Given that security threats and privacy breaches are com- monplace today, it is an important problem for one to know whether their device(s) are in a good state of security, or is there a set of high- risk vulnerabilities that need to be addressed. In this paper, we address this simple yet challenging problem. Instead of gaining white-box access to the device, which offers privacy and other system issues, we rely on network logs and events collected offine as well as in realtime. Our approach is to apply analytics and machine learning for network security analysis as well as analysis of the security of the overall device - apps, the OS and the data on the device. We propose techniques based on analytics in order to determine sensitivity of the device, vulnerability rank of apps and of the device, degree of compromise of apps and of the device, as well as how to define the state of security of the device based on these metrics. Such metrics can be used further in machine learning models in order to predict the users of the device of high risk states, and how to avoid such risks.
تحميل البحث