Zafar Hussain , Jukka K. Nurminen , Perttu Ranta-aho
{"title":"训练语言模型以学习命令语法","authors":"Zafar Hussain , Jukka K. Nurminen , Perttu Ranta-aho","doi":"10.1016/j.array.2024.100355","DOIUrl":null,"url":null,"abstract":"<div><p>To protect systems from malicious activities, it is important to differentiate between valid and harmful commands. One way to achieve this is by learning the syntax of the commands, which is a complex task because of the expansive and evolving nature of command syntax. To address this, we harnessed the power of a language model. Our methodology involved constructing a specialized vocabulary from our commands dataset, and training a custom tokenizer with a Masked Language Model head, resulting in the development of a BERT-like language model. This model exhibits proficiency in learning command syntax by predicting masked tokens. In comparative analyses, our language model outperformed the Markov Model in categorizing commands using clustering algorithms (DBSCAN, HDBSCAN, OPTICS). The language model achieved higher Silhouette scores (0.72, 0.88, 0.85) compared to the Markov Model (0.53, 0.25, 0.06) and demonstrated significantly lower noise levels (2.63%, 5.39%, 8.49%) versus the Markov Model’s higher noise rates (9.31%, 29.85%, 50.35%). Further validation with manually crafted syntax and BERTScore assessments consistently produced metrics above 0.90 for precision, recall, and F1-score. Our language model excels at learning command syntax, enhancing protective measures against malicious activities.</p></div>","PeriodicalId":8417,"journal":{"name":"Array","volume":"23 ","pages":"Article 100355"},"PeriodicalIF":2.3000,"publicationDate":"2024-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2590005624000213/pdfft?md5=68aae0cad29d029f8b3ee94e2999445f&pid=1-s2.0-S2590005624000213-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Training a language model to learn the syntax of commands\",\"authors\":\"Zafar Hussain , Jukka K. Nurminen , Perttu Ranta-aho\",\"doi\":\"10.1016/j.array.2024.100355\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>To protect systems from malicious activities, it is important to differentiate between valid and harmful commands. One way to achieve this is by learning the syntax of the commands, which is a complex task because of the expansive and evolving nature of command syntax. To address this, we harnessed the power of a language model. Our methodology involved constructing a specialized vocabulary from our commands dataset, and training a custom tokenizer with a Masked Language Model head, resulting in the development of a BERT-like language model. This model exhibits proficiency in learning command syntax by predicting masked tokens. In comparative analyses, our language model outperformed the Markov Model in categorizing commands using clustering algorithms (DBSCAN, HDBSCAN, OPTICS). The language model achieved higher Silhouette scores (0.72, 0.88, 0.85) compared to the Markov Model (0.53, 0.25, 0.06) and demonstrated significantly lower noise levels (2.63%, 5.39%, 8.49%) versus the Markov Model’s higher noise rates (9.31%, 29.85%, 50.35%). Further validation with manually crafted syntax and BERTScore assessments consistently produced metrics above 0.90 for precision, recall, and F1-score. Our language model excels at learning command syntax, enhancing protective measures against malicious activities.</p></div>\",\"PeriodicalId\":8417,\"journal\":{\"name\":\"Array\",\"volume\":\"23 \",\"pages\":\"Article 100355\"},\"PeriodicalIF\":2.3000,\"publicationDate\":\"2024-07-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S2590005624000213/pdfft?md5=68aae0cad29d029f8b3ee94e2999445f&pid=1-s2.0-S2590005624000213-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Array\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2590005624000213\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Array","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2590005624000213","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
引用次数: 0
摘要
要保护系统免受恶意活动的侵害,必须区分有效命令和有害命令。实现这一目标的方法之一是学习命令的语法,但由于命令语法的扩展性和演变性,这是一项复杂的任务。为此,我们利用了语言模型的强大功能。我们的方法包括从命令数据集中构建专门的词汇表,并使用屏蔽语言模型头训练自定义标记器,从而开发出类似于 BERT 的语言模型。该模型通过预测掩码标记来熟练学习命令语法。在比较分析中,我们的语言模型在使用聚类算法(DBSCAN、HDBSCAN、OPTICS)对命令进行分类方面的表现优于马尔可夫模型。与马尔可夫模型(0.53、0.25、0.06)相比,语言模型获得了更高的 Silhouette 分数(0.72、0.88、0.85),噪声水平(2.63%、5.39%、8.49%)也明显低于马尔可夫模型较高的噪声率(9.31%、29.85%、50.35%)。使用人工编写的语法和 BERTScore 评估进行进一步验证后,精确度、召回率和 F1 分数均超过了 0.90。我们的语言模型在学习命令语法方面表现出色,增强了针对恶意活动的保护措施。
Training a language model to learn the syntax of commands
To protect systems from malicious activities, it is important to differentiate between valid and harmful commands. One way to achieve this is by learning the syntax of the commands, which is a complex task because of the expansive and evolving nature of command syntax. To address this, we harnessed the power of a language model. Our methodology involved constructing a specialized vocabulary from our commands dataset, and training a custom tokenizer with a Masked Language Model head, resulting in the development of a BERT-like language model. This model exhibits proficiency in learning command syntax by predicting masked tokens. In comparative analyses, our language model outperformed the Markov Model in categorizing commands using clustering algorithms (DBSCAN, HDBSCAN, OPTICS). The language model achieved higher Silhouette scores (0.72, 0.88, 0.85) compared to the Markov Model (0.53, 0.25, 0.06) and demonstrated significantly lower noise levels (2.63%, 5.39%, 8.49%) versus the Markov Model’s higher noise rates (9.31%, 29.85%, 50.35%). Further validation with manually crafted syntax and BERTScore assessments consistently produced metrics above 0.90 for precision, recall, and F1-score. Our language model excels at learning command syntax, enhancing protective measures against malicious activities.