Symantec's WINE System for Repeatable, Data-Intensive Experiments in Cyber Security
Tudor Dumitras
Abstract:
The Worldwide Intelligence Network Environment (WINE) is a platform, developed at Symantec Research Labs (SRL), for conducting data intensive experiments in cyber security. We have built WINE focusing on the challenges for aggregating multiple terabyte-size data feeds, which Symantec uses in its day-to-day operations, and for supporting open-ended experiments at scale. WINE also enables the reproduction of prior experimental results, by archiving the reference data sets that researchers use and by recording information on the data collection process and on the experimental procedures employed. The need for such a platform arose from SRL’s program for sharing field data, collected by Symantec on millions of hosts worldwide, with researchers in academia. For example, WINE includes historical information on unknown binaries found on the Internet—providing unique insights into the origins and prevalence of zero-day attacks—as well as telemetry from Symantec’s anti-virus products—indicating the effectiveness of defensive mechanisms (e.g., security patches, anti-virus signatures). In addition to cyber security, the WINE data is relevant to research in machine learning, mobile computing, software reliability, storage systems, and visual analytics. In this talk, I will also discuss the challenges for sharing sensitive data and for establishing a rigorous benchmark for cyber security.
BioTudor Dumitraș is a senior research engineer at Symantec Research Labs (SRL), currently building the Worldwide Intelligence Network Environment (WINE). Tudor's prior research focused on improving the dependability of large-scale distributed systems (addressing operator errors during software upgrades), of enterprise systems (addressing the predictability of fault-tolerant middleware), and of embedded systems (addressing soft errors in networks-on-chip). He received the 2011 A. G. Jordan Award, from the ECE Department at Carnegie Mellon University, for an outstanding Ph.D. thesis and for service to the community, the 2009 John Vlissides Award, from ACM SIGPLAN, for showing significant promise in applied software research, and the Best Paper Award at ASP-DAC'03. Tudor holds a Ph.D. degree from Carnegie Mellon University