attack-without losing attack characteristics. The technology calculates attack levels and identifies the important commands of intelligence activities in the extracted targeted attack, then converts the parameters within the range existing in the attack pattern database. As a result, it becomes possible to expand the training data fourfold.

 

Effects

 

Fujitsu Laboratories combined the newly developed technologies with its own Deep Tensor AI technology, and ran evaluative testing on the determination model that had been trained on the new training data. Run in a simulation using about four months of data – 12,000 items – the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity. Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform(4) which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyberattacks targeting companies. The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness.

 

With these AI technologies, determinations of the necessity of action, which until now have taken an expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes. Furthermore, by combining these technologies with Fujitsu Laboratories’ high-speed forensic technology, which rapidly analyzes the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can be automated, enabling immediate responses to cyberattacks and minimizing damage.

 

Future Plans
Fujitsu aims to make use of these technologies within its Managed Security Services, as a response platform for cyberattacks.

 

  • [1] Targeted attack
    A cyberattack targeting a specific organization or individual, to relentlessly steal information or destroy systems.

 

  • [2] Malware
    Malicious software.

 

 

  • [4] STARDUST, the Cyber-Attack Enticement Platform
    a platform, which was developed by the National Institute of Information and Communications Technology (NICT), for the observation of cyberattacks. By enticing attackers to an environment that elaborately simulates organizations such as government and corporations, and observing over the long term the activities of attackers without them noticing, the platform aims to reveal the detailed behavior of attackers once they have penetrated an organization, to gather the information needed to establish cyberattack countermeasures and responses.

 

&


RECOMMENDED ARTICLE FOR TECHWORLD


 
Lax Security Leaves Car Sharing Apps Vulnerable to Attack
Techworld Date Posted: 2 August 2018 1:33 PM | 576 Views
Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.. See More
 
Lax Security Leaves Car Sharing Apps Vulnerable to Attack
Techworld Date Posted: 1:33 PM | 576 Views
Kaspersky Lab researchers have examined the security of 13 car sharing applications from household manufacturers across the globe – including those from Russia, the US, and Europe.See More

 
ViewSonic is the Official Monitor Sponsor for Canon PhotoMarathon Philippines 2018
Techworld Date Posted: 9 November 2018 1:21 PM | 290 Views
Having over fifteen hundred enthusiastic photographers participating to compete for the best moment captured based on designated themes. ViewSonic will station three VP2468 at the emergency kiosk for participants to preview their work before.... See More
 
ViewSonic is the Official Monitor Sponsor for Canon PhotoMarathon Philippines 2018
Techworld Date Posted: 1:21 PM | 290 Views
Having over fifteen hundred enthusiastic photographers participating to compete for the best moment captured based on designated themes. ViewSonic will station three VP2468 at the emergency kiosk for participants to preview their work before...See More

 
Epson Teams Up with DENR-EMB’s GREENducation PH for Its 1st EcoVision Short Film Competition for Students with an Extended Deadline
Techworld Date Posted: 23 January 2019 2:44 PM | 96 Views
Epson, in partnership with DENR-EMB (Environmental Management Bureau) and GREENducation Philippines, is extending the submission period for its 1st EcoVision Short Film Competition to February 19, 2019. . See More
 
Epson Teams Up with DENR-EMB’s GREENducation PH for Its 1st EcoVision Short Film Competition for Students with an Extended Deadline
Techworld Date Posted: 2:44 PM | 96 Views
Epson, in partnership with DENR-EMB (Environmental Management Bureau) and GREENducation Philippines, is extending the submission period for its 1st EcoVision Short Film Competition to February 19, 2019. See More

 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 28 November 2018 1:24 PM | 155 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for.... See More
 
Fortinet Positioned Furthest for Completeness of Vision in the Challengers Quadrant of Gartner’s First Magic Quadrant for WAN Edge Infrastructure
Techworld Date Posted: 1:24 PM | 155 Views
Fortinet® (NASDAQ: FTNT), a global leader in broad, integrated and automated cybersecurity solutions, has announced their inclusion in Gartner’s first Magic Quadrant for WAN Edge Infrastructure as a Challenger with the furthest placement for...See More

