Dr. Marc Dacier

Research Director
Cyber Security

Connect with me

I’m excited to help build what is going to be one of the best cybersecurity research groups in the world.

Research Focus at QCRI

With more than 20 years of experience in the field of cybersecurity, Marc Dacier’s expertise includes a broad set of topics related to the area. Among other things, he has made seminal contributions in quantitative evaluation of operational security, intrusion detection, intrusion tolerance, honeytokens, honeypots, analysis of real world malicious cyber campaigns (spam, botnets, web security, etc.) and, most recently, BGP security. Over the years, Marc’s governing principle has always been to seek access to real world data in order to perform sound experimental validation of his solutions, applying well established scientific methods to a very young and fast moving domain.

Previous Experience

Marc holds a PhD, European Label, from the Institute National Polytechnique of Toulouse, France, which he obtained in 1994 after having worked for 3 years at LAAS-CNRS. After a year as a security consultant in Paris, France, he joined IBM Research in Zurich, Switzerland to form and lead the Global Security Analysis Laboratory. In 2002, he left IBM to become a professor at Eurecom, in Sophia Antipolis, France. Eurecom is one of the most active European research and training institutes in cybersecurity. Subsequent to his tenure with Eurecom, Marc joined Symantec to help form its European Research Labs and later direct all of the collaborative research projects carried out within the company. While at Symantec, he also spent two years in the USA overseeing university relationship management worldwide for Symantec Research Labs.

For several years, Marc served as an invited researcher at the University of Louvain (UCL, Belgium), Namur (FUNDP, Belgium), Liege (ULg, Belgium) and ENSEEIHT (Toulouse, France), conducting an intrusion detection seminar at each location. In 2002, he received the title of invited professor at UCL and adjunct professor at ULg where he continued teaching through 2012.

In 1998, Marc co-founded the international RAID symposium (Recent Advances in Intrusion Detection, recently renamed Research in Intrusions, Attacks and Defenses), one of the top-tier conferences in the field. In addition, he has served on more than 100 program committees and on the editorial board of tier 1 security journals including ACM TISSEC, IEEE TDSC and JIAS. Marc has also been an invited member to more than a dozen scientific councils and advisory boards of universities and consortia in Europe and the USA. He regularly serves as an external expert to review funding proposals in Austria, France, Norway and the USA. To date, Marc has contributed to more than a dozen long-term joint projects funded either by the European Commission in Europe, the ANR agency in France or the DARPA and IARPA agencies in the USA. He has received an IBM Outstanding Technical Award for the contribution of his research to the business of IBM Global services; and while at Eurecom he received an IBM Faculty Award.

Professional Experience

Professional Associations and Awards

Scientific Councils
  •  Steering Committee Chair of the RAID symposium (Recent Advances on Intrusion Detection) since 1998.
  •  Steering Committee member of the ESORICS symposium ((European Symposium on Research in Computing Security) 2002-2008
  •  Elected Member of the scientific council of the Eurecom Institute in 2005, 2006, 2007.
  •  Member, de jure, of the scientific council of the Eurecom Institute since 2009, representing Symantec.
  •  Scientific council member of the scientific collection in telecommunications of the GET (CTST) from 2004 until 2008.
  •  Scientific council member of the French funding action ACISI for security in 2005 and 2006.
  •  Member of the Eurecom Scientific Council, as a member of the GIE, since 2009, representing Symantec.
  •  Member of the Advisory board of the doctoral school in Information technology at Politecnico di Milano, Italy.
  •  Member of the Assembly of the Members of the Eurecom Institute since 2009, representing Symantec.

  • Obtained an IBM Outstanding Technical Achievement Award for his contribution to the business of IBM Global Services.
  • Received the IBM Faculty Award.


  • Ph.D, 1994, INPT, Toulouse, France
  • Degree of Ingénieur Civil en Informatique, 1989, University of Louvain, Belgium

Selected Research


Angelos Keromytis, Roxanna Geambasu, Simha Sethumadhavan, Salvatore J. Solfo, Junfeng Yang, Azzedine Benameur, Marc Dacier, Matthew C. Elder, Darrell M. Kienzle, Angelos Stavrou, The MEERKATS Cloud Security Architecture, ICDCS Workshop, 2012, pp. 446-450.


