Partners: Transilvania University of Brașov; “Ferdinand I” Military Technical Academy; Safetech Innovations SA; BEIA Consult International S.R.L.
Project Value: 3,064,167 RON
Project Duration: 2024-2026
The project, “Detection and Protection System IDS/IPS for Critical Communication Infrastructures with Early Alert and Blocking Capabilities against DDoS Attacks (SDPICaDDoS)”, aims to develop a hardware system based on FPGA reconfigurable circuits, without an operating system, for real-time network traffic analysis. It will feature IN-LINE functionality, real-time traffic analysis speeds of up to 10 Gbps, real-time packet filtering based on indicators of compromise, early detection of DDoS attacks, malicious traffic filtering, and provide statistics and reports through a management application.
Project Objectives:
The general objective of the project is to develop a hardware system based on FPGA reconfigurable circuits, without an operating system, for real-time network traffic analysis.
The specific objectives of the project are:
- The system must analyze network traffic in real-time, process network packets at speeds of up to 10 Gbps, compare processed data with a predefined list of indicators of compromise (IoCs), issue alerts with various priority levels when IoCs are detected, and enable blocking actions based on equipment configurations.
- The system must support early detection and blocking of DDoS attacks through a mechanism based on real-time packet analysis passing through the equipment.
- The system must allow loading an IoC list that includes all IPv4 addresses (approximately 4 billion), along with at least 100,000 binary patterns and signatures.
- The system must load a minimum of 100,000 IoCs in under 30 minutes and achieve a detection rate of at least 98%.
- Development of a web application through which the user can view analysis and monitoring activity.
- Identified alerts should be displayed in the graphical interface according to the severity level assigned by the equipment. Additionally, users should be able to select a time interval for viewing. Furthermore, alerts must be able to be sent in real-time to a remote server using the syslog protocol.
- The system must be able to operate independently and autonomously.
- The system must allow real-time processing of 10 Gbps network traffic.
- The system must provide a factory reset option.
- The system configuration must be stored in non-volatile memory and load automatically on startup.
Find out more.