We are happy to announce the release of AIP v3.0.0, incorporating some important updates and improvements to our Attacker IP Prioritization (AIP) tool. The AIP framework generates efficient and economical IP blocklists based on network traffic captured from honeypot networks. Each blocklist it generates focuses on specific aspects of the attacks; the prioritize new blocklist focuses on new attackers, while the prioritize consistent blocklist focuses on attackers that are consistently attacking over time. Each blocklist gives you the choice of blocking what is more important to your network.
AIP takes incoming network attacks captured by Zeek, processes the data, and each model will generate its own blocklist prioritising a specific aspects of the incoming attacks.
This release focuses on making AIP more user-friendly, robust, and versatile. We worked hard to optimize the Docker image to make it smaller and more efficient. Here’s everything new in this release!
Download AIP from our GitHub repository
Download our Stratosphere AIP blocklists
Key Highlights in AIP v3.0.0
In this release, we're particularly excited about these aspects of AIP:
Enhanced Docker: we improved the documentation, the docker build, and the overall structure of AIP.
Conda Independence: we are particularly happy to have decoupled AIP from the need to use Conda, which allowed us to reduce the container size significantly. As an extra bonus, nos the same AIP docker image can run on Mac M1 computers.
Reduced Docker image size by 80%: the various improvements in the Docker build brought considerable improvement in the AIP docker image size.
Improved Error Handling: The new release includes better management of exceptions and missing files, ensuring smoother operations even when issues arise.
User-Friendly CLI: we’ve introduced argument parsing for the main bin/aip script, allowing users to easily specify options and get help directly from the command line.
Testing and Contributing Enhancements: we are reintroducing tests and updating our contributing guidelines, making it easier for the community to participate in AIP’s development. This area has a long way to go, but we are happy things are moving forward!
Check out the full changelog on our GitHub release page: AIP v3.0.0 Changelog
Learn More!
We published a great blog on how to try AIP out with a detailed step-by-step guide: Generating Your Own Blocklists with the Stratosphere AIP Framework
How to Contribute
We’re always looking for new contributors! If you’re interested in helping improve AIP or have feedback to share, check out our Contributing Guide.
Get in Touch
Questions or feedback? Join our community on Discord, submit an issue, or open a PR on our GitHub repo. We’d love to hear from you!