Dr. Marc Dacier

Research Director
Cyber Security

Connect with me

I’m excited to help build what is going to be one of the best cybersecurity research groups in the world.

Research Focus at QCRI

With more than 20 years of experience in the field of cybersecurity, Marc Dacier’s expertise includes a broad set of topics related to the area. Among other things, he has made seminal contributions in quantitative evaluation of operational security, intrusion detection, intrusion tolerance, honeytokens, honeypots, analysis of real world malicious cyber campaigns (spam, botnets, web security, etc.) and, most recently, BGP security. Over the years, Marc’s governing principle has always been to seek access to real world data in order to perform sound experimental validation of his solutions, applying well established scientific methods to a very young and fast moving domain.

Previous Experience

Marc holds a PhD, European Label, from the Institute National Polytechnique of Toulouse, France, which he obtained in 1994 after having worked for 3 years at LAAS-CNRS. After a year as a security consultant in Paris, France, he joined IBM Research in Zurich, Switzerland to form and lead the Global Security Analysis Laboratory. In 2002, he left IBM to become a professor at Eurecom, in Sophia Antipolis, France. Eurecom is one of the most active European research and training institutes in cybersecurity. Subsequent to his tenure with Eurecom, Marc joined Symantec to help form its European Research Labs and later direct all of the collaborative research projects carried out within the company. While at Symantec, he also spent two years in the USA overseeing university relationship management worldwide for Symantec Research Labs.

For several years, Marc served as an invited researcher at the University of Louvain (UCL, Belgium), Namur (FUNDP, Belgium), Liege (ULg, Belgium) and ENSEEIHT (Toulouse, France), conducting an intrusion detection seminar at each location. In 2002, he received the title of invited professor at UCL and adjunct professor at ULg where he continued teaching through 2012.

In 1998, Marc co-founded the international RAID symposium (Recent Advances in Intrusion Detection, recently renamed Research in Intrusions, Attacks and Defenses), one of the top-tier conferences in the field. In addition, he has served on more than 100 program committees and on the editorial board of tier 1 security journals including ACM TISSEC, IEEE TDSC and JIAS. Marc has also been an invited member to more than a dozen scientific councils and advisory boards of universities and consortia in Europe and the USA. He regularly serves as an external expert to review funding proposals in Austria, France, Norway and the USA. To date, Marc has contributed to more than a dozen long-term joint projects funded either by the European Commission in Europe, the ANR agency in France or the DARPA and IARPA agencies in the USA. He has received an IBM Outstanding Technical Award for the contribution of his research to the business of IBM Global services; and while at Eurecom he received an IBM Faculty Award.

Professional Experience

Professional Associations and Awards

Scientific Councils
  •  Steering Committee Chair of the RAID symposium (Recent Advances on Intrusion Detection) since 1998.
  •  Steering Committee member of the ESORICS symposium ((European Symposium on Research in Computing Security) 2002-2008
  •  Elected Member of the scientific council of the Eurecom Institute in 2005, 2006, 2007.
  •  Member, de jure, of the scientific council of the Eurecom Institute since 2009, representing Symantec.
  •  Scientific council member of the scientific collection in telecommunications of the GET (CTST) from 2004 until 2008.
  •  Scientific council member of the French funding action ACISI for security in 2005 and 2006.
  •  Member of the Eurecom Scientific Council, as a member of the GIE, since 2009, representing Symantec.
  •  Member of the Advisory board of the doctoral school in Information technology at Politecnico di Milano, Italy.
  •  Member of the Assembly of the Members of the Eurecom Institute since 2009, representing Symantec.

  • Obtained an IBM Outstanding Technical Achievement Award for his contribution to the business of IBM Global Services.
  • Received the IBM Faculty Award.


  • Ph.D, 1994, INPT, Toulouse, France
  • Degree of Ingénieur Civil en Informatique, 1989, University of Louvain, Belgium

Selected Research


Angelos Keromytis, Roxanna Geambasu, Simha Sethumadhavan, Salvatore J. Solfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew C. Elder, Darrell M. Kienzle, Angelos Stavrou, The MEERKATS Cloud Security Architecture, ICDCS Workshop, 2012, pp. 446-450.


