I’m excited to help build what is going to be one of the best cybersecurity research groups in the world.
With more than 20 years of experience in the field of cybersecurity, Marc Dacier’s expertise includes a broad set of topics related to the area. Among other things, he has made seminal contributions in quantitative evaluation of operational security, intrusion detection, intrusion tolerance, honeytokens, honeypots, analysis of real world malicious cyber campaigns (spam, botnets, web security, etc.) and, most recently, BGP security. Over the years, Marc’s governing principle has always been to seek access to real world data in order to perform sound experimental validation of his solutions, applying well established scientific methods to a very young and fast moving domain.
Marc holds a PhD, European Label, from the Institute National Polytechnique of Toulouse, France, which he obtained in 1994 after having worked for 3 years at LAAS-CNRS. After a year as a security consultant in Paris, France, he joined IBM Research in Zurich, Switzerland to form and lead the Global Security Analysis Laboratory. In 2002, he left IBM to become a professor at Eurecom, in Sophia Antipolis, France. Eurecom is one of the most active European research and training institutes in cybersecurity. Subsequent to his tenure with Eurecom, Marc joined Symantec to help form its European Research Labs and later direct all of the collaborative research projects carried out within the company. While at Symantec, he also spent two years in the USA overseeing university relationship management worldwide for Symantec Research Labs.
For several years, Marc served as an invited researcher at the University of Louvain (UCL, Belgium), Namur (FUNDP, Belgium), Liege (ULg, Belgium) and ENSEEIHT (Toulouse, France), conducting an intrusion detection seminar at each location. In 2002, he received the title of invited professor at UCL and adjunct professor at ULg where he continued teaching through 2012.
In 1998, Marc co-founded the international RAID symposium (Recent Advances in Intrusion Detection, recently renamed Research in Intrusions, Attacks and Defenses), one of the top-tier conferences in the field. In addition, he has served on more than 100 program committees and on the editorial board of tier 1 security journals including ACM TISSEC, IEEE TDSC and JIAS. Marc has also been an invited member to more than a dozen scientific councils and advisory boards of universities and consortia in Europe and the USA. He regularly serves as an external expert to review funding proposals in Austria, France, Norway and the USA. To date, Marc has contributed to more than a dozen long-term joint projects funded either by the European Commission in Europe, the ANR agency in France or the DARPA and IARPA agencies in the USA. He has received an IBM Outstanding Technical Award for the contribution of his research to the business of IBM Global services; and while at Eurecom he received an IBM Faculty Award.
Angelos Keromytis, Roxanna Geambasu, Simha Sethumadhavan, Salvatore J. Solfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew C. Elder, Darrell M. Kienzle, Angelos Stavrou, The MEERKATS Cloud Security Architecture, ICDCS Workshop, 2012, pp. 446-450.
Olivier Thonnard, Marc Dacier, A strategic analysis of spam botnets operations. Proc. of CEAS, 2011, pp. 162-171
Marc Dacier, On the resilience of the dependability framework to the intrusion of new security threats, Book chapter in "Dependable and Historic Computing (essays dedicated to Brian Randell on the Occasion of his 75th Birthday)", Eds. Jones, Cliff B; Lloyd, John L; LNCS Vol 6875, Springer Verlag, ISBN:9783642245404
Van-Hau Pham, Marc Dacier, Honeypot trace forensics : The observation viewpoint matters , published in the journal "Future Generation Computer Systems", Vol 27, N°5, May 2011, ISSN: 0167-739X
Laurent Andrey, Olivier Festor, Marc Dacier, Emmanuel Gras, Engin Kirda, Corrado Leita, VAMPIRE : Future internet
vulnerability assessment, monitoring and prevention ARN "Colloque « Télécommunications ? réseaux du futur et services", December 6-8, 2010, Rennes, France
Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, Marc Dacier, An Analysis of Rogue AV Campaigns, RAID 2010, pp 442-463
Marc Dacier, Corrado Leita, Olivier Thonnard, Van-Hau Pham Engin Kirda, Assessing cybercrime through the eyes of the WOMBAT Part 3, Chapter 6 of "Cyber Situational Awareness : Issues and Research", Springer International Series on Advances in Information Security, 2009. ISBN: 98-1-4419-0139-2 , pp 103-136
Marc Dacier, Van Hau Pham, Olivier Thonnard, The WOMBAT attack attribution method : Some results Lecture Notes in Computer Science, Volume 5905/2009, ISSN : 0302-9743 , pp 19-37
Hsinchun Chen, Marc Dacier, Marie-Francine Moens, Gerhard Pass, Christopher C. Yang (editors), Proc. of the ACM SIGKDD Workshop on Cybersecurity and Intelligence Informatics, Paris, France, June 28 2009.
