Welcome!

News Feed Item

Fujitsu Develops Technology to Quickly Detect Latent Malware Activity in Internal Networks

Protects organizations by identifying infected machines before data breaches occur


Tokyo, Apr 15, 2014 - (JCN Newswire) - Fujitsu Laboratories Ltd. today announced that it has developed technology that quickly detects latent malware activity in a network. This technology monitors an internal network to protect against advanced persistent threats (APT) on specific companies or individuals, an increasingly common problem.

APT employ malicious programs known as malware which cannot always be detected by ordinary antivirus software, so security measures that protect the entryways to internal networks are limited. In addition, with malware infections, it is often the case that the attackers, through remotely controlled operations that are disguised in the flow of ordinary communications from outside the network, can carry out hidden activities for long periods of time. This makes it difficult to discover the problem at the exit points of internal networks, such as through unauthorized intrusion-detection systems.

As a method to detect the activity of malware designed to remotely control a terminal, Fujitsu Laboratories focused on the typical communications patterns of latent malware activity within a company's network. The company developed technology to analyze and detect the relationships between multiple communications from outside and within the network. Fujitsu Laboratories then developed technology for the high-speed detection of malware in real time that would work using general-purpose servers. Actual application of this method had been a problematic issue to overcome.

In a connected network of approximately 2000 devices, Fujitsu Laboratories tested and verified that the technology could detect simulated malware activity. This technology makes it possible to quickly detect the latent activity of APT malware in an internal network and protect against data breaches before they occur.

Background

In recent years there has been a surge in increasingly sophisticated APT against specific organizations and individuals for the purpose of stealing information. In APT, the target is thoroughly studied in advance, and the attack is persistently carried out through such methods as email messages disguised as regular business communications. It is not always possible for ordinary antivirus software to distinguish between regular software and software used in an attack, so it is difficult to fully protect an internal network from being infiltrated by malware.

To protect against such sophisticated malware activity, in addition to the conventional security protections used at the entry and exit points of internal networks, it is necessary to employ protection methods that focus inside internal networks.

Issues

The most common type of malware today is known as a Remote Access Trojan (RAT)(1). With a RAT, the intruder outside a network remotely operates an infected PC within a network to collect internal data, disguising activities as routine business communications such as sending or receiving emails. The RAT infiltrates the network in advance through an email message or other means, but does not immediately begin the processing associated with the attack. Afterwards, when the attack begins, the content of the communications does not contain malware itself, and the traffic associated with the remote operations is almost always encrypted. This activity is difficult to discover using conventional antivirus software or unauthorized intrusion-detection systems.

By analyzing the types of communications flowing over a network and the related communications that precede or follow them, it is possible to detect latent activity within a network that is characteristic of a RAT, the remote-control type malware. Fujitsu Laboratories conducted research and development on ways to monitor choke points, which are the gateways attackers use in such attacks.

This method, however, requires significant processing time as it is necessary to identify, within a huge stream of work-related traffic, the communications associated with an attack, and then confirm the links between multiple communications. At the same time, to apply this method within a company, it is necessary to configure the detection function to each network domain in the smallest units possible, and, ideally, to use few CPU or memory computing resources.

About the New Technology

By focusing on the communications patterns seen in all latent activity of RATs within an internal network, and by analyzing the relationships between intranet communications, Fujitsu Laboratories developed technology for the high-speed detection of latent activity of RATs within an internal network. This technology enables the choke point monitoring method to be performed at high speeds, and makes it practical to perform with network devices that operate using limited computing resources.

The following two diagnostic technologies were developed to enable the efficient identification of attack-related communications traffic an infected PC sends to its target (Figure 2).

1. Specific domain diagnostic

To determine whether a given communication is associated with an attack, it had been necessary to perform a detailed analysis of the content of the communication, but now Fujitsu Laboratories has developed a highly precise way to diagnose attack-related communication while reducing the processing load required for analysis. This diagnostic method uses only the relationship between data on the specific domains for multiple communications and the communication sequence.

2. Screening diagnostic
To extract, from an enormous volume of communications, the multiple communications that comprise an attack requires significant processing time. Fujitsu Laboratories has now developed a way to efficiently detect multiple suspicious communications by managing a screening process in which the processing procedures of an attack and communication information are compared in order to screen at each stage of an attack.

The use of these diagnostic technologies enabled an approximately 30-fold increase in the volume of communications that were able to be processed for detection without sacrificing detection performance.

