Abstract In this talk, I will discuss several case studies related to the quantification of computer security. In particular, I will present results obtained from a test-bed deployed at the University of Maryland to collect attack data using target computers (i.e., honeypots). The data provided the evidence needed in the following four research threads. (1) Within the security community, scans are usually considered as precursors to an attack. However, few studies quantified the validity of this hypothesis. We introduced packet-counting models to identify TCP scans and attacks and applied these models to analyze malicious traffic towards honeypots. (2) We developed a methodology for determining the characteristics that separated attacks most efficiently. A comparison between the analysis of attack messages and the outcome of a clustering algorithm indicated the efficiency of the characteristic. (3) We built a profile of attacker behavior following a remote compromise by looking for specific actions taken by attackers. The results represent solid statistical evidence to support widely held beliefs about post-compromise attacker behavior. (4) We compared malicious traffic originating inside UMD with that originating outside UMD. We showed that internal malicious traffic often contained different malicious content compared to that of external traffic. Speaker Bio Michel Cukier is an Associate Professor of Reliability Engineering at the University of Maryland, College Park. Michel received a degree in physics engineering from the Free University of Brussels, Belgium, in 1991, and a doctorate in computer science from the National Polytechnic Institute of Toulouse, France, in 1996. From 1996 to 2001, he was a researcher at the University of Illinois, Urbana-Champaign. He joined the University of Maryland in 2001 as Assistant Professor. His research covers dependability and security issues. His latest research focuses on the empirical quantification of computer security. He has published over 60 papers in journals and refereed conference proceedings in those areas.