Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Download Slips from our GitHub repository: https://github.com/stratosphereips/StratosphereLinuxIPS
Access Slips documentation through Read the Docs: https://stratospherelinuxips.readthedocs.io/en/develop/
What We Are Particularly Excited About
In this release we are particularly excited about these new Slips features:
- Store flows in SQLite database in the output directory instead of Redis.
- 55% RAM usage decrease.
- Support the labeling of flows based on Slips detections.
- Add support for exporting labeled flows in JSON and tsv formats.
- Code improvements. Change the structure of all modules.
- Graceful shutdown of all modules thanks to @danieltherealyang
- Print the number of evidence generated by Slips when running on PCAPs and interface.
- Improved the detection of ports that belong to a specific organization.
- Fix bugs in CYST module.
- Fix URLhaus evidence description.
- Fix the freezing progress bar issue.
- Fix problem starting Slips in docker in Linux.
- Ignore ICMP scans if the flow has ICMP type 3
- Improve our whitelist. Slips now checks for whitelisted attackers and victims in the generated evidence.
- Add embedded documentation in the web interface thanks to @shubhangi013
- Improved the choosing of random Redis ports using the -m parameter.
Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.6
Wondering what Slips is capable of? Check out these demo presentations:
LCN conference in 2021: https://youtu.be/1KqwlxVuf48
BlackHat USA Arsenal 2022: https://youtu.be/dJuTmi2bJcI
How to contribute
For those interested in contributing to Slips:
Get in Touch
Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.
Article Link: New Slips version v1.0.6 is here! — Stratosphere IPS