Saved in:
Bibliographic Details
Main Authors: Deng, Jiangyi, Li, Xinfeng, Chen, Yanjiao, Bai, Yijie, Weng, Haiqin, Liu, Yan, Wei, Tao, Xu, Wenyuan
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2409.02074
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866914935013900288
author Deng, Jiangyi
Li, Xinfeng
Chen, Yanjiao
Bai, Yijie
Weng, Haiqin
Liu, Yan
Wei, Tao
Xu, Wenyuan
author_facet Deng, Jiangyi
Li, Xinfeng
Chen, Yanjiao
Bai, Yijie
Weng, Haiqin
Liu, Yan
Wei, Tao
Xu, Wenyuan
contents Malicious shell commands are linchpins to many cyber-attacks, but may not be easy to understand by security analysts due to complicated and often disguised code structures. Advances in large language models (LLMs) have unlocked the possibility of generating understandable explanations for shell commands. However, existing general-purpose LLMs suffer from a lack of expert knowledge and a tendency to hallucinate in the task of shell command explanation. In this paper, we present Raconteur, a knowledgeable, expressive and portable shell command explainer powered by LLM. Raconteur is infused with professional knowledge to provide comprehensive explanations on shell commands, including not only what the command does (i.e., behavior) but also why the command does it (i.e., purpose). To shed light on the high-level intent of the command, we also translate the natural-language-based explanation into standard technique & tactic defined by MITRE ATT&CK, the worldwide knowledge base of cybersecurity. To enable Raconteur to explain unseen private commands, we further develop a documentation retriever to obtain relevant information from complementary documentations to assist the explanation process. We have created a large-scale dataset for training and conducted extensive experiments to evaluate the capability of Raconteur in shell command explanation. The experiments verify that Raconteur is able to provide high-quality explanations and in-depth insight of the intent of the command.
format Preprint
id arxiv_https___arxiv_org_abs_2409_02074
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle RACONTEUR: A Knowledgeable, Insightful, and Portable LLM-Powered Shell Command Explainer
Deng, Jiangyi
Li, Xinfeng
Chen, Yanjiao
Bai, Yijie
Weng, Haiqin
Liu, Yan
Wei, Tao
Xu, Wenyuan
Cryptography and Security
Human-Computer Interaction
Machine Learning
Software Engineering
Malicious shell commands are linchpins to many cyber-attacks, but may not be easy to understand by security analysts due to complicated and often disguised code structures. Advances in large language models (LLMs) have unlocked the possibility of generating understandable explanations for shell commands. However, existing general-purpose LLMs suffer from a lack of expert knowledge and a tendency to hallucinate in the task of shell command explanation. In this paper, we present Raconteur, a knowledgeable, expressive and portable shell command explainer powered by LLM. Raconteur is infused with professional knowledge to provide comprehensive explanations on shell commands, including not only what the command does (i.e., behavior) but also why the command does it (i.e., purpose). To shed light on the high-level intent of the command, we also translate the natural-language-based explanation into standard technique & tactic defined by MITRE ATT&CK, the worldwide knowledge base of cybersecurity. To enable Raconteur to explain unseen private commands, we further develop a documentation retriever to obtain relevant information from complementary documentations to assist the explanation process. We have created a large-scale dataset for training and conducted extensive experiments to evaluate the capability of Raconteur in shell command explanation. The experiments verify that Raconteur is able to provide high-quality explanations and in-depth insight of the intent of the command.
title RACONTEUR: A Knowledgeable, Insightful, and Portable LLM-Powered Shell Command Explainer
topic Cryptography and Security
Human-Computer Interaction
Machine Learning
Software Engineering
url https://arxiv.org/abs/2409.02074