Learning Patterns from Graphical Models #45
Description
We could use machine learning (ML) to create our own STRIDE analysis system.
Both STRIDE and DREAD is a fairly lame heuristic approach for automatically alerting threats. This issue proposes a new way to analyze threats using ML. That is, we would analyze patterns of threats discovered by humans using the application, and create a learning model to send.
- [ ] Derive a trend analyzer based on human interactions - [ ] In UI ask person: "Would you let us collect anonymous statistics to see how you are using the app so we can serve you better?"
Our mechanism would compete with STRIDE analysis and likely be much better than STRIDE analysis being derived from actual human usage.
How would we derive this model? No private data would be taken, for instance if we notice people tend to label 'a "general process" with an authentication scheme isn't using SSL' being a threat - then our model would learn this trend and alert future people with in a same setup.