The “Management of Complex Threats” workshop at IEEE/IFIP NOMS 2026 was a full success

May 22, 2026May 22, 2026 By Marc-Oliver Pahl Actualités / Évènement / Event / News6G security,advanced persistent threats,AI for cybersecurity,AI-driven security,anomaly detection,autonomous defense,autonomous networks,complex threats,Critical infrastructure protection,cyber deception,cyber resilience,cyber-physical systems,cybersecurity,embedded systems security,explainable AI,FEDERATED LEARNING,generative AI security,honeypots,IEEE NOMS,industrial cybersecurity,IoT anomaly detection,IoT Security,LLM security,machine learning for security,MCP security,Multi-Agent Systems,network management,NOMS 2026,penetration testing,resilient networks,SDN security,semantic attacks,SOC automation,threat intelligence,trustworthy AI,water distribution security,zero-day detection

The “Management of Complex Threats” workshop at IEEE/IFIP NOMS 2026 brought together around 20 researchers and practitioners from across Europe and Asia for a full day of lively discussions on the intersection of AI, cybersecurity, and network management.

MCT 2026 was organized by Marc-Oliver Pahl, the chairholder of the Cyber CNI chaire from IMT Atlantique, and Pierre Parrend from EPITA among others with the support of the Horizon Europe project Cybersecdome. We had the pleasure of organizing a program that demonstrated the breadth and urgency of current research challenges in securing AI-enabled and highly dynamic infrastructures.

The workshop also highlighted research contributions emerging from the chair ecosystem. Mathis Durand (Cyber CNI, CNRS UMR IRISA, IMT Atlantique, Rennes, France) presented joint work with and Marc-Oliver Pahl on the realism and detectability of SSH honeypots. Their paper, “Deception Detected: An Empirical Study of SSH Honeypot Detection and Fingerprinting in a Capture-the-Flag Competition,” analyzed how ethical hackers identify deception systems in practice and derived a taxonomy of effective honeypot fingerprinting techniques. The work provides important insights into building more realistic and resilient cyber deception infrastructures.

Mohammed Mezzaouli (CNRS Lab-Sticc, IMT Atlantique, Brest, France) presented joint work with Yehya Nasser, Samir Saoudi, and Marc-Oliver Pahl on “Real-time Instruction-Level Anomaly Detection for Embedded C-Functions using AI.” The paper explored how low-level current and instruction-trace measurements can be leveraged with AI techniques to detect faulty or malicious software behavior in bare-metal embedded systems, enabling real-time identification of vulnerabilities and zero-day style attacks in resource-constrained IoT environments.

The workshop covered a wide spectrum of topics: interpretable and uncertainty-aware traffic classification from researchers in the Czech Republic, adaptive anomaly detection for streaming IoT traffic from Japan, federated security gateways for LLM agents from Germany, AI-driven penetration testing frameworks from Italy, and realistic LLM-based honeypots from France. We also had contributions on cyber-physical attacks against cooperative multi-robot systems from India, topology-based attack detection in industrial water distribution systems from France and Germany, and our own work at on real-time instruction-level anomaly detection for embedded systems.

A particularly strong theme throughout the workshop was the dual role of AI: while generative AI and LLMs create entirely new attack surfaces — including semantic attacks, jailbreaks, and autonomous offensive tooling — they also enable powerful new approaches for detection, orchestration, cyber deception, and autonomous defense. The discussions repeatedly highlighted how future 6G, IoT, SDN, and industrial infrastructures will require fundamentally new approaches to resilience, explainability, and trustworthy automation.

The excellent keynote by on latent-based attacks against LLMs set the tone for technically deep and highly interactive sessions. Particularly exciting was the combination of foundational research, applied security engineering, and operational perspectives represented throughout the day.

The strong engagement from participants, the diversity of perspectives, and the quality of the presentations demonstrated how important interdisciplinary collaboration between AI, cybersecurity, and network management communities has become.

A big thank you to all authors, speakers, presenters, and participants for making this workshop such a success!

Author
Recent Posts

Marc-Oliver Pahl

Professor for Cybersecurity at IMT Atlantique | Chairholder CyberCNI.fr | VP German Chapter of the ACM | Cybersecurity Expert | Speaker at IMT Atlantique

Marc-Oliver Pahl is Professor at the Technical University IMT Atlantique at the campus Rennes, Brittany, France. He heads the Chair of Cybersecurity in Critical Networked Infrastructures (Cyber CNI) with currently 9 PhD students, 4 PostDocs, and 11 associated professors. He also supervises PhD students at Technical University of Munich.

Marc-Oliver is an adjunct professor of Carleton University in Canada. Marc-Oliver’s research focus is on a holistic approach to cybersecurity. He is an experienced teacher and an eLearning pioneer, holding several teaching awards.

Marc-Oliver holds a Diploma from University of Tübingen and a PhD from Technical University of Munich.

Marc-Oliver is Vice President of the German Chapter of the Association for Computing Machinery (ACM) (https://germany.acm.org/). He heads the Future Education activities of the German-French Academy for the Industry of the Future (https://future-industry.org/).

Marc-Oliver’s research focus is on a holistic approach to cybersecurity. He works on security-by-design, anomaly detection, human-in-the-loop, and automation. His goal is making cybersecurity manageable, resulting in highly resilient and reliable systems. Marc-Oliver publishes regularly in the network and service management and security communities.

Latest posts by Marc-Oliver Pahl (see all)