4th ROC Annual Workshop 2026 – 1-3 June 2026, Pléneuf – Val-André, Côtes d’Armor

The 4th ROC Annual Workshop will be held from 1–3 June in Pléneuf – Val André, by the sea in Côtes d’Armor, Britanny.

Venue: Espace Séminaires, 43 Rue Charles de Gannes, 22370 Pléneuf-Val André.

^*Note that on June 3, we will be moving after breakfast to Cnam Bretagne in Saint-Brieuc for the last Morning Sessions, before closing.

---

Workshop Program:

---

Monday June 1^st

Opening of the Workshop

Laurent Buchon (director of Cnam Bretagne), Vania Conan (team leader).

Invited Talk # 1

Speaker: Fabrice Guillemin, Orange Labs, Lannion

Bio: Fabrice Guillemin graduated from Ecole Polytechnique in 1987 and from Telecom Paris in 1989. He received the PhD degree in computer science from the University of Rennes in 1992 and defended his habilitation thesis at the University Pierre and Marie Curie in 1999. Since 1989, he has been with the R&D center of Orange in Lannion. He is the manager of a Research program on Architectures for Virtualized Networks at Orange Innovation focusing on the evolution of the control planes of networks. He is also an Orange Senior Expert in the “Network of the Future” community. His research interests are in computer networks, performance evaluation and applied probability.

Title: Some challenges in the design of quantum networks and traffic issues

Abstract: Thanks to recent advances in quantum technologies, quantum communications may appear in the near future, while Quantum Key Distribution (QKD) through optical fiber networks is already commercialized, notably by Orange via the Quantum Defender service offer. The objective of quantum networks is to transmit quantum bits (qubits) over large distances, in order to enable remote quantum computing machines to exchange quantum information. Contrary to classical information bits in current telecommunications networks, qubits cannot be cloned and can be stored only during short time periods. Moreover, the fidelity of qubits decreases over time and when they interact with their environment. The current method to transmit qubits over large distances is to teleport them thanks to entangled qubit pairs distributed over the path joining a source and a destination. The objective of this talk is to present the challenges when designing a quantum network, the various entanglement distribution protocols and to point out associated traffic issues.