Olivier Thonnard, Marc Dacier, A strategic analysis of spam botnets operations. Proc. of CEAS, 2011, pp. 162-171

Marc Dacier, On the resilience of the dependability framework to the intrusion of new security threats, Book chapter in "Dependable and Historic Computing (essays dedicated to Brian Randell on the Occasion of his 75th Birthday)", Eds. Jones, Cliff B; Lloyd, John L; LNCS Vol 6875, Springer Verlag, ISBN:9783642245404

Van-Hau Pham, Marc Dacier, Honeypot trace forensics : The observation viewpoint matters , published in the journal "Future Generation Computer Systems", Vol 27, N°5, May 2011, ISSN: 0167-739X


Laurent Andrey, Olivier Festor, Marc Dacier, Emmanuel Gras, Engin Kirda, Corrado Leita, VAMPIRE : Future internet
vulnerability assessment, monitoring and prevention ARN "Colloque « Télécommunications ? réseaux du futur et services", December 6-8, 2010, Rennes, France

Marco Cova, Corrado Leita, Olivier Thonnard, Angelos D. Keromytis, Marc Dacier, An Analysis of Rogue AV Campaigns, RAID 2010, pp 442-463

Marc Dacier, Corrado Leita, Olivier Thonnard, Van-Hau Pham Engin Kirda, Assessing cybercrime through the eyes of the WOMBAT Part 3, Chapter 6 of "Cyber Situational Awareness : Issues and Research", Springer International Series on Advances in Information Security, 2009. ISBN: 98-1-4419-0139-2 , pp 103-136


Marc Dacier, Van Hau Pham, Olivier Thonnard, The WOMBAT attack attribution method : Some results Lecture Notes in Computer Science, Volume 5905/2009, ISSN : 0302-9743 , pp 19-37

Hsinchun Chen, Marc Dacier, Marie-Francine Moens, Gerhard Pass, Christopher C. Yang (editors), Proc. of the ACM SIGKDD Workshop on Cybersecurity and Intelligence Informatics, Paris, France, June 28 2009.

Olivier Thonnard, Wim Mees, Marc Dacier, Behavioral analysis of zombie armies Book chapter in "The Virtual Battlefield : Perspectives on Cyber Warfare", Vol. 3 of Cryptology and Information Security Series, October 2009, C. Czosseck and K. Geers ED., ISBN : 978-1-60750-060-5 , pp 191-210

Paul Barford, Marc Dacier, Dietterich, T. G, Fredrikson, M, Giffin, J, Jajodia, S, Jha, S, Li, J, Liu, P, Ning, P, Ou, X, Song, D, Strater, L, Swarup, V, Tadda, G, Wang, C, Yen, J. Cyber SA : situational awareness for cyber defense Chapter 1 in "Cyber Situational Awareness : Issues and Research", Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, eds., ISBN: 98-1-4419-0139-2, Springer International Series on Advance in Information Security, 2009. , pp 3-13

Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, NSS 2009, 3rd International Conference on Network and System Security, October 19-21, 2009, Gold Cost, Australia

Olivier Thonnard, Wim Mees, Marc Dacier, Addressing the attack attribution problem using knowledge discovery and multi-criteria fuzzy decision-making KDD’09, 15th ACM SIGKDD Conference on Knowledge Discovery and Data Mining, Workshop on CyberSecurity and Intelligence Informatics, June 28th - July 1st, 2009, Paris, France

Van-Hau Pham, Marc Dacier, Honeypot traces forensics : the observation view point matters, Rapport de recherche RR-09-226


Ramirez-Silva,Eduardo;Marc Dacier, Empirical study of the impact of metasploitrelated attacks in 4 years of attack traces, ASIAN'07, 12th Annual Asian Computing Science Conference Focusing on Computer and Network Security, December 9-11, 2007, Doha, Qatar , pp 198-211

