CN111338692B - Vulnerability classification method and device based on vulnerability codes and electronic equipment - Google Patents
Vulnerability classification method and device based on vulnerability codes and electronic equipment Download PDFInfo
- Publication number
- CN111338692B CN111338692B CN201811550878.7A CN201811550878A CN111338692B CN 111338692 B CN111338692 B CN 111338692B CN 201811550878 A CN201811550878 A CN 201811550878A CN 111338692 B CN111338692 B CN 111338692B
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- code
- codes
- information
- classified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000003062 neural network model Methods 0.000 claims abstract description 32
- 238000000605 extraction Methods 0.000 claims description 22
- 238000012545 processing Methods 0.000 claims description 16
- 238000012512 characterization method Methods 0.000 claims description 12
- 238000013528 artificial neural network Methods 0.000 claims description 9
- 230000015654 memory Effects 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 7
- 238000004458 analytical method Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 5
- 230000011218 segmentation Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000306 recurrent effect Effects 0.000 description 1
- 230000006403 short-term memory Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
- G06F8/73—Program documentation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Library & Information Science (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application provides a vulnerability classification method and device based on vulnerability codes and electronic equipment, which are applied to the technical field of text classification, wherein the method comprises the following steps: the method comprises the steps of obtaining the to-be-classified vulnerability codes and the related information of the to-be-classified vulnerability codes, then carrying out recognition analysis on the obtained to-be-classified vulnerability codes and the related information based on a pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes, namely classifying the vulnerability codes based on the vulnerability codes and the related information thereof through the pre-trained neural network model, so that automatic classification of the vulnerability codes is realized, the classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is large, the classification of the vulnerability codes by related staff is not required to be increased, so that the labor cost of the vulnerability code classification is reduced.
Description
Technical Field
The application relates to the technical field of text classification, in particular to a vulnerability classification method and device based on vulnerability codes and electronic equipment.
Background
In software project development, such as APP (Application), a large amount of codes are often required to be written, so that even engineers with higher professional level can not avoid vulnerabilities, and the vulnerabilities of the written codes are classified, so that a key problem of targeted processing according to the type of the vulnerabilities of the codes is solved.
At present, the classification of the bug codes is carried out in a manual mode, namely, related staff carries out piece-by-piece judgment and analysis on the discovered bug codes, and then the types of the bug codes are determined according to the judgment and analysis results, however, according to the existing classification of the bug codes by the manual mode, the types of the bug codes attributed to a certain bug code can be determined only by carrying out piece-by-piece analysis on the bug codes by related staff with professional knowledge, the efficiency is quite low, and in addition, if the code quantity of a developed project is quite large and the bug codes are quite large, a large number of related staff are needed to finish the classification work of the bug codes. Therefore, the existing manual classification method of the vulnerability codes has the problems of low classification efficiency and high labor cost.
Disclosure of Invention
The application provides a vulnerability classification method, device and electronic equipment based on vulnerability codes, which are used for improving the classification efficiency of the vulnerability codes and reducing the labor cost, and the technical scheme adopted by the application is as follows:
in a first aspect, a vulnerability classification method based on vulnerability codes is provided, the method comprising,
acquiring the vulnerability codes to be classified and the related information of the vulnerability codes to be classified;
and identifying and analyzing the obtained vulnerability codes to be classified and related information based on the pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes.
Further, based on a pre-trained neural network model, identifying and analyzing the obtained vulnerability codes to be classified and related information to obtain vulnerability classification result information of the vulnerability codes to be classified, including:
determining initial vector characterization of the obtained vulnerability codes and related information;
feature extraction is carried out on the basis of the determined initial vector characterization through a feature extraction network of the pre-trained neural network model, so that feature vector characterization of the vulnerability codes and related information is obtained;
and inputting the feature vector representation into a classification network of the pre-trained neural network to obtain vulnerability classification result information of the vulnerability codes to be classified.
Further, the relevant information of the vulnerability code to be classified comprises at least one of the following: code repository information; project related information;
wherein the code repository information includes at least one of:
a code storage address; code version information;
the item-related information includes at least one of:
a file name; a file path; item name; group information; responsible person information.
Further, the vulnerability classification result information comprises a vulnerability type of the vulnerability code, and the vulnerability type comprises at least one of the following:
redundant repeat holes; false alarm loopholes; useless code loopholes.
Further, the method further comprises: and pushing corresponding processing suggestion information according to the vulnerability classification result information.