In a connected network environment of approximately 2000 devices on which a large volume of work-related communications was flowing, this technology was verified and evaluated while recreating the latent activity of a RAT. The result was complete detection of the RAT's attack communications, which represented 0.0001% of the overall communication packet volume, with no spillover, even with a Gigabit-class communication line. Moreover, no work-related communications were falsely detected as attack-related communications.

Results

By building this technology into networking equipment and distributively configuring on a local network, it is possible to monitor malicious traffic flowing over a network and detect APT malware, which is difficult to do with firewalls or antivirus software, before data is leaked.

Future Plans

Fujitsu Laboratories will proceed with R&D on malware detection technologies with the aim of commercializing this technology during fiscal 2014.

Notes:

(1) Remote Access Trojan (RAT):

A malicious software program that infiltrates a local network disguised as a benign program and that can be remotely controlled by outside attackers.

About Fujitsu Limited

Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Approximately 170,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.4 trillion yen (US$47 billion) for the fiscal year ended March 31, 2013 For more information, please see www.fujitsu.com.



Source: Fujitsu Limited

Contact:
Fujitsu Limited
Public and Investor Relations
www.fujitsu.com/global/news/contacts/
+81-3-3215-5259


Copyright 2014 JCN Newswire. All rights reserved. www.japancorp.net

More Stories By JCN Newswire

Copyright 2008 JCN Newswire. All rights reserved. Republication or redistribution of JCN Newswire content is expressly prohibited without the prior written consent of JCN Newswire. JCN Newswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
The competitive landscape of the global cloud computing market in the healthcare industry is crowded due to the presence of a large number of players. The large number of participants has led to the fragmented nature of the market. Some of the major players operating in the global cloud computing market in the healthcare industry are Cisco Systems Inc., Carestream Health Inc., Carecloud Corp., AGFA Healthcare, IBM Corp., Cleardata Networks, Merge Healthcare Inc., Microsoft Corp., Intel Corp., an...
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, discussed the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filterin...
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
Early adopters of IoT viewed it mainly as a different term for machine-to-machine connectivity or M2M. This is understandable since a prerequisite for any IoT solution is the ability to collect and aggregate device data, which is most often presented in a dashboard. The problem is that viewing data in a dashboard requires a human to interpret the results and take manual action, which doesn’t scale to the needs of IoT.
SYS-CON Events announced today the Kubernetes and Google Container Engine Workshop, being held November 3, 2016, in conjunction with @DevOpsSummit at 19th Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA. This workshop led by Sebastian Scheele introduces participants to Kubernetes and Google Container Engine (GKE). Through a combination of instructor-led presentations, demonstrations, and hands-on labs, students learn the key concepts and practices for deploying and maintainin...
Cloud analytics is dramatically altering business intelligence. Some businesses will capitalize on these promising new technologies and gain key insights that’ll help them gain competitive advantage. And others won’t. Whether you’re a business leader, an IT manager, or an analyst, we want to help you and the people you need to influence with a free copy of “Cloud Analytics for Dummies,” the essential guide to this explosive new space for business intelligence.
So, you bought into the current machine learning craze and went on to collect millions/billions of records from this promising new data source. Now, what do you do with them? Too often, the abundance of data quickly turns into an abundance of problems. How do you extract that "magic essence" from your data without falling into the common pitfalls? In her session at @ThingsExpo, Natalia Ponomareva, Software Engineer at Google, provided tips on how to be successful in large scale machine learning...
What does it look like when you have access to cloud infrastructure and platform under the same roof? Let’s talk about the different layers of Technology as a Service: who cares, what runs where, and how does it all fit together. In his session at 18th Cloud Expo, Phil Jackson, Lead Technology Evangelist at SoftLayer, an IBM company, spoke about the picture being painted by IBM Cloud and how the tools being crafted can help fill the gaps in your IT infrastructure.
"delaPlex is a software development company. We do team-based outsourcing development," explained Mark Rivers, COO and Co-founder of delaPlex Software, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
"C2M is our digital transformation and IoT platform. We've had C2M on the market for almost three years now and it has a comprehensive set of functionalities that it brings to the market," explained Mahesh Ramu, Vice President, IoT Strategy and Operations at Plasma, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Traditional IT, great for stable systems of record, is struggling to cope with newer, agile systems of engagement requirements coming straight from the business. In his session at 18th Cloud Expo, William Morrish, General Manager of Product Sales at Interoute, outlined ways of exploiting new architectures to enable both systems and building them to support your existing platforms, with an eye for the future. Technologies such as Docker and the hyper-convergence of computing, networking and sto...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...