Olivier Thonnard, Marc Dacier, A strategic analysis of spam botnets operations. Proc. of CEAS, 2011, pp. 162-171

Marc Dacier, On the resilience of the dependability framework to the intrusion of new security threats, Book chapter in "Dependable and Historic Computing (essays dedicated to Brian Randell on the Occasion of his 75th Birthday)", Eds. Jones, Cliff B; Lloyd, John L; LNCS Vol 6875, Springer Verlag, ISBN:9783642245404

Van-Hau Pham, Marc Dacier, Honeypot trace forensics : The observation viewpoint matters , published in the journal "Future Generation Computer Systems", Vol 27, N°5, May 2011, ISSN: 0167-739X


Laurent Andrey, Olivier Festor, Marc Dacier, Emmanuel Gras, Engin Kirda, Corrado Leita, VAMPIRE : Future internet
vulnerability assessment, monitoring and prevention ARN "Colloque « Télécommunications ? réseaux du futur et services", December 6-8, 2010, Rennes, France

Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, Marc Dacier, An Analysis of Rogue AV Campaigns, RAID 2010, pp 442-463

Marc Dacier, Corrado Leita, Olivier Thonnard, Van-Hau Pham Engin Kirda, Assessing cybercrime through the eyes of the WOMBAT Part 3, Chapter 6 of "Cyber Situational Awareness : Issues and Research", Springer International Series on Advances in Information Security, 2009. ISBN: 98-1-4419-0139-2 , pp 103-136


Marc Dacier, Van Hau Pham, Olivier Thonnard, The WOMBAT attack attribution method : Some results Lecture Notes in Computer Science, Volume 5905/2009, ISSN : 0302-9743 , pp 19-37

Hsinchun Chen, Marc Dacier, Marie-Francine Moens, Gerhard Pass, Christopher C. Yang (editors), Proc. of the ACM SIGKDD Workshop on Cybersecurity and Intelligence Informatics, Paris, France, June 28 2009.

Olivier Thonnard, Wim Mees, Marc Dacier, Behavioral analysis of zombie armies Book chapter in "The Virtual Battlefield : Perspectives on Cyber Warfare", Vol. 3 of Cryptology and Information Security Series, October 2009, C. Czosseck and K. Geers ED., ISBN : 978-1-60750-060-5 , pp 191-210

Paul Barford, Marc Dacier, Dietterich, T. G, Fredrikson, M, Giffin, J, Jajodia, S, Jha, S, Li, J, Liu, P, Ning, P, Ou, X, Song, D, Strater, L, Swarup, V, Tadda, G, Wang, C, Yen, J. Cyber SA : situational awareness for cyber defense Chapter 1 in "Cyber Situational Awareness : Issues and Research", Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, eds., ISBN: 98-1-4419-0139-2, Springer International Series on Advance in Information Security, 2009. , pp 3-13

Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, NSS 2009, 3rd International Conference on Network and System Security, October 19-21, 2009, Gold Cost, Australia

Olivier Thonnard, Wim Mees, Marc Dacier, Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making KDD’09, 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Workshop on CyberSecurity and Intelligence Informatics, June 28th - July 1st, 2009, Paris, France

Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, Rapport de recherche RR-09-226


Ramirez-Silva,Eduardo;Marc Dacier, Empirical study of the impact of metasploitrelated attacks in 4 years of attack traces, ASIAN'07, 12th Annual Asian Computing Science Conference Focusing on Computer and Network Security, December 9-11, 2007, Doha, Qatar , pp 198-211

Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructureto handle zero-day exploits, Rapport de recherche RR-07-187 - Extended version of this paper at EDCC 2008 


Eric Alata, Vincent Nicomette, Mohamed Kaâniche, Marc Dacier, Matthieu Herrb,Lessons learned from the deployment of a high-interaction honeypot, EDCC'06,6th European Dependable Computing Conference, October 18-20, 2006, Coimbra,Portugal , pp 39-46

Corrado Leita, Marc Dacier, Frédéric Massicotte, Automatic handling of protocoldependencies and reaction to 0-day attacks with ScriptGen based honeypots,RAID 2006, 9th International Symposium on Recent Advances in Intrusion Detection,September 20-22, 2006, Hamburg, Germany - Also published as Lecture Notes in Computer Science Volume 4219/2006 , pp 185-205 

Mohamed Kaâniche, Eric Alata, Vincent Nicomette, Yves Deswarte, Marc Dacier,Empirical analysis and statistical modeling of attack processes based onhoneypots, WEEDS 2006 - Workshop on empirical evaluation of dependability and security (in conjunction with the international conference on dependable systems and networks, DSN 2006), June 25-28, 2006, Philadelphia,USA

Fabien Pouget, Guillaume Urvoy-Keller, Marc Dacier, Time signatures to detect multi-headed stealthy attack tools, 18th Annual FIRST Conference, June 25-30, 2006, Baltimore, USA

