Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features:
- Fix missing flows due to modules stopping before the processing is done.
- Code improvements. Change the structure of all modules.
- Fix how we detect vertical and horizontal port scans.
- Update the whitelist by adding all the IPs of whitelisted domains.
- Fixed error whitelisting Unencrypted HTTP traffic.
- Remove the feature of creating log directories using -l, now the only logs Slips generates are stored in the output/ directory.
- Added support for reading flows from any module, not just the input process, using --input-module.
- CYST module improvements.
- Detect invalid DNS answers when querying ad servers. thanks to @ganesh-dagadi .
- Update Slips known ports.
- Prevent model.bin and scaler.bin from changing in test mode. thanks to @haleelsada.
- Use either 'ip neigh show' or 'arp -an' to get gateway MAC from the host's ARP table. thanks to @naturalnetworks.
Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.5
Wondering what Slips is capable of? Check out these demo presentations:
LCN conference in 2021: https://youtu.be/1KqwlxVuf48
BlackHat USA Arsenal 2022: https://youtu.be/dJuTmi2bJcI
How to contribute
For those interested in contributing to Slips:
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.
Article Link: New Slips version v1.0.5 is here! — Stratosphere IPS