Jose Carlos Corrales Dec 13, 2017 9 min read

Deep Learning in cybersecurity: the definitive tool

Almost everyone has heard of or seen the well-known movie Blade Runner, by famous director Ridley Scott. This futuristic 1982 film recreates a world where machines can think for themselves and make decisions.

Despite computing’s major advances at that time, in the 80’s the idea that machines could be so highly autonomous thanks to artificial intelligence might have seemed a long way off. 

Today, however, their ability to develop that capacity is considered much closer and may become a reality very soon.

One of the most remarkable examples of this is the humanoid robot Erica, created by Professor Hiroshi Ishiguro, which can hold a conversation naturally and even make jokes. 

However, Artificial Intelligence does not have to take a human-like form. Another well-known case illustrates this point: that of Google’s self-driving car.

Year after year, month after month, researchers worldwide advance in developing new applications based on this discipline, and it will come as no surprise that the cybersecurity sector has a lot to offer in this area.

In fact, renowned consultancy TATA said it very clearly: “cybersecurity is the top sector driving the adaptation of its technology to Artificial Intelligence”. Their Global Trend Study also states that companies anticipate AI use in areas other than IT; by 2020, its use will have spread across almost all company areas.


This is why there is an increasing amount of terminology associated with products and services in the cybersecurity market. 

In general terms, Artificial Intelligence is the discipline driving the simulation of human intelligence processes in machines, basically, so they can learn on their own. The Machine Learning specialization falls within this discipline and involves those machines that are capable of supervised learning. 

Lastly comes Deep Learning, a subset of Machine Learning, where machines can start unsupervised learning independently.

Machine Learning within Artificial Intelligence

As its name indicates, the idea is to supervise a machine to learn, solve problems and make decisions based on statistical models.

To achieve this, an input or stimulus is presented (data parsing) and processed by the algorithms to extract a model that can be used as the basis for automatically making decisions. The key to success will be choosing the appropriate stimulus used as input. For continually verifying users, this stimulus should be based on behavioral biometric data. In addition to user and behavioral biometric data, additional information can be collected, including device fingerprints, and network connection data, along with evidence of malware. All were collected and analyzed to create a BionicID to help identify a user at every interaction. 

Google’s search engine could be taken as one clear example. Millions of people make particular searches depending on where they live, the time horizon, etc. As they click on links of interest, the search engine can develop its own model to anticipate all kinds of trends.


Deep Learning within Machine Learning

Deep Learning is a Machine Learning specialization in which the machine’s algorithms themselves learn, unsupervised, through their own criteria to reach their own decisions. 

These algorithms are based on neural networks and layers, which function as a small brains. The key to success lies in defining the architecture for this brain.

For example, today, this is used to improve predictions of earthquakes or their possible magnitude.

The diagram below serves as a summary to quickly recognize what technology is being discussed. 


Deep Learning to combat malware and online fraud  

The crime-as-a-service sector evolves fast, making increasingly innovative new developments available to cybercriminals so they can successfully reach their targets.

These developments have become dynamic threats, adapting to the security measures deployed by users and organizations to combat cybercrime.

In this context, one major challenge is unquestionably the classification of malware. The malware that seems “fashionable” today is already obsolete tomorrow and is replaced by another one with completely different or improved features.

At the same time, the newest varieties of malware continue to coexist with older forms, which are still used by cybercriminals without the means to innovate. Therefore, classification in the cybercriminal ecosystem is very complex.



Faced with a context such as this, the blacklists and indicators of compromise (IOCs) typical of Cyber Threat Intelligence are not enough to handle the threat, which transforms itself when it detects it has been identified.

The great strength of Deep Learning for cybersecurity powered by behavioral biometrics is that it makes it possible to learn from this dynamism in real-time and develop new classification criteria without human intervention.  Thanks to this, detection and classification have become much more efficient and proactive.

At the same time, its applications are infinite. For example, in the case of Revelock, we also use it together with our development of biometric behavior-based identity verification.

This allows us to rapidly recognize whether a person is interacting with their computer or a bot, or if there is a cybercriminal attempting a user Account TakeOver or interacting with a user’s account from anywhere in the world (Remote Access Trojan).


Jose Carlos Corrales

José has a track record of more than 10 years in the different areas of cybersecurity, boasting experience in managed security services, anti-fraud services, reverse engineering, malware analysis and many others, working as a middle manager, a project manager and a presales engineer in companies such as Telefónica and Deloitte, mainly in banking customers. He currently analyses the market to detect new functionalities that ensure our solution stays on the cutting-edge of anti-fraud and serves to solve our customers’ present problems.