Corrado Leita, Marc Dacier, Georg Wicherski, SGNET: a distributed infrastructureto handle zero-day exploits, Rapport de recherche RR-07-187 - Extended version of this paper at EDCC 2008 


Eric Alata, Vincent Nicomette, Mohamed Kaâniche, Marc Dacier, Matthieu Herrb,Lessons learned from the deployment of a high-interaction honeypot, EDCC'06,6th European Dependable Computing Conference, October 18-20, 2006, Coimbra,Portugal , pp 39-46

Corrado Leita, Marc Dacier, Frédéric Massicotte, Automatic handling of protocoldependencies and reaction to 0-day attacks with ScriptGen based honeypots,RAID 2006, 9th International Symposium on Recent Advances in Intrusion Detection,September 20-22, 2006, Hamburg, Germany - Also published as Lecture Notes in Computer Science Volume 4219/2006 , pp 185-205 

Mohamed Kaâniche, Eric Alata, Vincent Nicomette, Yves Deswarte, Marc Dacier,Empirical analysis and statistical modeling of attack processes based onhoneypots, WEEDS 2006 - Workshop on empirical evaluation of dependability and security (in conjunction with the international conference on dependable systems and networks, DSN 2006), June 25-28, 2006, Philadelphia,USA

Fabien Pouget, Guillaume Urvoy-Keller, Marc Dacier, Time signatures to detect multi-headed stealthy attack tools, 18th Annual FIRST Conference, June 25-30, 2006, Baltimore, USA

Marc Dacier, Détection d'intrusions : état de l'art, faiblesses et problèmes ouverts Chapitre 3 du livre "Sécurité des systèmes d'information (Traité IC2, série Réseaux et télécoms) / 2-7462-1259-5 Auteur(s) : MÉ Ludovic - DESWARTE Yves 06-2006 - 372 p" , pp 73-100

Fabien Pouget, Marc Dacier, Jacob Zimmerman, Andrew Clark, Georges MohayInternet attack knowledge discovery via clusters and cliques of attack traces, Journal of Information Assurance and Security, Volume 1, Issue 1, March 2006 , pp 21-32


Corrado Leita, Ken Mermoud, Marc Dacier, ScriptGen: an automated script generation tool for honeyd, ACSA 2005, 21st Annual Computer Security Applications Conference, December 5-9, 2005, Tucson, USA

P. T. Chen, C. Laih, Fabien Pouget, Marc Dacier, Comparative survey of local honeypot sensors to assist network forensics, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital Forensic Engineering, November 7-9, 2005, Taipei, Taiwan

Zimmermann, Jacob;Clark, Andrew;Mohay, George;Fabien Pouget, Marc Dacier, The use of packet inter-arrival times for investigating unsolicited Internet traffic, SADFE'05, 1rst International Workshop on Sytematic Approaches to Digital ForensicEngineering, November 7-9, 2005, Taipei, Taiwan

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaaniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Fabien Pouget, Collection and analysis of attack data based on honeypots deployed on the Internet, QOP 2005, 1st Workshop on Quality of Protection (collocated with ESORICS and METRICS), September 15, 2005, Milan, Italy - Also published as Quality Of Protection, Security Measurements and Metrics, Springer Series: Advances in Information Security , Volume 23, Gollmann, Dieter; Massacci, Fabio; Yautsiukhin, Artsiom (Eds.), 2006, XII, 197 p, ISBN: 0-387-29016-8

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien Leurré.com : retour d'expérience sur plusieurs mois d'utilisation d'un pot de miel distribué mondialement, SSTIC '05, Symposium sur la Sécurité des Technologies de l'Information et des Communications, June 1-3, 2005, Rennes, France

Eric Alata, Marc Dacier, Yves Deswarte, Mohamed Kaâniche, Kostya Kortchinsky, Vincent Nicomette, Van-Hau Pham, Pouget, Fabien, CADHo: Collection and Analysis of Data from Honeypots, EDDC'05, 5th European Dependable Computing Conference, April 20-22, 2005, Budapest, Hungary

