Welcome!

News Feed Item

Fujitsu Develops Technology to Quickly Detect Latent Malware Activity in Internal Networks

Protects organizations by identifying infected machines before data breaches occur


Tokyo, Apr 15, 2014 - (JCN Newswire) - Fujitsu Laboratories Ltd. today announced that it has developed technology that quickly detects latent malware activity in a network. This technology monitors an internal network to protect against advanced persistent threats (APT) on specific companies or individuals, an increasingly common problem.

APT employ malicious programs known as malware which cannot always be detected by ordinary antivirus software, so security measures that protect the entryways to internal networks are limited. In addition, with malware infections, it is often the case that the attackers, through remotely controlled operations that are disguised in the flow of ordinary communications from outside the network, can carry out hidden activities for long periods of time. This makes it difficult to discover the problem at the exit points of internal networks, such as through unauthorized intrusion-detection systems.

As a method to detect the activity of malware designed to remotely control a terminal, Fujitsu Laboratories focused on the typical communications patterns of latent malware activity within a company's network. The company developed technology to analyze and detect the relationships between multiple communications from outside and within the network. Fujitsu Laboratories then developed technology for the high-speed detection of malware in real time that would work using general-purpose servers. Actual application of this method had been a problematic issue to overcome.

In a connected network of approximately 2000 devices, Fujitsu Laboratories tested and verified that the technology could detect simulated malware activity. This technology makes it possible to quickly detect the latent activity of APT malware in an internal network and protect against data breaches before they occur.

Background

In recent years there has been a surge in increasingly sophisticated APT against specific organizations and individuals for the purpose of stealing information. In APT, the target is thoroughly studied in advance, and the attack is persistently carried out through such methods as email messages disguised as regular business communications. It is not always possible for ordinary antivirus software to distinguish between regular software and software used in an attack, so it is difficult to fully protect an internal network from being infiltrated by malware.

To protect against such sophisticated malware activity, in addition to the conventional security protections used at the entry and exit points of internal networks, it is necessary to employ protection methods that focus inside internal networks.

Issues

The most common type of malware today is known as a Remote Access Trojan (RAT)(1). With a RAT, the intruder outside a network remotely operates an infected PC within a network to collect internal data, disguising activities as routine business communications such as sending or receiving emails. The RAT infiltrates the network in advance through an email message or other means, but does not immediately begin the processing associated with the attack. Afterwards, when the attack begins, the content of the communications does not contain malware itself, and the traffic associated with the remote operations is almost always encrypted. This activity is difficult to discover using conventional antivirus software or unauthorized intrusion-detection systems.

By analyzing the types of communications flowing over a network and the related communications that precede or follow them, it is possible to detect latent activity within a network that is characteristic of a RAT, the remote-control type malware. Fujitsu Laboratories conducted research and development on ways to monitor choke points, which are the gateways attackers use in such attacks.

This method, however, requires significant processing time as it is necessary to identify, within a huge stream of work-related traffic, the communications associated with an attack, and then confirm the links between multiple communications. At the same time, to apply this method within a company, it is necessary to configure the detection function to each network domain in the smallest units possible, and, ideally, to use few CPU or memory computing resources.

About the New Technology

By focusing on the communications patterns seen in all latent activity of RATs within an internal network, and by analyzing the relationships between intranet communications, Fujitsu Laboratories developed technology for the high-speed detection of latent activity of RATs within an internal network. This technology enables the choke point monitoring method to be performed at high speeds, and makes it practical to perform with network devices that operate using limited computing resources.

The following two diagnostic technologies were developed to enable the efficient identification of attack-related communications traffic an infected PC sends to its target (Figure 2).

1. Specific domain diagnostic

To determine whether a given communication is associated with an attack, it had been necessary to perform a detailed analysis of the content of the communication, but now Fujitsu Laboratories has developed a highly precise way to diagnose attack-related communication while reducing the processing load required for analysis. This diagnostic method uses only the relationship between data on the specific domains for multiple communications and the communication sequence.

2. Screening diagnostic
To extract, from an enormous volume of communications, the multiple communications that comprise an attack requires significant processing time. Fujitsu Laboratories has now developed a way to efficiently detect multiple suspicious communications by managing a screening process in which the processing procedures of an attack and communication information are compared in order to screen at each stage of an attack.

The use of these diagnostic technologies enabled an approximately 30-fold increase in the volume of communications that were able to be processed for detection without sacrificing detection performance.

In a connected network environment of approximately 2000 devices on which a large volume of work-related communications was flowing, this technology was verified and evaluated while recreating the latent activity of a RAT. The result was complete detection of the RAT's attack communications, which represented 0.0001% of the overall communication packet volume, with no spillover, even with a Gigabit-class communication line. Moreover, no work-related communications were falsely detected as attack-related communications.

