Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

- Store flows in SQLite database in the output directory instead of Redis.

- 55% RAM usage decrease.

- Support the labeling of flows based on Slips detections.

- Add support for exporting labeled flows in JSON and tsv formats.

- Code improvements. Change the structure of all modules.

- Graceful shutdown of all modules thanks to @danieltherealyang

- Print the number of evidence generated by Slips when running on PCAPs and interface.

- Improved the detection of ports that belong to a specific organization.

- Fix bugs in CYST module.

- Fix URLhaus evidence description.

- Fix the freezing progress bar issue.

- Fix problem starting Slips in docker in Linux.

- Ignore ICMP scans if the flow has ICMP type 3

- Improve our whitelist. Slips now checks for whitelisted attackers and victims in the generated evidence.

- Add embedded documentation in the web interface thanks to @shubhangi013

- Improved the choosing of random Redis ports using the -m parameter.

Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.6

Learn more!

Wondering what Slips is capable of? Check out these demo presentations:

For those interested in contributing to Slips:

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.