Top Page | English | 简体中文 | 繁體中文 | 한국어 | 日本語
Thursday, 21 January 2016, 15:40 HKT/SGT
Share:
    

Source: Fujitsu Ltd
Fujitsu Develops Industry's First Technology to Detect Back-and-Forth-type Targeted Email Attacks in Real Time
The technology quickly detects unusual and suspicious activity, enabling proactive countermeasures

KAWASAKI, Japan, Jan 21, 2016 - (JCN Newswire) - Fujitsu Limited and Fujitsu Laboratories Ltd. today announced the development of technology that utilizes Fujitsu's artificial intelligence technology to detect targeted email attacks aimed at specific organizations in real time.

In recent years, targeted attacks have become more sophisticated, with attackers cleverly camouflaging their contact as a work related matter, then attacking after gaining an employee's trust. Such an attack makes it difficult to become aware of any suspicious activity.

Now, Fujitsu has developed a technology that detects targeted email attacks in real time by detecting suspicious behavior that is different from the normal activity patterns it has learned from the associations found in a collection of operational logs, including users' everyday email habits and the websites they visit before and after using email. With this technology, it is now possible to detect and receive alerts for only those emails that have a high degree of danger, without excessive detection for each suspicious email, even for back-and-forth type targeted email attacks that involve multiple email exchanges between user and attacker.

Furthermore, using this technology in tandem with other Fujitsu Laboratories' technologies, security managers can now take proactive countermeasures in response to targeted email attacks, such as temporarily restricting high-risk email and web activities for people targeted by attacks. They can also restrict people and organizations connected to those people from a work-perspective.

This technology was developed in part with assistance from the Ministry of Internal Affairs and Communications through the Research and Development Regarding the Detection and Analysis of Cyber Attacks project.

Background to Development

In recent years, targeted attacks against specific organizations have been increasing in sophistication. The attackers send repeated emails pretending to be customers of the targeted organization, or create traps on websites that users within the organization access frequently, attacking their vulnerabilities and trying to infect them with malware specialized for that organization. In addition, as targeted attacks use emails that are often sent repeatedly to multiple other users within an organization, organizations require ongoing countermeasures.

Issues

Targeted attack emails are written so as to be indistinguishable from legitimate inquiries from customers or other related parties, so the malware they use is individually written, and they are difficult for existing spam filters and anti-virus software to detect.

It is particularly difficult to respond to exchanges where the attackers carry on emailing and pretending to be customers or other related people for a certain period, building trust before sending an email designed to infect them with malware.

About the Newly Developed Technology

Now, in an industry first, Fujitsu has developed a technology that learns from the associations in a string of operational logs, including users' typical email habits and their website visits before and after using email, and detects suspicious back-and-forth type targeted email attacks in real time. This technology is made up of the two technologies detailed below.

1. Technology that correlates multiple operational user logs, starting with receipt of an email

Fujitsu has developed a technology that correlates a user's unified operational log starting when they receive an email, including receipt of the email, reading the text of the email, clicking on a URL in the text and accessing the web page in a browser. By correlating operational logs for each person with whom the user exchanges email, including long-term strings of email exchanges and related website access, the system can identify, for example, whether downloads from a particular website occurred in the course of an exchange with a specific person.

2. Real time anomaly detection technology through combined judgement

In order to achieve real time detection of back-and-forth type targeted email attacks in which user and attacker exchange multiple emails, and as the operational log for all of a user's actions over a long period is huge, Fujitsu developed an anomaly detection technology that extracts and combines only the operational log related to a string of emails, compressing it and then learning and comparing it to others to detect anomalies. This can condense the information volume required for anomaly detection to under one-tenth the overall volume, enabling high speed detection processing, even for targeted email attack exchanges that can typically span several days.

This machine learning utilizes Fujitsu's proprietary "Human Centric AI Zinrai" technology.

These technologies can detect a series of suspicious actions related to a targeted email attack exchange, and exclude unrelated actions, compared with previous technologies that detected individual anomalies in each email or web access. In an experimental testbed, Fujitsu demonstrated that this could reduce the number of events that trigger detection to under one-tenth of previous technologies.

Effects

This newly developed technology makes it possible to effectively detect targeted back-and-forth type email attacks from the series of exchanges with a specific person and the related operational log.

Fujitsu has expanded on two other previously developed cyber-attack countermeasure technologies, enabling increased security by combining them with this newly developed technology.

