Paul Irofti


About me: 
 Resume (RO)
 Publications
 Education
 Security Seminar
 ILDS
 ORCID
 Scholar
 LinkedIn
 GitHub

Grants: 
 DDNET
 Graphomaly
 NetAlert
 LEGAT
 DeDDoS

Teaching: 
 Sisteme de Operare
 Utilizarea SO
 OS Security
 Vedere Artificială
 Static Analysis
 Prelucrarea Semnalelor
 Calcul Numeric

Contact: 
 [E-mail address]

DeDDoS – Innovative hardware anti-DDoS solution based on artificial intelligence (AI)

News

2024

Project

Main Objective
The main objective of this project is to make a hardware-software product, called DeDDoS, based on intelligence artificial, exposed to the INTERNET, which analyzes traffic in real time at 10Gbps identifying and blocking DDoS packets based on a number of essential components:

  1. analysis with artificial intelligence
  2. static analysis based on rules and patterns behavioral
  3. validation based on some DDoS scenarios generated in the ATLAS cyber polygon.

End Result
Dedicated and stand-alone hardware-software prototype product with real-time anti-DDoS analysis delivered to the Beneficiary at the end of the project.

Team

Paul Irofti -- Project Coordinator

University of Bucharest:

Paul Irofti -- Principal Investigator
Nicolae Cleju -- Senior Researcher
Radu Ionescu -- Senior Researcher
Andrei Pătrașcu -- Senior Researcher
Cristian Rusu -- Senior Researcher
Andrei Hîji -- Assistant Researcher
Silviu Gheorghe -- Master Student
Ionel Ștefăniță Secioreanu -- Master Student

Open Positions: 2 PhD and 1 Masters student positions.
Contact me if interested!

Military Technical Academy

Ion Bica -- Principal Investigator
Mihai Togan -- Senior Researcher
Constantin Grumazescu -- Researcher
Daniel Antonie -- Researcher
Ștefan-Ciprian Arseni -- Assistant Researcher
Constantin-Dan Avram -- Assistant Researcher
Iulian Tiță -- Assistant Researcher
George-Codrin Hariga -- Assistant Researcher
Dragoș Ioana -- Master Student
Adina-Maria Vaman -- Master Student
Luca Coratu -- Master Student
Alexandra-Ioana Buzățoiu -- Master Student
Alexandra-Victoria Ciuvat -- Master Student
Florina Conchințoiu -- L1 Technician

Nextgen Software SRL:

Bogdan Legănaru -- Principal Investigator
Vlad Gladin -- Senior Researcher
Daniel Tache -- Researcher
Alin Ungureanu -- Researcher
Emilian-Cristian Bonciu -- L2 Technology Engineer
Mădălina-Andreea Diaconu -- L2 Technology Engineer
Cristian-Ștefan Ene -- L2 Technology Engineer
Mihai Tănase -- L2 Technology Engineer
Viorel Tiganescu -- L2 Technology Engineer
Adrian Sandu -- L2 Technician
Mihaela Petre -- L3 Technician

Documentation

Papers

About

DeDDoS aims to create a hardware-software product based on artificial intelligence, exposed to INTERNET, which analyzes real-time traffic at 10Gbps identifying and blocking DDoS packets based on a series of components essentials:

(i) analysis using artificial intelligence

We will train ensemble models made up of several AI algorithms whose inference we will unify through voting methods for a high degree of accuracy and efficiency. We will use an ensemble, possibly pre-trained, for each type of attack: volumetric (e.g. UDP, ICMP, IPSEC Floods and IP/ICMP fragmentation), amplified (e.g. Reflection Amplification), DrDDoS (ex. Smurf DDoS), at the application level (e.g. DNS Query/HTTP/HTTPS/HTTP2 flood, Slow Lorris, RUDY).

(ii) static analysis based on behavioral rules and patterns

We will capture network traffic using a 10Gbps TAP device and then decode TCP/IP protocols from layer 3 for volumetric DDoS and amplified up to layer 7 for DRDoS and application-type DDoS, slow Lorris, etc. On the traffic captured will apply AI-based detection (i). In addition to ToR, we will apply volumetric and specific static detection to each attack directly from the traffic capture application, applying static analysis.

(iii) validation based on some DDoS scenarios generated in the ATLAS cyber polygon.

We will generate our own data sets and use the following equipment from the Center of Excellence for Technologies Advanced Cyber-Security (CETASC) of ATM for volumetric and amplified DDoS attacks: a) IXIA PerfectStorm ONE, specialized device for testing and evaluating network performance that can simulate DDoS attacks (ICMP/UDP/SYN/HTTP flood and other). The equipment provided ensures a throughput of 40Gbps; b) IXIA Vision Edge V40, Network Packet Broker equipment designed to provide visibility and control over network traffic.