Methods and Systems for Behavioral Analysis of Mobile Device Behaviors Based on User Persona Information

What is claimed is: 1 . A method of analyzing a device behavior in a computing device, comprising: monitoring by a processor of the computing device activities of a software application operating on the computing device to generate user-persona information that characterizes a user of the computing device; and using the user-persona information to determine whether the device behavior is non-benign. 2 . The method of claim 1 , wherein using the user-persona information to determine whether the device behavior is non-benign comprises: using the generated user-persona information to dynamically determining device features to be monitored or evaluated in the computing device so as to balance tradeoffs between performance and security. 3 . The method of claim 1 , wherein using the user-persona information to determine whether the device behavior is non-benign comprises: using the generated user-persona information to identify device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user. 4 . The method of claim 3 , wherein using the user-persona information to determine whether the device behavior is non-benign further comprises: monitoring the identified device features to collect behavior information; generating a behavior vector that characterizes the collected behavior information; and applying the generated behavior vector to a classifier model to determine whether the device behavior is non-benign. 5 . The method of claim 4 , further comprising generating a user-specific classifier model that evaluates the identified device features, wherein applying the generated behavior vector to the classifier model to determine whether the device behavior is non-benign comprises applying the generated behavior vector to the user-specific classifier model to determine whether the device behavior is non-benign. 6 . The method of claim 5 , wherein: generating the user-specific classifier model that evaluates the identified device features comprises: receiving a full classifier model that includes a plurality of test conditions; identifying test conditions in the plurality of test conditions that evaluate the identified device features; and generating the user-specific classifier model to include identified test conditions; and applying the generated behavior vector to the user-specific classifier model to determine whether the device behavior is non-benign comprises: applying the generated behavior vector to the user-specific classifier model so as to evaluate each test condition included in the user-specific classifier model; computing a weighted average of each result of evaluating test conditions in the user-specific classifier model; and determining whether the device behavior is non-benign based on the computed weighted average. 7 . The method of claim 1 , wherein monitoring activities of the software application comprises monitoring a user-interaction between the user and the software application. 8 . The method of claim 1 , wherein generating the user-persona information comprises generating information that characterizes the user's mood, the method further comprising determining whether the user's mood is relevant to analyzing behavior information collected by monitoring device features. 9 . The method of claim 8 , further comprising: generating a behavior vector that correlates the collected behavior information for which the user's mood is relevant to the user's mood at the time the behavior information was collected; and applying the generated behavior vector to a classifier model to determine whether the device behavior is non-benign. 10 . The method of claim 8 , further comprising: generating a classifier model that includes a decision node that evaluates a device feature in relation to the user's mood; and applying a behavior vector to the classifier model to determine whether the device behavior is non-benign. 11 . A computing device, comprising: a processor configured with processor-executable instructions to perform operations comprising: monitoring activities of a software application operating on the computing device to generate user-persona information that characterizes a user of the computing device; and using the user-persona information to determine whether a device behavior is non-benign. 12 . The computing device of claim 11 , wherein the processor is configured with processor-executable instructions to perform operations such that using the user-persona information to determine whether the device behavior is non-benign comprises: using the generated user-persona information to dynamically determining device features to be monitored or evaluated in the computing device so as to balance tradeoffs between performance and security. 13 . The computing device of claim 11 , wherein the processor is configured with processor-executable instructions to perform operations such that using the user-persona information to determine whether the device behavior is non-benign comprises: using the generated user-persona information to identify device features that are most relevant to determining whether the device behavior is not consistent with a pattern of ordinary usage of the computing device by the user. 14 . The computing device of claim 13 , wherein the processor is configured with processor-executable instructions to perform operations such that using the user-persona information to determine whether the device behavior is non-benign further comprises: monitoring the identified device features to collect behavior information; generating a behavior vector that characterizes the collected behavior information; and applying the generated behavior vector to a classifier model to determine whether the device behavior is non-benign. 15 . The computing device of claim 14 , wherein: the processor is configured with processor-executable instructions to perform operations further comprising generating a user-specific classifier model that evaluates the identified device features; and the processor is configured with processor-executable instructions to perform operations such that applying the generated behavior vector to the classifier model to determine whether the device behavior is non-benign comprises applying the generated behavior vector to the user-specific classifier model to determine whether the device behavior is non-benign. 16 . The computing device of claim 15 , wherein the processor is configured with processor-executable instructions to perform operations such that: generating the user-specific classifier model that evaluates the identified device features comprises: receiving a full classifier model that includes a plurality of test conditions; identifying test conditions in the plurality of test conditions that evaluate the identified device features; and generating the user-specific classifier model to include identified test conditions; and applying the generated behavior vector to the user-specific classifier model to determine whether the device behavior is non-benign comprises: applying the generated behavior vector to the user-specific classifier model so as to evaluate each test condition included in the user-specific classifier model; computing a weighted average of each result of evaluating test conditions in the user-specific classifier model; and determining whether the device behavior is non-benign based on the computed weighted average. 17 . The comput