Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.

Quick links:

What We Are Particularly Excited About

In this release we are particularly excited about these new Slips features:

Fix missing flows due to modules stopping before the processing is done.
Code improvements. Change the structure of all modules.
Fix how we detect vertical and horizontal port scans.
Update the whitelist by adding all the IPs of whitelisted domains.
Fix error whitelisting Unencrypted HTTP traffic.
Remove the feature of creating log directories using -l, now the only logs Slips generates are stored in the output/ directory.
Add support for reading flows from any module, not just the input process, using --input-module.
CYST module improvements.
Detect invalid DNS answers when querying ad servers. thanks to @ganesh-dagadi .
Update Slips known ports.
Prevent model.bin and scaler.bin from changing in test mode. thanks to @haleelsada.
Use either 'ip neigh show' or 'arp -an' to get gateway MAC from the host's ARP table. thanks to @naturalnetworks.

Check the full list of changes in our release page: https://github.com/stratosphereips/StratosphereLinuxIPS/releases/tag/v1.0.5

Learn more!

Wondering what Slips is capable of? Check out these demo presentations:

For those interested in contributing to Slips:

Feel free to join our Discord server and ask questions, suggest new features or give us feedback. PRs and Issues are welcomed in our repo.