Personalized Cybersecurity for Dummies Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Application of...
-
date post
21-Dec-2015 -
Category
Documents
-
view
217 -
download
0
Transcript of Personalized Cybersecurity for Dummies Jaime G. Carbonell Eugene Fink Mehrbod Sharifi Application of...
Personalized Cybersecurity
for DummiesJaime G.Carbonell
EugeneFink
MehrbodSharifi
Application of machine learning and crowdsourcing to adapt cybersecurity tools to the needs of (naïve) individual users.
Individual user differences• Security needs
- Data confidentiality- Data-loss tolerance- Recovery costs
• Usage patterns• Computer knowledge
Different users need different security tools.
Problems
• “Advanced user” assumption- Complicated customization- Unclear security warnings
• Inflexible engineered solutionswith “too much security”- Too high security at high costs- Insufficient customization
Examples
Typical response of naïve users:• Always no (too much security)• Always yes (not enough security)• Ask a techie if available
Population statisticsComputer use byage and gender
User naïveté correctanswers
Population statistics• Almost everyone uses a computer• Most users are naïve, with very
limited technical knowledge• Many security problems are
due to the user naïveté
When an average user deals with security issues, she needs basic advice and handholding.
Long-term goal
We need an automated security
assistant that learns the needs
of the individual user and helps
the user to apply security tools.
Initial results
A security assistant for
web browsing, integrated
with Internet Explorer.
• Scams (welcome to Nigeria)• Rip-offs (overpricing, low quality)• Bad info (inaccurate, biased)• ... and so on
Automated tools cannot detect “advanced” threats that go beyond software attacks.
More problems
Long-term goal
Rely on the collective wisdom of the users.
Gather Filter Integrate
Initial results
A browser plug-in for the
gathering of opinions and
warnings about web pages.
Future research
• Summarization of comments
• Analysis of sentiments and biases
• Identification of reliable contributors
• Synergy with other techniques for analysis of web pages
• … and so on