Session #1: Resource Management and Anomaly Detection

1. Dependency-Aware Dominant Resource Fairness for Multi-Tenant Multi-Resource Systems, Zeidan Braik
   • Multi-resource allocation in network-congested, multi-tenant systems in which demand exceeds available capacity is challenging, as there is no straightforward way to determine how much of each resource to assign, especially when resources are interdependent. Classical approaches such as Dominant Resource Fairness (DRF), which generalizes Max-Min Fairness (MMF) to multiple resources, assume linear proportional dependencies across resources, requiring allocations to follow fixed proportions implied by tenants’ demands. However, this assumption may lead to inefficient allocations and resource waste, with allocated resources that go unused in practice. In this talk, we consider a multi-resource orchestrator and propose the Dependency-aware Dominant Resource Fairness (DDRF) policy, a centralized generalization of DRF  that considers inter-resource dependencies: it equalizes active dominant shares of congested resources, preserving DRF’s desirable properties, while avoiding its inefficiency with low-demand tenants. We evaluate DDRF using Amazon EC2 traces. The results show that DDRF improves effective user satisfaction by up to 80% and reduces resource waste by up to 60% compared to dependency-agnostic baselines, while improving Jain’s fairness index by more than 15% compared to the utilitarian  policy.
2. Latency-Aware PDCP Adaptation for TN–NTN Multi-Connectivity, Stefano Taborelli
   • Providing continuous and high-quality connectivity across terrestrial and non-terrestrial networks (TN–NTN) has become a pivotal objective for Mobile Network Operators seeking to bridge the digital divide. The integration of NTNs— particularly Low Earth Orbit (LEO) constellations—into terrestrial Radio Access Networks introduces technical complexities driven by dynamic link characteristics, heterogeneous propagation conditions, and asymmetric latency profiles. Within the disaggregated O-RAN architecture, these challenges are amplified at the Central Unit (CU) level, where the Packet Data Convergence Protocol (PDCP) layer must coordinate traffic from multiple Distributed Units (DUs) featuring vastly different round-trip delays. This research investigates PDCP-layer adaptations designed to mitigate propagation latency asymmetries between TN and NTN DUs, thereby enabling efficient multi-connectivity and balanced scheduling across hybrid access links. The proposed mechanisms aim to enhance CU-level coordination through latency-aware buffering, adaptive reordering, and dynamic link prioritization, ensuring consistent Quality of Service (QoS) and improved end-to-end (E2E) application-layer performance. By aligning protocol behavior with hybrid network dynamics, this work seeks to fully exploit emerging TN–NTN architectures to achieve seamless and ubiquitous global connectivity.
3. Adaptive Resource Management for Power-Efficient vRANs, Ali Srour
   • The transition to Virtualized Radio Access Networks (vRAN) enables dynamic power control through fine-grained CPU resource management. We propose an adaptive resource management framework for vRAN that manages CPU resources based on traffic demand.
4. Anomaly Detection Using Causal Representation Learning, Billel Hakem
   • Anomaly detection models based on deep learning rely on correlations and fail to identify the root cause of anomalies in the system. While explainability methods (e.g. SHAP, attention maps) can explain a model’s predictions, these explanations remain bound by the same correlational limitations. We propose to study the feasibility of a causal anomaly detection algorithm based on Causal Representation Learning, made possible through the use of interventional data to move beyond correlation and toward root-cause identification.
5. Anomaly Detection in Automated xG Networks Using Federated Learning with Non-IID Data, Yasmine Chaouche
   • Applying Federated Learning (FL) to real-world network environments, such as telecommunication networks, presents significant challenges. In this paper we investigate the intrinsic problem of non-IID data training across distributed in- network FL clients. More specifically, we focus on the feature distribution discrepancy in the use of in-network FL for infrastructure monitoring. While previous works have made notable progress in the design of aggregation functions that compensate strong polarization in data distributions, limited attention was directed toward data load-balancing from sources to processing nodes, that leverage the role and characteristics of the data itself. The goal of this thesis is to address feature heterogeneity in in-network federated learning by piloting how data is forwarded in the network on the way to its consumers. To this end, we design and evaluate several scenarios for dynamic data load balancing between the FL clients within the network topology, subject to latency constraints.
6. Enhanced DiNATrAX for Multi-Protocol Anomaly Detection, Maham Fatima Kayani
   • This work presents an enhanced version of DiNATrAX for multi-protocol network anomaly detection. The proposed approach is designed to identify malicious and anomalous traffic in real-world environments. To evaluate its effectiveness, the model is tested on benchmark datasets including CTU-13 and CICIDS 2017, which represent realistic botnet and attack scenarios. Experimental results demonstrate that the enhanced DiNATrAX improves detection performance and provides a reliable solution for identifying real-world network threats.

Open Discussion: How to improve best practice at ROC?
Chair: Vania Conan.

Publication quality (review of tabord) and strategy.
Open-source code and dataset efforts (review of ongoing and future ones).
Patentable ideas.
Renewal of team management responsibilities.
Participation in the organization of future conferences (HPSR, AIxNET, …).

---

Tuesday June 2

Open Discussion: How to improve best practice at ROC (continued)?

