NDSS 2025 – RACONTEUR: A Knowledgeable, Insightful, And Portable LLM-Powered Shell Command Explainer
嗯,用户让我总结一下这篇文章的内容,控制在100字以内。首先,我需要仔细阅读文章,找出主要信息。 文章标题是“RACONTEUR: A Knowledgeable, Insightful, And Portable LLM-Powered Shell Command Explainer”。看起来这是一个工具,用于解释shell命令。作者来自浙江大学和蚂蚁集团。 文章提到恶意shell命令是网络攻击的关键,但安全分析师可能难以理解复杂的代码结构。现有的通用LLM在解释shell命令时缺乏专业知识,容易产生幻觉。Raconteur结合了专业知识,提供全面的解释,包括命令的行为和目的,并将其转化为MITRE ATT&CK的技术和战术。此外,还开发了一个文档检索器来帮助解释未见过的命令,并进行了大量实验验证其效果。 接下来,我需要将这些信息浓缩到100字以内。重点包括:Raconteur的功能、使用LLM、结合专业知识、解释行为和目的、转化为MITRE框架、文档检索器以及实验结果。 最后,确保语言简洁明了,不使用开头词如“这篇文章”或“内容总结”。直接描述即可。 </think> 本文介绍了一种名为RACONTEUR的工具,利用大型语言模型(LLM)提供专业的shell命令解释功能。该工具结合专业知识,不仅解释命令行为,还揭示其目的,并将其与MITRE ATT&CK框架关联。通过文档检索器增强解释能力,并通过实验验证其有效性和深度见解。 2025-12-21 16:0:0 Author: securityboulevard.com(查看原文) 阅读量:0 收藏

Session 6D: Software Security: Vulnerability Detection

Authors, Creators & Presenters: Jiangyi Deng (Zhejiang University), Xinfeng Li (Zhejiang University), Yanjiao Chen (Zhejiang University), Yijie Bai (Zhejiang University), Haiqin Weng (Ant Group), Yan Liu (Ant Group), Tao Wei (Ant Group), Wenyuan Xu (Zhejiang University)
PAPER
RACONTEUR: A Knowledgeable, Insightful, And Portable LLM-Powered Shell Command Explainer
Malicious shell commands are linchpins to many cyber-attacks, but may not be easy to understand by security analysts due to complicated and often disguised code structures. Advances in large language models (LLMs) have unlocked the possibility of generating understandable explanations for shell commands. However, existing general-purpose LLMs suffer from a lack of expert knowledge and a tendency to hallucinate in the task of shell command explanation. In this paper, we present Raconteur, a knowledgeable, expressive and portable shell command explainer powered by LLM. Raconteur is infused with professional knowledge to provide comprehensive explanations on shell commands, including not only what the command does (i.e., behavior) but also why the command does it (i.e., purpose). To shed light on the high-level intent of the command, we also translate the natural-language-based explanation into standard technique & tactic defined by MITRE ATT&CK, the worldwide knowledge base of cybersecurity. To enable Raconteur to explain unseen private commands, we further develop a documentation retriever to obtain relevant information from complementary documentations to assist the explanation process. We have created a large-scale dataset for training and conducted extensive experiments to evaluate the capability of Raconteur in shell command explanation. The experiments verify that Raconteur is able to provide high-quality explanations and in-depth insight of the intent of the command.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations’ YouTube Channel.

Permalink

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.youtube-nocookie.com/embed/fUQ_l_4YD30?si=oFi4bvyM06ekHQ1G


文章来源: https://securityboulevard.com/2025/12/ndss-2025-raconteur-a-knowledgeable-insightful-and-portable-llm-powered-shell-command-explainer/
如有侵权请联系:admin#unsafe.sh