Honeypot adaptive security system

What is claimed: 1. A system comprising: one or more processors; memory coupled to the one or more processors, the memory including one or more modules that are executable by the one or more processors to: retrieve client data associated with an application on a client device, the client data including at least a record of system activities associated with execution of the application on the client device; retrieve policy rules associated with the application, the policy rules identifying confidential client or network (CCN) data that is associated with the client device, the policy rules further identifying a first subset of CCN data that is accessible by the application and a second subset of CCN data to which access by the application is prohibited; generate an application data model to quantify emerging trends of the application gaining over-privileged access to the second subset of CCN data on the client device, based at least in part on historical instances of the client data and the policy rules; determine a probability that the application has gained over-privileged access to the second subset of CCN data, based at least in part on analysis of the client data relative to the application data model; quantify a portion of the client data that is less than an entirety of the client data based at least in part on the probability being less than a predetermined threshold; parse the portion of the client data to identify an instance of the application gaining over-privileged access to the second subset of CCN data; generate a solution data package for deployment to the client device, the solution data package including a policy solution that automatically resolves the instance of the application gaining over-privileged access to the second subset of CCN data on the client device; and deploy the solution data package to the client device. 2. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: retrieve the client data on a continuous basis, at predetermined time intervals, or in response to a triggering event, the triggering event being receipt of an indication from an additional client device that the application has gained over-privileged access to the second subset of CCN data on the additional client device. 3. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: deploy an application agent to the client device, the application agent being instrumented within an operating system stack of the client device to monitor file system activity and network activity associated with the application on the client device, and wherein, to retrieve the client data is based at least in part on data transmissions from the application agent. 4. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: retrieve, from a base station associated with a telecommunications network service, location data associated with the client device, based at least in part on a device identifier of the client device, the location data corresponding to a location of the client device at a point in time that the client data is retrieved, and wherein, the client data includes the location data associated with the application on the client device includes the location data. 5. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: retrieve, from an environmental parameters data-store, one or more environmental parameters that quantify characteristics that affect instances of the application gaining over-privileged access to the second subset of CCN data, the characteristics including a geographic location, a network access point, a device type, or historical instances of the application gaining over-privileged access to the second subset of CCN data; and refine, the application data model, based at least in part on the one or more environmental parameters. 6. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: retrieve, from a client data-store, historical client data associated with execution of the application on the client device and execution of the application on additional client devices, the historical client data including at least historical instances of the application gaining over-privileged access to the second subset of CCN data on the client device or the additional client devices; and refine, the application data model based at least in part on the historical client data. 7. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: retrieve, from a device information data-store, device information associated with the client device, the device information including a device type, device identifier, configuration of the client device; and refine, the application data model based at least in part on the device information. 8. The system of claim 1 , wherein the one or more modules are further executable by the one or more processors to: determine that the probability that the application has gained over-privileged access to the second subset of CCN data is greater than the predetermined threshold, and wherein, the portion of the client data corresponds to an entirety of the client data, based at least in part on the probability being greater than the predetermined threshold. 9. A computer-implemented method, comprising: under control of one or more processors: retrieving, client data associated with execution of an application on a client device, the client data including data logs of data communications between the application and the client device; retrieving, from one or more data-stores, policy rules and historical client data associated with the application, the policy rules identifying confidential client or network (CCN) data to which access by the application is prohibited, and the historical client data including historical instances of the application gaining over-privileged access to the CCN data; generating an application data model to quantify emerging trends of the application gaining over-privileged access to the CCN data on the client device, based at least in part on the policy rules and the historical client data; determining a probability that the application has gained over-privileged access to the CCN data, based at least in part on analysis of the client data relative to the application data model; quantifying a portion of the client data that is less than an entirety of the client data based at least in part on the probability being less than a predetermined threshold; parsing the portion of the client data to identify an instance of the application gaining over-privileged access to the CCN data; generating a solution data package for deployment to the client device, based at least in part on identifying the instance of the application gaining over-privileged access to the CCN data; and deploying the solution data package to the client device. 10. The computer-implemented method of claim 9 , further comprising: retrieving, from the one or more data-stores, device information associated with the client device and at least one environmental parameter associated with the application, the device information including at least one of a device type, device identifier, a firmware configuration of the client device, or an operating system configuration of the client device, and the at least one environmental parameter quantifying a characteristic that affects instances of the application gaining over-privileged access to the CCN data, the char