Story image

Should AI technology determine the necessity for cyber attack responses?

23 Jan 2019

Fujitsu has developed AI technology that supposedly automatically determines whether action needs to be taken in response to a cyber attack. 

When a business network has been hit with a cyber attack, various security appliances detect the attack on the network's servers and devices. 

Conventionally, an expert in cyber attack analysis then manually investigates and checks the degree of threat, to determine whether an action is needed to minimise damage. 

To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has developed a technology that identifies and extracts attack logs, which show the behaviour of a cyber attack, from huge amounts of operations logs. 

It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This supposedly generates a sufficient amount of training data. 

In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts' conclusions regarding the need for action, and they did not miss any attack cases that required a response. 

The time necessary to reach a conclusion was also shortened from several hours to several minutes. 

By using these technologies, countermeasures can supposedly quickly be put in place for cyber attacks that have been determined to require action, contributing to business continuity and the prevention of loss.

Fujitsu combined the newly developed technologies with its own Deep Tensor AI technology and ran evaluative testing on the determination model that had been trained on the new training data.

Run in a simulation using about four months of data-12,000 items-the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity. 

Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyber attacks targeting companies. 

The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness. 

With these AI technologies, determinations of the necessity of action, which until now have taken expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes. 

Furthermore, by combining these technologies with Fujitsu Laboratories' high-speed forensic technology, which rapidly analyses the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can supposedly be automated, enabling immediate responses to cyber attacks and minimising damage.

WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.
Flashpoint signs on emt Distribution as APAC partner
"Key use cases that we see greatly benefiting the region are bolstering cybersecurity, combating insider threats, confronting fraud, and addressing supply chain risk, to name a few."
The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
Why SD-WAN is key for expanding businesses - SonicWall
One cost every organisation cannot compromise on is reliable and quick internet connection.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.