| CPC H04L 63/1425 (2013.01) [G06N 20/00 (2019.01); H04L 63/1416 (2013.01)] | 20 Claims |
|
1. A method for automatic detection of obfuscated command line inputs, comprising:
obtaining command line input data via a security system, the command line input data comprising command lines used at multiple computing devices in a computing network and logged by the security system;
pre-processing the command line input data via at least one pre-processing operation, wherein the at least one pre-processing operation reduces variation inside the command lines, and wherein the pre-processing results in pre-processed command lines;
generating token groups based on the pre-processed command lines, wherein each token group of the token groups represents a pre-processed command line of the pre-processed command lines, and wherein each token in a token group represents a portion of a pre-processed command line;
processing the token groups using a machine learned model, wherein the machine learned model is configured as a large language model, and wherein the machine learned model generates a respective obfuscation probability for each respective token group of the token groups; and
in response to a respective obfuscation probability exceeding a threshold obfuscation probability, outputting a notification for use in connection with security analysis of the computing network.
|