Security Supremo Confronts Cyberattacks with Latest AI Advances

No organization anywhere in the world these days is immune from the threat of cyberattacks. An infinite number of cyberattacks is generated at every moment, ranging from ransomware, targeted attacks to steal confidential information, or information thefts by website tampering. In order to protect corporations or organizations from these myriad threats, we need not only cutting-edge security technology but also the unique abilities of experts with deep knowledge drawn from diverse technological domains.

The Fujitsu Group’s “Security Meister” system was established for exactly this reason, as a means of certifying security experts to the highest possible standards to meet today’s and tomorrow’s challenges.

Within Fujitsu Laboratories’ Security Laboratory, we have a few specialist researchers with the highest level of security skills, certified as “High Masters” of our “Security Meister” system. They are engaged in a wide range of security research projects, from surveying security threat trends to the research and development of protection measures. Yuki Unno is one of this elite team, who is now pursuing her career in security research as a “high master” senior security coordinator, coming to security after initially working in a different field – a transition that is rare for security researchers.

Yuki’s background was not in research but in middleware development, working for network operation management in Fujitsu Limited’s business unit.

She explains: “As the internet began to spread globally in the late 1990s, computer viruses and worms also appeared, which drawing people’s attention to the whole concept of cybersecurity. Around that time, I gradually started to consider how we could implement secure systems without vulnerability in the middleware. That was my starting point”

On discovering that Fujitsu Laboratories was looking for applicants inside the Fujitsu Group to deal with security problems, Yuki decided to try a new field and transferred to Fujitsu Laboratories. Working with other team members, she started to look at how to develop secure middleware with less vulnerability by establishing a novel method. Focusing on the “elimination of vulnerability” is a key element for all of Yuki’s work, and was one that she felt was crucially important when she was working as a system developer.

During the 2010s, the concept of “Security by Design” started to come into force within Fujitsu and the IT industry in general, which involves incorporating information security measures from the planning and designing phases of a system. This in turn prompted the growth of the application security domain. It was also the time when targeted attacks against Japanese companies and organizations surfaced, with news about the damage caused reported on a daily basis.

Against this background, Yuki started to specialize in “cybersecurity,” which continues to be her prime focus today. Apart from threat detection, the subject has expanded extensively into domains such as threat analysis after systems are attacked, the execution of countermeasures and forensics. The methods are becoming ever more highly sophisticated and advanced, leveraging statistics, machine learning, and other techniques.

The global cybersecurity community is extremely active, and Yuki watches global trends closely via conference outputs and academic publications, alongside her own research. “There are some splendid results in academia such as universities, but it’s also very gratifying to see how important our daily research work is, especially when we see our technologies deployed in society in different guises. This gives me a great deal of encouragement and personal satisfaction.”

As an example, the malware detection technology developed by Yuki and her colleagues is being used for “iNetSec SF” provided by one of the Fujitsu Group companies, PFU Limited. This high-speed forensic technology is used automatically to analyze internal network behavior, as an effective means of checking the status of cyberattacks. This technology is applied to Fujitsu’s global managed security service.

At present, Yuki is tackling a new challenge involving detection and analysis, which is all about how to use machine learning for automatically analyzing logs and evidence in order to judge whether a cyberattack has occurred, and how to take appropriate action. This could involve the removal of a back door or a network shutdown in the case of a threat being found. The increasing sophistication of targeted attacks prompted her efforts to find new countermeasures, as she explains.

“In the early 2000s when the first targeted attacks appeared, the number of incidents increased at a relatively slow pace, giving us enough time to cope with them. However, this has all changed now. Attackers create a kind of ecosystem and share increasingly automated tools. As a result, security administrators also have to prepare countermeasures much much faster.”

She is currently developing a new method of describing the overall picture of cyberattacks, using machine learning rapidly to classify collected evidence and trails into those that are business-related and others such as attacks from outside a company. It is aimed at quickly responding to rapidly increasing cyberattacks by making machines perform the tasks that are mainly done by human workers currently. She adds that although we cannot automate all processes at present, the team is advancing field verifications to increase the automatic functions.

