Jie Shi,Sihang Jiang,Bo Xu,Jiaqing Liang,Yanghua Xiao,Wei Wang

DOI: https://doi.org/10.1109/issre59848.2023.00082

2023-01-01

Abstract:This paper presents ShellGPT, a pre-trained language model specifically designed to enhance the understanding of shell language which plays a crucial role in IT operations. Based on the GPT series of models, ShellGPT is trained on a corpus that aligns shell language with natural language, aiming to inject domain-specific knowledge into the model. The technique of pre-tokenization is employed to maximize the reuse of a general-purpose vocabulary, facilitating effective model transfer from general domain. Furthermore, a new pre-training objective, named equivalent command learning, is proposed to refine the command representations through modeling function equivalence of commands. To evaluate the performance of ShellGPT, we conduct fine-tuning on various downstream tasks related to shell language understanding. These tasks include command recommendation, command correction, and translation from natural language to shell command. Our experimental results demonstrate that ShellGPT outperforms other baseline models in terms of performance across almost all evaluated tasks. The findings from our experiments highlight the effectiveness of Shell-GPT in enhancing shell language understanding and demonstrate its potential for practical applications in IT operations.

Xi Victoria Lin,Chenglong Wang,Luke Zettlemoyer,Michael D. Ernst

DOI: https://doi.org/10.48550/arXiv.1802.08979

2018-02-25

Computation and Language

Abstract:We present new data and semantic parsing methods for the problem of mapping English sentences to Bash commands (NL2Bash). Our long-term goal is to enable any user to perform operations such as file manipulation, search, and application-specific scripting by simply stating their goals in English. We take a first step in this domain, by providing a new dataset of challenging but commonly used Bash commands and expert-written English descriptions, along with baseline methods to establish performance levels on this task.

Chengdong Yao,Cuihua Wang

DOI: https://doi.org/10.48550/arXiv.2208.11867

2022-08-25

Abstract:In some areas, such as Cognitive Linguistics, researchers are still using traditional techniques based on manual rules and patterns. Since the definition of shell noun is rather subjective and there are many exceptions, this time-consuming work had to be done by hand in the past when Deep Learning techniques were not mature enough. With the increasing number of networked languages, these rules are becoming less useful. However, there is a better alternative now. With the development of Deep Learning, pre-trained language models have provided a good technical basis for Natural Language Processing. Automated processes based on Deep Learning approaches are more in line with modern needs. This paper collaborates across borders to propose two Neural Network models for the automatic detection of shell nouns and experiment on the WikiText-2 dataset. The proposed approaches not only allow the entire process to be automated, but the precision has reached 94% even on completely unseen articles, comparable to that of human annotators. This shows that the performance and generalization ability of the model is good enough to be used for research purposes. Many new nouns are found that fit the definition of shell noun very well. All discovered shell nouns as well as pre-trained models and code are available on GitHub.

Computation and Language,Machine Learning

Matteo Boffa,Rodolfo Vieira Valentim,Luca Vassio,Danilo Giordano,Idilio Drago,Marco Mellia,Zied Ben Houidi

DOI: https://doi.org/10.1016/j.cose.2024.103805

2024-03-22

Abstract:The collection of security-related logs holds the key to understanding attack behaviors and diagnosing vulnerabilities. Still, their analysis remains a daunting challenge. Recently, Language Models (LMs) have demonstrated unmatched potential in understanding natural and programming languages. The question arises whether and how LMs could be also useful for security experts since their logs contain intrinsically confused and obfuscated information. In this paper, we systematically study how to benefit from the state-of-the-art in LM to automatically analyze text-like Unix shell attack logs. We present a thorough design methodology that leads to LogPrécis. It receives as input raw shell sessions and automatically identifies and assigns the attacker tactic to each portion of the session, i.e., unveiling the sequence of the attacker's goals. We demonstrate LogPrécis capability to support the analysis of two large datasets containing about 400,000 unique Unix shell attacks. LogPrécis reduces them into about 3,000 fingerprints, each grouping sessions with the same sequence of tactics. The abstraction it provides lets the analyst better understand attacks, identify fingerprints, detect novelty, link similar attacks, and track families and mutations. Overall, LogPrécis, released as open source, paves the way for better and more responsive defense against cyberattacks.