Olivier Thonnard, Wim Mees, Marc Dacier, Behavioral analysis of zombie armies Book chapter in "The Virtual Battlefield : Perspectives on Cyber Warfare", Vol. 3 of Cryptology and Information Security Series, October 2009, C. Czosseck and K. Geers ED., ISBN : 978-1-60750-060-5 , pp 191-210
Paul Barford, Marc Dacier, Dietterich, T. G, Fredrikson, M, Giffin, J, Jajodia, S, Jha, S, Li, J, Liu, P, Ning, P, Ou, X, Song, D, Strater, L, Swarup, V, Tadda, G, Wang, C, Yen, J. Cyber SA : situational awareness for cyber defense Chapter 1 in "Cyber Situational Awareness : Issues and Research", Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, eds., ISBN: 98-1-4419-0139-2, Springer International Series on Advance in Information Security, 2009. , pp 3-13
Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, NSS 2009, 3rd International Conference on Network and System Security, October 19-21, 2009, Gold Cost, Australia
Olivier Thonnard, Wim Mees, Marc Dacier, Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making KDD’09, 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Workshop on CyberSecurity and Intelligence Informatics, June 28th - July 1st, 2009, Paris, France
Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, Rapport de recherche RR-09-226
Ramirez-Silva,Eduardo;Marc Dacier, Empirical study of the impact of metasploitrelated attacks in 4 years of attack traces, ASIAN'07, 12th Annual Asian Computing Science Conference Focusing on Computer and Network Security, December 9-11, 2007, Doha, Qatar , pp 198-211
Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructureto handle zero-day exploits, Rapport de recherche RR-07-187 - Extended version of this paper at EDCC 2008
Eric Alata, Vincent Nicomette, Mohamed Kaâniche, Marc Dacier, Matthieu Herrb,Lessons learned from the deployment of a high-interaction honeypot, EDCC'06,6th European Dependable Computing Conference, October 18-20, 2006, Coimbra,Portugal , pp 39-46
Corrado Leita, Marc Dacier, Frédéric Massicotte, Automatic handling of protocoldependencies and reaction to 0-day attacks with ScriptGen based honeypots,RAID 2006, 9th International Symposium on Recent Advances in Intrusion Detection,September 20-22, 2006, Hamburg, Germany - Also published as Lecture Notes in Computer Science Volume 4219/2006 , pp 185-205
Mohamed Kaâniche, Eric Alata, Vincent Nicomette, Yves Deswarte, Marc Dacier,Empirical analysis and statistical modeling of attack processes based onhoneypots, WEEDS 2006 - Workshop on empirical evaluation of dependability and security (in conjunction with the international conference on dependable systems and networks, DSN 2006), June 25-28, 2006, Philadelphia,USA
Fabien Pouget, Guillaume Urvoy-Keller, Marc Dacier, Time signatures to detect multi-headed stealthy attack tools, 18th Annual FIRST Conference, June 25-30, 2006, Baltimore, USA
Marc Dacier, Détection d'intrusions : état de l'art, faiblesses et problèmes ouverts Chapitre 3 du livre "Sécurité des systèmes d'information (Traité IC2, série Réseaux et télécoms) / 2-7462-1259-5 Auteur(s) : MÉ Ludovic - DESWARTE Yves 06-2006 - 372 p" , pp 73-100
Fabien Pouget, Marc Dacier, Jacob Zimmerman, Andrew Clark, Georges MohayInternet attack knowledge discovery via clusters and cliques of attack traces, Journal of Information Assurance and Security, Volume 1, Issue 1, March 2006 , pp 21-32
Corrado Leita, Ken Mermoud, Marc Dacier, ScriptGen: an automated script generation tool for honeyd, ACSA 2005, 21st Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, USA
P. T. Chen, C. Laih, Fabien Pouget, Marc Dacier, Comparative survey of local honeypot sensors to assist network forensics, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital Forensic Engineering, November 7-9, 2005, Taipei, Taiwan
