New Slips version 0.9.0 is here!

Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system. 

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips capabilities:

  • P2P module: Added the support for sharing and receiving IPs' info with other peers.

Now when slips sees an IP, it asks the network about it, if the network says the IP is malicious, slips alerts. And send the IP to the blocking module to determine whether or not to block it

Slips also shares and receives blocking information from the network. So, if one instance of slips blocked an IP in the network, it lets other peers know about it so they can determine whether or not it’s malicious and need to be blocked.

 

P2P for Slips can be run:

   

Slips only shares scores and confidence (numbers) generated by slips about IPs to the network, no private information is shared.

For detailed documentation on the P2P module and how it works, check the docs.

More new features

We are constantly improving Slips, and a full list of changes in this last version is available in the Slips changelog. These are some of the new cool features that we have been working on:



  • Parse zeek software.log and extract software type, version and user agent from it

  • Detect multiple SSH client versions. Slips will now alert if an IP is detected using OpenSSH_8.1 then OpenSSH_7.1 for example

  • Detect DoH flows in ssl.log

Check Our Slips Demo 

Get a quick overview of what Slips is about and all its capabilities in this demo presented at the LCN conference in 2021.


And the analysis of several malicious PCAPs using Slips: https://stratospherelinuxips.readthedocs.io/en/develop/slips_in_action.html 

Get in Touch

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.








Protecting the civil society through high quality research