Learn and whitelist benign IPs

stratosphereips / StratosphereLinuxIPS

Slips, a free software behavioral Python intrusion prevention system (IDS/IPS) that uses machine learning to detect malicious behaviors in the network traffic. Stratosphere Laboratory, AIC, FEL, CVUT in Prague.

Other

697 stars 172 forks source link

Learn and whitelist benign IPs #452

Open AlyaGomaa opened 8 months ago

AlyaGomaa commented 8 months ago

learning of IPs should be done in training mode (in slips.conf) Whitelisting IPs can be done using one of the following ways:

Whitelist the top IPs used (sorted by the amount of packets sent/recvd to each IP)
Whitelist IPs that appear more than 5 times
Whitelist all the IPs you see

Atlas-64 commented 7 months ago

Hi, @AlyaGomaa since no one has been assigned to this issue, is it okay if I begin working on this

Atlas-64 commented 7 months ago

would it be fine if I just define a seperate function within flowmldetection.py which does the above and returns a list of whitelisted IPs? or would we prefer creating a whole behavioral module from scratch for training slips on whitelisted IPs