Welcome!

News Feed Item

Fujitsu Develops Technology to Quickly Detect Latent Malware Activity in Internal Networks

Protects organizations by identifying infected machines before data breaches occur


Tokyo, Apr 15, 2014 - (JCN Newswire) - Fujitsu Laboratories Ltd. today announced that it has developed technology that quickly detects latent malware activity in a network. This technology monitors an internal network to protect against advanced persistent threats (APT) on specific companies or individuals, an increasingly common problem.

APT employ malicious programs known as malware which cannot always be detected by ordinary antivirus software, so security measures that protect the entryways to internal networks are limited. In addition, with malware infections, it is often the case that the attackers, through remotely controlled operations that are disguised in the flow of ordinary communications from outside the network, can carry out hidden activities for long periods of time. This makes it difficult to discover the problem at the exit points of internal networks, such as through unauthorized intrusion-detection systems.

As a method to detect the activity of malware designed to remotely control a terminal, Fujitsu Laboratories focused on the typical communications patterns of latent malware activity within a company's network. The company developed technology to analyze and detect the relationships between multiple communications from outside and within the network. Fujitsu Laboratories then developed technology for the high-speed detection of malware in real time that would work using general-purpose servers. Actual application of this method had been a problematic issue to overcome.

In a connected network of approximately 2000 devices, Fujitsu Laboratories tested and verified that the technology could detect simulated malware activity. This technology makes it possible to quickly detect the latent activity of APT malware in an internal network and protect against data breaches before they occur.

Background

In recent years there has been a surge in increasingly sophisticated APT against specific organizations and individuals for the purpose of stealing information. In APT, the target is thoroughly studied in advance, and the attack is persistently carried out through such methods as email messages disguised as regular business communications. It is not always possible for ordinary antivirus software to distinguish between regular software and software used in an attack, so it is difficult to fully protect an internal network from being infiltrated by malware.

To protect against such sophisticated malware activity, in addition to the conventional security protections used at the entry and exit points of internal networks, it is necessary to employ protection methods that focus inside internal networks.

Issues

The most common type of malware today is known as a Remote Access Trojan (RAT)(1). With a RAT, the intruder outside a network remotely operates an infected PC within a network to collect internal data, disguising activities as routine business communications such as sending or receiving emails. The RAT infiltrates the network in advance through an email message or other means, but does not immediately begin the processing associated with the attack. Afterwards, when the attack begins, the content of the communications does not contain malware itself, and the traffic associated with the remote operations is almost always encrypted. This activity is difficult to discover using conventional antivirus software or unauthorized intrusion-detection systems.

By analyzing the types of communications flowing over a network and the related communications that precede or follow them, it is possible to detect latent activity within a network that is characteristic of a RAT, the remote-control type malware. Fujitsu Laboratories conducted research and development on ways to monitor choke points, which are the gateways attackers use in such attacks.

This method, however, requires significant processing time as it is necessary to identify, within a huge stream of work-related traffic, the communications associated with an attack, and then confirm the links between multiple communications. At the same time, to apply this method within a company, it is necessary to configure the detection function to each network domain in the smallest units possible, and, ideally, to use few CPU or memory computing resources.

About the New Technology

By focusing on the communications patterns seen in all latent activity of RATs within an internal network, and by analyzing the relationships between intranet communications, Fujitsu Laboratories developed technology for the high-speed detection of latent activity of RATs within an internal network. This technology enables the choke point monitoring method to be performed at high speeds, and makes it practical to perform with network devices that operate using limited computing resources.

The following two diagnostic technologies were developed to enable the efficient identification of attack-related communications traffic an infected PC sends to its target (Figure 2).

1. Specific domain diagnostic

To determine whether a given communication is associated with an attack, it had been necessary to perform a detailed analysis of the content of the communication, but now Fujitsu Laboratories has developed a highly precise way to diagnose attack-related communication while reducing the processing load required for analysis. This diagnostic method uses only the relationship between data on the specific domains for multiple communications and the communication sequence.

2. Screening diagnostic
To extract, from an enormous volume of communications, the multiple communications that comprise an attack requires significant processing time. Fujitsu Laboratories has now developed a way to efficiently detect multiple suspicious communications by managing a screening process in which the processing procedures of an attack and communication information are compared in order to screen at each stage of an attack.

The use of these diagnostic technologies enabled an approximately 30-fold increase in the volume of communications that were able to be processed for detection without sacrificing detection performance.

In a connected network environment of approximately 2000 devices on which a large volume of work-related communications was flowing, this technology was verified and evaluated while recreating the latent activity of a RAT. The result was complete detection of the RAT's attack communications, which represented 0.0001% of the overall communication packet volume, with no spillover, even with a Gigabit-class communication line. Moreover, no work-related communications were falsely detected as attack-related communications.

Results

By building this technology into networking equipment and distributively configuring on a local network, it is possible to monitor malicious traffic flowing over a network and detect APT malware, which is difficult to do with firewalls or antivirus software, before data is leaked.

Future Plans

Fujitsu Laboratories will proceed with R&D on malware detection technologies with the aim of commercializing this technology during fiscal 2014.

Notes:

(1) Remote Access Trojan (RAT):

A malicious software program that infiltrates a local network disguised as a benign program and that can be remotely controlled by outside attackers.

About Fujitsu Limited

Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Approximately 170,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.4 trillion yen (US$47 billion) for the fiscal year ended March 31, 2013 For more information, please see www.fujitsu.com.



Source: Fujitsu Limited

Contact:
Fujitsu Limited
Public and Investor Relations
www.fujitsu.com/global/news/contacts/
+81-3-3215-5259


Copyright 2014 JCN Newswire. All rights reserved. www.japancorp.net

More Stories By JCN Newswire

Copyright 2008 JCN Newswire. All rights reserved. Republication or redistribution of JCN Newswire content is expressly prohibited without the prior written consent of JCN Newswire. JCN Newswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
One of the biggest challenges with adopting a DevOps mentality is: new applications are easily adapted to cloud-native, microservice-based, or containerized architectures - they can be built for them - but old applications need complex refactoring. On the other hand, these new technologies can require relearning or adapting new, oftentimes more complex, methodologies and tools to be ready for production. In his general session at @DevOpsSummit at 20th Cloud Expo, Chris Brown, Solutions Marketi...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
Today companies are looking to achieve cloud-first digital agility to reduce time-to-market, optimize utilization of resources, and rapidly deliver disruptive business solutions. However, leveraging the benefits of cloud deployments can be complicated for companies with extensive legacy computing environments. In his session at 21st Cloud Expo, Craig Sproule, founder and CEO of Metavine, will outline the challenges enterprises face in migrating legacy solutions to the cloud. He will also prese...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...