Story image

Should AI technology determine the necessity for cyber attack responses?

23 Jan 2019

Fujitsu has developed AI technology that supposedly automatically determines whether action needs to be taken in response to a cyber attack. 

When a business network has been hit with a cyber attack, various security appliances detect the attack on the network's servers and devices. 

Conventionally, an expert in cyber attack analysis then manually investigates and checks the degree of threat, to determine whether an action is needed to minimise damage. 

To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has developed a technology that identifies and extracts attack logs, which show the behaviour of a cyber attack, from huge amounts of operations logs. 

It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This supposedly generates a sufficient amount of training data. 

In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts' conclusions regarding the need for action, and they did not miss any attack cases that required a response. 

The time necessary to reach a conclusion was also shortened from several hours to several minutes. 

By using these technologies, countermeasures can supposedly quickly be put in place for cyber attacks that have been determined to require action, contributing to business continuity and the prevention of loss.

Fujitsu combined the newly developed technologies with its own Deep Tensor AI technology and ran evaluative testing on the determination model that had been trained on the new training data.

Run in a simulation using about four months of data-12,000 items-the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity. 

Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyber attacks targeting companies. 

The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness. 

With these AI technologies, determinations of the necessity of action, which until now have taken expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes. 

Furthermore, by combining these technologies with Fujitsu Laboratories' high-speed forensic technology, which rapidly analyses the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can supposedly be automated, enabling immediate responses to cyber attacks and minimising damage.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.
65% of manufacturers run outdated operating systems – Trend Micro
The report highlights the unique triple threat facing manufacturing, including the risks associated with IT, OT and IP.
WikiLeaks' Julian Assange arrested in London
There’s little doubt that it’s a day of reckoning for WikiLeaks cofounder Julian Assange today, after his seven-year long protection inside London’s Ecquador Embassy came to an abrupt end.