Experiments in CyberSpace

Two kinds of experiments are being run in CyberSpace: the ones by the attacking black hats, and the ones by the defending whites. The black-hat experiments need only result in demonstrations -- deployed worms, viruses and other forms of malicious activity that may work only partially, yet remain effective as black-hat goals. White-hat experiments, that underpin defenses, are typically far less effective. That the black-hats enjoy even a modestly continuing success is testimony to the relative failure of the white-hats. It is the goal of this work to change that. The research addresses the issues of metrics, measurement, reference data sets, and experimental computer science in computer security and intrusion detection. In particular: This material is based upon work supported by the National Science Foundation under Grant No. 0430474. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.