The new HTTPS anomaly detection module in Slips builds per-host adaptive baselines in traffic time, then detects deviations at two levels: per-flow (for bytes to known servers) and per-hour (for host behavior like new servers, unique servers, JA3 changes, and flow volume). It uses online statistics and z-scores for transparent scoring, plus controlled adaptation states (training_fit, drift_update, suspicious_update) to keep learning while reducing poisoning risk.
The result is explainable, operational evidence in clear human text: what changed, confidence, and why it is anomalous.
Our research identifies sixteen fundamental principles of biological immunity and translates them into cybersecurity defense architectures that emphasize multi-dimensional coordination over single- point tactics.
We are pleased to announce the publication of our latest paper, “Building adaptive and transparent cyber agents with local language models,” in the Journal of Expert Systems with Applications.
Can a Raspberry Pi 5 run Large Language Models? In this post, we share the results of our experiments, analyzing how LLMs perform on this low-cost hardware and exploring the challenges and performance trade-offs.
The complete automation of cyber-attacks has become one of the areas of greatest interest since the introduction of Large Language Models (LLMs) to the public. The creation of attacking LLM agents that can act independently is among the most popular options.
In this blog, we introduce a brand-new agent: ARACNE. We also share the results of attack tests and what they mean in terms of the agent’s current capabilities.
This blog post shows the analysis of a malware of the PyRation family by Tomas Nieponice as part of a 3-week winter cybersecurity internship at the Stratosphere Laboratory. The internship was done under the supervision of Assist. prof. Sebastian Garcia, PhD.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine-learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
We started working with UptimeRobot in our IoT lab, and it was like suddenly someone turned on the light.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system
We are happy to announce that our researcher, Muris Sladić, will present our latest research, “LLM in the Shell: Generative Honeypots”, at the upcoming ESORICS conference poster session in The Hague, Netherlands, on Monday, September 25, 2023. Whether you plan to attend the conference or want to learn more about this research, check out our paper. Our research proposes a novel use of Large Language Models (LLMs) for dynamic on-the-fly creation and generation of more engaging honeypot environments.
We are excited to announce that two of our projects, Slips and the AI VPN, were selected to participate in the upcoming Black Hat Europe Arsenal 2023, taking place on December 6-7 in London, UK!
In this blog post, we describe how to run AIP on a cloud instance server, to read from Zeek logs and generate your own blocklist feed of IPs to block. The blog is divided into five parts: first, what is AIP; second, we describe how to set up a new cloud server in Digital Ocean; third, how to configure the cloud server with Zeek running; fourth, how to prepare the environment and configurations for AIP to run; and fifth, how to run AIP and generate your own blocklists.
With the 9th week of GSoC gone, in this blog, we bring updates on what has been happening, with news from our mentors and contributors.
This blog introduces Collectress, a new tool developed at the Stratosphere Laboratory. Collectress was born out of the need to have a certain feed for 30 days or 300 days to evaluate the feeds over time and make a reasonable comparison among feeds.
With the 8th week of GSoC gone, in this blog, we bring updates on what has been happening, with news from our mentors and contributors.
With the 7th week of GSoC gone, we bring updates on what has been happening in this blog, with news from our mentors and contributors.
The Stratosphere Laboratory focus on applied research at the intersection of machine learning, cybersecurity and helping others. As part of our research and social commitment we develop free software tools that can help the community. In this blog we will recount our experience participating in the 2023 (DIMVA) Tool Arsenal with two of our tools: Slips and the AI VPN.
Week 6 of GSoC is finished, and we are approaching the GSoC mid-term evaluations. In this blog, we share the latest updates from our contributors and mentors.
Week 5 of GSoC is finished, the communication was hard this week since some of the mentors were travelling, but being able to work without weekly guidance is a skill to learn.
Week 4 of GSoC is finished, and the work continues. The contributors keep working, and we keep mentoring using a weekly sync-up meeting, Monday for task management and Discord for daily chats.
A honeypot network is a security mechanism to detect and deflect potential cyber-attacks. It works by creating a decoy system that appears to be a valuable target for attackers. The honeypot is designed to lure attackers into interacting with it so that security researchers can monitor their activities and learn more about their tactics. By nature, the honeypots are hidden and do not form part of any production system. As they do not receive legitimate connections, all the interactions with the honeypots can be considered attacks.
Our team is excited to share the latest news and features of Slips, our behavioral-based machine learning intrusion detection system.
