Accepted Papers

We present the first version of Virtual & Invisible Private Network (VIPN), a novel low-latency, secure, and anonymous communication technology designed to overcome the limitations of existing network anonymization architectures. Traditional decentralized systems require trusting intermediary proxies in charge of relaying users’ traffic. This reliance introduces significant vulnerabilities, including potential traffic attribution, man-in-the-middle attacks and sensitive information exposure if a relay is compromised. Additionally, these architectures often lack compatibility with all IP protocols and QoS; thus they fail to support modern applications effectively. In this paper, we review the shortcomings of current approaches and propose a new architecture that mitigates these risks. We evaluate the guarantees of our solution against various adversarial models and provide first insights from a real-world deployment. Finally, we highlight the current architecture limitations and future ongoing challenges.

Honeypots are important tools in network security, offering a means to detect, deflect, and analyze malicious activity. However, their effectiveness relies on remaining undetected. High-skill attackers are aware of honeypots and develop detection and evasion tactics. This paper presents a systematization of knowledge of the current state of honeypot detection, providing an overview of techniques employed in both laboratory and real-world settings.

Security supervision is a key activity in securing information systems. Together with threat intelligence and incident response, it plays a key role in handling security incidents. This operational-level document sets out best practices for organizing and managing a security monitoring service. In particular, the resources it proposes can help to create a security supervision capability

Social media platforms have enabled large-scale influence campaigns, designed by threat actors to manipulate public opinion. These campaigns use coordinated accounts to spread fake information or amplify information (e.g., disinformation, astroturfing), swaying opinions and paralysing decision-making. To mitigate these impacts, nongovernmental and governmental entities train in simulated informational environments emulating social network platforms and their exchanges. During the trainings, the animation team must implement specific informational Tactics Techniques and Procedures (TTPs) to achieve customized educational objectives. The simulation of TTPs requires credible social networks, which must notably contain diverse user types (bots, trolls, casual users, influencers, etc.) and recreate social interactions to generate both normal behaviours and malicious behaviours. This paper introduces a framework designed to generate personalized social networks graphs for training sessions, tailored specifically to the needs of the trainers. This framework allows the modelling of referenced influence operations in order to reproduce specific attacks such as astroturfing or corrupted influencers to increase the training credibility, the pedagogical impact, and capitalising on existing knowledge. We illustrate the coherence of these simulations through two case studies, which aim at reproducing astroturfing attacks and corrupt influencers tactics. We show that our simulation of these tactics coherently reproduces the documented attacks, and we assess the results through topology metrics and information diffusion metrics.

The convergence of Digital Twin (DT) technology and Machine Learning (ML) presents a promising combination for enhancing cybersecurity by proactively predicting threats and attacks. This paper proposes a comprehensive taxonomy of Digital Twins for cybersecurity, categorizing its roles in threat prediction and attack detection. By analyzing methodologies, feature selection strategies, and AI tools employed across implementations, it highlights their current capabilities and limitations.

The rapid proliferation of IoT technologies has fundamentally reshaped smart infrastructures, spanning from domestic applications to complex industrial systems. However, this layered and geographically distributed architecture introduces multifaceted security challenges, particularly in identifying coordinated or stealthy threats that propagate across different levels of the system. Traditional intrusion detection systems (IDS), typically deployed in isolation either at the edge or within the cloud, struggle to achieve the necessary global visibility and often exhibit delayed responsiveness in such dynamic environments. In this paper, we propose a novel vertical intrusion detection framework tailored to multi-layered IoT networks. Our system enables hierarchical correlation and fusion of alerts across edge, fog, and cloud layers by combining localized anomaly detection with a global graph neural network (GNN) that performs structural and temporal reasoning over an alert graph. To ensure robustness in adversarial settings, we introduce an evolutionary game-theoretic mechanism based on replicator dynamics, which dynamically adjusts the trust levels of inter-node connections. The nodes evaluate the reliability of their neighbors based on accuracy and detection consistency, leading to reinforcement of cooperative behaviors and marginalization of compromised participants. Experimental results show that our architecture improves detection performance, reduces false positives, and adapts effectively to changing threat landscapes.