Hanlon's razor states "never attribute to malice that which is adequately explained by stupidity". Its corollary could be expressed as “always be smart to cope with that is due to malice.”


  • Building 5, seaside, office 2216.

Education Profile

  • Ph.D, 1994, INPT, Toulouse, France
  • Master in computer sciences (Degree of Ingénieur Civil en Informatique), 1989, University of Louvain, Belgium.


  • Methods to identify malicious web domain names thanks to their dynamics, I. Khalil, T. Yu, M. Dacier, US Patent 10,681,070, 2020, Published June 9, 2020.

  • Detecting a hijacked network address, P.A Vervier, M. Dacier, O. Thonnard, US Patent 9,654,504, 2017, Published May 16, 2017.

  • Heuristics-based protocol labeling for industrial control systems, C. Leita, M. Dacier, US Patent 9384066, Published July 5, 2016.

  • Systems and methods for performing Internet site security analyses, C. Leita, M. Dacier, US Patent 9161249, Published October 13, 2015.

  • Systems and methods for neutralizing file-format-specific exploits included within files contained within electronic communications, C. Nachenberg, F. Guo, S. Nanda, S. Bhatkar, D. Shou, M. Dacier, US Patent 9009459, Published April 14, 2015.

  • Method, computer program element and a system for processing alarms triggered by a monitoring system, M. Dacier, K. Julisch, US Patent 7,437,762 (US 20030101260A1) – Published: 2003-06-12 / Filed: 2002-11-1, International Business Machines Corporation, Armonk, NY.

  • Detection of intrusions containing overlapping reachabilities, M. Dacier, P. Scotton, US Patent US6487204 – Published: 2002-11-26 / Filed: 1999-05-12, International Business Machines Corporation, Armonk, NY. 

Marc Dacier is a full professor of Computer Science (CS) and a member of the Resilience Computing and Cybersecurity research Center (RC3) at King Abdullah University of Sciences and Technology, Saudi Arabia.

Dr. Dacier obtained his Ph.D. from INPT in 1994 from his work done at LAAS, CNRS, in Toulouse (France). Since then, he has had a balanced career between industry and academia. After his thesis, he worked for one year as a security consultant in Paris, France, for France Telecom and the French ministry of interior. In 1996, he joined IBM Research in Zurich (Switzerland) to create the Global Security Analysis Laboratory (GSAL). In 2002, he became a professor at Eurecom. In 2008, he joined Symantec to build its European Research Labs. Later, he spent two years in the USA to manage all the collaborative research projects, worldwide. In that role, he was in charge of teams in France, Ireland, and in the United States. He was also the university relationship manager for Symantec Research Labs, worldwide. In 2014, he became the director of the cybersecurity research group at QCRI, in Qatar, where he lived for 3 years. In October 2017, Dr. Dacier came back to EURECOM to become the head of the Digital Security department and a full professor. An internationally recognized expert in cybersecurity, Dr. Dacier has served on more than 120 program committees of all major security and dependability conferences and as a member of the editorial board of several top-tier technical peer-reviewed journals.

Education and early career

Before joining KAUST, Dr. Dacier worked as a full professor and department head of the digital security group at Eurecom. He holds a Ph.D. degree in computer science, European Label, from the Institut National Polytechnique de Toulouse (INPT), France.

Areas of expertise and current scientific interests

Intrusion detection, intrusion tolerance, network security, cybersecurity, threat intelligence, fraud detection.

Career Recognition

  • IBM Outstanding Technical Achievement Award
  • In 2005, he received the IBM Faculty Award.
  • In 2018, he received a Community Service Award for having served for 20 years as chair of the RAID symposium steering committee.

Selected Research Highlights

Dr. Dacier has created the RAID conference in 1998 which is now one of the main security conferences (class A conference in CORE ranking) RAID stands now for Research in Attacks, Intrusions, and Defenses but initially was Recent Advances in Intrusion Detection.

At IBM, his team produced the very first to market product for intrusion detection alerts correlation. Such a platform is now part of every enterprise under the name SIEM or SOC (Security Information Events Management or Security Operation Center).