Results

By building this technology into networking equipment and distributively configuring on a local network, it is possible to monitor malicious traffic flowing over a network and detect APT malware, which is difficult to do with firewalls or antivirus software, before data is leaked.

Future Plans

Fujitsu Laboratories will proceed with R&D on malware detection technologies with the aim of commercializing this technology during fiscal 2014.

Notes:

(1) Remote Access Trojan (RAT):

A malicious software program that infiltrates a local network disguised as a benign program and that can be remotely controlled by outside attackers.

About Fujitsu Limited

Fujitsu is the leading Japanese information and communication technology (ICT) company offering a full range of technology products, solutions and services. Approximately 170,000 Fujitsu people support customers in more than 100 countries. We use our experience and the power of ICT to shape the future of society with our customers. Fujitsu Limited (TSE: 6702) reported consolidated revenues of 4.4 trillion yen (US$47 billion) for the fiscal year ended March 31, 2013 For more information, please see www.fujitsu.com.



Source: Fujitsu Limited

Contact:
Fujitsu Limited
Public and Investor Relations
www.fujitsu.com/global/news/contacts/
+81-3-3215-5259


Copyright 2014 JCN Newswire. All rights reserved. www.japancorp.net

More Stories By JCN Newswire

Copyright 2008 JCN Newswire. All rights reserved. Republication or redistribution of JCN Newswire content is expressly prohibited without the prior written consent of JCN Newswire. JCN Newswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data. In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
As the world moves toward more DevOps and Microservices, application deployment to the cloud ought to become a lot simpler. The Microservices architecture, which is the basis of many new age distributed systems such as OpenStack, NetFlix and so on, is at the heart of Cloud Foundry - a complete developer-oriented Platform as a Service (PaaS) that is IaaS agnostic and supports vCloud, OpenStack and AWS. Serverless computing is revolutionizing computing. In his session at 19th Cloud Expo, Raghav...
SYS-CON Events announced today Telecom Reseller has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Aspose.Total for .NET is the most complete package of all file format APIs for .NET as offered by Aspose. It empowers developers to create, edit, render, print and convert between a wide range of popular document formats within any .NET, C#, ASP.NET and VB.NET applications. Aspose compiles all .NET APIs on a daily basis to ensure that it contains the most up to date versions of each of Aspose .NET APIs. If a new .NET API or a new version of existing APIs is released during the subscription peri...
SYS-CON Events announced today that StarNet Communications will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. StarNet Communications’ FastX is the industry first cloud-based remote X Windows emulator. Using standard Web browsers (FireFox, Chrome, Safari, etc.) users from around the world gain highly secure access to applications and data hosted on Linux-based servers in a central data center. ...
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportuni...
StarNet Communications Corp has announced the addition of three Secure Remote Desktop modules to its flagship X-Win32 PC X server. The new modules enable X-Win32 to safely tunnel the remote desktops from Linux and Unix servers to the user’s PC over encrypted SSH. Traditionally, users of PC X servers deploy the XDMCP protocol to display remote desktop environments such as the Gnome and KDE desktops on Linux servers and the CDE environment on Solaris Unix machines. XDMCP is used primarily on comp...
There is growing need for data-driven applications and the need for digital platforms to build these apps. In his session at 19th Cloud Expo, Muddu Sudhakar, VP and GM of Security & IoT at Splunk, will cover different PaaS solutions and Big Data platforms that are available to build applications. In addition, AI and machine learning are creating new requirements that developers need in the building of next-gen apps. The next-generation digital platforms have some of the past platform needs a...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder and Chairman of Alfresco, described how to scale cloud-based content management repositories to store, manage, and retrieve billions of documents and related information with fast and linear scalability. He addres...
Fact: storage performance problems have only gotten more complicated, as applications not only have become largely virtualized, but also have moved to cloud-based infrastructures. Storage performance in virtualized environments isn’t just about IOPS anymore. Instead, you need to guarantee performance for individual VMs, helping applications maintain performance as the number of VMs continues to go up in real time. In his session at Cloud Expo, Dhiraj Sehgal, Product and Marketing at Tintri, wil...
Enterprises have forever faced challenges surrounding the sharing of their intellectual property. Emerging cloud adoption has made it more compelling for enterprises to digitize their content, making them available over a wide variety of devices across the Internet. In his session at 19th Cloud Expo, Santosh Ahuja, Director of Architecture at Impiger Technologies, will introduce various mechanisms provided by cloud service providers today to manage and share digital content in a secure manner....
SYS-CON Events announced today that eCube Systems, a leading provider of middleware modernization, integration, and management solutions, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. eCube Systems offers a family of middleware evolution products and services that maximize return on technology investment by leveraging existing technical equity to meet evolving business needs. ...