Zimmermann, Jacob;Clark, Andrew;Mohay, George;Fabien Pouget, Marc Dacier, The use of packet inter-arrival times for investigating unsolicited Internet traffic, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital ForensicEngineering, November 7-9, 2005, Taipei, Taiwan
Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaaniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Fabien Pouget, Collection and analysis of attack data based on honeypots deployed on the Internet, QOP 2005, 1st Workshop on Quality of Protection (collocated with ESORICS and METRICS), September 15, 2005, Milan, Italy - Also published as Quality Of Protection, Security Measurements and Metrics, Springer Series: Advances in Information Security , Volume 23, Gollmann, Dieter; Massacci, Fabio; Yautsiukhin, Artsiom (Eds.), 2006, XII, 197 p, ISBN: 0-387-29016-8
Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien Leurré.com : retour d'expérience sur plusieurs mois d'utilisation d'un pot de miel distribué mondialement, SSTIC '05, Symposium sur la Sécurité des Technologies de l'Information et des Communications, June 1-3, 2005, Rennes, France
Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien, CADHo: Collection and Analysis of Data from Honeypots, EDDC'05, 5th European Dependable Computing Conference, April 20-22, 2005, Budapest, Hungary
Fabien Pouget, Marc Dacier, Pham, Van Hau, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform, ECCE'05, E-Crime and Computer Conference, 29-30th March 2005, Monaco
Fabien Pouget, Marc Dacier, Pham, Van Hau, Understanding threats: a prerequisite to enhance survivability of computing systems, IISW'04, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real- Time Systems Symposium (RTSS 04) December 5-8, 2004 Lisbonne, Portugal
B. Thomas, J. Clergue, Andreas Schaad, A;Marc Dacier, A comparison of conventional and online fraud, CRIS'04, 2nd International Conference on Critical Infrastructures, October 25-27, 2004 - Grenoble, France
Fabien Pouget, Marc Dacier, Hervé Debar,Van-Hau Pham, Honeynets: foundations for the development of early warning information systems, The Cyberspace Security and Defense: Research Issues - NATO Advanced Research Workshop, September 6-9, 2004, Gdansk, Poland - Also published as a chapter of Cyberspace Security And Defense: Research Issues, Janusz S. Kowalik (Ed), ISBN: 1402033796
Fabien Pouget, Marc Dacier, Honeypot-based forensics, AusCERT2004, AusCERT Asia Pacific Information technology Security Conference 2004, 23rd - 27th May 2004, Brisbane, Australia
Fabien Pouget, Marc Dacier, Hervé Debar, Attack processes found on the Internet, NATO Research and technology symposium IST-041 "Adaptive Defence in Unclassified Networks", 19 April 2004, Toulouse, France
Fabien Pouget, Marc Dacier, Hervé Debar, Honeypots, a practical mean to validate malicious fault assumptions, PRDC'04, 10th International symposium Pacific Rim dependable computing Conference, March 3-5, 2004, Tahiti, French Polynesia
Design of an Intrusion-Tolerant Intrusion Detection System, M. Dacier (Editor) Délivrable D10, Projet européen MAFTIA IST-1999-11583, 9 Août, 2002, Research Report RZ 3413,
IBM Zurich Research Laboratory, also available online http://www.maftia.org K. Julisch, M. Dacier "Mining Intrusion Detection Alarms for Actionable Knowledge", Proc. of the 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, Juillet 2002
H. Debar, M. Dacier et A. Wespi “A Revised Taxonomy for Intrusion Detection Systems ” Annales des Telecommunications, vol. 55, no. 7-8, p. 361-78, Juillet-Août 2000
A. Wespi, M. Dacier et H. Debar “Intrusion Detection Using Variable-Length Audit Trail Patterns”,, Proc. of Recent Advances in Intrusion Detection, ed. by H. Debar, L. Mé, S.F. Wu. Berlin, Springer, 2000. LNCS Vol. 1907. p. 110-129
M. Almgren, H. Debar et M. Dacier « A Lightweight Tool for Detecting Web Server Attacks »,. In Gene Tsudik and Avi Rubin, editors, Proceedings of NDSS 2000 (Network and Distributed System Security Symposium), pages 157-170, février 2000.
