@conference {19505, title = {The Provenance of WINE}, booktitle = {Dependable Computing Conference (EDCC), 2012 Ninth European}, year = {2012}, month = {2012///}, pages = {126 - 131}, abstract = {The results of cyber security experiments are often impossible to reproduce, owing to the lack of adequate descriptions of the data collection and experimental processes. Such provenance information is difficult to record consistently when collecting data from distributed sensors and when sharing raw data among research groups with variable standards for documenting the steps that produce the final experimental result. In the WINE benchmark, which provides field data for cyber security experiments, we aim to make the experimental process self-documenting. The data collected includes provenance information {\textendash} such as when, where and how an attack was first observed or detected {\textendash} and allows researchers to gauge information quality. Experiments are conducted on a common test bed, which provides tools for recording each procedural step. The ability to understand the provenance of research results enables rigorous cyber security experiments, conducted at scale.}, keywords = {Benchmark testing, CYBER SECURITY, cyber security experiments, data attacks, data collection, dependability benchmarking, distributed databases, distributed sensors, experimental research, field data, information quality, MALWARE, Pipelines, provenance, provenance information, raw data sharing, research groups, security of data, self-documenting experimental process, sensor fusion, software, variable standards, WINE, WINE benchmark}, author = {Tudor Dumitras and Efstathopoulos, P.} }