Session #2: Cyber-Security

1. LoRaWAN traffic and security analysis, Moheed Ali Kayani
   • This presentation explores the analysis of LoRaWAN traffic with a focus on security challenges in IoT environments. It examines both uplink and downlink communication patterns,  best  vulnerabilities that can be exploited through attacks such as jamming and interference.
2. How to enable mobility of a user between servers without compromising the security of his authentication, Flavien Dermigny
   • In disaster scenarios and environments with degraded network infrastructures, servers may become intermittently disconnected, while mobile users still require continuous access to distributed resources. Existing multi-server authentication protocols rely on stable inter-server communication or centralized infrastructures, making them unsuitable for such conditions. We study how we can solve this problem with cryptographic tools such as Zero-Knowledge Proof.
3. Poisoning Attacks on Federated Anomaly Detection in xG Networks: A System-Level Evaluation, Salah  Bin Ruba
   • Federated learning (FL) – based anomaly detection in next-generation (xG) networks is highly vulnerable to data poisoning, yet the impact of poisoning on model behavior and decision structure remains poorly characterized. In this work, we present a system-Level evaluation of label-flipping attacks across 306 configurations, spanning two datasets, multiple federation sizes, and complementary attack strategies. While prior studies typically rely on scalar metrics, we jointly analyze accuracy and Attack Success Rate (ASR) and introduce a score-space analysis to characterize how poisoning alters the internal structure of anomaly predictions. This reveals three structurally distinct poisoning phases: stable, boundary degradation, and inversion. We observe a previously unknown failure mode: under strong poisoning, the model inverts, misclassifying attacks as benign, with no signal in accuracy. We further show that ASR rises measurably before accuracy degrades — an early-warning signal invisible to conventional evaluation. Together, these findings demonstrate that scalar metrics underestimate adversarial impact in FL, and establish distribution-level analysis as a complementary tool for monitoring deployed federated anomaly detection systems.
4. Efficient Attack Detection Using DistilBERT for Network Traffic Analysis, Ramzi Rezki
   • The rapid growth of networked and IoT devices has significantly increased the complexity and volume of cyberattacks, making efficient and accurate intrusion detection a critical challenge. In this work, we propose a transformer-based model for multi-class attack detection, leveraging its capability to capture sequential and contextual patterns in network traffic. We transform raw packet-level data into sequential representations that encode host interactions, ports, and protocol features, enabling the model to learn both temporal and structural relationships. Our approach is evaluated across several widely used benchmark datasets in the field, including NSL-KDD, NF-BoT-IoT, ToN-IoT, and NSS Mirai, covering diverse attack types and network scenarios. Experimental results demonstrate that our transformer model consistently outperforms traditional machine learning approaches, such as Random Forests and Decision Trees, achieving higher F1-scores, precision, and recall across all datasets. These findings highlight the effectiveness of transformer architectures in enhancing intrusion detection systems and provide a promising direction for robust, scalable cybersecurity solutions.
5. Game-Theoretic Mitigation of Man-in-the-Middle Attacks in Digital Twin-Enhanced Cyber-Physical Systems Using Markov Decision Processes, Billal Mokhtari
   • This research addresses the challenge of detecting and mitigating adversarial Man-in-the-Middle (MitM) attacks on Cyber-Physical Systems (CPS) enhanced by Digital Twins. Given the diversity of system transfer functions and the constant emergence of new attack architectures, traditional defensive approaches lack generality and scalability. The study proposes an autonomous, game-based framework where two Reinforcement Learning (RL) agents, a red (attacker) and a blue (defender), compete within a simulated environment modeled as a Markov Decision Process (MDP). Key contributions include the formalization of state spaces, action domains, and reward functions tailored to different attack strategies such as system identification, bias injection, replay attacks, and boundary hunting. The Digital Twin serves as a sandbox for real-time learning and adaptation, enabling the blue agent to respond to evolving threats without human intervention. The work also explores observability conditions, training strategies (online/offline/hybrid), and dynamic system modeling techniques, including time-varying and time-invariant systems. This approach aims to provide a generalizable, autonomous mitigation mechanism for securing critical infrastructures against covert cyberattacks.
6. Autonomous Cyber Response: Decision Strategies and Autonomy Levels, Clément Duchesne
   • Autonomous cyber defense is moving from human-supervised workflows to closed-loop response systems. We survey recent work on cyber response automation, with a particular focus on the decision strategies and levels of autonomy. We organize the discussion around the NIST incident response lifecycle and the MITRE D3FEND framework to illustrate the structure of defensive actions. This perspective highlights how different approaches separate decision-making between humans and machines. It also identifies which parts of autonomous response have already been explored, which AI methods have been used, and what gaps and limitations remain.

