Slips
Stratosphere IPS
Adaptive Response in Slips IDS as Immune T Cells

The T Cell module was created to give Slips a stateful adaptive response layer on top of its existing evidence pipeline. While the original detectors already provide the innate immune component through PAMP and DAMP evidence, the T Cell module adds antigen recognition, co-stimulation, context evaluation, tolerance, activation, effector action, and memory. It does this by extracting structured antigens from live evidence, matching them against the accepted regex repertoire generated by RegexGenerator, and then combining that recognition with the cumulative danger signaled by recent PAMP and DAMP observations. This allows Slips to move from isolated detections to a more explicit immune decision process that can decide when to ignore, when to contain, and when to remember.

Adaptive Response in Slips IDS as Immune T Cells
Slips
Stratosphere IPS
Adapting Detections in Slips with Immune ...

The RegexGenerator module was created to give Slips an adaptive way to discover new string-based detectors for changing indicators such as domains, URIs, filenames, TLS SNI values, and certificate common names. It continuously uses the shared LLM service to propose one regex at a time, then applies local validation and negative selection against benign corpora to reject unsafe or overly broad patterns. The accepted regexes become a reusable adaptive recognition repertoire for other modules, especially the T Cell responder.

Adapting Detections in Slips with Immune Pseudo-Generated Regexes
Machine Learning, Python, Slips, Stratosphere Linux IPS
Stratosphere IPS
HTTPS Anomaly Detection in Slips: Adaptive ...

The new HTTPS anomaly detection module in Slips builds per-host adaptive baselines in traffic time, then detects deviations at two levels: per-flow (for bytes to known servers) and per-hour (for host behavior like new servers, unique servers, JA3 changes, and flow volume). It uses online statistics and z-scores for transparent scoring, plus controlled adaptation states (training_fit, drift_update, suspicious_update) to keep learning while reducing poisoning risk.
The result is explainable, operational evidence in clear human text: what changed, confidence, and why it is anomalous.

HTTPS Anomaly Detection in Slips: Adaptive Baselines for Real Traffic
Education, publications, Python, Slips, Stratosphere Linux IPS
Stratosphere IPS
Rethinking Cybersecurity Defense: Principles ...

Our research identifies sixteen fundamental principles of biological immunity and translates them into cybersecurity defense architectures that emphasize multi-dimensional coordination over single- point tactics.

Rethinking Cybersecurity Defense: Principles from Biological Immunity
Maria Rigaki
AI Attackers in Your Pocket: How Small Language ...

We are pleased to announce the publication of our latest paper, “Building adaptive and transparent cyber agents with local language models,” in the Journal of Expert Systems with Applications.

Participation in ICAART 2024, Rome

Participation in ICAART 2024, Rome

Last week in Rome, our team was happy to participate with two papers in the 16th International Conference on Agents and Artificial Intelligence (ICAART).

Analysis and understanding of malware of the PyRation family

Analysis and understanding of malware of the PyRation family

This blog post shows the analysis of a malware of the PyRation family by Tomas Nieponice as part of a 3-week winter cybersecurity internship at the Stratosphere Laboratory. The internship was done under the supervision of Assist. prof. Sebastian Garcia, PhD.

"LLM in the Shell: Generative Honeypots" to be presented at ESORICS 2023 Poster Session

"LLM in the Shell: Generative Honeypots" to be presented at ESORICS 2023 Poster Session

We are happy to announce that our researcher, Muris Sladić, will present our latest research, “LLM in the Shell: Generative Honeypots”, at the upcoming ESORICS conference poster session in The Hague, Netherlands, on Monday, September 25, 2023. Whether you plan to attend the conference or want to learn more about this research, check out our paper. Our research proposes a novel use of Large Language Models (LLMs) for dynamic on-the-fly creation and generation of more engaging honeypot environments.

,

Stratosphere's Slips and the AI VPN to appear at Black Hat Europe 2023 Arsenal!

,
Stratosphere's Slips and the AI VPN to appear at Black Hat Europe 2023 Arsenal!

We are excited to announce that two of our projects, Slips and the AI VPN, were selected to participate in the upcoming Black Hat Europe Arsenal 2023, taking place on December 6-7 in London, UK!

Generating Your Own Blocklists with the Stratosphere AIP Framework

Generating Your Own Blocklists with the Stratosphere AIP Framework

In this blog post, we describe how to run AIP on a cloud instance server, to read from Zeek logs and generate your own blocklist feed of IPs to block. The blog is divided into five parts:  first, what is AIP; second, we describe how to set up a new cloud server in Digital Ocean; third, how to configure the cloud server with Zeek running; fourth, how to prepare the environment and configurations for AIP to run; and fifth, how to run AIP and generate your own blocklists.

Introducing Collectress: Consistent Threat Intelligence Feed Collection and Storage

Introducing Collectress: Consistent Threat Intelligence Feed Collection and Storage

This blog introduces Collectress, a new tool developed at the Stratosphere Laboratory. Collectress was born out of the need to have a certain feed for 30 days or 300 days to evaluate the feeds over time and make a reasonable comparison among feeds. 

,

Slips and the AI VPN presented at the 20th DIMVA Tool Arsenal in Hamburg, Germany

,
Slips and the AI VPN presented at the 20th DIMVA Tool Arsenal in Hamburg, Germany

The Stratosphere Laboratory focus on applied research at the intersection of machine learning, cybersecurity and helping others. As part of our research and social commitment we develop free software tools that can help the community. In this blog we will recount our experience participating in the 2023 (DIMVA) Tool Arsenal with two of our tools: Slips and the AI VPN.

Protecting the civil society through high quality research