GPT-based self-supervised anomaly detection in command lines
摘要
Detecting anomalies in command lines is essential for system security, as malicious or unintended commands may cause severe issues like system corruption or data breaches. Traditional methods rely on predefined rules or labeled datasets, which are time-consuming to develop and struggle to adapt to evolving command patterns. This paper introduces a novel self-supervised method for detecting anomalies in command lines using a GPT model trained from scratch. Our approach focuses on restoring corrupted command lines by leveraging context from both preceding and succeeding tokens, enabling the detection of anomalies caused by incorrect, missing, or extra tokens. Experimental results demonstrate that our method achieves a detection accuracy of 93.74%, significantly outperforming previous anomaly detection methods on the evaluated benchmark. Furthermore, the model provides insights into anomalies at the token level, helping security personnel verify issues by generating corrected versions of anomalous command lines. The proposed method offers a practical solution for continuous monitoring and improvement of system security.