Marc Dacier, Détection d'intrusions : état de l'art, faiblesses et problèmes ouverts Chapitre 3 du livre "Sécurité des systèmes d'information (Traité IC2, série Réseaux et télécoms) / 2-7462-1259-5 Auteur(s) : MÉ Ludovic - DESWARTE Yves 06-2006 - 372 p" , pp 73-100

Fabien Pouget, Marc Dacier, Jacob Zimmerman, Andrew Clark, Georges MohayInternet attack knowledge discovery via clusters and cliques of attack traces, Journal of Information Assurance and Security, Volume 1, Issue 1, March 2006 , pp 21-32


Corrado Leita, Ken Mermoud, Marc Dacier, ScriptGen: an automated script generation tool for honeyd, ACSA 2005, 21st Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, USA

P. T. Chen, C. Laih, Fabien Pouget, Marc Dacier, Comparative survey of local honeypot sensors to assist network forensics, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital Forensic Engineering, November 7-9, 2005, Taipei, Taiwan

Zimmermann, Jacob;Clark, Andrew;Mohay, George;Fabien Pouget, Marc Dacier, The use of packet inter-arrival times for investigating unsolicited Internet traffic, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital ForensicEngineering, November 7-9, 2005, Taipei, Taiwan

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaaniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Fabien Pouget, Collection and analysis of attack data based on honeypots deployed on the Internet, QOP 2005, 1st Workshop on Quality of Protection (collocated with ESORICS and METRICS), September 15, 2005, Milan, Italy - Also published as Quality Of Protection, Security Measurements and Metrics, Springer Series: Advances in Information Security , Volume 23, Gollmann, Dieter; Massacci, Fabio; Yautsiukhin, Artsiom (Eds.), 2006, XII, 197 p, ISBN: 0-387-29016-8

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien Leurré.com : retour d'expérience sur plusieurs mois d'utilisation d'un pot de miel distribué mondialement, SSTIC '05, Symposium sur la Sécurité des Technologies de l'Information et des Communications, June 1-3, 2005, Rennes, France

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien, CADHo: Collection and Analysis of Data from Honeypots, EDDC'05, 5th European Dependable Computing Conference, April 20-22, 2005, Budapest, Hungary

Fabien Pouget, Marc Dacier, Pham, Van Hau, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform, ECCE'05, E-Crime and Computer Conference, 29-30th March 2005, Monaco


Fabien Pouget, Marc Dacier, Pham, Van Hau, Understanding threats: a prerequisite to enhance survivability of computing systems, IISW'04, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real- Time Systems Symposium (RTSS 04) December 5-8, 2004 Lisbonne, Portugal

B. Thomas, J. Clergue, Andreas Schaad, A;Marc Dacier, A comparison of conventional and online fraud, CRIS'04, 2nd International Conference on Critical Infrastructures, October 25-27, 2004 - Grenoble, France

Fabien Pouget, Marc Dacier, Hervé Debar,Van-Hau Pham, Honeynets: foundations for the development of early warning information systems, The Cyberspace Security and Defense: Research Issues - NATO Advanced Research Workshop, September 6-9, 2004, Gdansk, Poland - Also published as a chapter of Cyberspace Security And Defense: Research Issues, Janusz S. Kowalik (Ed), ISBN: 1402033796

Fabien Pouget, Marc Dacier, Honeypot-based forensics, AusCERT2004, AusCERT Asia Pacific Information technology Security Conference 2004, 23rd - 27th May 2004, Brisbane, Australia

Fabien Pouget, Marc Dacier, Hervé Debar, Attack processes found on the Internet, NATO Research and technology symposium IST-041 "Adaptive Defence in Unclassified Networks", 19 April 2004, Toulouse, France

Fabien Pouget, Marc Dacier, Hervé Debar, Honeypots, a practical mean to validate malicious fault assumptions, PRDC'04, 10th International symposium Pacific Rim dependable computing Conference, March 3-5, 2004, Tahiti, French Polynesia


Design of an Intrusion-Tolerant Intrusion Detection System, M. Dacier (Editor) Délivrable D10, Projet européen MAFTIA IST-1999-11583, 9 Août, 2002, Research Report RZ 3413,

IBM Zurich Research Laboratory, also available online http://www.maftia.org K. Julisch, M. Dacier "Mining Intrusion Detection Alarms for Actionable Knowledge", Proc. of the 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, Juillet 2002


H. Debar, M. Dacier et A. Wespi “A Revised Taxonomy for Intrusion Detection Systems ” Annales des Telecommunications, vol. 55, no. 7-8, p. 361-78, Juillet-Août 2000 

