Designing and engineering LLM techniques for detecting novel bash attacks

Alessandro Redi

Designing and engineering LLM techniques for detecting novel bash attacks.

Rel. Marco Mellia, Luca Vassio, Matteo Boffa. Politecnico di Torino, Corso di laurea magistrale in Ict For Smart Societies (Ict Per La Società Del Futuro), 2024

Preview

PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (5MB) | Preview

Abstract

In recent years, command-line interface (CLI) commands have become more articulated and increased in complexity. This has underscored the possible need for advanced tools that can efficiently analyze and understand this data. In this thesis, Bash is the language taken into account. Command-line interactions, which are integral to system administration, software development, and data processing, often involve sequences of commands, from now on called sessions, and their corresponding outputs that encode rich semantic details. However, capturing and leveraging this information for tasks such as session similarity measurement, anomaly detection, and command category classification, can present a significant challenge especially when an attacker exploits noisy or obfuscated sessions.

Indeed one of the main objectives of this thesis is to find the answer to the following question: Is it really needed to understand the semantic meaning of a Bash session or its syntax analysis is enough for the previously said tasks? The thesis introduces a comparison between different methods applied for the resolution of the novelty detection problem