H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”,, Journal of Computer Security, vol. 8, p.159-18,2000 (version étendue du papier  publié en 1998)
M. Dacier, K. Jackson “Intrusion detection”, Guest éditorial in Computer Networks 31(23-24): 2433-2434 (1999) H. Debar, M. Dacier et A. Wespi “Towards a Taxonomy of Intrusion-Detection Systems Computer Networks, vol. 31, p. 805-22, 1999
A. Wespi, M. Dacier et H. Debar“An Intrusion-Detection System Based on the Teiresias Pattern-Discovery Algorithm ”, Proc. of EICAR '99, ed. by U.E. Gattiker, P. Pedersen and K. Petersen. EICAR, 1999. p.1-15.
H. Debar, M. Dacier et A. Wespi, “Reference Audit Information Generation For Intrusion Detection Systems”, Global IT Security, ed. by G. Papp and R. Posch. OCG, Vienna, OCG,1998. p. 405-17
H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”, Proc. of 5th European Symposium on Research in Computer Security (ESORICS '98), vol. 1485 ed. by J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. Berlin, Heidelberg, Springer, 1998. p. 2-15;
M. Dacier, Y. Deswarte, et M. Kaaniche “Models and Tools for Quantitative Assessment of Operational Security”, Information Systems Security, ed. by S.K. Katsikas and D. Gritzalis. London, Chapman & Hall, 1996. p. 179-86
Marc Dacier, Yves Deswarte “Privilege Graph: an Extension to the Typed Access Matrix Model”, Lecture Notes in Computer Science, Springer Verlag, vol. 875, pp. 319-334, November 1994 (Proc. of Esorics’94, novembre 1994, Brighton, UK).
Marc Dacier, “A Fault Forecasting Approach for Operational Security Monitoring”, Dependable Computing and Fault Tolerant Systems, F. Cristian, G. Le Lann, T. Lunt (Eds.) Springer Verlag, (Proc. of the Fourth International Working Conference on Dependable Computing for Critical Applications -DCCA-4, San Diego, Californie USA, 4-6 janvier, 1994), Vol. 9, pp. 215-217.
Marc Dacier, Mohamed Kaâniche, Yves Deswarte "A Framework for Security Assessment of Insecure Systems", First Year Report of the ESPRIT Basic Research Action 6362: Predictably Dependable Computing Systems (PDCS2), septembre 1993, pp. 561-578.
Marc Dacier, "A Petri Net Representation of the Take-Grant Model", Proc. of the Computer Security Foundations Workshop VI, IEEE, Franconia, NH, Juin 1993, pp. 99-108.
M. Dacier "CAS: Conseiller Automatique en Sécurité - Prototype d'évaluation de la sécurité sous Unix" (CAS: Automatic Security Advisor - a Prototype Tool for Unix Security Evaluation),, Tribunix, Dossier Sécurité, 8 (42), mars/avril 1992.
M. Dacier, M. Rutsaert "Gérer la transitivité en sécurité" (Dealing with Transitivity in Security), Bancatique, Dossier Sécurité, 76, novembre 1991.
M. Dacier, M. Rutsaert"Comment gérer la transitivité en sécurité ?", (How to Deal with Transitivity in Security ?),, Proc. of the Unix Convention 91, AFUU, pp. 205-218, 26-29 Mars 1991, CNIT-Paris la Défense.
C. Leita, M. Dacier, G. Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits, Eurecom Research Report RR-07-187
E. Guillou, M. Dacier Feasibility study for a trustworthy embedded firewall Rapport derecherche RR-05-136
F. Pouget, M. Dacier OWL : Installation testing and validation, Rapport de recherche RR-04-103
F. Pouget, M. Dacier Honeypot platform : analyses and results, Rapport de recherche RR-04- 104 2003
F. Pouget, M. Dacier Alert correlation Rapport de recherche RR-03-094
F. Pouget, M. Dacier Alert correlation: Review of the state of the art Rapport de recherché RR-03-093
F. Pouget, M. Dacier, H. Debar White paper: honeypot, honeynet, honeytoken: terminological issues Rapport de recherche RR-03-081
F. Pouget, M. Dacier White paper: honeypot, honeynet: a comparative survey Rapport de recherche RR-03-082
H. Debar, M. Dacier, A. Wespi et S. Lampart An Experimentation Workbench For Intrusion Detection Systems,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz2998.
D. Alessandri et M. Dacier VulDa: A Vulnerability Database,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz3111
M. Dacier, Y. Deswarte, M. Kaâniche Models and Tools for Quantitative Assessment of Operational Security,, LAAS Rapport de recherche 95353, July 1995, 20 pages.
Marc Dacier, Vers une évaluation quantitative de la sécurité informatique, Institut National Polytechnique de Toulouse, Thèse de doctorat, Décembre 1994, 145 pages, Ref. LAAS- 94488.
M. Dacier et Y. Deswarte, Propagation of Privileges and Security Trade-Offs,, LAAR Rapport de recherche 94031, février 1994, 14 pages.
M. Dacier, Y. Deswarte Achieving Satisfactory Security Despite Insecure Features,, LAAS Rapport de recherche 93195, June 1993, 10 pages.
Method and apparatus for intrusion detection in computers and computer networks, M. Dacier, H. Debar, A. Wespi, A. Floratos, I, Rigoutsos, 15 mars 2000 / Sept. 9, 1998; Application Number: EP1998000117083; IPC Code: G06F 1/00; ECLA Code: G06F1/00N7A; Detection of intrusions containing overlapping reachabilities, M. Dacier, P. Scotton, US Patent US6487204 – Published: 2002-11-26 / Filed: 1999-05-12, International Business Machines Corporation, Armonk, NY
In the Media
As the world ends, will you lock arms and sing “Kumbayah” or embark on a path of law-breaking, anti-social behavior? A new study, based upon the virtual actions of more than 80,000 players of the ...
Researchers from MIT and the Qatar Computing Research Institute have developed a novel new facility in the current rush of interest towards computer vision – an algorithm that can identify overweight...
A growing number of people have expressed their concern about high levels of polarization in society. For instance, the World Economic Forum's report on global risks lists the increasing societal ...
The QCRI – MIT CSAIL Annual Research Project Review is open to the public on Monday, March 27, 2017, at the HBKU Research Complex Multipurpose Room. The annual meeting is a highlight of a ...
Machine Learning and Data Analytics Symposium - MLDAS 2017 Building on the success of the three previous events , Boeing and QCRI will hold the Fourth Machine Learning and Data Analytics Symposium (...
The Boeing Company has announced that it will once again partner with the Qatar Computing Research Institute (QCRI), part of Hamad bin Khalifa University, to host the fourth annual Machine Learning ...