GTM-MQNC2Z4
Skip to main content
  1. Home >
  2. About Fujitsu >
  3. Resource Center >
  4. News >
  5. Press releases >
  6. 2017 >
  7. Fujitsu AI Increases Accuracy of Malware Intrusion Detection

Fujitsu AI Increases Accuracy of Malware Intrusion Detection

Newly developed technology enhances accuracy in detecting malware activities post-intrusion, which are difficult to distinguish from day-to-day network communications

Fujitsu Laboratories Ltd.

Kawasaki, Japan, September 19, 2017

Fujitsu Laboratories Ltd. today announced the development of AI technology to improve accuracy in detecting malware intrusions into networks within organizations, such as corporations, through an extension of its proprietary Deep Tensor AI technology(1), which can learn from graph-structured data.

In recent years, as cyberattack methods have grown more sophisticated, it has become ever more important to build post-intrusion countermeasures against attackers who use specialized malware to invade a system, especially in targeted cyberattacks. As methods, frequency, and scope of attacks made by malware that has invaded a system constantly evolve over time, and because they blend into the day-to-day activity on a network, it is necessary to take a more comprehensive view of the various activities of malware in order to detect them.

Fujitsu Laboratories has now developed technology that learns from various characteristics, including time series log data, and from the relationships between those characteristics. With this technology, Fujitsu Laboratories succeeded in training its AI to recognize the relationships between the types and numbers of the various activities of malware that has invaded an organization, as well as factors such as the spacing between these activities and their sequence, grasping the characteristics of malware.

Using data provided by MWS2017(2), Fujitsu Laboratories tested this technology's ability to differentiate between day-to-day network communications and malware attacks, and confirmed that by learning the numerous traces left by malware which change over time, it could detect malware with 93% accuracy.

Fujitsu Laboratories aims to commercialize this technology during fiscal 2017 as part of Fujitsu's AI technology, Fujitsu Human Centric AI Zinrai, aiming for fields outside cybersecurity, such as marketing using records of the activities of people over time.

In addition, malware intrusion detection technology that utilizes this newly developed technology will be combined with previously developed cyberattack analysis technology to form a countermeasure support technology, which will be trialed internally during fiscal 2018.

Details of this technology will be announced at the Anti Malware Engineering Workshop 2017 (MWS2017), to be held in Yamagata, Japan on October 23-25.

Development Background

As huge numbers of new types and subtypes of malware are emerging day by day, and the harm these cyberattacks cause is only increasing, improving cyberattack countermeasures has become an urgent issue. Cyberattack methods have become increasingly sophisticated in recent years, making it more difficult to prevent attacks with just countermeasures at the entrances to an organization's internal network and antivirus software on individual devices, as could be done previously. With targeted cyberattacks in particular, because attackers use dedicated malware focused on a specific company as a target, it is extremely difficult to completely prevent intrusion within the organization, making it important to build countermeasures for after the malware has infiltrated the network. Post-intrusion countermeasures require personnel who have high cybersecurity skills, but because there are not enough security personnel to meet the rising number of increasing cyberattacks, automation and AI are much anticipated to provide support.

Issues

Malware that has infiltrated inside an organization's network can make malicious use of the network communications and command operations used in day-to-day tasks, continuing its attack while changing its activities, including gathering information on its surroundings, testing possible infiltration of other PCs, and spreading its infection. For this reason, the differences in characteristics between network communications due to day-to-day tasks and those due to malware activities are minor, making highly accurate detection difficult.

About the Newly Developed Technology

Fujitsu Laboratories has now developed AI technology that can accurately detect intrusions, expanding the Deep Tensor technology it developed, which can learn from and categorize graph-structured data, in order to enable it to learn from time-series characteristics.

By developing technology that, for the various characteristics included in time-series log data, could learn the relationships between characteristics that occur sequentially, versus those that occur simultaneously, Fujitsu Laboratories was able to successfully train this system on the types and numbers of activities taken by malware that had infiltrated an organization, as well as on the relationships between the sequences and intervals between these activities, getting a grasp on the distinctive characteristics of malware. Details of this technology are as follows.

Technology to learn the relationships between characteristics included in time-series log data

Deep Tensor technology enables a system to learn from graph-structured data with high accuracy by using learning methods that convert graph-structured data to mathematical expressions called tensors, while simultaneously applying deep learning methods. This technology extracts sets of characteristics that are highly interrelated from time-series log data by first preparing in advance multiple tensor expressions, then learning characteristics recorded in the log at different times, and then also applying deep learning to the relationships between characteristics (tensor expressions), enabling the system to differentiate them.

In addition, in response to increasing numbers of tensor expressions, Fujitsu Laboratories has also concurrently developed technology to speed up the processing of tensor calculations, as well as technology enabling distributed, parallelized processing of these computations. With these technologies, it is possible to use dozens of tensor expressions for learning in the time previously required to process a single tensor expression.

Effects

Using this newly developed technology, it is possible to detect malware intrusions that change factors such as attack method, frequency and scope over time, and that mix their activities in with day-to-day network traffic. Using a research dataset provided by MWS2017, Fujitsu Laboratories carried out a trial to differentiate between day-to-day network communications and malware attacks, which confirmed that this technology was able to detect malware attacks with an accuracy of 93% by learning from multiple traces that change over time, as compared with an accuracy of 76% for existing machine learning methods(3).

With this technology, Fujitsu Laboratories has created a detection method that can continually grow and respond rapidly to cyberattacks, which continue to change and grow more sophisticated.

Future Plans

Fujitsu Laboratories aims to commercialize this technology during fiscal 2017 as part of Zinrai, aiming at fields outside cybersecurity, such as marketing that utilizes peoples' activity history.
In addition, it will conduct an internal trial in fiscal 2018 of malware intrusion detection technology incorporating this technology, which combines this technology with a previously developed cyberattack analysis technology to form a countermeasure support technology.


  • [1] Deep Tensor AI technology developed by Fujitsu Laboratories

    Fujitsu Technology to Elicit New Insights from Graph Data that Expresses Ties between People and Things http://www.fujitsu.com/global/about/resources/news/press-releases/2016/1020-01.html

  • [2] MWS2017

    Anti-Malware Engineering Workshop 2017 http://www.iwsec.org/mws/2017/index.html

  • [3] Existing machine learning methods

    A method called Support Vector Machine (SVM), a method generally used when determining the degree of similarity between graphs.

About Fujitsu

Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Approximately 155,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.5 trillion yen (US$40 billion) for the fiscal year ended March 31, 2017. For more information, please see http://www.fujitsu.com.

About Fujitsu Laboratories

Founded in 1968 as a wholly owned subsidiary of Fujitsu Limited, Fujitsu Laboratories Ltd. is one of the premier research centers in the world. With a global network of laboratories in Japan, China, the United States and Europe, the organization conducts a wide range of basic and applied research in the areas of Next-generation Services, Computer Servers, Networks, Electronic Devices and Advanced Materials. For more information, please see: http://www.fujitsu.com/jp/group/labs/en/.

Press Contacts

Public and Investor Relations Division
Inquiries

Company:Fujitsu Limited

Technical Contacts

Artificial Intelligence Laboratory

E-mail: E-mail: contact_dt@ml.labs.fujitsu.com
Company:Fujitsu Laboratories


All company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.

Date: 19 September, 2017
City: Kawasaki, Japan
Company: Fujitsu Laboratories Ltd.