Two years ago, we launched the “Introduction to Security” class as a Massive Open Online Course with one ambitious goal: to make high-quality, hands-on cybersecurity education free and accessible worldwide. The response has been really beyond anything we imagined.
The T Cell module was created to give Slips a stateful adaptive response layer on top of its existing evidence pipeline. While the original detectors already provide the innate immune component through PAMP and DAMP evidence, the T Cell module adds antigen recognition, co-stimulation, context evaluation, tolerance, activation, effector action, and memory. It does this by extracting structured antigens from live evidence, matching them against the accepted regex repertoire generated by RegexGenerator, and then combining that recognition with the cumulative danger signaled by recent PAMP and DAMP observations. This allows Slips to move from isolated detections to a more explicit immune decision process that can decide when to ignore, when to contain, and when to remember.
The RegexGenerator module was created to give Slips an adaptive way to discover new string-based detectors for changing indicators such as domains, URIs, filenames, TLS SNI values, and certificate common names. It continuously uses the shared LLM service to propose one regex at a time, then applies local validation and negative selection against benign corpora to reject unsafe or overly broad patterns. The accepted regexes become a reusable adaptive recognition repertoire for other modules, especially the T Cell responder.
The new HTTPS anomaly detection module in Slips builds per-host adaptive baselines in traffic time, then detects deviations at two levels: per-flow (for bytes to known servers) and per-hour (for host behavior like new servers, unique servers, JA3 changes, and flow volume). It uses online statistics and z-scores for transparent scoring, plus controlled adaptation states (training_fit, drift_update, suspicious_update) to keep learning while reducing poisoning risk.
The result is explainable, operational evidence in clear human text: what changed, confidence, and why it is anomalous.
This blog introduces Collectress, a new tool developed at the Stratosphere Laboratory. Collectress was born out of the need to have a certain feed for 30 days or 300 days to evaluate the feeds over time and make a reasonable comparison among feeds.
With the 8th week of GSoC gone, in this blog, we bring updates on what has been happening, with news from our mentors and contributors.
With the 7th week of GSoC gone, we bring updates on what has been happening in this blog, with news from our mentors and contributors.
The Stratosphere Laboratory focus on applied research at the intersection of machine learning, cybersecurity and helping others. As part of our research and social commitment we develop free software tools that can help the community. In this blog we will recount our experience participating in the 2023 (DIMVA) Tool Arsenal with two of our tools: Slips and the AI VPN.
Week 6 of GSoC is finished, and we are approaching the GSoC mid-term evaluations. In this blog, we share the latest updates from our contributors and mentors.
Week 5 of GSoC is finished, the communication was hard this week since some of the mentors were travelling, but being able to work without weekly guidance is a skill to learn.
Week 4 of GSoC is finished, and the work continues. The contributors keep working, and we keep mentoring using a weekly sync-up meeting, Monday for task management and Discord for daily chats.
A honeypot network is a security mechanism to detect and deflect potential cyber-attacks. It works by creating a decoy system that appears to be a valuable target for attackers. The honeypot is designed to lure attackers into interacting with it so that security researchers can monitor their activities and learn more about their tactics. By nature, the honeypots are hidden and do not form part of any production system. As they do not receive legitimate connections, all the interactions with the honeypots can be considered attacks.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Week 3 of GSoC finished, and some nice work has been done so far. The contributors keep working after classes, and we are conducting mentorship. The hard part of mentorship is to actually teach to do things in a certain way and not to provide all the answers.
With the second week of GSoC gone, in this blog, we bring updates on what has been happening, with news from our mentors and contributors.
In this blog, we bring updates on what has been happening during the Google Summer of Code at Stratosphere, with news from our admins, mentors and contributors.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine-learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
After evaluating all the works sent by the candidates, at the end of the September 2022, the winner was selected! The award and money prize was given to Estelle Ruellan a master student of criminology from the Université de Montréal!
In this blog we will describe how to install h0neytr4p [1] honeypot in a cloud server instance. This blog is divided in three parts: (i) how to create a new Digital Ocean instance, (ii) how to install h0neytr4p on it, and (iii) a brief walkthrough to some of the data captured by h0neytr4p.
