---

Table of Contents

• Introduction
• Usage
• Graphical User Interface
• Requirements
• Installation
• Extended Usage
• Configuration
• Features
• Contributing
• Documentation
• Troubleshooting
• License
• Credits
• Changelog
• Demos
• Funding

Introduction

Slips is the first free software behavioral machine learning-based IDS/IPS (Intrusion Detection System / Intrusion Prevention System) for endpoints. Created in 2012, it leverages machine learning to detect network attacks using behavioral analysis on Linux and MacOS. The system integrates with the Zeek network analysis framework for capturing live traffic and analyzing PCAP files.

Usage

The recommended way to use Slips is through Docker. Here’s how you can run it:

For Linux

docker run --rm -it -p 55000:55000 --cpu-shares 700 --memory=8g --memory-swap=8g --net=host --cap-add=NET_ADMIN --name slips stratosphereips/slips:latest.slips.py -f dataset/test7-malicious.pcap -o output_dir
cat output_dir/alerts.log

For MacOS M1

Don’t use --net=host if you want to access the internal container’s ports from the host.

docker run --rm -it -p 55000:55000 --cpu-shares 700 --memory=8g --memory-swap=8g --cap-add=NET_ADMIN --name slips stratosphereips/slips_macos_m1:latest.slips.py -f dataset/test7-malicious.pcap -o output_dir
cat output_dir/alerts.log

For MacOS Intel

docker run --rm -it -p 55000:55000 --cpu-shares 700 --memory=8g --memory-swap=8g --net=host --cap-add=NET_ADMIN --name slips stratosphereips/slips:latest.slips.py -f dataset/test7-malicious.pcap -o output_dir
cat output_dir/alerts.log

For more installation options, see the documentation.

For a detailed explanation of Slips parameters, check here.

Graphical User Interface

To check Slips output using a GUI, you can use the web interface or our command-line based interface Kalipso.

Web Interface

Run the following command:

.webinterface.sh

Then navigate to http://localhost:55000 from your browser.

Kalipso (CLI-Interface)

Run:

.kalipso.sh

Requirements

Slips requires Python 3.10.12 and at least 4GBs of RAM to run smoothly.

Installation

The easiest and most recommended way to run Slips is on Docker. Below are some of the ways to install Slips:

• Docker Installation
• If you prefer native installation, you can use install.sh or install manually.
• For Raspberry Pi users, check the beta version.

Extended Usage

Explore options for analyzing your traffic and PCAP files through the following links:

• Analyze own traffic without P2P
• Analyze own traffic with P2P
• Analyze a PCAP file without P2P

Configuration

Slips uses configslips.conf for user configurations:

• Modify the time window width.
• Change the analysis direction.
• Specify training or testing for ML models.
• Enable popup notifications and blocking.
• Plug in your own Zeek script.

More details about the configuration file options can be found here.

Features

The key features of Slips include:

• Behavioral Intrusion Prevention: Prevents intrusions based on detecting malicious behaviors.
• Modularity: Highly modular design enables specific detections.
• Traffic Analysis Flexibility: Can analyze real-time traffic, PCAP files, and network flows.
• Threat Intelligence Updates: Continuous updates for relevant detections.
• Integration with External Platforms: Lookups on platforms like VirusTotal.
• Graphical User Interface: Provides a console and web interface for easy navigation.
• Docker Implementation: Simplifies operation through Docker on Linux systems.
• Detailed Documentation: Offers thorough guidance for efficient usage.

Contributing

We welcome contributions! Please review our contributing guidelines for involvement.

Documentation

Access user and code documentation via:

• User Documentation
• Code Documentation

Troubleshooting

If you encounter issues trying to listen to an interface without sudo, run the following command:

sudo setcap cap_net_raw,cap_net_admin=eip path-to-zeek-bin/zeek

For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.

License

The project is licensed under the GNU General Public License.

Credits

The founder of Slips is Sebastian Garcia. Other main authors include:

• Alya Gomaa
• Kamila Babayeva

Changelog

See the changelog here.

Demos

Check out demos of Slips in action at:

• BlackHat Europe 2022
• BlackHat USA 2022

At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.