Slips
Stratosphere IPS
Adaptive Response in Slips IDS as Immune T Cells

The T Cell module was created to give Slips a stateful adaptive response layer on top of its existing evidence pipeline. While the original detectors already provide the innate immune component through PAMP and DAMP evidence, the T Cell module adds antigen recognition, co-stimulation, context evaluation, tolerance, activation, effector action, and memory. It does this by extracting structured antigens from live evidence, matching them against the accepted regex repertoire generated by RegexGenerator, and then combining that recognition with the cumulative danger signaled by recent PAMP and DAMP observations. This allows Slips to move from isolated detections to a more explicit immune decision process that can decide when to ignore, when to contain, and when to remember.

Adaptive Response in Slips IDS as Immune T Cells
Slips
Stratosphere IPS
Adapting Detections in Slips with Immune ...

The RegexGenerator module was created to give Slips an adaptive way to discover new string-based detectors for changing indicators such as domains, URIs, filenames, TLS SNI values, and certificate common names. It continuously uses the shared LLM service to propose one regex at a time, then applies local validation and negative selection against benign corpora to reject unsafe or overly broad patterns. The accepted regexes become a reusable adaptive recognition repertoire for other modules, especially the T Cell responder.

Adapting Detections in Slips with Immune Pseudo-Generated Regexes
Machine Learning, Python, Slips, Stratosphere Linux IPS
Stratosphere IPS
HTTPS Anomaly Detection in Slips: Adaptive ...

The new HTTPS anomaly detection module in Slips builds per-host adaptive baselines in traffic time, then detects deviations at two levels: per-flow (for bytes to known servers) and per-hour (for host behavior like new servers, unique servers, JA3 changes, and flow volume). It uses online statistics and z-scores for transparent scoring, plus controlled adaptation states (training_fit, drift_update, suspicious_update) to keep learning while reducing poisoning risk.
The result is explainable, operational evidence in clear human text: what changed, confidence, and why it is anomalous.

HTTPS Anomaly Detection in Slips: Adaptive Baselines for Real Traffic
Education, publications, Python, Slips, Stratosphere Linux IPS
Stratosphere IPS
Rethinking Cybersecurity Defense: Principles ...

Our research identifies sixteen fundamental principles of biological immunity and translates them into cybersecurity defense architectures that emphasize multi-dimensional coordination over single- point tactics.

Rethinking Cybersecurity Defense: Principles from Biological Immunity
Maria Rigaki
AI Attackers in Your Pocket: How Small Language ...

We are pleased to announce the publication of our latest paper, “Building adaptive and transparent cyber agents with local language models,” in the Journal of Expert Systems with Applications.

Slips

,

Google Summer of Code Updates from Week #4 (June 19th to June 23th)

,
Google Summer of Code Updates from Week #4 (June 19th to June 23th)

Week 4 of GSoC is finished, and the work continues. The contributors keep working, and we keep mentoring using a weekly sync-up meeting, Monday for task management and Discord for daily chats.

,

Google Summer of Code Updates from Week #3

,
Google Summer of Code Updates from Week #3

Week 3 of GSoC finished, and some nice work has been done so far. The contributors keep working after classes, and we are conducting mentorship. The hard part of mentorship is to actually teach to do things in a certain way and not to provide all the answers.

Writing a SLIPS Module

Writing a SLIPS Module

Slips is a machine learning-based intrusion prevention system for Linux and MacOS, developed at the Stratosphere Laboratories from the Czech Technical University in Prague. Slips reads network traffic flows from several sources, applies multiple detections (including machine learning detections) and detects infected computers and attackers in the network. It is easy to extend the functionality of Slips by writing a new module. This blog shows how to create a new module for Slips from scratch.

Protecting the civil society through high quality research