Cryptography and Security,Artificial Intelligence,Networking and Internet Architecture

Esma Wali,Yan Chen,Christopher Mahoney,Thomas Middleton,Marzieh Babaeianjelodar,Mariama Njie,Jeanna Neefe Matthews

DOI: https://doi.org/10.48550/arXiv.2007.05872

2020-07-11

Computation and Language

Abstract:Natural Language Processing (NLP) is increasingly used as a key ingredient in critical decision-making systems such as resume parsers used in sorting a list of job candidates. NLP systems often ingest large corpora of human text, attempting to learn from past human behavior and decisions in order to produce systems that will make recommendations about our future world. Over 7000 human languages are being spoken today and the typical NLP pipeline underrepresents speakers of most of them while amplifying the voices of speakers of other languages. In this paper, a team including speakers of 8 languages - English, Chinese, Urdu, Farsi, Arabic, French, Spanish, and Wolof - takes a critical look at the typical NLP pipeline and how even when a language is technically supported, substantial caveats remain to prevent full participation. Despite huge and admirable investments in multilingual support in many tools and resources, we are still making NLP-guided decisions that systematically and dramatically underrepresent the voices of much of the world.

Pietro Liguori,Erfan Al-Hossami,Domenico Cotroneo,Roberto Natella,Bojan Cukic,Samira Shaikh

DOI: https://doi.org/10.1007/s10515-022-00331-3

IF: 1.677

2022-03-05

Automated Software Engineering

Abstract:Abstract Writing software exploits is an important practice for offensive security analysts to investigate and prevent attacks. In particular, shellcodes are especially time-consuming and a technical challenge, as they are written in assembly language. In this work, we address the task of automatically generating shellcodes, starting purely from descriptions in natural language, by proposing an approach based on Neural Machine Translation (NMT). We then present an empirical study using a novel dataset ( Shellcode_IA32 ), which consists of 3200 assembly code snippets of real Linux/x86 shellcodes from public databases, annotated using natural language. Moreover, we propose novel metrics to evaluate the accuracy of NMT at generating shellcodes. The empirical analysis shows that NMT can generate assembly code snippets from the natural language with high accuracy and that in many cases can generate entire shellcodes with no errors.

Wl Wu,Jy Duan,Rz Lu,F Gao,Yq Chen

DOI: https://doi.org/10.1109/NLPKE.2005.1598729

2005-01-01

Abstract:In processing ill-formed spontaneous spoken utterance, many state-of-the-art robust parsers achieve robustness by allowing skipping of words and rule symbols. The parser's ability to skip words and rule symbols, however, results in a much bigger search space and greatly increases the parse ambiguity [1]. Previous approaches resolved these issues through manually labeling the types of rule symbols, or by utilizing heuristic scores or statistical probabilities. However, these approaches have certain drawbacks. This paper proposes to exploit embedded machine learning techniques to help with pruning and disambiguation in robust parsers. An embedded machine learning system is integrated with the heuristic score and the strategy of basing the types of rule symbols upon their correspondence to the domain model. This integration can considerably relieve the reliance of robust parser development on linguistic expert handerafting. Our experiments show that this integration offers stronger capability in ambiguity resolution, thereby enabling the robust parser to achieve better parsing accuracy.

Belsini Glad Shiya V.,Sharmila K.

DOI: https://doi.org/10.4018/978-1-7998-7728-8.ch006

2021-01-01

Abstract:Natural language processing is the communication between the humans and the computers. It is the field of computer science which incorporates artificial intelligence and linguistics where machine learning algorithms are used to analyze and process the enormous variety of data. This chapter delivers the fundamental concepts of language processing in Python such as text and word operations. It also gives the details about the preference of Python language for language processing and its advantages. It specifies the basic concept of variables, list, operators, looping statements in Python and explains how it can be implemented in language processing. It also specifies how a structured program can be written using Python, categorizing and tagging of words, how an information can be extracted from a text, syntactic and semantic analysis, and NLP applications. It also concentrates some of the research applications where NLP is applied and the challenges of NLP processing in the real-time area of applications.

