This blog was authored by Veronica Valeros (@verovaleros) on 2023-07-14.
The Stratosphere Laboratory focus on applied research at the intersection of machine learning, cybersecurity and helping others. As part of our research and social commitment, we develop free software tools that can help the community. In this blog, we will recount our experience participating in the 2023 (DIMVA) Tool Arsenal with two tools: Slips and the AI VPN.
DIMVA is the Conference on Detection of Intrusions and Malware & Vulnerability Assessment. It takes place yearly at different locations. This year, the 20th edition occurred in Hamburg, Germany, at the Hotel Hafen Hamburg. The conference had three excellent keynote speakers: Giovanni Vigna, Robin Sommer, and Konrad Rieck. Check the full programme at: https://dimva2023.de/program/
DIMVA Tool Arsenal
This year, DIMVA organized a Tool Arsenal, where researchers could present their free software tools to the conference community. The Call for Tools (CFT) aimed to attract tools in the areas of intrusion detection, malware analysis, vulnerability assessment, digital forensics and security automation.
The process of the arsenal is similar to a CFP, where researchers send short papers (1-2 pages) on their free software tools to the committee, which then reviews and select proposals.
This year there were six selected tools:
AI VPN: A Free-Software AI-Powered Network Forensics Tool
Veronica Valeros, Sebastian Garcia (Stratosphere Laboratory, AIC, FEL, Czech Technical University in Prague)
Slips: A Free-Software network IPS with Behavioral Machine Learning Detection
Alya Gomaa, Sebastian Garcia (Stratosphere Laboratory, AIC, FEL, Czech Technical University in Prague)
FACT – Firmware Analysis and Comparison Tool
Johannes vom Dorp, Jörg Stucke, Peter Weidenbach, Marten Ringwelski
Gerard Wagener, CIRCL
Paolo Di Prodi (Priam Cyber AI ltd)
AI VPN: A Free Software AI-Powered Network Forensics Tool
The AI VPN is an AI-based traffic analysis tool to detect and block threats, ensuring enhanced privacy protection automatically. It offers modular management of VPN accounts, automated network traffic analysis, and incident reporting. Using the free-software IDS system, Slips, the AI VPN employs machine learning and threat intelligence for comprehensive traffic analysis. Multiple VPN technologies, such as OpenVPN and Wireguard, are supported, and in-line blocking technologies like Pi-hole provide additional protection.
The AI VPN is the engine that powers our Civilsphere Emergency VPN service, which has provided since 2018 free services to journalists, activists, human rights defenders and civil society in general to help protect them from targeted digital attacks. Read more.
Slips: A Free Software Network IPS with Behavioral Machine Learning Detection
Slips is the first free-software network IPS using behavioural detection and machine learning. Its novel architecture profiles devices, support for multiple input types, builds a network of P2P IPS, is extendable, consumes 45+ TI feeds, uses evidence to generate alerts, and has a web dashboard. Slips does not rely on signatures, but it is able to detect malicious activity through the analysis of behavioural profiles of the endpoints. Read more.
Stratosphere with Slips was selected for the Google Summer of Code 2023, and we are super excited to have two students working on Slips performance improvements and Slips web UI improvements.
The arsenal presentations happened over the span of 1.5 hours, where speakers showed their presentations several times to small groups of researchers. It was a very good experience to share the details of the tools with small crowds, hear questions, and have a small discussion and exchange ideas. Participants could also vote for the best presentation who was awarded the Best Tool Award Certificate!
<img alt="" src="https://images.squarespace-cdn.com/content/v1/5a01100f692ebe0459a1859f/609326cd-1130-4563-9377-8d7b47b90a18/IMG_6536.jpg?format=1000w" /> <p>Veronica Valeros (left) in the kick off of the arsenal ready to present the AI VPN at DIMVA 2023.</p>
DIMVA Best Tool Award
The best tool award was awarded to Matthias Vallentin, who presented the tool Tenzir as one of the few last-minute additions to the arsenal lineup. In case you don't know Tenzir, it is a tool designed to help security teams create simple and easy data pipelines. Read more.
Join the Discussion
We have a public discord server where you can join the discussions and ask us anything!