Fabien Pouget, Marc Dacier, Pham, Van Hau, Leurre.com: on the advantages of deploying a large scale distributed honeypot platform, ECCE'05, E-Crime and Computer Conference, 29-30th March 2005, Monaco


Fabien Pouget, Marc Dacier, Pham, Van Hau, Understanding threats: a prerequisite to enhance survivability of computing systems, IISW'04, International Infrastructure Survivability Workshop 2004, in conjunction with the 25th IEEE International Real- Time Systems Symposium (RTSS 04) December 5-8, 2004 Lisbonne, Portugal

B. Thomas, J. Clergue, Andreas Schaad, A;Marc Dacier, A comparison of conventional and online fraud, CRIS'04, 2nd International Conference on Critical Infrastructures, October 25-27, 2004 - Grenoble, France

Fabien Pouget, Marc Dacier, Hervé Debar,Van-Hau Pham, Honeynets: foundations for the development of early warning information systems, The Cyberspace Security and Defense: Research Issues - NATO Advanced Research Workshop, September 6-9, 2004, Gdansk, Poland - Also published as a chapter of Cyberspace Security And Defense: Research Issues, Janusz S. Kowalik (Ed), ISBN: 1402033796

Fabien Pouget, Marc Dacier, Honeypot-based forensics, AusCERT2004, AusCERT Asia Pacific Information technology Security Conference 2004, 23rd - 27th May 2004, Brisbane, Australia

Fabien Pouget, Marc Dacier, Hervé Debar, Attack processes found on the Internet, NATO Research and technology symposium IST-041 "Adaptive Defence in Unclassified Networks", 19 April 2004, Toulouse, France

Fabien Pouget, Marc Dacier, Hervé Debar, Honeypots, a practical mean to validate malicious fault assumptions, PRDC'04, 10th International symposium Pacific Rim dependable computing Conference, March 3-5, 2004, Tahiti, French Polynesia


Design of an Intrusion-Tolerant Intrusion Detection System, M. Dacier (Editor) Délivrable D10, Projet européen MAFTIA IST-1999-11583, 9 Août, 2002, Research Report RZ 3413,

IBM Zurich Research Laboratory, also available online http://www.maftia.org K. Julisch, M. Dacier "Mining Intrusion Detection Alarms for Actionable Knowledge", Proc. of the 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton, Juillet 2002


H. Debar, M. Dacier et A. Wespi “A Revised Taxonomy for Intrusion Detection Systems ” Annales des Telecommunications, vol. 55, no. 7-8, p. 361-78, Juillet-Août 2000 

A. Wespi, M. Dacier et H. Debar “Intrusion Detection Using Variable-Length Audit Trail Patterns”,, Proc. of Recent Advances in Intrusion Detection, ed. by H. Debar, L. Mé, S.F. Wu. Berlin, Springer, 2000. LNCS Vol. 1907. p. 110-129

M. Almgren, H. Debar et M. Dacier « A Lightweight Tool for Detecting Web Server Attacks »,. In Gene Tsudik and Avi Rubin, editors, Proceedings of NDSS 2000 (Network and Distributed System Security Symposium), pages 157-170, février 2000.

H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”,, Journal of Computer Security, vol. 8, p.159-18,2000 (version étendue du papier [2] publié en 1998)


M. Dacier, K. Jackson “Intrusion detection”, Guest éditorial in Computer Networks 31(23-24): 2433-2434 (1999) H. Debar, M. Dacier et A. Wespi “Towards a Taxonomy of Intrusion-Detection Systems Computer Networks, vol. 31, p. 805-22, 1999

A. Wespi, M. Dacier et H. Debar“An Intrusion-Detection System Based on the Teiresias Pattern-Discovery Algorithm ”, Proc. of EICAR '99, ed. by U.E. Gattiker, P. Pedersen and K. Petersen. EICAR, 1999. p.1-15.


