Machine Learning, Python, Slips, Stratosphere Linux IPS
Stratosphere IPS
HTTPS Anomaly Detection in Slips: Adaptive ...

The new HTTPS anomaly detection module in Slips builds per-host adaptive baselines in traffic time, then detects deviations at two levels: per-flow (for bytes to known servers) and per-hour (for host behavior like new servers, unique servers, JA3 changes, and flow volume). It uses online statistics and z-scores for transparent scoring, plus controlled adaptation states (training_fit, drift_update, suspicious_update) to keep learning while reducing poisoning risk.
The result is explainable, operational evidence in clear human text: what changed, confidence, and why it is anomalous.

HTTPS Anomaly Detection in Slips: Adaptive Baselines for Real Traffic
Education, publications, Python, Slips, Stratosphere Linux IPS
Stratosphere IPS
Rethinking Cybersecurity Defense: Principles ...

Our research identifies sixteen fundamental principles of biological immunity and translates them into cybersecurity defense architectures that emphasize multi-dimensional coordination over single- point tactics.

Rethinking Cybersecurity Defense: Principles from Biological Immunity
Maria Rigaki
AI Attackers in Your Pocket: How Small Language ...

We are pleased to announce the publication of our latest paper, “Building adaptive and transparent cyber agents with local language models,” in the Journal of Expert Systems with Applications.

Slips
Stratosphere IPS
How Well Do LLMs Perform on a Raspberry Pi 5?

Can a Raspberry Pi 5 run Large Language Models? In this post, we share the results of our experiments, analyzing how LLMs perform on this low-cost hardware and exploring the challenges and performance trade-offs.

How Well Do LLMs Perform on a Raspberry Pi 5?
Stratosphere IPS
Introducing ARACNE, a new LLM-based shell ...

The complete automation of cyber-attacks has become one of the areas of greatest interest since the introduction of Large Language Models (LLMs) to the public. The creation of attacking LLM agents that can act independently is among the most popular options. 

In this blog, we introduce a brand-new agent: ARACNE. We also share the results of attack tests and what they mean in terms of the agent’s current capabilities.

Introducing ARACNE, a new LLM-based shell pentesting agent

conference

[Cyber] CiderSecurityCon Conference Wrap Up

The CiderSecurityCon conference was scheduled to take place on March 14-15, 2020. Due to the COVID pandemic however, the on-site event was cancelled. The organizing crew however, decided to re-organize a virtual version of the conference. Using Zoom with the speakers, and streaming via YouTube, they managed to pull off a very friendly and nice virtual event. Here’s our wrap up.

,

Swiss Cyber Security Days: Conference Wrap-Up

,
Swiss Cyber Security Days: Conference Wrap-Up

The Swiss Cyber Security Days are a two-day event in Fribourg, Switzerland. This event brought together Cyber security researchers, consultants from technology, business, politics and the general public interested in cybersecurity from all over the world.

At the second edition of the Swiss Cyber Security Days our researcher Maria Jose Erquiaga presented the work of the Aposemat laboratory in the talk: “The Truth is out there: Hunting malware from an IoT laboratory”.

,

DEFCON 2019. Beyond Sandboxes. How to Execute IoT Malware and Analyze its Evolution

,

We presented a talk at the Packet Hacking Village in Defcon titled "Beyond Sandboxes. How to Execute IoT Malware and Analyze its evolution. We showed how we designed and deployed an IoT malware execution laboratory to run malware for months and how we analyzed it to find novel attacks.

Protecting the civil society through high quality research