Invited Talk # 2

Speaker: Guillaume Doyen, IMT Atlantique, Rennes

Bio: Guillaume Doyen has been a Full Professor at IMT Atlantique since March 2021 where he is the head of the IRISA (UMR CNRS 6074) SOTERN (Self-Protecting the Future Internet) research group and co-head of the Cybersecurity curriculum. His research expertise focuses on intent-based security management as well as future networks and services protection such as low-latency networks, virtualized and content-oriented architectures. He is the co-author of more than 80 publications and has participated in several research projects (French PEPR Cyber and Network of Future, BPI Request and 5G Metavers, ANR Mosaico and Doctor). He is actively involved in the networks and services management community. He is a TPC member of flagship conferences (e.g. IFIP/IEEE NOMS, CNSM, Netsoft), participated or led the organization of several international events (e.g. NOMS, Netsoft and several workshops such as HiPNet’21, SecSoft’24) and he is an associate editor of the Springer Journal of Networks and Services Management. As the 1st and 10th editions organizer of the RESSI national event, he is currently its steering committee chair. He holds an HDR (in 2021) from University of Technology of Compiegne (UTC), a PhD (in 2005) from the University of Nancy I and a Master/Engineer double degree (in 2002) from INSA Toulouse.

Title: When (low-)Latency Matters: Protecting Future Internet Services Against Malicious Flows

Abstract: New services with low-latency (LL) requirements are one of the major challenges for the Future Internet. Many architectures and protocols targeting the latency reduction and control have been proposed such as Time Sensitive Networking and Deterministic Networking, 5G URLLC and Low Loss and Scalable Throughput (L4S). Although these architectures sound promising for latency improvement, they can be exploited by an attacker to perform malicious actions whose purposes are to defeat the LL feature and consequently make their supported applications unusable. In this talk, we  first survey different forms of Denial-of-Service attacks with an emphasis on the vulnerabilities of these emerging LL architectures. We first focus on the case of L4S which is vulnerable to different forms of attack and we will show that application-layer protocols such as QUIC can easily be hacked in order to exploit the over-sensitivity of those new services to network variations. Then, we highlight the specific nature of these attacks which are architecture-dependent by emphasizing the case of other network technologies such as 5G Radio Access Network and Time Sensitive Networking. Finally, we expose the challenges related to the protection, detection and mitigation of the future LL network architecture against those novel forms of stealthy attacks.

