The evolution of the Internet leads to an ever-stronger integration of this cyberspace in places and devices manipulated by humans: (1) in everyday life, from the use of mobile devices, to smart environments (vehicles, buildings, etc.), but (2) also in critical infrastructures, whether civil, such as industry 4.0, or military, including robots and drones operating in theatres of operations or protecting the sovereignty of digital spaces. This evolution of the cyberspace is based on the concomitant maturity of connected objects, the development of telecommunication capabilities and virtualization, and in this context, it is necessary to offer users a coupled real/digital space which is secure, safe and above all trustworthy. However, without even dealing with guarantees, ensuring a minimum level of protection proves to be a complex challenge for several reasons:

• Cyber-physical systems are of an ever-increasing size, reaching very large scales, and they are composed of ever more miniaturized elements exhibiting atomic functions, such as connected objects or micro-services deployed in virtualized infrastructures.

• Cyber-physical systems surrounding people are, for part of them, open, meaning that they are not limited to an operated or controlled infrastructure where each participant has been identified as being trustworthy.

• Cyber-physical systems, due to their complexity and the need to maintain their functionality regardless of the unpredictable phenomenon and timeliness, no longer allow humans to be at the heart of their control. This need for system autonomy is a pervasive reality that must be integrated by design.

To address these issues, the Sotern team sets out to design, develop and validate methods and tools for the self-protection of the Future Internet. Self-protection is considered as the capability of systems to monitor, detect and remedy by themselves to deliberately malicious behaviors, whose objectives, varied by nature, may be to undermine the proper provision of a service, a user or an infrastructure. Depending on the characteristics of the system and its maturity, the self-protection solutions may be intrinsically implemented into its components, such as during the design stage or by corrective means, or extrinsic, thereby implemented through dedicated security components automatically enforcing attack detection, mitigation and remediation.