Story image

Should AI technology determine the necessity for cyber attack responses?

23 Jan 2019

Fujitsu has developed AI technology that supposedly automatically determines whether action needs to be taken in response to a cyber attack. 

When a business network has been hit with a cyber attack, various security appliances detect the attack on the network's servers and devices. 

Conventionally, an expert in cyber attack analysis then manually investigates and checks the degree of threat, to determine whether an action is needed to minimise damage. 

To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has developed a technology that identifies and extracts attack logs, which show the behaviour of a cyber attack, from huge amounts of operations logs. 

It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This supposedly generates a sufficient amount of training data. 

In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts' conclusions regarding the need for action, and they did not miss any attack cases that required a response. 

The time necessary to reach a conclusion was also shortened from several hours to several minutes. 

By using these technologies, countermeasures can supposedly quickly be put in place for cyber attacks that have been determined to require action, contributing to business continuity and the prevention of loss.

Fujitsu combined the newly developed technologies with its own Deep Tensor AI technology and ran evaluative testing on the determination model that had been trained on the new training data.

Run in a simulation using about four months of data-12,000 items-the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity. 

Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyber attacks targeting companies. 

The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness. 

With these AI technologies, determinations of the necessity of action, which until now have taken expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes. 

Furthermore, by combining these technologies with Fujitsu Laboratories' high-speed forensic technology, which rapidly analyses the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can supposedly be automated, enabling immediate responses to cyber attacks and minimising damage.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.