More WINE, Less Dahusian Research

Presented as part of the 2011 HCSS conference.

Abstract

Despite several decades of existence, research in computer security does not seem to have reached maturity yet: activities remain highly partitioned, a number of different communities exist that, to often, fail to cross fertilize each other, old problems get rejuvenated in complete ignorance of past accomplishments, etc.. More importantly, results are rarely obtained by the rigorous application of a scientific method, defined in the Oxford English Dictionary as “a method of procedure that has characterized natural science since the 17th century, consisting in systematic observation, measurement, and experiment, and the formulation, testing, and modification of hypotheses.” The reasons certainly lie, among other things, in the fact that the object under scrutiny is constantly changing. The threats landscape is a moving target. This has especially been true during the last two years with outbreaks of worms such as Hydraq or Stuxnet that were real eye openers for many. Furthermore, this rapid evolution is worsen by the mere existence of malicious adversaries who aim at defeating or circumventing any progress made towards a safer world. In this talk, we claim that finding efficient, acceptable and usable solutions against these threats require the possibility for researchers to conduct rigorous empirical research. Unfortunately, very few teams have access to large, real-world, representative data sets that would enable them to carry out such experimental validation of new ideas. Absence of such data often leads to what we call “Dahusian research”, intellectually stimulating initiatives but not very useful when confronted with real world problems. Symantec Research has built a new environment, named WINE, that aims at addressing this problem. Without going into details, we will briefly present the core ideas behind it, what it is made of and how to get access to it. WINE stands for Worldwide Intelligence Network Environment (WINE). WINE offers access to sampled data feeds, which are used internally at Symantec. WINE allows researchers to define reference data sets, for validating new techniques or for conducting empirical studies, and provides the metadata needed for understanding the results. WINE archives these reference data sets in order to facilitate repeatable experiments and to enable meaningful comparisons against the prior art. Moreover, the field data included in WINE will likely provide key insights across a broad spectrum of disciplines, such as software reliability, computer security, machine learning, networking, economics, or visual analytics, to name a few. More information on WINE is also available online. Our hope is that other data owners will benefit from the experience gained with this initiative and that they will follow the same approach in the future for the greater good of sound computer security research.

Biography 

Marc Dacier, Ph.D., is a Senior Director within Symantec Research Labs. He is in charge of the Collaborative Advanced Research Department (CARD), part of Symantec Research Labs. His team is located in Sophia Antipolis (France), Washington D.C and Los Angeles (USA). CARD focuses on innovation and development of next-generation technologies. In addition to internal advancements, Dr. Dacier’s team collaborates on joint projects with external government agencies, universities and businesses that include both long-term studies and short range improvements that provide immediate benefit to Symantec customers across all business segments and markets. Prior to joining Symantec, Dr. Dacier taught networking and operational computing security at Eurecom, a graduate school and research centre in communications systems and one of Europe’s most active academic research institutions, especially in the field of network and computer security. In addition to his extensive work in academia, Dr. Dacier was manager of the Global Security Analysis Lab at IBM Zurich Research Laboratory for 7 years. An internationally recognized expert in computer and network security, Dr. Dacier has served on more than 100 program committees of major security and dependability conferences and as a member of the editorial board of several technical journals. He has co authored more than 60 papers in peer reviewed conferences and journals. Dr. Dacier holds a masters degree in Computer Sciences from the Université Catholique de Louvain and a Ph.D. in Computer Sciences from the Institut National Polytechnique de Toulouse.