Dirk Mühlenberg,Achim Kuwertz,Philipp Schenkel,Wilmuth Müller

DOI: https://doi.org/10.1117/12.2518599

2019-04-30

Abstract:The main challenge of computer linguistics is to represent the meaning of text in a computer model. Statistics based methods with manually created features have been used for more than 30 years with a divide and conquer approach to mark interesting features in free text. Around 2010, deep learning concepts found their way into the text-understanding research community. Deep learning is very attractive and easy to apply but needs massive pools of annotated and high quality data from every target domain, which is generally not available especially for the military domain. When changing the application domain one needs additional or new data to adopt the language models to the new domain. To overcome the everlasting “data problem” we chose a novel two-step approach by first using formal representations of the meaning and then applying a rule-based mapping to the target domain. As an intermediate language representation, we used abstract meaning representation (AMR) and trained a general base model. This base model was then trained with additional data from the intended domains (transfer learning) evaluating the quality of the parser with a stepwise approach in which we measured the parser performance against the amount of training data. This approach answered the question of how much data we need to get the required quality when changing an application domain. The mapping of the meaning representation to the target domain model gave us more control over specifics of the domain, which are not generally representable by a machine learning approach with self-learned feature vectors.

Han Zhang,Ming Liu,Zihan Yue,Zhi Xue,Yong Shi,Xiangjian He

DOI: https://doi.org/10.1109/trustcom50675.2020.00219

2020-01-01

Abstract:Web shell is one of the most common network attack methods, and traditional detection methods may not detect complex and flexible variants of web shell attacks. In this paper, we present a comprehensive detection system that can detect both PHP and JSP web shells. After file classification, we use different feature extraction methods, i.e. AST for PHP files and bytecode for JSP files. We present a detection model based on text processing methods including TF-IDF and Word2vec algorithms. We combine different kinds of machine learning algorithms and perform a comprehensively controlled experiment. After the experiment and evaluation, we choose the detection machine learning model of the best performance, which can achieve a high detection accuracy above 98%.

Cynthia Matuszek, Evan Herbst, Luke Zettlemoyer, Dieter Fox

2013-01-01

Abstract:As robots become more ubiquitous and capable of performing complex tasks, the importance of enabling untrained users to interact with them has increased. In response, unconstrained natural-language interaction with robots has emerged as a significant research area. We discuss the problem of parsing natural language commands to actions and control structures that can be readily implemented in a robot execution system. Our approach learns a parser based on example pairs of English commands and corresponding control language expressions. We evaluate this approach in the context of following route instructions through an indoor environment, and demonstrate that our system can learn to translate English commands into sequences of desired actions, while correctly capturing the semantic intent of statements involving complex control structures. The procedural nature of our formal …

Mayank Agarwal,Tathagata Chakraborti,Quchen Fu,David Gros,Xi Victoria Lin,Jaron Maene,Kartik Talamadupula,Zhongwei Teng,Jules White

DOI: https://doi.org/10.48550/arXiv.2103.02523

2021-08-09

Abstract:The NLC2CMD Competition hosted at NeurIPS 2020 aimed to bring the power of natural language processing to the command line. Participants were tasked with building models that can transform descriptions of command line tasks in English to their Bash syntax. This is a report on the competition with details of the task, metrics, data, attempted solutions, and lessons learned.

Computation and Language

Quchen Fu,Zhongwei Teng,Marco Georgaklis,Jules White,Douglas C. Schmidt

DOI: https://doi.org/10.13052/jmltapissn.2023.002

2023-06-19

Abstract:Translating natural language into Bash Commands is an emerging research field that has gained attention in recent years. Most efforts have focused on producing more accurate translation models. To the best of our knowledge, only two datasets are available, with one based on the other. Both datasets involve scraping through known data sources (through platforms like stack overflow, crowdsourcing, etc.) and hiring experts to validate and correct either the English text or Bash Commands. This paper provides two contributions to research on synthesizing Bash Commands from scratch. First, we describe a state-of-the-art translation model used to generate Bash Commands from the corresponding English text. Second, we introduce a new NL2CMD dataset that is automatically generated, involves minimal human intervention, and is over six times larger than prior datasets. Since the generation pipeline does not rely on existing Bash Commands, the distribution and types of commands can be custom adjusted. We evaluate the performance of ChatGPT on this task and discuss the potential of using it as a data generator. Our empirical results show how the scale and diversity of our dataset can offer unique opportunities for semantic parsing researchers.