H. Debar, M. Dacier et A. Wespi, “Reference Audit Information Generation For Intrusion Detection Systems”, Global IT Security, ed. by G. Papp and R. Posch. OCG, Vienna, OCG,1998. p. 405-17

H. Debar, M. Dacier, M. Nassehi et A. Wespi “Fixed vs. Variable-Length Patterns for Detecting Suspicious Process Behavior”, Proc. of 5th European Symposium on Research in Computer Security (ESORICS '98), vol. 1485 ed. by J.-J. Quisquater, Y. Deswarte, C. Meadows, D. Gollmann. Berlin, Heidelberg, Springer, 1998. p. 2-15;


M. Dacier, Y. Deswarte, et M. Kaaniche “Models and Tools for Quantitative Assessment of Operational Security”, Information Systems Security, ed. by S.K. Katsikas and D. Gritzalis. London, Chapman & Hall, 1996. p. 179-86


Marc Dacier, Yves Deswarte “Privilege Graph: an Extension to the Typed Access Matrix Model”, Lecture Notes in Computer Science, Springer Verlag, vol. 875, pp. 319-334, November 1994 (Proc. of Esorics’94, novembre 1994, Brighton, UK).

Marc Dacier, “A Fault Forecasting Approach for Operational Security Monitoring”, Dependable Computing and Fault Tolerant Systems, F. Cristian, G. Le Lann, T. Lunt (Eds.) Springer Verlag, (Proc. of the Fourth International Working Conference on Dependable Computing for Critical Applications -DCCA-4, San Diego, Californie USA, 4-6 janvier, 1994), Vol. 9, pp. 215-217.


Marc Dacier, Mohamed Kaâniche, Yves Deswarte "A Framework for Security Assessment of Insecure Systems", First Year Report of the ESPRIT Basic Research Action 6362: Predictably Dependable Computing Systems (PDCS2), septembre 1993, pp. 561-578.

Marc Dacier, "A Petri Net Representation of the Take-Grant Model", Proc. of the Computer Security Foundations Workshop VI, IEEE, Franconia, NH, Juin 1993, pp. 99-108.


M. Dacier "CAS: Conseiller Automatique en Sécurité - Prototype d'évaluation de la sécurité sous Unix" (CAS: Automatic Security Advisor - a Prototype Tool for Unix Security Evaluation),, Tribunix, Dossier Sécurité, 8 (42), mars/avril 1992.


M. Dacier, M. Rutsaert "Gérer la transitivité en sécurité" (Dealing with Transitivity in Security), Bancatique, Dossier Sécurité, 76, novembre 1991.

M. Dacier, M. Rutsaert"Comment gérer la transitivité en sécurité ?", (How to Deal with Transitivity in Security ?),, Proc. of the Unix Convention 91, AFUU, pp. 205-218, 26-29 Mars 1991, CNIT-Paris la Défense.

Research Reports


C. Leita, M. Dacier, G. Wicherski, SGNET: a distributed infrastructure to handle zero-day exploits, Eurecom Research Report RR-07-187


E. Guillou, M. Dacier Feasibility study for a trustworthy embedded firewall Rapport derecherche RR-05-136


F. Pouget, M. Dacier OWL : Installation testing and validation, Rapport de recherche RR-04-103

F. Pouget, M. Dacier Honeypot platform : analyses and results, Rapport de recherche RR-04- 104 2003

F. Pouget, M. Dacier Alert correlation Rapport de recherche RR-03-094

F. Pouget, M. Dacier Alert correlation: Review of the state of the art Rapport de recherché RR-03-093

F. Pouget, M. Dacier, H. Debar White paper: honeypot, honeynet, honeytoken: terminological issues Rapport de recherche RR-03-081

F. Pouget, M. Dacier White paper: honeypot, honeynet: a comparative survey Rapport de recherche RR-03-082


H. Debar, M. Dacier, A. Wespi et S. Lampart An Experimentation Workbench For Intrusion Detection Systems,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz2998.

