TY - CONF T1 - The Provenance of WINE T2 - Dependable Computing Conference (EDCC), 2012 Ninth European Y1 - 2012 A1 - Tudor Dumitras A1 - Efstathopoulos, P. KW - Benchmark testing KW - CYBER SECURITY KW - cyber security experiments KW - data attacks KW - data collection KW - dependability benchmarking KW - distributed databases KW - distributed sensors KW - experimental research KW - field data KW - information quality KW - MALWARE KW - Pipelines KW - provenance KW - provenance information KW - raw data sharing KW - research groups KW - security of data KW - self-documenting experimental process KW - sensor fusion KW - software KW - variable standards KW - WINE KW - WINE benchmark AB - The results of cyber security experiments are often impossible to reproduce, owing to the lack of adequate descriptions of the data collection and experimental processes. Such provenance information is difficult to record consistently when collecting data from distributed sensors and when sharing raw data among research groups with variable standards for documenting the steps that produce the final experimental result. In the WINE benchmark, which provides field data for cyber security experiments, we aim to make the experimental process self-documenting. The data collected includes provenance information – such as when, where and how an attack was first observed or detected – and allows researchers to gauge information quality. Experiments are conducted on a common test bed, which provides tools for recording each procedural step. The ability to understand the provenance of research results enables rigorous cyber security experiments, conducted at scale. JA - Dependable Computing Conference (EDCC), 2012 Ninth European ER -