Personalized Cybersecurity

for DummiesJaime G.Carbonell

EugeneFink

MehrbodSharifi

Application of machine learning and crowdsourcing to adapt cybersecurity tools to the needs of (naïve) individual users.

Individual user differences• Security needs

- Data confidentiality- Data-loss tolerance- Recovery costs

• Usage patterns• Computer knowledge

Different users need different security tools.

Problems

• “Advanced user” assumption- Complicated customization- Unclear security warnings

• Inflexible engineered solutionswith “too much security”- Too high security at high costs- Insufficient customization

Examples

Typical response of naïve users:• Always no (too much security)• Always yes (not enough security)• Ask a techie if available

Population statisticsComputer use byage and gender

User naïveté correctanswers

Population statistics• Almost everyone uses a computer• Most users are naïve, with very

limited technical knowledge• Many security problems are

due to the user naïveté

When an average user deals with security issues, she needs basic advice and handholding.

Long-term goal

We need an automated security

assistant that learns the needs

of the individual user and helps

the user to apply security tools.

Initial results

A security assistant for

web browsing, integrated

with Internet Explorer.

• Scams (welcome to Nigeria)• Rip-offs (overpricing, low quality)• Bad info (inaccurate, biased)• ... and so on

Automated tools cannot detect “advanced” threats that go beyond software attacks.

More problems

Long-term goal

Rely on the collective wisdom of the users.

Gather Filter Integrate

Initial results

A browser plug-in for the

gathering of opinions and

warnings about web pages.

Future research

• Summarization of comments

• Analysis of sentiments and biases

• Identification of reliable contributors

• Synergy with other techniques for analysis of web pages

• … and so on