DeDDoS – Innovative hardware anti-DDoS solution based on artificial intelligence (AI)
News
2024
Project
-
Project ID: PN-IV-P6-6.3-SOL-2024-2-0197
-
Consortium: UB (coordinator),
ATM,
Nextgen Software SRL.
-
Team: 36 positions (3 still open at UB)
-
Funder:
UEFISCDI
-
Budget: 5.341.847 lei (~ 1.068.370 euro)
-
Duration: 3 July 2024 - 2 July 2026
Main Objective
The main objective of this project is
to make a hardware-software product, called DeDDoS,
based on intelligence artificial, exposed to the INTERNET,
which analyzes traffic in real time at 10Gbps
identifying and blocking DDoS packets based on a number of essential components:
-
analysis with artificial intelligence
-
static analysis based on rules and patterns behavioral
-
validation based on some DDoS scenarios generated in the ATLAS cyber polygon.
End Result
Dedicated and stand-alone hardware-software prototype product
with real-time anti-DDoS analysis
delivered to the Beneficiary at the end of the project.
Team
Paul Irofti -- Project Coordinator
University of Bucharest:
Paul Irofti -- Principal Investigator
Nicolae Cleju -- Senior Researcher
Radu Ionescu -- Senior Researcher
Andrei Pătrașcu -- Senior Researcher
Cristian Rusu -- Senior Researcher
Andrei Hîji -- Assistant Researcher
Silviu Gheorghe -- Master Student
Ionel Ștefăniță Secioreanu -- Master Student
Open Positions:
2 PhD and 1 Masters student
positions.
Contact me if interested!
Military Technical Academy
Ion Bica -- Principal Investigator
Mihai Togan -- Senior Researcher
Constantin Grumazescu -- Researcher
Daniel Antonie -- Researcher
Ștefan-Ciprian Arseni -- Assistant Researcher
Constantin-Dan Avram -- Assistant Researcher
Iulian Tiță -- Assistant Researcher
George-Codrin Hariga -- Assistant Researcher
Dragoș Ioana -- Master Student
Adina-Maria Vaman -- Master Student
Luca Coratu -- Master Student
Alexandra-Ioana Buzățoiu -- Master Student
Alexandra-Victoria Ciuvat -- Master Student
Florina Conchințoiu -- L1 Technician
Nextgen Software SRL:
Bogdan Legănaru -- Principal Investigator
Vlad Gladin -- Senior Researcher
Daniel Tache -- Researcher
Alin Ungureanu -- Researcher
Emilian-Cristian Bonciu -- L2 Technology Engineer
Mădălina-Andreea Diaconu -- L2 Technology Engineer
Cristian-Ștefan Ene -- L2 Technology Engineer
Mihai Tănase -- L2 Technology Engineer
Viorel Tiganescu -- L2 Technology Engineer
Adrian Sandu -- L2 Technician
Mihaela Petre -- L3 Technician
Documentation
Papers
About
DeDDoS aims to create a hardware-software product
based on artificial intelligence, exposed to INTERNET,
which analyzes real-time traffic at 10Gbps
identifying and blocking DDoS packets
based on a series of components essentials:
(i) analysis using artificial intelligence
We will train ensemble models made up of several AI algorithms
whose inference we will unify through voting methods
for a high degree of accuracy and efficiency.
We will use an ensemble, possibly pre-trained, for each type of attack:
volumetric (e.g. UDP, ICMP, IPSEC Floods and IP/ICMP fragmentation),
amplified (e.g. Reflection Amplification),
DrDDoS (ex. Smurf DDoS),
at the application level
(e.g. DNS Query/HTTP/HTTPS/HTTP2 flood, Slow Lorris, RUDY).
(ii) static analysis based on behavioral rules and patterns
We will capture network traffic using a 10Gbps TAP device
and then decode TCP/IP protocols from
layer 3 for volumetric DDoS and amplified
up to layer 7 for DRDoS and application-type DDoS, slow Lorris, etc.
On the traffic captured will apply AI-based detection (i).
In addition to ToR,
we will apply volumetric and specific static detection to each attack
directly from the traffic capture application, applying static analysis.
(iii) validation based on some DDoS scenarios
generated in the ATLAS cyber polygon.
We will generate our own data sets
and use the following equipment from the
Center of Excellence for Technologies Advanced Cyber-Security (CETASC) of ATM
for volumetric and amplified DDoS attacks:
a) IXIA PerfectStorm ONE,
specialized device for testing and evaluating network performance
that can simulate DDoS attacks (ICMP/UDP/SYN/HTTP flood and other).
The equipment provided ensures a throughput of 40Gbps;
b) IXIA Vision Edge V40, Network Packet Broker equipment
designed to provide visibility and control over network traffic.