NEC, Thursday announced the development of a "system operations-visualization and anomaly-analysis technology" that uses artificial intelligence (AI) to automatically detect unknown cyber-attacks against social infrastructure and enterprise systems.
According to NEC, the new technology learns through machine learning the normal state of OS-level operations such as program start-up, file access and communications for entire ICT systems, including PCs and servers. It then carries out real-time comparisons and analysis of current operations in the system's normal state and automatically isolates particular points that deviate from the normal state by using system operation tools and Software-Defined Networking (SDN).
A detailed knowledge of the system behavior makes it possible to identify the extent of damage 90% faster than the time required in conventional manual investigation. Accurate anomaly detection and quick specification of damaged areas by the new technology minimize the damage from cyber-attacks and enable recovery without stopping an entire user-system.
NEC said that it conducted trials of the technology on its in-house ICT system and found that it was able to detect all simulated attacks. Going forward, NEC will carry out trials on systems serving critical infrastructure, such as power plants and factories, aiming to commercialize the technology by the end of 2016.
Motoo Nishihara General Manager, Cloud System Research Laboratories, NEC Corporation
The new technology, which is based only on subtle changes observed in OS-level behavior as a consequence of attacks, rather than on the attack methods, enables an innovative approach to deal with completely new cyber-attacks.