1 Star 0 Fork 0


Create your Gitee Account
Explore and code with more than 12 million developers,Free private repositories !:)
Sign up
Clone or Download
Sync branch
Notice: Creating folder will generate an empty file .keep, because not support in Git

Slips v0.7.3

Slips is a behavioral-based Python intrusion prevention system that uses machine learning to detect malicious behaviors in the network traffic. Slips was designed to focus on targeted attacks, detection of command and control channels to provide good visualisation for the analyst. Slips is a modular software.

Behavioral based Intrusion Prevention System

Slips documentation is here

FeaturesSlips in actionRunning Slips in a DockerAuthors - How to contribute


Slips is a Python-based intrusion prevention system that uses machine learning to detect malicious behaviors in the network traffic. Slips was designed to focus on targeted attacks, to detect of command and control channels and to provide good visualisation for the analyst. Slips is able to analyze real live traffic from the device and the large network captures in the type of a pcap files, Suricata, Zeek/Bro and Argus flows. As a result, Slips highlights suspicious behaviour and connections that needs to be deeper analyzed.

Slips is a modular software. Each module is designed to perform a specific detection in the network traffic. Current version of Slips contains following modules:

module description status
asn loads and finds the ASN of each IP
geoip finds the country and geolocation information of each IP
https training&test of RandomForest to detect malicious https flows
port scan detector detects Horizontal and Vertical port scans
threat Intelligence checks if each IP is in a list of malicious IPs
timeline creates a timeline of what happened in the network based on all the flows and type of data available
rnn-cc-detection detects command and control channels using recurrent neural network and the stratosphere behavioral letters
VirusTotal module to lookup IP address on VirusTotal
flowalerts module to find malicious behaviour in each flow. Current measures are: long duration of the connection, successful ssh
blocking module to block malicious IPs connecting to the device ⚠️

Slips has its own console graphical user interface called Kalipso. Kalipso summarizes the detections performed by Slips in colorful graphs and tables.

Complete documentation of Slips internal architecture and instructions how to implement a new module is available here: https://stratospherelinuxips.readthedocs.io/en/develop/

If you want to share files between your host and the docker, you can do:

mkdir ~/dataset
cp <some-place>/myfile.pcap ~/dataset
docker run -it --rm --net=host -v ~/dataset:/StratosphereLinuxIPS/dataset stratosphereips/slips:latest
./slips.py -c slips.conf -f dataset/myfile.pcap

Build the docker from the Dockerfile

The easiest way to run Slips is inside a docker. Current version of Slips docker can analyze network captures (pcap, Zeek flows, Argus flows, etc.), but it is not able to analyze real live traffic. How to use Slips docker from DockerHub:

cd docker
docker build --no-cache -t slips -f Dockerfile .
docker run -it --rm --net=host -v ~/code/StratosphereLinuxIPS/dataset:/StratosphereLinuxIPS/dataset slips
./slips.py -c slips.conf -f dataset/test3.binetflow

You can now put pcap files or other flow files in the ./dataset/ folder and analyze them

People Involved

Founder: Sebastian Garcia. sebastian.garcia@agents.fel.cvut.cz, eldraco@gmail.com.

Main authors: Sebastian Garcia, Kamila Babayeva


  • Ondrej Lukas
  • Alya Gomaa
  • Veronica Valeros
  • Frantisek Strasak
  • Dita Hollmannova
  • Elaheh Biglar Beigi
  • Maria Rigaki
  • kartik88363
  • arkamar

How to contribute

All contributors are welcomed! How you can help?

  • Run Slips and report bugs and needed features, and suggest ideas
  • Pull requests with a solved GitHub issue and new feature
  • Pull request with a new detection module. The instructions and a template for new detection module here.


Slips was funded by the following organizations.

Empty file




No release




Load More
can not load any more
马建仓 AI 助手


Dd8185d8 1850385 E526c682 1850385