Should AI technology determine the necessity for cyber attack responses?
FYI, this story is more than a year old
Fujitsu has developed AI technology that supposedly automatically determines whether action needs to be taken in response to a cyber attack.
When a business network has been hit with a cyber attack, various security appliances detect the attack on the network's servers and devices.
Conventionally, an expert in cyber attack analysis then manually investigates and checks the degree of threat, to determine whether an action is needed to minimise damage.
To secure the necessary training data needed to develop highly accurate AI technology, Fujitsu Laboratories has developed a technology that identifies and extracts attack logs, which show the behaviour of a cyber attack, from huge amounts of operations logs.
It also developed a technology that expands on the small number of training data extracted in a manner that does not spoil attack characteristics. This supposedly generates a sufficient amount of training data.
In simulations using these technologies, they achieved a match rate of about 95% in comparison with experts' conclusions regarding the need for action, and they did not miss any attack cases that required a response.
The time necessary to reach a conclusion was also shortened from several hours to several minutes.
By using these technologies, countermeasures can supposedly quickly be put in place for cyber attacks that have been determined to require action, contributing to business continuity and the prevention of loss.
Fujitsu combined the newly developed technologies with its own Deep Tensor AI technology and ran evaluative testing on the determination model that had been trained on the new training data.
Run in a simulation using about four months of data-12,000 items-the technologies made an approximate 95% match with the findings that a security expert generated through manual analysis, achieving a near equal determination of response necessity.
Furthermore, the technologies were field tested on STARDUST, the Cyber-attack Enticement Platform which is jointly operated with the National Institute of Information and Communications Technology (NICT), using real cyber attacks targeting companies.
The technologies automatically determined the attack cases requiring a response, thereby confirming their effectiveness.
With these AI technologies, determinations of the necessity of action, which until now have taken expert several hours to several days, can be automatically made with high accuracy from tens of seconds to several minutes.
Furthermore, by combining these technologies with Fujitsu Laboratories' high-speed forensic technology, which rapidly analyses the whole picture of the status of damage from a targeted attack, the response sequence, from attack analysis to instructions for action, can supposedly be automated, enabling immediate responses to cyber attacks and minimising damage.