Computation and Language,Artificial Intelligence,Performance

Keyu Chen,Cheng Fei,Ziqian Bi,Junyu Liu,Benji Peng,Sen Zhang,Xuanhe Pan,Jiawei Xu,Jinlang Wang,Caitlyn Heqi Yin,Yichao Zhang,Pohsun Feng,Yizhu Wen,Tianyang Wang,Ming Li,Jintao Ren,Qian Niu,Silin Chen,Weiche Hsieh,Lawrence K.Q. Yan,Chia Xin Liang,Han Xu,Hong-Ming Tseng,Xinyuan Song,Ming Liu

2024-10-30

Abstract:With a focus on natural language processing (NLP) and the role of large language models (LLMs), we explore the intersection of machine learning, deep learning, and artificial intelligence. As artificial intelligence continues to revolutionize fields from healthcare to finance, NLP techniques such as tokenization, text classification, and entity recognition are essential for processing and understanding human language. This paper discusses advanced data preprocessing techniques and the use of frameworks like Hugging Face for implementing transformer-based models. Additionally, it highlights challenges such as handling multilingual data, reducing bias, and ensuring model robustness. By addressing key aspects of data processing and model fine-tuning, this work aims to provide insights into deploying effective and ethically sound AI solutions.

Computation and Language,Human-Computer Interaction

Mengchuan Shang,Xueying Han,Changzhi Zhao,Zelin Cui,Dan Du,Bo Jiang

DOI: https://doi.org/10.1109/cscwd61410.2024.10580271

2024-01-01

Abstract:Webshell is a command execution environment existing in web containers, which is used by attackers to remotely control servers and illegally access website resources. Accurately detecting Webshells is of great significance for maintaining web security. Current research faces several challenges. On the one hand, in order to evade detection, Webshells use a large amount of obfuscation, and existing research methods often use source code or opcode, which cannot fully utilize the semantic and syntactic information of Webshell code. On the other hand, Webshells can be constructed using any web application programming language, while most existing methods only detect one or a few types of Webshells. This paper proposes a novel approach called WS-Tree, which effectively utilizes the semantics and syntax of Webshells by using abstract syntax tree as input features. The TreeLSTM model is used as an encoder to handle node relationships in the syntax tree, thereby achieving the detection of obfuscated and multi-language Webshells. We also propose a new dataset of Webshells containing obfuscated and non-obfuscated to prevent dataset leakage. Extensive experiments demonstrate that our proposed model performs better than the state-of-theart baselines under different webshell programming languages and improves model generalizability.

Jiongliang Lin,Yiwen Guo,Hao Chen

2024-04-20

Abstract:Intrusion detection is a long standing and crucial problem in security. A system capable of detecting intrusions automatically is on great demand in enterprise security solutions. Existing solutions rely heavily on hand-crafted rules designed by security operators, which suffer from high false negative rates and poor generalization ability to new, zero-day attacks at scale. AI and machine learning offer promising solutions to address the issues, by inspecting abnormal user behaviors intelligently and automatically from data. However, existing learning-based intrusion detection systems in the literature are mostly designed for small data, and they lack the ability to leverage the power of big data in cloud environments. In this paper, we target at this problem and introduce an intrusion detection system which incorporates large-scale pre-training, so as to train a large language model based on tens of millions of command lines for AI-based intrusion detection. Experiments performed on 30 million training samples and 10 million test samples verify the effectiveness of our solution.