PCBG  Writing Staff
Role of Wireless in Cybercrime
Techworld • By: PCBG  Writing Staff | Date Posted: 6 April 2018 3:59 PM | 696 Views
Wi-Fi and Bluetooth® are useful. They are there for a reason: so we can communicate without the need for data coverage. Though much of what we see today with Wi-Fi is good use, sometimes,.... See More
PCBG  Writing Staff
Role of Wireless in Cybercrime
Techworld • By: PCBG  Writing Staff | Date Posted: 3:59 PM | 696 Views
Wi-Fi and Bluetooth® are useful. They are there for a reason: so we can communicate without the need for data coverage. Though much of what we see today with Wi-Fi is good use, sometimes,...See More

 
Kingston and Authorized Partners to Bring High-Quality Storage Solutions to the Philippines
Techworld Date Posted: 22 March 2019 9:45 AM | 104 Views
Kingston Technology, a world leader in memory storage products and technology solutions, has teamed up with channel partners to promote the authorized partner program in the Philippines. Ranked as the World’s No. 1 memory.... See More
 
Kingston and Authorized Partners to Bring High-Quality Storage Solutions to the Philippines
Techworld Date Posted: 9:45 AM | 104 Views
Kingston Technology, a world leader in memory storage products and technology solutions, has teamed up with channel partners to promote the authorized partner program in the Philippines. Ranked as the World’s No. 1 memory...See More

 
Have Asia’s SMEs Got Talent
Techworld Date Posted: 1 August 2017 3:59 PM | 329 Views
What do “Asia’s Got Talent”, “Asian Idol”, and “The Voice” all have in common? …The ability to attract amazing talent who participate in these competitions to kick start their careers.. See More
 
Have Asia’s SMEs Got Talent
Techworld Date Posted: 3:59 PM | 329 Views
What do “Asia’s Got Talent”, “Asian Idol”, and “The Voice” all have in common? …The ability to attract amazing talent who participate in these competitions to kick start their careers.See More

 
DJI Introduces Customer Loyalty Program for Ronin 3-Axis Stabilized Handheld Gimbal System
Techworld Date Posted: 18 September 2017 10:10 AM | 292 Views
DJI, the world's leader in creative camera technology, today announced a global customer loyalty program, rewarding long-time creative professionals who use its Ronin three-axis camera stabilizer and are ready to take their camera operating.... See More
 
DJI Introduces Customer Loyalty Program for Ronin 3-Axis Stabilized Handheld Gimbal System
Techworld Date Posted: 10:10 AM | 292 Views
DJI, the world's leader in creative camera technology, today announced a global customer loyalty program, rewarding long-time creative professionals who use its Ronin three-axis camera stabilizer and are ready to take their camera operating...See More

 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 26 June 2018 4:58 PM | 409 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is.... See More
 
Olympic Destroyer Is Back, Targeting Chemical, Biological Threat Protection Entities in Europe
Techworld Date Posted: 4:58 PM | 409 Views
Kaspersky Lab researchers tracking the Olympic Destroyer threat that famously struck the opening of the Winter Olympic Games in Pyeongchang with a destructive network worm have discovered that the hacking group behind it is...See More

 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 22 August 2018 2:04 PM | 367 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI.... See More
 
10 Years in the Making: NVIDIA® Brings Real-Time Ray Tracing to Gamers with GeForce® RTX™
Techworld Date Posted: 2:04 PM | 367 Views
NVIDIA® has unveiled the GeForce® RTX™ series, the first gaming GPUs based on the new NVIDIA® Turing™ architecture and the NVIDIA® RTX™ platform, which fuses next-generation shaders with real-time ray tracing and all-new AI...See More


Power by

Download Free AZ | Free Wordpress Themes