January 1, 2026
Project overview
This research focuses on self-adaptive (self-healing) cybersecurity. It aims to design systems capable of automatically detecting, analyzing and remediating cyber threats in real time.
The objective is to transform traditional cybersecurity, which is primarily reactive and manual, into a cybersecurity capable of rapid detection, decision-making and action. This can include, for example, isolating a compromised node, redeploying a defense service or dynamically hardening a security policy.
The Challenge
Modern digital infrastructure, including cloud environments, microservices, 5G/6G networks and critical systems, is becoming increasingly complex and dynamic.
Current cybersecurity approaches are often reactive, dependent on human intervention and insufficiently adaptive given the speed of attacks.
There is therefore a critical need for systems capable of acting automatically in real time to protect digital infrastructure.
Chamseddine Talhi is a professor researcher in the Department of Software and IT.
Research Objectives
- Develop self-adaptive and self-healing cybersecurity architectures
- Enable automated real-time detection, decision-making, and response
- Reduce cybersecurity incident response time
- Strengthen the resilience of critical digital systems
- Minimize reliance on manual intervention
Proposed Approach
- Infrastructure as Code (IaC): Infrastructure automation to ensure the reproducibility, speed, and reliability of cybersecurity systems.
- Cloud-native architectures: Use of cloud-native architectures enabling dynamic orchestration, automatic scalability, and resilience of distributed systems.
- Artificial Intelligence (AI): Integration of advanced AI techniques: reinforcement learning (RL), continual learning, and generative AI.
Innovation and key differentiators
- The innovation is based on the convergence of automated infrastructure, cloud-native technologies, and artificial intelligence.
- This combination makes it possible to design cybersecurity systems capable of continuously self-healing and self-strengthening.
Expected benefits
- Reduced incident response time
- Improved system resilience
- Proactive defense against cyberattacks
- Reduced need for manual intervention
Target sectors
- Defense
- Critical infrastructure
- Telecommunications (5G and 6G networks)
- Cloud service providers
- Microservices architectures
- Cybersecurity solution providers
Results and validation
Functional prototypes are currently being used in a research setting and for the preparation of scientific publications.
An experimental testbed has been deployed at StreamScan. It enables:
- Simulation of vulnerable environments
- RED/BLUE team scenarios
- Reproduction of controlled cyberattacks
- Integration of artificial intelligence agents (RL and LLMs)
- Validation of automated cybersecurity detection and remediation mechanisms
Research challenges
- Reliability of automated decision-making
- Security of artificial intelligence systems
- Integration with existing infrastructures
- Validation under realistic operational conditions
- Acceptance by cybersecurity teams
Technology readiness level (TRL)
- The projected implementation timeline is estimated at 1 to 3 years, with the objective of transferring the technology into operational environments.
- The technology is currently between TRL 3 and TRL 4. The next steps aim to validate the technology in representative environments and advance it toward TRL 5 to 6.
Needs to Accelerate the Project
- Access to realistic experimental environments
- Cyberattack and incident data
- Industrial partners
- Funding
- Complementary expertise in cloud computing, telecommunications, defense, and AI applied to cybersecurity
Partnerships
Current Partners
- StreamScan
- Defence Research and Development Canada (2022–2025)
Partners Sought
- Government defense organizations
- Cloud service providers
- Telecommunications operators
- Cybersecurity solution providers
- Companies operating cloud-native or hybrid infrastructures
Questions?
