SDPICaDDoS

Partners: Transilvania University of Brașov; “Ferdinand I” Military Technical Academy; Safetech Innovations SA; BEIA Consult International S.R.L.

Project Value: 3,064,167 RON

Project Duration: 2024-2026

The project, “Detection and Protection System IDS/IPS for Critical Communication Infrastructures with Early Alert and Blocking Capabilities against DDoS Attacks (SDPICaDDoS)”, aims to develop a hardware system based on FPGA reconfigurable circuits, without an operating system, for real-time network traffic analysis. It will feature IN-LINE functionality, real-time traffic analysis speeds of up to 10 Gbps, real-time packet filtering based on indicators of compromise, early detection of DDoS attacks, malicious traffic filtering, and provide statistics and reports through a management application.

Project Objectives:

The general objective of the project is to develop a hardware system based on FPGA reconfigurable circuits, without an operating system, for real-time network traffic analysis.

The specific objectives of the project are:

  1. The system must analyze network traffic in real-time, process network packets at speeds of up to 10 Gbps, compare processed data with a predefined list of indicators of compromise (IoCs), issue alerts with various priority levels when IoCs are detected, and enable blocking actions based on equipment configurations.
  2. The system must support early detection and blocking of DDoS attacks through a mechanism based on real-time packet analysis passing through the equipment.
  3. The system must allow loading an IoC list that includes all IPv4 addresses (approximately 4 billion), along with at least 100,000 binary patterns and signatures.
  4. The system must load a minimum of 100,000 IoCs in under 30 minutes and achieve a detection rate of at least 98%.
  5. Development of a web application through which the user can view analysis and monitoring activity.
  6. Identified alerts should be displayed in the graphical interface according to the severity level assigned by the equipment. Additionally, users should be able to select a time interval for viewing. Furthermore, alerts must be able to be sent in real-time to a remote server using the syslog protocol.
  7. The system must be able to operate independently and autonomously.
  8. The system must allow real-time processing of 10 Gbps network traffic.
  9. The system must provide a factory reset option.
  10. The system configuration must be stored in non-volatile memory and load automatically on startup.

Find out more.