Table of Contents
- Introduction
- Usage
- Graphical User Interface
- Requirements
- Installation
- Extended Usage
- Configuration
- Features
- Contributing
- Documentation
- Troubleshooting
- License
- Credits
- Changelog
- Demos
- Funding
Introduction
Slips is the first free software behavioral machine learning-based IDS/IPS (Intrusion Detection System / Intrusion Prevention System) for endpoints. Created in 2012, it leverages machine learning to detect network attacks using behavioral analysis on Linux and MacOS. The system integrates with the Zeek network analysis framework for capturing live traffic and analyzing PCAP files.
Usage
The recommended way to use Slips is through Docker. Here’s how you can run it:
For Linux
docker run --rm -it -p 55000:55000 --cpu-shares 700 --memory=8g --memory-swap=8g --net=host --cap-add=NET_ADMIN --name slips stratosphereips/slips:latest.slips.py -f dataset/test7-malicious.pcap -o output_dir
cat output_dir/alerts.log
For MacOS M1
Don’t use --net=host
if you want to access the internal container’s ports from the host.
docker run --rm -it -p 55000:55000 --cpu-shares 700 --memory=8g --memory-swap=8g --cap-add=NET_ADMIN --name slips stratosphereips/slips_macos_m1:latest.slips.py -f dataset/test7-malicious.pcap -o output_dir
cat output_dir/alerts.log
For MacOS Intel
docker run --rm -it -p 55000:55000 --cpu-shares 700 --memory=8g --memory-swap=8g --net=host --cap-add=NET_ADMIN --name slips stratosphereips/slips:latest.slips.py -f dataset/test7-malicious.pcap -o output_dir
cat output_dir/alerts.log
For more installation options, see the documentation.
For a detailed explanation of Slips parameters, check here.
Graphical User Interface
To check Slips output using a GUI, you can use the web interface or our command-line based interface Kalipso.
Web Interface
Run the following command:
.webinterface.sh
Then navigate to http://localhost:55000 from your browser.
Kalipso (CLI-Interface)
Run:
.kalipso.sh
Requirements
Slips requires Python 3.10.12 and at least 4GBs of RAM to run smoothly.
Installation
The easiest and most recommended way to run Slips is on Docker. Below are some of the ways to install Slips:
- Docker Installation
- If you prefer native installation, you can use install.sh or install manually.
- For Raspberry Pi users, check the beta version.
Extended Usage
Explore options for analyzing your traffic and PCAP files through the following links:
Configuration
Slips uses configslips.conf for user configurations:
- Modify the time window width.
- Change the analysis direction.
- Specify training or testing for ML models.
- Enable popup notifications and blocking.
- Plug in your own Zeek script.
More details about the configuration file options can be found here.
Features
The key features of Slips include:
- Behavioral Intrusion Prevention: Prevents intrusions based on detecting malicious behaviors.
- Modularity: Highly modular design enables specific detections.
- Traffic Analysis Flexibility: Can analyze real-time traffic, PCAP files, and network flows.
- Threat Intelligence Updates: Continuous updates for relevant detections.
- Integration with External Platforms: Lookups on platforms like VirusTotal.
- Graphical User Interface: Provides a console and web interface for easy navigation.
- Docker Implementation: Simplifies operation through Docker on Linux systems.
- Detailed Documentation: Offers thorough guidance for efficient usage.
Contributing
We welcome contributions! Please review our contributing guidelines for involvement.
Documentation
Access user and code documentation via:
Troubleshooting
If you encounter issues trying to listen to an interface without sudo
, run the following command:
sudo setcap cap_net_raw,cap_net_admin=eip path-to-zeek-bin/zeek
For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.
License
The project is licensed under the GNU General Public License.
Credits
The founder of Slips is Sebastian Garcia. Other main authors include:
Changelog
See the changelog here.
Demos
Check out demos of Slips in action at:
At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.