notesum.ai
Published at December 5SCADE: Scalable Command-line Anomaly Detection Engine
cs.CR
cs.LG
Released Date: December 5, 2024
Authors: Vaishali Vinay1, Anjali Mangal1
Aff.: 1Microsoft Security Research
| Unusual Command Line Types |
|---|
| Small variation in target path or file name |
| Unusual combinations of parameters in command lines |
| An asset executing a command it is not supposed to run |
| Command lines triggered by unexpected parent processes |
| Command lines triggering unexpected child processes |
| Communication with unusual/malicious IP addresses |
| An unusually high number of executions from a given asset |
| Malicious intent within command lines |