A. Wespi, M. Dacier et H. Debar “Intrusion Detection Using Variable-Length Audit Trail Patterns”,, Proc. of Recent Advances in Intrusion Detection, ed. by H. Debar, L. Mé, S.F. Wu. Berlin, Springer, 2000. LNCS Vol. 1907. p. 110-129

M. Almgren, H. Debar et M. Dacier « A Lightweight Tool for Detecting Web Server Attacks »,. In Gene Tsudik and Avi Rubin, editors, Proceedings of NDSS 2000 (Network and Distributed System Security Symposium), pages 157-170, février 2000.

H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”,, Journal of Computer Security, vol. 8, p.159-18,2000 (version étendue du papier [2] publié en 1998)


M. Dacier, K. Jackson “Intrusion detection”, Guest éditorial in Computer Networks 31(23-24): 2433-2434 (1999) H. Debar, M. Dacier et A. Wespi “Towards a Taxonomy of Intrusion-Detection Systems Computer Networks, vol. 31, p. 805-22, 1999

A. Wespi, M. Dacier et H. Debar“An Intrusion-Detection System Based on the Teiresias Pattern-Discovery Algorithm ”, Proc. of EICAR '99, ed. by U.E. Gattiker, P. Pedersen and K. Petersen. EICAR, 1999. p.1-15.


H. Debar, M. Dacier et A. Wespi, “Reference Audit Information Generation For Intrusion Detection Systems”, Global IT Security, ed. by G. Papp and R. Posch. OCG, Vienna, OCG,1998. p. 405-17

H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”, Proc. of 5th European Symposium on Research in Computer Security (ESORICS '98), vol. 1485 ed. by J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. Berlin, Heidelberg, Springer, 1998. p. 2-15;


M. Dacier, Y. Deswarte, et M. Kaaniche “Models and Tools for Quantitative Assessment of Operational Security”, Information Systems Security, ed. by S.K. Katsikas and D. Gritzalis. London, Chapman & Hall, 1996. p. 179-86


Marc Dacier, Yves Deswarte “Privilege Graph: an Extension to the Typed Access Matrix Model”, Lecture Notes in Computer Science, Springer Verlag, vol. 875, pp. 319-334, November 1994 (Proc. of Esorics’94, novembre 1994, Brighton, UK).

Marc Dacier, “A Fault Forecasting Approach for Operational Security Monitoring”, Dependable Computing and Fault Tolerant Systems, F. Cristian, G. Le Lann, T. Lunt (Eds.) Springer Verlag, (Proc. of the Fourth International Working Conference on Dependable Computing for Critical Applications -DCCA-4, San Diego, Californie USA, 4-6 janvier, 1994), Vol. 9, pp. 215-217.


Marc Dacier, Mohamed Kaâniche, Yves Deswarte "A Framework for Security Assessment of Insecure Systems", First Year Report of the ESPRIT Basic Research Action 6362: Predictably Dependable Computing Systems (PDCS2), septembre 1993, pp. 561-578.

Marc Dacier, "A Petri Net Representation of the Take-Grant Model", Proc. of the Computer Security Foundations Workshop VI, IEEE, Franconia, NH, Juin 1993, pp. 99-108.


M. Dacier "CAS: Conseiller Automatique en Sécurité - Prototype d'évaluation de la sécurité sous Unix" (CAS: Automatic Security Advisor - a Prototype Tool for Unix Security Evaluation),, Tribunix, Dossier Sécurité, 8 (42), mars/avril 1992.


M. Dacier, M. Rutsaert "Gérer la transitivité en sécurité" (Dealing with Transitivity in Security), Bancatique, Dossier Sécurité, 76, novembre 1991.

M. Dacier, M. Rutsaert"Comment gérer la transitivité en sécurité ?", (How to Deal with Transitivity in Security ?),, Proc. of the Unix Convention 91, AFUU, pp. 205-218, 26-29 Mars 1991, CNIT-Paris la Défense.

