Conveners
To Serve and Protect: 3A
- Tomasz Szewczyk (PCSS)
Description
The boundary between network service and network security is rapidly dissolving. Today’s infrastructures must not only deliver performance and reliability, but also sense, learn, and adapt in the face of constant change and persistent threat. In “To Serve and Protect” session we examine how AI-enabled operations and AI-aware defense strategies converge into a new operational model. Through real-world deployments of ML-based anomaly detection, AI-assisted incident management, and LLM-powered honeypots, this session reveals how academic and research networks are transforming raw telemetry and attacker interaction into collective intelligence, faster response, and more resilient digital services.
ESnet shares its pragmatic journey developing AI tools that deliver measurable improvements to Network Operations Center efficiency. Rather than chasing trends, ESnet focused on AI-assisted ticket resolution. This presentation details two concrete applications - Intelligent Resolution Guidance that proactively surfaces relevant documentation, and Adaptive Incident Summarization that generates...
We demonstrate efforts to collect threat intelligence by provisioning honeypot infrastructure and the synergy between honeypots and Large Language Models. We show data from the GN5-2 honeynet, including Kibana-based visualisations, and our pipelines, including sandboxing infrastructure. Monitoring with T-Pot and LangFuse enables behavioural analysis by tracking session abandonments caused by...
As networks grow in scale and complexity, traditional monitoring tools struggle to track subtle deviations and manage increasing incident volumes. Modern applications depend on stable latency, packet loss, and jitter, where small variations can degrade user experience. Machine Learning offers an intelligent approach to anomaly detection by learning baseline behavior and identifying deviations...