At Symantec, his team built an open platform aiming at sharing operational security data collected by Symantec with researchers from all around the world to promote the reproducibility of security experiments. The platform was called WINE (Worldwide Intelligent Network Environment) and led to numerous publications by several university research teams in top security conferences.



  • Dhia Farrah, Marc Dacier, “Zero Conf Protocols and their numerous Man In The Middle (MITM) Attacks”, Proc. of WOOT 2021, the 15th IEEE Workshop on Offensive Technologies, May 27, 2021, collocated with IEEE S&P and in cooperation with Usenix.
  • Vitale, A., & Dacier, M. (2021). Inmap-t: Leveraging TTCN-3 to Test the Security Impact of Intra Network Elements. Journal of Computer and Communications, 09(06), 174–190. doi:10.4236/jcc.2021.96010.


  • Elisa Chiapponi, Onur Catakoglu, Olivier Thonnard, Marc Dacier, HoPLA: a Honeypot Platform to Lure Attackers. Proc. of the C&ESAR 2020, Computer & Electronics SecurityApplications Rendez-vous, Deceptive security Conference, part of European CyberWeek. Rennes, France, (2020).
  • Elisa Chiapponi, Marc Dacier, Massimiliano Todisco, Onur Catakoglu and Olivier Thonnard, "Botnet sizes: when maths meet myths", Proc. of CFTIC 2020, 1st International Workshop on Cyber Forensics and Threat INvestigations Challenges in Emerging Infrastructures, held in conjunction with the 18th International Conference on Service-Oriented Computing (ICSOC 2020), 14-17 December 2020, Dubai, UAE.


  • Y. Zhauniarovich, I. Khalil, T. Yu, and M. Dacier, “A Survey on Malicious Domains Detection through DNS Data Analysis”, Journal ACM Computing Surveys, Vol. 51, Issue 4, July 2018, 36 pages,DOI: https://doi.org/10.1145/3191329.


  • M Dacier, M. Bailey, M. Polychronakis (Editors), Proc. Of the 20th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017), Atlanta (GA), USA, September 18-20 2017.
  • Marc Dacier, Hartmut König, Radoslaw Cwalinski, Frank Kargl, Sven Dietrich, « Security Challenges and Opportunities of Software Defined Networks », Journal IEEE Security and Privacy, 15(2), 2017. 


  • Marc Dacier, Hartmut König, Radoslaw Cwalinski, Frank Kargl, Sven Dietrich, "Security Challenges and Opportunities of Software Defined Networks", Journal IEEE Security and Privacy, 15(2), 2016. 
  • Marc Dacier, Sven Dietrich, Frank Kargl, Hartmut König: Network Attack Detection and Defense (Dagstuhl Seminar 16361), Dagstuhl Reports 6(9): 1-28 (2016).
  • F Monrose, M Dacier, G Blanc, J Garcia-Alfaro (Editors), Proc. Of the 19th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2016), Paris, France, September 19-21 2016.
  • Michael Aupetit, Yury Zhauniarovich, Giorgos Vasiliadis, Marc Dacier, Yazan Boshmaf, Visualization of actionable knowledge to mitigate DRDoS attacks, Proc. of 2016 IEEE Symposium on Visualization for Cyber Security (VizSec), pp 1-8.


  • Pierre Antoine Vervier, Olivier Thonnard, Marc Dacier, Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks,  Proc of NDSS 2015.
  • Albert Kwon, Mashael AlSabah, David Lazar, Marc Dacier and Srinivas Devadas, Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services,  Proc. of the Usenix Security Symposium, 2015, pp 287-302.


The perspective of participating in an emerging research center and discipline in a place as renowned as KAUST was really hard to resist.

Selected Publications

Vitale, A., & Dacier, M. (2021). Inmap-t: Leveraging TTCN-3 to Test the Security Impact of Intra Network Elements. Journal of Computer and Communications, 09(06), 174–190. https://doi.org/10.4236/jcc.2021.96010 , PDF