<p>Detecting anomalies in command lines is essential for system security, as malicious or unintended commands may cause severe issues like system corruption or data breaches. Traditional methods rely on predefined rules or labeled datasets, which are time-consuming to develop and struggle to adapt to evolving command patterns. This paper introduces a novel self-supervised method for detecting anomalies in command lines using a GPT model trained from scratch. Our approach focuses on restoring corrupted command lines by leveraging context from both preceding and succeeding tokens, enabling the detection of anomalies caused by incorrect, missing, or extra tokens. Experimental results demonstrate that our method achieves a detection accuracy of 93.74%, significantly outperforming previous anomaly detection methods on the evaluated benchmark. Furthermore, the model provides insights into anomalies at the token level, helping security personnel verify issues by generating corrected versions of anomalous command lines. The proposed method offers a practical solution for continuous monitoring and improvement of system security.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

GPT-based self-supervised anomaly detection in command lines

  • Miles Q. Li,
  • Julien Keutchayan,
  • François Charest,
  • Benjamin C. M. Fung

摘要

Detecting anomalies in command lines is essential for system security, as malicious or unintended commands may cause severe issues like system corruption or data breaches. Traditional methods rely on predefined rules or labeled datasets, which are time-consuming to develop and struggle to adapt to evolving command patterns. This paper introduces a novel self-supervised method for detecting anomalies in command lines using a GPT model trained from scratch. Our approach focuses on restoring corrupted command lines by leveraging context from both preceding and succeeding tokens, enabling the detection of anomalies caused by incorrect, missing, or extra tokens. Experimental results demonstrate that our method achieves a detection accuracy of 93.74%, significantly outperforming previous anomaly detection methods on the evaluated benchmark. Furthermore, the model provides insights into anomalies at the token level, helping security personnel verify issues by generating corrected versions of anomalous command lines. The proposed method offers a practical solution for continuous monitoring and improvement of system security.