machine learning methods for personalized cybersecurity jaime g. carbonell eugene fink mehrbod...
Post on 20-Dec-2015
217 views
TRANSCRIPT
Machine Learning Methods for
Personalized CybersecurityJaime G.Carbonell
EugeneFink
MehrbodSharifiApplying machine learning and
artificial intelligence to adapt
cybersecurity tools to the needs
of (naïve) individual users.
Individual user differences• Security needs
- Data confidentiality- Data-loss tolerance- Recovery costs
• Usage patterns• Computer knowledge
Different users need different security tools.
Problem
• Inflexible engineered solutionswith “too much security”- Too high security at high costs- Insufficient customization options
• “Advanced user” assumption- Complicated customization- Unclear security warnings
Examples
Typical response of naïve users:• Always no (too much security)• Always yes (not enough security)• Ask a techie if available
Population statisticsComputer use byage and gender
User naïveté correctanswers
Population statistics• Almost everyone uses a computer• Most users are naïve, with very
limited technical knowledge• Many security problems are
due to the user naïveté
When an average user deals with security issues, she often needs basic advice and handholding.
Long-term goal
We need an automated security
assistant that learns the needs
of the individual user and helps
the user to apply security tools.
Research problems• Learning about the user
- Usage patterns- Technical knowledge- Security choices
• Elicitation of security needs- Understandable questions- Optimized question selection- Conversion of the elicited answers to appropriate security settings
• Understandable warnings- Not-Sure response option- Explanation customized to the user technical knowledge- Advice customized to the user needs- Optimization of yes/no decisions
• Learning across multiple users- Learning from observations- Integration of expert advice- Distributed processing of massive data
Architecture
ModelConst-ruction
ModelEvalu-ation
QuestionSelection
SecurityDecision
Optimizer
currentmodel
modelutility andlimitations
questionsanswers andobservations
Top-Level Control
DataCollection