Analyzing Darknet communications, observed by multiple organizations, to detect signs of cyberattacks and contribute to damage prevention
June 18, 2019
Chubu Electric Power Co.,Inc.
Keio University (President: Akira Haseyawa), Chubu Electric Power Company (President Satoru Katsuno; hereinafter "Chuden") and Hitachi, Ltd. (President and CEO Toshiaki Higashihara; hereinafter "Hitachi") have verified that analyzing Darknet communications (Note1), identified out of suspicious online communications observed by the organizations, makes it possible to identify signs of cyberattacks, which have been difficult to detect until now. The organizations will continue to identify such signs to prevent damage from cyberattacks.
(Note1) Communications on online addresses to which a specific computer is not allocated (applied)
Advancement of digitization in a variety of fields has boosted convenience in people's lives. However, at the same, it has made cyberattacks more intricate and cunning, which is rapidly increasing the importance of cyber security. In particular, it is an urgent task to establish robust security measures in infrastructure business, which provides people with vital lifelines.
Many companies and other organizations monitor suspicious communications in individual networks. Their challenge was the difficulty in identifying such communications, as they come mixed with a massive volume of normal communications.
In the latest study, Keio University, Chuden and Hitachi focused on Darknet communications, which do not occur in general online communications, and verified that signs of cyberattacks can be identified by analyzing multiple organizations' communications.
[Overview of the development and verification of new technology]
Incident analysis know-how, accumulated through joint research by Keio University and Hitachi, was used to develop new technology for correlation analysis of Darknet communications. The technology focused on Darknet communications, seen in multiple organizations, to identify signs of cyberattacks, which did not stand out in separate data observation carried out by these organizations.
In this study, the correlation analysis technology was used to analyze a large volume of Darknet communications (20 million cases / day), observed at Keio University and Chuden. The results showed that the technology was able to identify signs of cyberattacks even with a very low volume of communications, and initiate an appropriate action.
The verification was an achievement of the joint research and "distributed security operation" (Note2) vision, jointly undertaken by Keio University, Chuden and Hitachi since April 2017.
(Note2) Collaboration of multiple security response teams for swift incident response
Keio University, Chuden and Hitachi will continue to monitor signs of cyberattacks broadly and develop technology capable of analyzing the content of such attacks in greater details, so as to establish security operations that contribute to assuring cyber security and stable administration of social infrastructure systems.