Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Quick links:
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips capabilities:
P2P module: Added the support for sharing and receiving IPs' info with other peers.
Now when slips sees an IP, it asks the network about it, if the network says the IP is malicious, slips alerts. And send the IP to the blocking module to determine whether or not to block it
Slips also shares and receives blocking information from the network. So, if one instance of slips blocked an IP in the network, it lets other peers know about it so they can determine whether or not it’s malicious and need to be blocked.
P2P for Slips can be run:
Slips only shares scores and confidence (numbers) generated by slips about IPs to the network, no private information is shared.
For detailed documentation on the P2P module and how it works, check the docs.
More new features
We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new cool features that we have been working on:
Parse zeek software.log and extract software type, version and user agent from it
Detect multiple SSH client versions. Slips will now alert if an IP is detected using OpenSSH_8.1 then OpenSSH_7.1 for example
Detect DoH flows in ssl.log
Check Our Slips Demo
Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.
And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.