Hi!
I am a research scientist at Inria (Rennes, France) in the PIRAT research team (ex-CIDRE) and a member of the LHS laboratory at Rennes. I work mostly on intrusion detection systems (IDS), and on how to make them more reliable, more usable, and more assessable:
- by designing new XAI tools to explain behavioral, semi-supervised IDS
- by proposing new representations of cybersecurity data (network communications, malware dynamic analysis, etc.)
- by devising new techniques of synthetic network traffic generation based on explainable AI and data mining
Future events
I am co-organizing the ANUBIS workshop at ESORICS25 on the evaluation of intrusion detection systems.
I am co-organizing the European Symposium on Security and AI (ESSAI) at ECW’25 in Rennes, France.
Ongoing collaborations
DeceptIA (2025-2027)
DeceptIA (Deception Technologies for Honeypots with Intelligence and Adaptability) is an associate team between Inria, DFKI (Germany) and Osaka Metropolitan University (Japan). It seeks to answer the following research questions: what are the characteristics of new anomalous traffic observed in large-scale honeypots deployed across multiple geolocations and services? How can we make honeypots adapt on-the-fly to the attacker’s behavior and also evolve interaction between them? How can we develop an effective phishing detection system that not only accurately identifies phishing attacks, but also educates and explains the risks to end-users in a way that increases their awareness and resilience to future phishing attempts?
SecGen (2023-2025)
I am the PI (principal invertigator) of SecGen, an associate team (“Équipe Associée”) between Inria and CISPA (Saarbrücken, Germany). Security datasets are essential for research, but their quality is disputed: age, lack of diversity, human errors, etc. We propose to generate synthetic data to alleviate such issues. We plan to use data mining to generate network traces with proper temporal dependencies to generate more faithful data with less training data. This dataset will be evaluated with the performances of a network intrusion detection system.
REV (2023-2028)
REV is a project of the PEPR Cybersécurité. It addresses the following challenges: (i) holistic vulnerability analysis, from hardware to software to communications, (ii) characterization and understanding of the degrees of exploitation and the ability to circumvent modern protections, and (iii) vulnerability analysis’s legal aspects (ethical issues, fairness of digital evidence).
Superviz (2022-2028)
Superviz is a project of the PEPR Cybersécurité. It addresses the following challenges: (i) the increase in the number and diversity of objects, (ii) the complexity of interconnected systems, (iii) the existence of increasingly complex and silent targeted attacks, and (iv) the treatment of massive attacks which rapidly affect a significant number of victims.
DefMal (2022-2028)
The DefMal project focuses on the fight against malware: a subject that affects the entire digital environment, including connected objects (IoT), embedded systems (drones), autonomous vehicles (cars), industrial systems (ICS/Scada) and, of course, the entire IT infrastructure (cloud, smartphones, firmware).
Other collaborations
I regularly work with researchers from:
- DGA-MI and AMIAD (Bruz) on intrusion detection
- Institut Mines-Télécom (Palaiseau) on data generation
- IRIT (Toulouse) on machine learning
- LAAS-CNRS (Toulouse) on formal language theory applied to security
Recent publications
CasinoLimit: An Offensive Dataset Labeled with MITRE ATT&CK Techniques
Sebastian Killian, et al.. CasinoLimit: An Offensive Dataset Labeled with MITRE ATT&CK Techniques. The 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2025)
ROSCA: Robust and Scalable Security Alert Correlation and Prioritisation using the MITRE ATT&CK Framework
Garcia, R., Lahmadi, A., Gimenez, P. F. & Sala, C. ROSCA: Robust and Scalable Security Alert Correlation and Prioritisation using the MITRE ATT&CK Framework. First International Workshop on Analytics, Telemetry, and Cybersecurity for HPCC (High Performance Computing and Communications) (WATCH2025)
Superviz25-SQL: High-Quality Dataset to Empower Unsupervised SQL Injection Detection Systems
Quetel, G., Alata, A., Gimenez, P. F., Pautet, L. & Robert, T., (2025). SuperviZ25-SQL: High-Quality Dataset to Empower Unsupervised SQL Injection Detection Systems. In the ESORICS 2025 International Workshops.
Synthetic Network Traffic Generation for Intrusion Detection Systems: a Systematic Literature Review
Gimenez, P. F., (2025). Synthetic Network Traffic Generation for Intrusion Detection Systems: a Systematic Literature Review. In the ESORICS 2025 International Workshops.
Certifiably robust malware detectors by design
Gimenez, P. F., Sivaprasad, S. & Fritz, M., (2025 May). Certifiably robust malware detectors by design. In the 40th International Conference on ICT Systems Security and Privacy Protection (IFIPSEC25)
Contact
Office F434
Centre Inria de l’Université de Rennes
Campus de Beaulieu, 263 Av. Général Leclerc, 35042 Rennes
pierre-francois.gimenez@inria.fr