Research Reports


C. Leita, M. Dacier, G. Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits, Eurecom Research Report RR-07-187


E. Guillou, M. Dacier Feasibility study for a trustworthy embedded firewall Rapport derecherche RR-05-136


F. Pouget, M. Dacier OWL : Installation testing and validation, Rapport de recherche RR-04-103

F. Pouget, M. Dacier Honeypot platform : analyses and results, Rapport de recherche RR-04- 104 2003

F. Pouget, M. Dacier Alert correlation Rapport de recherche RR-03-094

F. Pouget, M. Dacier Alert correlation: Review of the state of the art Rapport de recherché RR-03-093

F. Pouget, M. Dacier, H. Debar White paper: honeypot, honeynet, honeytoken: terminological issues Rapport de recherche RR-03-081

F. Pouget, M. Dacier White paper: honeypot, honeynet: a comparative survey Rapport de recherche RR-03-082


H. Debar, M. Dacier, A. Wespi et S. Lampart An Experimentation Workbench For Intrusion Detection Systems,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz2998.

D. Alessandri et M. Dacier VulDa: A Vulnerability Database,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz3111


M. Dacier, Y. Deswarte, M. Kaâniche Models and Tools for Quantitative Assessment of Operational Security,, LAAS Rapport de recherche 95353, July 1995, 20 pages.


Marc Dacier, Vers une évaluation quantitative de la sécurité informatique, Institut National Polytechnique de Toulouse, Thèse de doctorat, Décembre 1994, 145 pages, Ref. LAAS- 94488.

M. Dacier et Y. Deswarte, Propagation of Privileges and Security Trade-Offs,, LAAR Rapport de recherche 94031, février 1994, 14 pages.


M. Dacier, Y. Deswarte Achieving Satisfactory Security Despite Insecure Features,, LAAS Rapport de recherche 93195, June 1993, 10 pages.


Method and apparatus for intrusion detection in computers and computer networks, M. Dacier, H. Debar, A. Wespi, A. Floratos, I, Rigoutsos, 15 mars 2000 / Sept. 9, 1998; Application Number: EP1998000117083; IPC Code: G06F 1/00; ECLA Code: G06F1/00N7A; Detection of intrusions containing overlapping reachabilities, M. Dacier, P. Scotton, US Patent US6487204 – Published: 2002-11-26 / Filed: 1999-05-12, International Business Machines Corporation, Armonk, NY

Connect with me

Follow Us

  • YouTube
  • Twitter
  • Facebook
  • RSS Feed
  • Linkedin
  • github-web.png
Back to Top

In the Media

Economist story pic.JPG

Improving disaster response efforts through data


Extreme weather events put the most vulnerable communities at high risk. How can data analytics strengthen early warning systems and and support relief efforts for communities in need? The size and ...

Read More

Yazan Wired story pic.jpg

Your sloppy bitcoin drug deals will haunt you for years


Perhaps you bought some illegal narcotics on the Silk Road half a decade ago, back when that digital black market for every contraband imaginable was still online and bustling. You might already ...

Read More

Luis Luque El Correo.jpg

Entrevista con Luis Fernández Luque, cofundador de Salumedia e investigador del Qatar Computing Research Institute


Si quiere buscar un ejemplo de ciudadano del mundo, de los que al cabo del año vive y trabaja desde numerosos países, y a través de internet, esté donde esté, desarrolla en remoto actividades para ...

Read More

Upcoming Events

Past Events


App Inventor.jpg

QCRI's Creative Space to hold free app inventor workshop

Download ICS File 01/02/2018 ,

QCRI is to offer an introduction to mobile app development workshop for boys and girls aged 13-16. Students will learn the basics of mobile app development using the App Inventor platform. The ...

Read More


after school pic.JPG

QCRI's Creative Space launches free after-school computing courses for teenagers

Download ICS File 01/11/2017  - 20/12/2017 ,

We offer an App Inventor Course in Arabic for students aged 13-15 and an Arduino Programming Course in English for students aged 14-18. Courses are free. Please register quickly as places are limited.

Read More

Summer Camp 2.jpg

QCRI conducts first summer computing camps for kids

Download ICS File 16/07/2017  - 27/07/2017 ,

Children and teenagers have been given a rare chance to develop their computing skills with world-class computing scientists at the first summer computing camp conducted by the Qatar Computing ...

Read More

News Releases

bioinformatics cancer pic.jpg

QCRI scientists develop algorithm to detect brain cancer markers


Scientists from the Qatar Computing Research Institute have developed a new algorithm that can identify driver genes of several types of gliomas, the most common and aggressive forms of primary brain...

Read More

Jim Jansen pic preferred.jpg

Research by QCRI's Jim Jansen among most influential of decade: top journals


QCRI Social Computing group's principal scientist achieves rare honor.

Read More

yelena pic.JPG

#Halal now a lifestyle definition on Instagram


The word “halal” is no longer being defined only in a religious context but is becoming a lifestyle term associated with health and fashion around the globe, a new study of Instagram posts led by ...

Read More