Paper Title
Semantic Framework for Command-Line Intrusion Detection Using Deep Learning and Large Language Models
Abstract
Living-off-the-Land (LOTL) attacks use real system tools like Power Shell, Bash, Wget, and Curl to do bad things while looking like normal administrative tasks. Because of this, traditional intrusion detection systems that use signatures, hand- written rules, or surface-level text patterns have a hard time finding them. This paper proposes a command-line intrusion detection framework that combines deep learning-based classification with Large Language Model (LLM)-based semantic explanation to address this challenge. The suggested system first preprocesses and normalizes raw command-line inputs. Then, it uses Word2Vec embeddings to turn them into dense semantic representations. Finally, it uses a Convolutional Neural Network (CNN) with an attention mechanism to classify the inputs. The deep learning model sorts things into three groups: benign, suspicious, and malicious. A lightweight local LLM deployed via Ollama is solely utilized to produce succinct semantic elucidations of command behavior for analyst comprehension. Tests show that the suggested CNN-Attention model gets about 97
Keywords – Intrusion Detection System, Living-off-the-Land Attacks, Command-Line Analysis, Deep Learning, CNN, Attention Mechanism, Large Language Models, Cyber security