Cryptography and Security,Artificial Intelligence,Computation and Language

Omar Khattab,Arnav Singhvi,Paridhi Maheshwari,Zhiyuan Zhang,Keshav Santhanam,Sri Vardhamanan,Saiful Haq,Ashutosh Sharma,Thomas T. Joshi,Hanna Moazam,Heather Miller,Matei Zaharia,Christopher Potts

2023-10-06

Abstract:The ML community is rapidly exploring techniques for prompting language models (LMs) and for stacking them into pipelines that solve complex tasks. Unfortunately, existing LM pipelines are typically implemented using hard-coded "prompt templates", i.e. lengthy strings discovered via trial and error. Toward a more systematic approach for developing and optimizing LM pipelines, we introduce DSPy, a programming model that abstracts LM pipelines as text transformation graphs, i.e. imperative computational graphs where LMs are invoked through declarative modules. DSPy modules are parameterized, meaning they can learn (by creating and collecting demonstrations) how to apply compositions of prompting, finetuning, augmentation, and reasoning techniques. We design a compiler that will optimize any DSPy pipeline to maximize a given metric. We conduct two case studies, showing that succinct DSPy programs can express and optimize sophisticated LM pipelines that reason about math word problems, tackle multi-hop retrieval, answer complex questions, and control agent loops. Within minutes of compiling, a few lines of DSPy allow GPT-3.5 and llama2-13b-chat to self-bootstrap pipelines that outperform standard few-shot prompting (generally by over 25% and 65%, respectively) and pipelines with expert-created demonstrations (by up to 5-46% and 16-40%, respectively). On top of that, DSPy programs compiled to open and relatively small LMs like 770M-parameter T5 and llama2-13b-chat are competitive with approaches that rely on expert-written prompt chains for proprietary GPT-3.5. DSPy is available at <a class="link-external link-https" href="https://github.com/stanfordnlp/dspy" rel="external noopener nofollow">this https URL</a>

Computation and Language,Artificial Intelligence,Information Retrieval,Machine Learning

Hisham Alasmary,Afsah Anwar,Ahmed Abusnaina,Abdulrahman Alabduljabbar,Mohammed Abuhamad,An Wang,Daehun Nyang,Amro Awad,David Mohaisen

DOI: https://doi.org/10.1109/jiot.2021.3086398

IF: 10.6

2022-02-15

IEEE Internet of Things Journal

Abstract:The Linux shell is a command-line interpreter that provides users with a command interface to the operating system, allowing them to perform various functions. Although very useful in building capabilities at the edge, the Linux shell can be exploited, giving adversaries a prime opportunity to use them for malicious activities. With access to Internet of Things (IoT) devices, malware authors can abuse the Linux shell of those devices to propagate infections and launch large-scale attacks, e.g., Distributed Denial of Service. In this work, we provide a first look at the tasks managed by shell commands in Linux-based IoT malware toward detection. We analyze malicious shell commands found in IoT malware and build a neural network-based model, ShellCore, to detect malicious shell commands. Namely, we collected a large data set of shell commands, including malicious commands extracted from 2891 IoT malware samples and benign commands collected from real-world network traffic analysis and volunteered data from Linux users. Using conventional machine and deep learning-based approaches trained with a term- and character-level features, ShellCore is shown to achieve an accuracy of more than 99% in detecting malicious shell commands and files (i.e., binaries).

computer science, information systems,telecommunications,engineering, electrical & electronic

Siddhant Arora,Hayato Futami,Shih-Lun Wu,Jessica Huynh,Yifan Peng,Yosuke Kashiwagi,Emiru Tsunoo,Brian Yan,Shinji Watanabe

2023-05-07

Abstract:Recently there have been efforts to introduce new benchmark tasks for spoken language understanding (SLU), like semantic parsing. In this paper, we describe our proposed spoken semantic parsing system for the quality track (Track 1) in Spoken Language Understanding Grand Challenge which is part of ICASSP Signal Processing Grand Challenge 2023. We experiment with both end-to-end and pipeline systems for this task. Strong automatic speech recognition (ASR) models like Whisper and pretrained Language models (LM) like BART are utilized inside our SLU framework to boost performance. We also investigate the output level combination of various models to get an exact match accuracy of 80.8, which won the 1st place at the challenge.

Computation and Language,Sound,Audio and Speech Processing