January 1, 2026
Project overview
This research focuses on self-adaptive (self-healing) cybersecurity. It aims to design systems capable of automatically detecting, analyzing and remediating cyber threats in real time.
The objective is to transform traditional cybersecurity, which is primarily reactive and manual, into a cybersecurity capable of rapid detection, decision-making and action. This can include, for example, isolating a compromised node, redeploying a defense service or dynamically hardening a security policy.
The Challenge
Modern digital infrastructure, including cloud environments, microservices, 5G/6G networks and critical systems, is becoming increasingly complex and dynamic.
Current cybersecurity approaches are often reactive, dependent on human intervention and insufficiently adaptive given the speed of attacks.
There is therefore a critical need for systems capable of acting automatically in real time to protect digital infrastructure.
Chamseddine Talhi is a professor researcher in the Department of Software and IT.
Research Objectives
- Develop self-adaptive and self-healing cybersecurity architectures
- Enable automated real-time detection, decision-making, and response
- Reduce response times to cybersecurity incidents
- Strengthen the resilience of critical digital systems
- Minimize reliance on manual intervention
Proposed Approach
- Infrastructure as Code (IaC): Infrastructure automation to ensure the reproductibility, speed, and reliability of cybersecurity systems.
- Cloud-native architectures: Use of cloud-native architectures for dynamic orchestration, automatic scalability, and resilience of distributed systems.
- Artificial Intelligence (AI): Integration of advanced AI techniques: reinforcement learning (RL), continuous learning, and generative AI
Innovation and key differentiators
- Innovation is driven by the convergence of automated infrastructure, cloud-native technologies, and artificial intelligence.
- This combination enables the design of cybersecurity systems capable of continuously self-repairing and self-strengthening.
Expected benefits
- Reduced incident response time
- Improved system resilience
- Proactive defense against cyberattacks
- Reduced manual intervention
Target sectors
- Defence
- Critical infrastructure
- Telecommunications (5G and 6G networks)
- Cloud service providers
- Microservices architectures
- Cybersecurity solution providers
Results and validation
Functional prototypes are currently being used for research and in preparing scientific publications.
An experimental test bed has been deployed at StreamScan. It includes:
- Simulation of vulnerable environments
- RED/BLUE team scenarios
- Reproduction of controlled cyberattacks
- Integration of artificial intelligence agents (RL and LLM)
- Validation of automated cybersecurity detection and remediation mechanisms
Research challenges
- Reliability of automated decision
- Security of artificial intelligence systems
- Integration with existing infrastructures
- Validation under realistic operational conditions
- Acceptance by cybersecurity teams
Technology readiness level (TRL)
- The implementation timeline is estimated between 1 and 3 years, with the intention of transferring the technology to operational environments.
- The technology is currently at TRL 3 to TRL 4
- The next steps involve validation in a representative environment and progression to TRL 5 to TRL 6.
Requirements to accelerate the project
- Access to realistic testing environments
- Data on attacks and incidents
- Industry partners
- Funding
- Complementary expertise in cloud computing, telecommunications, defence, and AI applied to cybersecurity
Partnerships
Current Partners
- StreamScan
- National Defence Canada (2022–2025)
Wanted Partners
- Government defence agencies
- Cloud service providers
- Telecommunications operators
- Cybersecurity solution providers
- Companies operating native or hybrid cloud infrastructures
Questions?
