As malicious attacks and phishing keeps haunting today’s work environment, Fujitsu Limited and Fujitsu Laboratories announces a unique artificial intelligence (AI) technology that can detect email attacks at real time.
Now, Fujitsu claims to have develop this technology after learning from associations found in a collection of operational logs, including users’ everyday email habits and the websites they visit before and after using email.
With a capability to identify abnormal internet habits, the technology detect and receive alerts for only those emails that have a high degree of danger, without excessive detection for each suspicious email, even for back-and-forth type targeted email attacks that involve multiple email exchanges between user and attacker.
Furthermore, using this technology in tandem with other Fujitsu Laboratories’ technologies, security managers can now take proactive countermeasures in response to targeted email attacks, such as temporarily restricting high-risk email and web activities for people targeted by attacks. They can also restrict people and organizations connected to those people from a work-perspective.
Technology that correlates multiple operational user logs, starting with receipt of an email
Fujitsu has developed a technology that correlates a user’s unified operational log starting when they receive an email, including receipt of the email, reading the text of the email, clicking on a URL in the text and accessing the web page in a browser. By correlating operational logs for each person with whom the user exchanges email, including long-term strings of email exchanges and related website access, the system can identify, for example, whether downloads from a particular website occurred in the course of an exchange with a specific person.
Real time anomaly detection technology through combined judgement
In order to achieve real time detection of back-and-forth type targeted email attacks in which user and attacker exchange multiple emails, and as the operational log for all of a user’s actions over a long period is huge, Fujitsu developed an anomaly detection technology that extracts and combines only the operational log related to a string of emails, compressing it and then learning and comparing it to others to detect anomalies. This can condense the information volume required for anomaly detection to under one-tenth the overall volume, enabling high speed detection processing, even for targeted email attack exchanges that can typically span several days.
This machine learning utilizes Fujitsu’s proprietary “Human Centric AI Zinrai” technology.
These technologies can detect a series of suspicious actions related to a targeted email attack exchange, and exclude unrelated actions, compared with previous technologies that detected individual anomalies in each email or web access. In an experimental testbed, Fujitsu demonstrated that this could reduce the number of events that trigger detection to under one-tenth of previous technologies.
This newly developed technology makes it possible to effectively detect targeted back-and-forth type email attacks from the series of exchanges with a specific person and the related operational log.
Fujitsu has expanded on two other previously developed cyber-attack countermeasure technologies, enabling increased security by combining them with this newly developed technology.
Behavioral characteristic analysis technology: For this technology, which evaluates users’ vulnerability to cyber-attacks based on psychological and behavioral characteristics, Fujitsu and Fujitsu Laboratories have added a new IT Risk Dashboard that can display this information in an easy-to-understand format. It can display not only passive risks, such as potential information leaks for individuals and organizations, but also active risks, such as targeted email attacks, as well as display which people have received similar emails.
Network detection technology: For this technology, which monitors an organization’s internal network and quickly detects malware’s concealed activities within a company, Fujitsu and Fujitsu Laboratories have newly connected network sensors, and enabled the precision of monitoring and costs to be adjusted in response to the state of the security risk for each organization.
By combining this newly developed technology with these two other technologies, unusual activity from the initial probes of targeted email attacks can be quickly shared across the organization, enabling preemptive defense with security countermeasures, so that emergency action can be taken for people who receive similar emails, such as restricting access to already received emails, restricting web access, network isolation or strengthened monitoring.
Fujitsu aims to expand the scope of targeted email attacks that can be detected, further improve detection precision, and bring the technology into practical application in fiscal 2016 to counter cyber-attacks and information leaks.