The Provenance of WINE

TitleThe Provenance of WINE
Publication TypeConference Papers
Year of Publication2012
AuthorsDumitras T, Efstathopoulos P.
Conference NameDependable Computing Conference (EDCC), 2012 Ninth European
Date Published2012///
KeywordsBenchmark testing, CYBER SECURITY, cyber security experiments, data attacks, data collection, dependability benchmarking, distributed databases, distributed sensors, experimental research, field data, information quality, MALWARE, Pipelines, provenance, provenance information, raw data sharing, research groups, security of data, self-documenting experimental process, sensor fusion, software, variable standards, WINE, WINE benchmark
Abstract

The results of cyber security experiments are often impossible to reproduce, owing to the lack of adequate descriptions of the data collection and experimental processes. Such provenance information is difficult to record consistently when collecting data from distributed sensors and when sharing raw data among research groups with variable standards for documenting the steps that produce the final experimental result. In the WINE benchmark, which provides field data for cyber security experiments, we aim to make the experimental process self-documenting. The data collected includes provenance information – such as when, where and how an attack was first observed or detected – and allows researchers to gauge information quality. Experiments are conducted on a common test bed, which provides tools for recording each procedural step. The ability to understand the provenance of research results enables rigorous cyber security experiments, conducted at scale.