Almost everyone has heard of or seen the well-known movie Blade Runner, by famous director Ridley Scott. This futuristic 1982 film recreates a world where machines are able to think for themselves and make decisions.
In spite of computing’s major advances at that time, in the 80’s the idea that machines could be so highly autonomous thanks to artificial intelligence might have seemed a long way off.
Today, however, their ability develop that capacity is considered to be much closer and may become a reality very soon.
One of the most remarkable examples of this is the humanoid robot Erica, created by Professor Hiroshi Ishiguro, which is able to hold a conversation naturally and even make jokes.
However, Artificial Intelligence does not have to take a human-like form. Another well-known case illustrates this point: that of Google’s self-driving car.
Year after year, month after month, researchers from around the world advance in the development of new applications based on this discipline, and it will come as no surprise that the cybersecurity sector has a lot to offer in this area.
In fact, renowned consultancy TATA said it very clearly: “cyber security is the top sector driving the adaptation of its technology to Artificial Intelligence”. In their Global Trend Study they also state that companies anticipate AI use in areas other than IT; by 2020 its use will have spread across almost all company areas.
This is why there is an increasing amount of terminology of this kind associated with products and services in the cybersecurity market.
In general terms, Artificial Intelligence is the discipline that is driving the simulation of human intelligence processes in machines, basically so they can learn on their own. The Machine Learning specialization falls within this discipline, and involves those machines that are capable of supervised learning.
Lastly comes Deep Learning, a subset of Machine Learning, where machines are capable of unsupervised learning on their own.
As its name indicates, the idea is to supervise a machine so that it is able to learn, solve problems and make decisions based on statistical models.
To achieve this, an example input or stimulus is presented (data parsing) that is processed by the algorithms to extract a model used as the basis for making decisions automatically. The key to success will be choosing the appropriate stimulus used as input.
Google’s search engine could be taken as one clear example. Millions of people make particular searches depending on where they live, the time horizon, etc. As they click on links of interest, the search engine can develop its own model to anticipate all kinds of trends.
Deep Learning is a Machine Learning specialization in which the machine’s algorithms themselves learn, unsupervised, through their own criteria to reach their own decisions.
These algorithms are based on neural networks and layers, which function as if they were a small brain. The key to success lies in defining the architecture for this brain.
For example, today this is used to improve predictions of earthquakes or their possible magnitude.
The diagram below serves as a summary in order to quickly recognize what technology is being discussed.
The crime-as-a-service sector evolves fast, making increasingly innovative new developments available to cybercriminals so they can successfully reach their targets.
These developments have become dynamic threats, able to adapt to the security measures deployed by users and organizations to combat cybercrime.
In this context, one major challenge is unquestionably the classification of malware. The malware that seems to be “fashionable” today is already obsolete tomorrow and is replaced by another one with completely different or improved features.
At the same time, the newest varieties of malware continue to coexist with older forms, which are still used by cyber criminals without the means to innovate. Therefore, classification in the cybercriminal ecosystem is very complex.
Faced with a context such as this, the blacklists and indicators of compromise (IOCs) typical of Cyber Threat Intelligence are not enough to handle the threat, which transforms itself when it detects it has been identified.
The great strength of Deep Learning for cybersecurity is that it makes it possible to learn from this dynamism in real time and develop new classification criteria without human intervention. Thanks to this, detection and classification become much more efficient and proactive.
At the same time, its applications are infinite. In the case of buguroo, for example, we also use it together with our development of identification based on biometric behavior.
This allows us to rapidly recognize whether a person is interacting with their computer or it is a bot, or if there is a cybercriminal attempting a user Account TakeOver or interacting with a user’s account from anywhere in the world (Remote Access Trojan).