D. Alessandri et M. Dacier VulDa: A Vulnerability Database,, IBM Zurich Laboratory, Rapport de recherche, 1998, Ref. rz3111


M. Dacier, Y. Deswarte, M. Kaâniche Models and Tools for Quantitative Assessment of Operational Security,, LAAS Rapport de recherche 95353, July 1995, 20 pages.


Marc Dacier, Vers une évaluation quantitative de la sécurité informatique, Institut National Polytechnique de Toulouse, Thèse de doctorat, Décembre 1994, 145 pages, Ref. LAAS- 94488.

M. Dacier et Y. Deswarte, Propagation of Privileges and Security Trade-Offs,, LAAR Rapport de recherche 94031, février 1994, 14 pages.


M. Dacier, Y. Deswarte Achieving Satisfactory Security Despite Insecure Features,, LAAS Rapport de recherche 93195, June 1993, 10 pages.


Method and apparatus for intrusion detection in computers and computer networks, M. Dacier, H. Debar, A. Wespi, A. Floratos, I, Rigoutsos, 15 mars 2000 / Sept. 9, 1998; Application Number: EP1998000117083; IPC Code: G06F 1/00; ECLA Code: G06F1/00N7A; Detection of intrusions containing overlapping reachabilities, M. Dacier, P. Scotton, US Patent US6487204 – Published: 2002-11-26 / Filed: 1999-05-12, International Business Machines Corporation, Armonk, NY

Connect with me

Follow Us

  • YouTube
  • Twitter
  • Facebook
  • RSS Feed
  • Linkedin
  • github-web.png
Back to Top

In the Media

CSAIl image october 2017 story.JPG

CSAIL hosts annual meeting highlighting innovative collaboration with QCRI


This year CSAIL celebrates five years of collaboration with the Qatar Computing Research Institute (QCRI), an esteemed research institute that’s part of Hamad Bin Khalifa University in Doha. This ...

Read More

Poynter fact-checking story.JPG

Study: On Twitter, you're better off fact-checking your crazy uncle than a complete stranger


A new study has found what many of us have always thought to be true: We are more likely to accept correction from people we know than strangers. The  study , conducted by researchers at Cornell, ...

Read More

ingredients CSAIL.jpg

Artificial intelligence suggests recipes based on food photos


There are few things social media users love more than flooding their feeds with photos of food. Yet we seldom use these images for much more than a quick scroll on our cellphones. Researchers from ...

Read More

Upcoming Events

Past Events


Summer Camp 2.jpg

QCRI conducts first summer computing camps for kids

Download ICS File 16/07/2017  - 27/07/2017 ,

Children and teenagers have been given a rare chance to develop their computing skills with world-class computing scientists at the first summer computing camp conducted by the Qatar Computing ...

Read More

CS 1.jpg

QCRI’s Creative Space holds Open House event for kids

Download ICS File 20/05/2017 ,

The Qatar Computing Research Institute’s new Creative Space, which conducts fun activities to teach children computing skills, has successfully held its first Open House event. About 100 children ...

Read More


QCRI-MIT CSAIL Annual Research Project Review 2017

Download ICS File 27/03/2017 ,

The QCRI – MIT CSAIL Annual Research Project Review is open to the public on Monday, March 27, 2017, at the HBKU Research Complex Multipurpose Room. The annual meeting is a highlight of a ...

Read More

News Releases

Ingmar for award story.JPG

QCRI's Ingmar Weber wins UN award for joint gender equality research


Joint research undertaken by Dr. Ingmar Weber of Qatar Computing Research Institute, part of Hamad Bin Khalifa University, along with scientists from Oxford and Princeton universities, has won a ...

Read More

Food serving - boys (2).jpg

Qatar girls embrace technology to tackle obesity


Mothers are also more likely to use social media to learn about a healthy lifestyle than fathers, new study finds.

Read More

Majd interns ex-irina (2).jpg

QCRI’s summer internship program kicks off


The Qatar Computing Research Institute’s 2017 summer internship program is underway. This year’s program involves computer science and computer engineering students from Carnegie Mellon University, ...

Read More