NEC Corp. has developed a "system operations-visualization and anomaly-analysis technology" that uses artificial intelligence (AI) to automatically detect unknown cyber-attacks against social infrastructure and enterprise systems. The new technology learns (through machine learning) the normal state of OS-level operations (program start-up, file access, communications, etc.) for entire ICT systems, including PCs and servers. It then carries out real-time comparisons and analysis of current operations in the system's normal state and automatically isolates particular points that deviate from the normal state by using system operation tools and Software-Defined Networking (SDN).
Further, a detailed knowledge of the system behavior makes it possible to identify the extent of damage 90% faster than the time required in conventional manual investigation. Accurate anomaly detection and quick specification of damaged areas by the new technology minimize the damage from cyber-attacks and enable recovery without stopping an entire user-system.
"It is remarkably difficult for current cyber-attack countermeasures, which are carried out based on known attack methods, to protect systems against unknown attacks. The new technology, which is based only on subtle changes observed in OS-level behavior as a consequence of attacks, rather than on the attack methods, enables an innovative approach to deal with completely new cyber-attacks," said Motoo Nishihara General Manager, Cloud System Research Laboratories, NEC Corporation.
NEC conducted trials of the technology on its in-house ICT system and found that it was able to detect all simulated attacks. Going forward, NEC will carry out trials on systems serving critical infrastructure, such as power plants and factories, aiming to commercialize the technology by the end of FY2016.