1. Behavioral characteristic analysis technology(1): For this technology, which evaluates users' vulnerability to cyber-attacks based on psychological and behavioral characteristics, Fujitsu and Fujitsu Laboratories have added a new IT Risk Dashboard that can display this information in an easy-to-understand format. It can display not only passive risks, such as potential information leaks for individuals and organizations, but also active risks, such as targeted email attacks, as well as display which people have received similar emails.

2. Network detection technology(2): For this technology, which monitors an organization's internal network and quickly detects malware's concealed activities within a company, Fujitsu and Fujitsu Laboratories have newly connected network sensors, and enabled the precision of monitoring and costs to be adjusted in response to the state of the security risk for each organization.

By combining this newly developed technology with these two other technologies, unusual activity from the initial probes of targeted email attacks can be quickly shared across the organization, enabling preemptive defense with security countermeasures, so that emergency action can be taken for people who receive similar emails, such as restricting access to already received emails, restricting web access, network isolation or strengthened monitoring.

Future Plans

Fujitsu aims to expand the scope of targeted email attacks that can be detected, further improve detection precision, and bring the technology into practical application in fiscal 2016 to counter cyber-attacks and information leaks.

[1] Technology for analyzing behavioral characteristics
"Fujitsu Develops Industry's First Technology That Identifies Users Vulnerable to Cyber Attack Based on Behavioral and Psychological Characteristics," (press release issued January 19, 2015)

[2] Network detection technology
"Fujitsu Develops Technology to Quickly Detect Latent Malware Activity in Internal Networks," (press release issued April 15, 2014)

About Fujitsu Laboratories

Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Ltd. is one of the premier research centers in the world. With a global network of laboratories in Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://jp.fujitsu.com/labs/en.


Contact:
Fujitsu Limited
Public and Investor Relations
Tel: +81-3-3215-5259
URL: www.fujitsu.com/global/news/contacts/

Fujitsu Laboratories Ltd.
Knowledge Information Processing Laboratory
E-mail: fomc-query@ml.labs.fujitsu.com


Topic: Press release summary
Source: Fujitsu Ltd

Sectors: IT Individual
http://www.acnnewswire.com
From the Asia Corporate News Network


Copyright © 2024 ACN Newswire. All rights reserved. A division of Asia Corporate News Network.


Fujitsu Ltd Links

http://www.fujitsu.com

https://plus.google.com/+Fujitsu

https://www.facebook.com/FujitsuJapan

https://twitter.com/Fujitsu_Global

https://www.youtube.com/user/FujitsuOfficial

https://www.linkedin.com/company/fujitsu/

Fujitsu Ltd
Nov 19, 2024 08:02 HKT/SGT
Supercomputer Fugaku retains first place worldwide in HPCG and Graph500 rankings
Nov 18, 2024 11:31 HKT/SGT
Fujitsu and SAP Fioneer enter partnership to accelerate digital transformation in the insurance industry and deliver services that contribute to customers' sustainable business
Nov 15, 2024 09:13 HKT/SGT
Fujitsu collaborates with global suppliers in decarbonization initiative to exchange product-level primary data on CO2 emissions
Nov 13, 2024 11:38 HKT/SGT
SoftBank Corp. and Fujitsu Strengthen Partnership for Realization of AI-RAN Commercialization
Nov 12, 2024 12:57 HKT/SGT
JA Mitsui Leasing and Fujitsu collaborate on simulation-driven field trials to optimize commercial EV adoption and drive decarbonization
Nov 7, 2024 13:51 HKT/SGT
Home of Fujitsu joint conservation project designated as first Nationally Certified Sustainably Managed Natural Site in Okinawa
Nov 5, 2024 16:13 HKT/SGT
Tokyo Stock Exchange and Fujitsu announce renewal of cash equity trading system 'arrowhead4.0'
Nov 1, 2024 11:24 HKT/SGT
Fujitsu's groundbreaking computing technology for accelerating scientific computing wins Japan Patent Office Commissioner's Award
Nov 1, 2024 09:45 HKT/SGT
Fujitsu and AMD to begin strategic partnership to develop more sustainable computing infrastructure intended to accelerate open-source AI initiatives
Oct 30, 2024 12:43 HKT/SGT
Fujitsu and Morinaga Milk Industry jointly develop a simulation system for raw material price fluctuations, speeding up decision-making
More news >>
 News Alerts
Copyright © 2024 ACN Newswire - Asia Corporate News Network
Home | About us | Services | Partners | Events | Login | Contact us | Privacy Policy | Terms of Use | RSS
US: +1 214 890 4418 | China: +86 181 2376 3721 | Hong Kong: +852 8192 4922 | Singapore: +65 6549 7068 | Tokyo: +81 3 6859 8575

Connect With us: