Dr. Marc Dacier

Research Director
Cyber Security

Connect with me

I’m excited to help build what is going to be one of the best cybersecurity research groups in the world.

Research Focus at QCRI

With more than 20 years of experience in the field of cybersecurity, Marc Dacier’s expertise includes a broad set of topics related to the area. Among other things, he has made seminal contributions in quantitative evaluation of operational security, intrusion detection, intrusion tolerance, honeytokens, honeypots, analysis of real world malicious cyber campaigns (spam, botnets, web security, etc.) and, most recently, BGP security. Over the years, Marc’s governing principle has always been to seek access to real world data in order to perform sound experimental validation of his solutions, applying well established scientific methods to a very young and fast moving domain.

Previous Experience

Marc holds a PhD, European Label, from the Institute National Polytechnique of Toulouse, France, which he obtained in 1994 after having worked for 3 years at LAAS-CNRS. After a year as a security consultant in Paris, France, he joined IBM Research in Zurich, Switzerland to form and lead the Global Security Analysis Laboratory. In 2002, he left IBM to become a professor at Eurecom, in Sophia Antipolis, France. Eurecom is one of the most active European research and training institutes in cybersecurity. Subsequent to his tenure with Eurecom, Marc joined Symantec to help form its European Research Labs and later direct all of the collaborative research projects carried out within the company. While at Symantec, he also spent two years in the USA overseeing university relationship management worldwide for Symantec Research Labs.

For several years, Marc served as an invited researcher at the University of Louvain (UCL, Belgium), Namur (FUNDP, Belgium), Liege (ULg, Belgium) and ENSEEIHT (Toulouse, France), conducting an intrusion detection seminar at each location. In 2002, he received the title of invited professor at UCL and adjunct professor at ULg where he continued teaching through 2012.

In 1998, Marc co-founded the international RAID symposium (Recent Advances in Intrusion Detection, recently renamed Research in Intrusions, Attacks and Defenses), one of the top-tier conferences in the field. In addition, he has served on more than 100 program committees and on the editorial board of tier 1 security journals including ACM TISSEC, IEEE TDSC and JIAS. Marc has also been an invited member to more than a dozen scientific councils and advisory boards of universities and consortia in Europe and the USA. He regularly serves as an external expert to review funding proposals in Austria, France, Norway and the USA. To date, Marc has contributed to more than a dozen long-term joint projects funded either by the European Commission in Europe, the ANR agency in France or the DARPA and IARPA agencies in the USA. He has received an IBM Outstanding Technical Award for the contribution of his research to the business of IBM Global services; and while at Eurecom he received an IBM Faculty Award.

Professional Experience

Professional Associations and Awards

Scientific Councils
  •  Steering Committee Chair of the RAID symposium (Recent Advances on Intrusion Detection) since 1998.
  •  Steering Committee member of the ESORICS symposium ((European Symposium on Research in Computing Security) 2002-2008
  •  Elected Member of the scientific council of the Eurecom Institute in 2005, 2006, 2007.
  •  Member, de jure, of the scientific council of the Eurecom Institute since 2009, representing Symantec.
  •  Scientific council member of the scientific collection in telecommunications of the GET (CTST) from 2004 until 2008.
  •  Scientific council member of the French funding action ACISI for security in 2005 and 2006.
  •  Member of the Eurecom Scientific Council, as a member of the GIE, since 2009, representing Symantec.
  •  Member of the Advisory board of the doctoral school in Information technology at Politecnico di Milano, Italy.
  •  Member of the Assembly of the Members of the Eurecom Institute since 2009, representing Symantec.

  • Obtained an IBM Outstanding Technical Achievement Award for his contribution to the business of IBM Global Services.
  • Received the IBM Faculty Award.


  • Ph.D, 1994, INPT, Toulouse, France
  • Degree of Ingénieur Civil en Informatique, 1989, University of Louvain, Belgium

Selected Research


Angelos Keromytis, Roxanna Geambasu, Simha Sethumadhavan, Salvatore J. Solfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew C. Elder, Darrell M. Kienzle, Angelos Stavrou, The MEERKATS Cloud Security Architecture, ICDCS Workshop, 2012, pp. 446-450.


Olivier Thonnard, Marc Dacier, A strategic analysis of spam botnets operations. Proc. of CEAS, 2011, pp. 162-171

Marc Dacier, On the resilience of the dependability framework to the intrusion of new security threats, Book chapter in "Dependable and Historic Computing (essays dedicated to Brian Randell on the Occasion of his 75th Birthday)", Eds. Jones, Cliff B; Lloyd, John L; LNCS Vol 6875, Springer Verlag, ISBN:9783642245404

Van-Hau Pham, Marc Dacier, Honeypot trace forensics : The observation viewpoint matters , published in the journal "Future Generation Computer Systems", Vol 27, N°5, May 2011, ISSN: 0167-739X


Laurent Andrey, Olivier Festor, Marc Dacier, Emmanuel Gras, Engin Kirda, Corrado Leita, VAMPIRE : Future internet
vulnerability assessment, monitoring and prevention ARN "Colloque « Télécommunications ? réseaux du futur et services", December 6-8, 2010, Rennes, France

Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, Marc Dacier, An Analysis of Rogue AV Campaigns, RAID 2010, pp 442-463

Marc Dacier, Corrado Leita, Olivier Thonnard, Van-Hau Pham Engin Kirda, Assessing cybercrime through the eyes of the WOMBAT Part 3, Chapter 6 of "Cyber Situational Awareness : Issues and Research", Springer International Series on Advances in Information Security, 2009. ISBN: 98-1-4419-0139-2 , pp 103-136


Marc Dacier, Van Hau Pham, Olivier Thonnard, The WOMBAT attack attribution method : Some results Lecture Notes in Computer Science, Volume 5905/2009, ISSN : 0302-9743 , pp 19-37

Hsinchun Chen, Marc Dacier, Marie-Francine Moens, Gerhard Pass, Christopher C. Yang (editors), Proc. of the ACM SIGKDD Workshop on Cybersecurity and Intelligence Informatics, Paris, France, June 28 2009.

Olivier Thonnard, Wim Mees, Marc Dacier, Behavioral analysis of zombie armies Book chapter in "The Virtual Battlefield : Perspectives on Cyber Warfare", Vol. 3 of Cryptology and Information Security Series, October 2009, C. Czosseck and K. Geers ED., ISBN : 978-1-60750-060-5 , pp 191-210

Paul Barford, Marc Dacier, Dietterich, T. G, Fredrikson, M, Giffin, J, Jajodia, S, Jha, S, Li, J, Liu, P, Ning, P, Ou, X, Song, D, Strater, L, Swarup, V, Tadda, G, Wang, C, Yen, J. Cyber SA : situational awareness for cyber defense Chapter 1 in "Cyber Situational Awareness : Issues and Research", Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, eds., ISBN: 98-1-4419-0139-2, Springer International Series on Advance in Information Security, 2009. , pp 3-13

Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, NSS 2009, 3rd International Conference on Network and System Security, October 19-21, 2009, Gold Cost, Australia

Olivier Thonnard, Wim Mees, Marc Dacier, Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making KDD’09, 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Workshop on CyberSecurity and Intelligence Informatics, June 28th - July 1st, 2009, Paris, France

Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, Rapport de recherche RR-09-226


Ramirez-Silva,Eduardo;Marc Dacier, Empirical study of the impact of metasploitrelated attacks in 4 years of attack traces, ASIAN'07, 12th Annual Asian Computing Science Conference Focusing on Computer and Network Security, December 9-11, 2007, Doha, Qatar , pp 198-211

Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructureto handle zero-day exploits, Rapport de recherche RR-07-187 - Extended version of this paper at EDCC 2008 


Eric Alata, Vincent Nicomette, Mohamed Kaâniche, Marc Dacier, Matthieu Herrb,Lessons learned from the deployment of a high-interaction honeypot, EDCC'06,6th European Dependable Computing Conference, October 18-20, 2006, Coimbra,Portugal , pp 39-46

Corrado Leita, Marc Dacier, Frédéric Massicotte, Automatic handling of protocoldependencies and reaction to 0-day attacks with ScriptGen based honeypots,RAID 2006, 9th International Symposium on Recent Advances in Intrusion Detection,September 20-22, 2006, Hamburg, Germany - Also published as Lecture Notes in Computer Science Volume 4219/2006 , pp 185-205 

Mohamed Kaâniche, Eric Alata, Vincent Nicomette, Yves Deswarte, Marc Dacier,Empirical analysis and statistical modeling of attack processes based onhoneypots, WEEDS 2006 - Workshop on empirical evaluation of dependability and security (in conjunction with the international conference on dependable systems and networks, DSN 2006), June 25-28, 2006, Philadelphia,USA

Fabien Pouget, Guillaume Urvoy-Keller, Marc Dacier, Time signatures to detect multi-headed stealthy attack tools, 18th Annual FIRST Conference, June 25-30, 2006, Baltimore, USA

Marc Dacier, Détection d'intrusions : état de l'art, faiblesses et problèmes ouverts Chapitre 3 du livre "Sécurité des systèmes d'information (Traité IC2, série Réseaux et télécoms) / 2-7462-1259-5 Auteur(s) : MÉ Ludovic - DESWARTE Yves 06-2006 - 372 p" , pp 73-100

Fabien Pouget, Marc Dacier, Jacob Zimmerman, Andrew Clark, Georges MohayInternet attack knowledge discovery via clusters and cliques of attack traces, Journal of Information Assurance and Security, Volume 1, Issue 1, March 2006 , pp 21-32


Corrado Leita, Ken Mermoud, Marc Dacier, ScriptGen: an automated script generation tool for honeyd, ACSA 2005, 21st Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, USA

P. T. Chen, C. Laih, Fabien Pouget, Marc Dacier, Comparative survey of local honeypot sensors to assist network forensics, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital Forensic Engineering, November 7-9, 2005, Taipei, Taiwan

Zimmermann, Jacob;Clark, Andrew;Mohay, George;Fabien Pouget, Marc Dacier, The use of packet inter-arrival times for investigating unsolicited Internet traffic, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital ForensicEngineering, November 7-9, 2005, Taipei, Taiwan

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaaniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Fabien Pouget, Collection and analysis of attack data based on honeypots deployed on the Internet, QOP 2005, 1st Workshop on Quality of Protection (collocated with ESORICS and METRICS), September 15, 2005, Milan, Italy - Also published as Quality Of Protection, Security Measurements and Metrics, Springer Series: Advances in Information Security , Volume 23, Gollmann, Dieter; Massacci, Fabio; Yautsiukhin, Artsiom (Eds.), 2006, XII, 197 p, ISBN: 0-387-29016-8

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien Leurré.com : retour d'expérience sur plusieurs mois d'utilisation d'un pot de miel distribué mondialement, SSTIC '05, Symposium sur la Sécurité des Technologies de l'Information et des Communications, June 1-3, 2005, Rennes, France

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien, CADHo: Collection and Analysis of Data from Honeypots, EDDC'05, 5th European Dependable Computing Conference, April 20-22, 2005, Budapest, Hungary

Fabien Pouget, Marc Dacier, Pham, Van Hau, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform, ECCE'05, E-Crime and Computer Conference, 29-30th March 2005, Monaco


Fabien Pouget, Marc Dacier, Pham, Van Hau, Understanding threats: a prerequisite to enhance survivability of computing systems, IISW'04, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real- Time Systems Symposium (RTSS 04) December 5-8, 2004 Lisbonne, Portugal

B. Thomas, J. Clergue, Andreas Schaad, A;Marc Dacier, A comparison of conventional and online fraud, CRIS'04, 2nd International Conference on Critical Infrastructures, October 25-27, 2004 - Grenoble, France

Fabien Pouget, Marc Dacier, Hervé Debar,Van-Hau Pham, Honeynets: foundations for the development of early warning information systems, The Cyberspace Security and Defense: Research Issues - NATO Advanced Research Workshop, September 6-9, 2004, Gdansk, Poland - Also published as a chapter of Cyberspace Security And Defense: Research Issues, Janusz S. Kowalik (Ed), ISBN: 1402033796

Fabien Pouget, Marc Dacier, Honeypot-based forensics, AusCERT2004, AusCERT Asia Pacific Information technology Security Conference 2004, 23rd - 27th May 2004, Brisbane, Australia

Fabien Pouget, Marc Dacier, Hervé Debar, Attack processes found on the Internet, NATO Research and technology symposium IST-041 "Adaptive Defence in Unclassified Networks", 19 April 2004, Toulouse, France

Fabien Pouget, Marc Dacier, Hervé Debar, Honeypots, a practical mean to validate malicious fault assumptions, PRDC'04, 10th International symposium Pacific Rim dependable computing Conference, March 3-5, 2004, Tahiti, French Polynesia


Design of an Intrusion-Tolerant Intrusion Detection System, M. Dacier (Editor) Délivrable D10, Projet européen MAFTIA IST-1999-11583, 9 Août, 2002, Research Report RZ 3413,

IBM Zurich Research Laboratory, also available online http://www.maftia.org K. Julisch, M. Dacier "Mining Intrusion Detection Alarms for Actionable Knowledge", Proc. of the 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, Juillet 2002


H. Debar, M. Dacier et A. Wespi “A Revised Taxonomy for Intrusion Detection Systems ” Annales des Telecommunications, vol. 55, no. 7-8, p. 361-78, Juillet-Août 2000 

A. Wespi, M. Dacier et H. Debar “Intrusion Detection Using Variable-Length Audit Trail Patterns”,, Proc. of Recent Advances in Intrusion Detection, ed. by H. Debar, L. Mé, S.F. Wu. Berlin, Springer, 2000. LNCS Vol. 1907. p. 110-129

M. Almgren, H. Debar et M. Dacier « A Lightweight Tool for Detecting Web Server Attacks »,. In Gene Tsudik and Avi Rubin, editors, Proceedings of NDSS 2000 (Network and Distributed System Security Symposium), pages 157-170, février 2000.

H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”,, Journal of Computer Security, vol. 8, p.159-18,2000 (version étendue du papier [2] publié en 1998)


M. Dacier, K. Jackson “Intrusion detection”, Guest éditorial in Computer Networks 31(23-24): 2433-2434 (1999) H. Debar, M. Dacier et A. Wespi “Towards a Taxonomy of Intrusion-Detection Systems Computer Networks, vol. 31, p. 805-22, 1999

A. Wespi, M. Dacier et H. Debar“An Intrusion-Detection System Based on the Teiresias Pattern-Discovery Algorithm ”, Proc. of EICAR '99, ed. by U.E. Gattiker, P. Pedersen and K. Petersen. EICAR, 1999. p.1-15.


H. Debar, M. Dacier et A. Wespi, “Reference Audit Information Generation For Intrusion Detection Systems”, Global IT Security, ed. by G. Papp and R. Posch. OCG, Vienna, OCG,1998. p. 405-17

H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”, Proc. of 5th European Symposium on Research in Computer Security (ESORICS '98), vol. 1485 ed. by J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. Berlin, Heidelberg, Springer, 1998. p. 2-15;


M. Dacier, Y. Deswarte, et M. Kaaniche “Models and Tools for Quantitative Assessment of Operational Security”, Information Systems Security, ed. by S.K. Katsikas and D. Gritzalis. London, Chapman & Hall, 1996. p. 179-86


Marc Dacier, Yves Deswarte “Privilege Graph: an Extension to the Typed Access Matrix Model”, Lecture Notes in Computer Science, Springer Verlag, vol. 875, pp. 319-334, November 1994 (Proc. of Esorics’94, novembre 1994, Brighton, UK).

Marc Dacier, “A Fault Forecasting Approach for Operational Security Monitoring”, Dependable Computing and Fault Tolerant Systems, F. Cristian, G. Le Lann, T. Lunt (Eds.) Springer Verlag, (Proc. of the Fourth International Working Conference on Dependable Computing for Critical Applications -DCCA-4, San Diego, Californie USA, 4-6 janvier, 1994), Vol. 9, pp. 215-217.


Marc Dacier, Mohamed Kaâniche, Yves Deswarte "A Framework for Security Assessment of Insecure Systems", First Year Report of the ESPRIT Basic Research Action 6362: Predictably Dependable Computing Systems (PDCS2), septembre 1993, pp. 561-578.

Marc Dacier, "A Petri Net Representation of the Take-Grant Model", Proc. of the Computer Security Foundations Workshop VI, IEEE, Franconia, NH, Juin 1993, pp. 99-108.


M. Dacier "CAS: Conseiller Automatique en Sécurité - Prototype d'évaluation de la sécurité sous Unix" (CAS: Automatic Security Advisor - a Prototype Tool for Unix Security Evaluation),, Tribunix, Dossier Sécurité, 8 (42), mars/avril 1992.


M. Dacier, M. Rutsaert "Gérer la transitivité en sécurité" (Dealing with Transitivity in Security), Bancatique, Dossier Sécurité, 76, novembre 1991.

M. Dacier, M. Rutsaert"Comment gérer la transitivité en sécurité ?", (How to Deal with Transitivity in Security ?),, Proc. of the Unix Convention 91, AFUU, pp. 205-218, 26-29 Mars 1991, CNIT-Paris la Défense.

Research Reports


C. Leita, M. Dacier, G. Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits, Eurecom Research Report RR-07-187


E. Guillou, M. Dacier Feasibility study for a trustworthy embedded firewall Rapport derecherche RR-05-136


F. Pouget, M. Dacier OWL : Installation testing and validation, Rapport de recherche RR-04-103

F. Pouget, M. Dacier Honeypot platform : analyses and results, Rapport de recherche RR-04- 104 2003

F. Pouget, M. Dacier Alert correlation Rapport de recherche RR-03-094

F. Pouget, M. Dacier Alert correlation: Review of the state of the art Rapport de recherché RR-03-093

F. Pouget, M. Dacier, H. Debar White paper: honeypot, honeynet, honeytoken: terminological issues Rapport de recherche RR-03-081

F. Pouget, M. Dacier White paper: honeypot, honeynet: a comparative survey Rapport de recherche RR-03-082


H. Debar, M. Dacier, A. Wespi et S. Lampart An Experimentation Workbench For Intrusion Detection Systems,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz2998.

D. Alessandri et M. Dacier VulDa: A Vulnerability Database,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz3111


M. Dacier, Y. Deswarte, M. Kaâniche Models and Tools for Quantitative Assessment of Operational Security,, LAAS Rapport de recherche 95353, July 1995, 20 pages.


Marc Dacier, Vers une évaluation quantitative de la sécurité informatique, Institut National Polytechnique de Toulouse, Thèse de doctorat, Décembre 1994, 145 pages, Ref. LAAS- 94488.

M. Dacier et Y. Deswarte, Propagation of Privileges and Security Trade-Offs,, LAAR Rapport de recherche 94031, février 1994, 14 pages.


M. Dacier, Y. Deswarte Achieving Satisfactory Security Despite Insecure Features,, LAAS Rapport de recherche 93195, June 1993, 10 pages.


Method and apparatus for intrusion detection in computers and computer networks, M. Dacier, H. Debar, A. Wespi, A. Floratos, I, Rigoutsos, 15 mars 2000 / Sept. 9, 1998; Application Number: EP1998000117083; IPC Code: G06F 1/00; ECLA Code: G06F1/00N7A; Detection of intrusions containing overlapping reachabilities, M. Dacier, P. Scotton, US Patent US6487204 – Published: 2002-11-26 / Filed: 1999-05-12, International Business Machines Corporation, Armonk, NY

Connect with me

Follow Us

  • YouTube
  • Twitter
  • Facebook
  • RSS Feed
  • Linkedin
  • github-web.png
Back to Top

In the Media

Forbes fake news pic.jpg

Can AI Put An End To Fake News? Don't Be So Sure


Fake news was the Collin’s word of the year for 2017 with good reason. In a year where politics-as-usual was torn apart at the seams, high-profile scandals rocked our faith in humanity and the ...

Read More


MIT/QCRI system uses machine learning to build road maps


Map apps may have changed our world, but they still haven’t mapped all of it yet. Specifically, mapping roads can be difficult and tedious: even after taking aerial images, companies still have to ...

Read More

Economist story pic.JPG

Improving disaster response efforts through data


Extreme weather events put the most vulnerable communities at high risk. How can data analytics strengthen early warning systems and and support relief efforts for communities in need? The size and ...

Read More

Upcoming Events

Past Events


Eman interns pic 2017.jpg

QCRI Summer Internship Program

Download ICS File 06/05/2018  - 05/07/2018 , Hamad Bin Khalifa Research Complex

Each year, Qatar Computing Research Institute organizes a summer internship program for undergraduate students studying computer science, computer engineering and other disciplines. The internship is unpaid, and QCRI does not provide any visa support.

Read More


Public Talk by Prof. Regina Barzilay "Artificial Intelligence for Oncology: Learning to Cure Cancer from Images and Text"

Download ICS File 27/03/2018 ,

Artificial Intelligence for Oncology: Learning to Cure Cancer from Images and Text A talk by Professor Regina Barzilay, MIT CSAIL Winner of 2017 MacArthur ‘genius grant’ At Education City Student ...

Read More


QCRI & MIT-CSAIL Annual Project Review 2018

Download ICS File 27/03/2018 ,

Executive Overview Sessions Open to public Date:    Tuesday, March 27, 2018 Time:    9:00AM – 3:00PM Venue:  HBKU Research Complex Multipurpose Room To view full agenda, please click here . To RSVP, ...

Read More

News Releases

Darb Al Saai QCRI 2017.JPG

QCRI to offer kids’ computing activities at this year’s Darb Al Saai


Tech fun and robotics computing activities will be available to children attending the annual family celebration from December 12 to 20.

Read More

Sofiane Abbar in his office.jpg

Global experts in artificial intelligence for transportation to visit Qatar for TASMU-QCAI workshop


Urban computing experts from Europe, the US and Qatar are to discuss state-of-the-art advances in artificial intelligence for transportation with local stakeholders.

Read More

Francisco Martin - Source_TelefonicaOpenFuture_.jpg

QCAI to Conduct Joint Machine Learning School with BigML


Two-day crash course to provide hands-on introduction to machine learning for industry practitioners, developers, graduate students and undergraduates.

Read More