Anomaly detection in command shell sessions is a critical aspect of computer security. Recent advances in deep learning and natural language processing, particularly transformer-based models, have shown great promise for addressing complex security challenges. In this paper, we implement a comprehensive approach to detect anomalies in Unix shell sessions using a pretrained DistilBERT model, leveraging both unsupervised and supervised learning techniques to identify anomalous activity while minimizing data labeling. The unsupervised method captures the underlying structure and syntax of Unix shell commands, enabling the detection of session deviations from normal behavior. Experiments on a large-scale enterprise dataset collected from production systems demonstrate the effectiveness of our approach in detecting anomalous behavior in Unix shell sessions. This work highlights the potential of leveraging recent advances in transformers to address important computer security challenges.

翻译：命令行会话中的异常检测是计算机安全的关键环节。深度学习与自然语言处理领域的最新进展，尤其是基于Transformer的模型，为解决复杂安全挑战展现出巨大潜力。本文采用预训练的DistilBERT模型，结合无监督与有监督学习技术，在对数据标注需求最小化的前提下，实现对Unix Shell会话中异常活动的综合检测。无监督方法通过捕获Unix Shell命令的潜在结构与语法特征，能够检测与正常行为存在偏差的会话。基于生产系统采集的大规模企业数据集实验表明，本方法在检测Unix Shell会话异常行为方面具有显著效果。本工作凸显了利用Transformer领域最新进展解决重要计算机安全挑战的潜力。