---

Wednesday June 3

Presentation of Cnam Bretagne

Speaker: Laurent Buchon, Cnam, Saint-Brieuc

Session # 3: AI for Networking and Platforms

1. Networking in Generative AI Workloads, Davide Avesani
   • Building upon our prior theoretical and application-level analysis of networking and data exchange in Large Language Models (LLMs) training, this work investigates the manifestation of communication patterns in distributed generative AI systems. Our earlier study characterized how different parallelism strategies influence network traffic and overall system behavior. In this work, we extend this analysis through experimental evaluation on real hardware platforms, with the objective of assessing the extent to which theoretical models reflect practical network dynamics. We conduct an empirical characterization of network traffic, identifying key performance factors and system-level behaviors under realistic conditions. The resulting insights and datasets establish a foundation for future research aimed at optimizing communication efficiency and improving the scalability of large-scale AI systems.
2. Graph Structure in Graph Neural Networks, Killian Cressant
   • Graph Neural Networks (GNNs) leverage graph structure to enhance learning from data that cannot be effectively represented in Euclidean spaces, such as telecommunications systems or Social media web. From a signal processing perspective, GNNs can be viewed as tools that transform signals defined on graphs, where data are associated with nodes and edges, into low-dimensional embeddings. Despite their effectiveness, GNNs suffer from inherent limitations, notably over-smoothing and over-squashing, which can degrade performance as information propagates through the network. While these issues are often attributed to the model architecture, the underlying graph structure itself plays a crucial role. By carefully designing or.
3. Carrier Priority Control for Energy-Efficient Multi-Band Networks: A DRL-Based Approach, Anh-Khoa Dang
   • In mobile networks, base stations (BSs) typically consist of three sectors, each operating multiple carriers with distinct frequency bands to balance coverage and capacity demands. In this study, we propose a joint carrier sleeping and traffic steering scheme tailored for carrier aggregation (CA)-enabled multi-band networks. First, we present a priority-based traffic steering strategy that uses carrier priorities not only to steer traffic toward the desired carriers but also to control carrier shutdown, thus optimizing the network energy performance. Then, we leverage Deep Reinforcement Learning (DRL) to dynamically adapt these priorities to spatio-temporal traffic variations. Results show that priority control enables more energy-efficient carrier utilization than binary sleep control, while maintaining user experience. Moreover, the proposed scheme achieves more than twice the energy savings compared to a legacy solution deployed in today’s operational mobile networks.
4. Analysis of open-source O-RAN platforms Under High-Load Traffic, Moussa Guemdani
   • Open-source software is increasingly enabling flexible and cost-effective experimentation with 5G Radio Access Networks (RANs). However, only a limited number of studies provide a systematic comparative evaluation of experimental testbeds that combine different open-source RAN software stacks across multiple deployment scenarios. Moreover, system performance under high traffic loads remains insufficiently explored. In this work in progress, we present the design of an experimental 5G standalone (SA) testbed, detailing its architectural components, hardware infrastructure, software protocol stack, and key configuration parameters. We implement four testbed configurations, and we conduct a comparative performance analysis. The study focuses on monolithic and 3GPP functional split Option 2 architectures, using open-source RAN implementations. The evaluation considers a set of key performance indicators (KPIs) that characterize end-to-end (E2E) performance, system-level behavior, and radio conditions.

Invited Talk # 3

Speaker: Federico “Larroca” La Rocca, Universitad de la Republica Uruguay & Cnam

Bio: Federico ‘Larroca’ La Rocca is an Associate Professor at the Engineering School of the Universidad de la República (Uruguay), and Cnam Visiting Professor for June 2026. He obtained his Ph.D. degree in Computer Science and Networking at Telecom ParisTech (ex ENST) in December 2009 and the degree in Tele-communication Engineering in 2006 from the Universidad de la República. His current research interests are related to the analysis and modeling of communication/networked systems, and development on Software Defined Radio.

Title:  Graph Representation Learning under Partially Observed Edges: a Principled Encoder-Decoder Approach

Abstract: Graphs are a natural representation for relational data arising in a wide range of domains, including social networks, biological interaction maps, knowledge graphs, recommender systems, and communication networks, to name a few. Graph representation learning addresses the problem of producing low-dimensional node embeddings that faithfully reflect graph structure, enabling downstream tasks such as visualization, or node classification, clustering, and link prediction through standard machine learning pipelines. Virtually all methods can be formulated through an encoder-decoder framework: an encoder maps the adjacency matrix to embeddings, a decoder measures the (dis)similarity between embeddings, and the objective is to minimize a loss that measures the difference between the latter and the structural (dis)similarity among nodes in the graph. A fundamental assumption of this framework, rarely questioned, is that the graph is fully observed. In practice, however, many settings involve edges whose existence or weight is unknown, and the standard response of imputing zeros introduces a bias that can be non-negligible.

In this talk we revisit the encoder-decoder framework under partial edge observability. We show that a simple but principled modification, jointly optimizing the node embeddings and the unknown adjacency entries, is equivalent to enforcing that the learned embeddings are insensitive to the unobserved edges, without requiring any structural change to the encoder or decoder. We discuss in detail the case of the Random Dot Product Graph model and the associated Adjacency Spectral Embedding, where the joint formulation recovers and generalizes existing masked objectives, and then extend the framework to hyperbolic embedding spaces, in particular the Poincaré Maps method, where the proposed framework enables a principled imputation of the missing entries, a feature not present in the original formulation. Preliminary empirical results and directions for future work will be discussed.

Closing of the Workshop

---