Yuki believes that her experience in middleware development is proving to be particularly valuable as she pursues these current activities.

“Customers can introduce new technologies and tools, but it is meaningless if they cannot utilize them. In order to provide the systems that can be operated easily in the workplace, our work involves improving technologies by exchanging ideas with various on-site workers such as engineers and the members of SOC (Security Operation Center).”

Yuki wears many hats in addition to focusing on technology development, in line with being a Security Meister.

One of her roles is to reply to inquiries from engineers in the Fujitsu Group or to exchange information with them. For example, when a new cyberattack is reported, she provides the all-important information needed to judge its characteristics and risk level.

By making use of her insights into security issues and hands-on experience, she can provide a balanced judgement – for example that “although this virus is widely reported in the media, it does not present a major risk as it does not affect systems with current configurations.”

As a more specific example, when ransomware “WannaCry” spread globally in 2017, Yuki analyzed its characteristics and based on her experience, was able to give appropriate advice about how it could be detected and how quickly it should be addressed. Her judgement was based on years of dealing with emerging issues, such as coping with the “Code Red” worm that became rampant in the early 2000s. All of this adds up to unequalled expertise that she can convey as a security researcher.

Yuki’s other role is to promote the dissemination of information and community activities externally as a spokesperson of Fujitsu. She is continually expanding her scope of activities by actively attending various community events and conferences to express her opinions.

For example, when “BSides Tokyo,” which is a Japanese version of the information security community “BSides,” was launched in 2018 by volunteers in and outside Japan, she joined it as one of the founding members - together with Soya Aoyama from Fujitsu System Integration Laboratories, who is also a high master – and Yuki remains closely engaged in its management.

Yuki explains: “While there are many excellent security conferences in Japan, at BSides Tokyo, we take a rather different approach and try to encourage new members to join this community. We also try to support our outstanding Japanese security engineers and researchers in their efforts to convey important ideas and research on the world stage.”

Above all, Yuki’s forward-looking approach is an inspiration to young engineers who are aiming to become security experts themselves, demonstrating that enjoying your work symbolizes Fujitsu Laboratories’ researchers’ positive stance toward R&D － “Let’s try it ourselves first.”

At Fujitsu Laboratories, we have so many specialists with diverse backgrounds like Yuki, who are actively applying their expertise in research activities. Our many experts spans multiple disciplines such as AI, networks, hardware, software, mathematics and law – all working collaboratively to advance security research.

Yuki studied statistics at university and started her career as a middleware developer, which is a completely different discipline compared to being a security researcher.

Encountering a variety of security problems touch on all fields, she made the important decision to change her career path, and entered the world of security research.

Yuki is much more than a career security researcher. She has experienced childbirth, coped with the challenges of motherhood, and balancing family versus working life, including managing shorter working hours. She says that she is grateful for the teleworking system, which is now becoming the new norm, as she was able to adopt it in the early stages of its introduction.

“I tried various tools with considerable help from my colleagues, but the real issue was that the time available to me was so limited. My solution was to set myself clear deadlines to ‘complete each task by its due date’ and I repeated these tasks single-mindedly to balance my roles as researcher and mother.”

Finally, Yuki provides an insight into her views on the future as a researcher.
“A worrying development is that along with the dissemination of security measures using machine learning, we are seeing reports about a variety of methods to attack learning models by infecting them with adversarial examples. However, the damage caused by these methods has not been reported yet. I think that we have to continue our research by always considering what may happen in the future – trying to develop secure AI and Machine Learning systems, following Fujitsu Laboratoris’ mission to create a safe society for the future. Based on this vision, our common aim is to advance research by combining data science and cybersecurity to develop new technologies. It’s an exciting mission and I am proud to be a part of it!”