Paul Irofti | DeDDoS

DeDDoS – Innovative hardware anti-DDoS solution based on artificial intelligence (AI)

News

2025

[Aug'25]
- Petrișor Tănasă officially joins the team, welcome!
- Started the modules integration process.
- Signed the acquisition contract for the hardware equipment
[Jul'25]
- Added Application level AI detection module.
- Milestone reached: Solution validated in the ATLAS cybersecurity polygon
[Jun'25] -- Volumetric and protocol AI detection modules for TCP, UDP, ICMP, DNS, NTP and HTTP
[May'25] --
- Application level testing scenarios.
- Static detection modules for floods.
[Apr'25] -- Volumetric and protocol attack scenarios for TCP, UDP and ICMP
[Mar'25] -- ``Detecting and Mitigating DDoS Attacks with AI: A Survey'' paper preprint available.
[Feb'22] -- Started the acquisition process for the hardware equipment
[Jan'25] -- Milestone reached: Documentation regarding the functional testing and validation progam of the product prototype

2024

[Dec'24]
- Initial version of the web interface is up and running.
- Prepared an initial demo for the beneficiary.
[Nov'24] -- We have a new member, welcome Alexandru Apostu!
[Oct'24] -- Milestone reached: Reports regarding
- scientific state of the art
- identification of solutions based on existing offers on the profile market
- technical product concept, architecture and main components
[Sep'24] -- Working on architecture and main components.
[Aug'24] -- Preparing state of the art and market study documentation.
[Jul'24] -- Kickoff!

Project

Project ID: PN-IV-P6-6.3-SOL-2024-2-0197
Consortium: UB (coordinator), ATM, Nextgen Software SRL.
Team: 36 positions (3 still open at UB)
Funder: UEFISCDI
Budget: 5.341.847 lei (~ 1.068.370 euro)
Duration: 3 July 2024 - 2 July 2026

Main Objective
The main objective of this project is to make a hardware-software product, called DeDDoS, based on intelligence artificial, exposed to the INTERNET, which analyzes traffic in real time at 10Gbps identifying and blocking DDoS packets based on a number of essential components:

analysis with artificial intelligence
static analysis based on rules and patterns behavioral
validation based on some DDoS scenarios generated in the ATLAS cyber polygon.

End Result
Dedicated and stand-alone hardware-software prototype product with real-time anti-DDoS analysis delivered to the Beneficiary at the end of the project.

Team

Paul Irofti -- Project Coordinator

University of Bucharest:

Paul Irofti -- Principal Investigator
Radu Ionescu -- Senior Researcher
Andrei Pătrașcu -- Senior Researcher
Cristian Rusu -- Senior Researcher
Andrei Hîji -- Assistant Researcher
Silviu Gheorghe -- Master Student
Ionel Ștefăniță Secioreanu -- Master Student
Petrișor Tănasă -- Master Student

Nicolae Cleju -- Senior Researcher(July 2024 - July 2025)
Alexandru Apostu -- PhD Student (November 2024 -July 2025)

Military Technical Academy

Ion Bica -- Principal Investigator
Mihai Togan -- Senior Researcher
Constantin Grumazescu -- Researcher
Daniel Antonie -- Researcher
Ștefan-Ciprian Arseni -- Assistant Researcher
Constantin-Dan Avram -- Assistant Researcher
Iulian Tiță -- Assistant Researcher
George-Codrin Hariga -- Assistant Researcher
Dragoș Ioana -- Master Student
Adina-Maria Vaman -- Master Student
Luca Coratu -- Master Student
Alexandra-Ioana Buzățoiu -- Master Student
Alexandra-Victoria Ciuvat -- Master Student
Florina Conchințoiu -- L1 Technician

Nextgen Software SRL:

Bogdan Legănaru -- Principal Investigator
Vlad Gladin -- Senior Researcher
Daniel Tache -- Researcher
Alin Ungureanu -- Researcher
Emilian-Cristian Bonciu -- L2 Technology Engineer
Mădălina-Andreea Diaconu -- L2 Technology Engineer
Cristian-Ștefan Ene -- L2 Technology Engineer
Mihai Tănase -- L2 Technology Engineer
Viorel Tiganescu -- L2 Technology Engineer
Adrian Sandu -- L2 Technician
Mihaela Petre -- L3 Technician

Documentation

Papers

[1]	A. Apostu, S.F Gheorghe, A. Hîji, N. Cleju, A. Pătraşcu, C. Rusu, R.T. Ionescu, and P. Irofti, “Detecting and Mitigating DDoS Attacks with AI: A Survey,” pp. 1--35, 2025. [ bib \| arXiv ]
[2]	P. Irofti, A.I. Hîji, A. Pătrașcu, and N. Cleju, “Fusing Dictionary Learning and Support Vector Machines for Unsupervised Anomaly Detection,” pp. 1--35, 2024. [ bib \| arXiv ]

About

DeDDoS aims to create a hardware-software product based on artificial intelligence, exposed to INTERNET, which analyzes real-time traffic at 10Gbps identifying and blocking DDoS packets based on a series of components essentials:

(i) analysis using artificial intelligence

We will train ensemble models made up of several AI algorithms whose inference we will unify through voting methods for a high degree of accuracy and efficiency. We will use an ensemble, possibly pre-trained, for each type of attack: volumetric (e.g. UDP, ICMP, IPSEC Floods and IP/ICMP fragmentation), amplified (e.g. Reflection Amplification), DrDDoS (ex. Smurf DDoS), at the application level (e.g. DNS Query/HTTP/HTTPS/HTTP2 flood, Slow Lorris, RUDY).

(ii) static analysis based on behavioral rules and patterns

We will capture network traffic using a 10Gbps TAP device and then decode TCP/IP protocols from layer 3 for volumetric DDoS and amplified up to layer 7 for DRDoS and application-type DDoS, slow Lorris, etc. On the traffic captured will apply AI-based detection (i). In addition to ToR, we will apply volumetric and specific static detection to each attack directly from the traffic capture application, applying static analysis.

(iii) validation based on some DDoS scenarios generated in the ATLAS cyber polygon.

We will generate our own data sets and use the following equipment from the Center of Excellence for Technologies Advanced Cyber-Security (CETASC) of ATM for volumetric and amplified DDoS attacks: a) IXIA PerfectStorm ONE, specialized device for testing and evaluating network performance that can simulate DDoS attacks (ICMP/UDP/SYN/HTTP flood and other). The equipment provided ensures a throughput of 40Gbps; b) IXIA Vision Edge V40, Network Packet Broker equipment designed to provide visibility and control over network traffic.