Further, pushing corresponding processing suggestion information according to the vulnerability classification result information, including:
if the vulnerability type of the vulnerability code is redundancy repeated vulnerability, pushing suggestion information for deleting the redundancy code and replacing the redundancy code by using a public code library code;
if the vulnerability type of the vulnerability code is false alarm vulnerability, pushing suggested information for adding the vulnerability code into a white list and modifying a code vulnerability detection rule;
if the vulnerability type of the vulnerability code is the useless code vulnerability, pushing the suggested information for deleting the useless code.
In a second aspect, a vulnerability classification device based on vulnerability codes is provided, the device comprising,
the acquisition module is used for acquiring the vulnerability codes to be classified and the related information of the vulnerability codes to be classified;
the recognition module is used for carrying out recognition analysis on the vulnerability codes to be classified and the related information acquired by the acquisition module based on the pre-trained neural network model to acquire vulnerability classification result information of the vulnerability codes.
Further, the identification module comprises a first determination unit, a feature extraction unit and a classification unit;
the first determining unit is used for determining initial vector characterization of the obtained vulnerability codes and related information;
the feature extraction unit is used for carrying out feature extraction on the basis of the initial vector characterization determined by the first determination unit through a feature extraction network of the pre-trained neural network model to obtain feature vector characterization of the vulnerability codes and related information;
the classification unit is used for inputting the feature vector representation extracted by the feature extraction unit into a classification network of the pre-trained neural network to obtain vulnerability classification result information of vulnerability codes to be classified.
Further, the relevant information of the vulnerability codes to be classified comprises at least one of the following: code repository information; project related information;
wherein the code repository information includes at least one of:
a code storage address; code version information;
the item-related information includes at least one of:
a file name; a file path; item name; group information; responsible person information.
Further, the vulnerability classification result information comprises a vulnerability type of the vulnerability code, and the vulnerability type comprises at least one of the following:
redundant repeat holes; false alarm loopholes; useless code loopholes.
Further, the device also comprises a pushing module;
and the pushing module is used for pushing corresponding processing suggestion information according to the vulnerability classification result information.
Further, a pushing module, configured to push suggestion information for deleting the redundant code and replacing the redundant code with the common code base code if the vulnerability type of the vulnerability code is a redundant repeated vulnerability;
and/or pushing suggested information for adding the bug code into the white list and modifying the code bug detection rule if the bug type of the bug code is false bug;
and/or pushing suggested information for deleting the useless code if the vulnerability type of the vulnerability code is the useless code vulnerability.
In a third aspect, an electronic device is provided, the electronic device comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: and executing the vulnerability classification method based on the vulnerability codes.
In a fourth aspect, a computer-readable storage medium is provided for storing computer instructions that, when executed on a computer, cause the computer to perform the vulnerability classification method of the first aspect.
Compared with the prior art that the vulnerability codes are classified in a manual mode, the vulnerability classification method, device and electronic equipment have the advantages that the vulnerability codes to be classified and the relevant information of the vulnerability codes to be classified are obtained, then the obtained vulnerability codes to be classified and the relevant information are identified and analyzed based on the pre-trained neural network model, so that vulnerability classification result information of the vulnerability codes is obtained, namely, the vulnerability codes are classified based on the vulnerability codes and the relevant information thereof, automatic classification of the vulnerability codes is achieved, classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is large, the relevant staff are not required to be increased to classify the vulnerability codes, so that labor cost of the vulnerability code classification is reduced.
Additional aspects and advantages of the application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a flow chart of a vulnerability classification method based on vulnerability codes according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a vulnerability classification device based on vulnerability codes according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of another vulnerability classification device based on vulnerability codes according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are exemplary only for the purpose of illustrating the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless expressly stated otherwise, as understood by those skilled in the art. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. The term "and/or" as used herein includes all or any element and all combination of one or more of the associated listed items.
For the purpose of making the objects, technical solutions and advantages of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The following describes the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
The embodiment of the application provides a vulnerability classification method based on vulnerability codes, as shown in fig. 1, the method comprises,
step S101, obtaining a vulnerability code to be classified and related information of the vulnerability code to be classified;
specifically, the vulnerability codes to be classified and relevant information thereof are acquired through a corresponding acquisition method, wherein the vulnerability codes to be classified can be vulnerability codes determined by testing and discovering project codes by relevant testers.
Step S102, identifying and analyzing the obtained vulnerability codes to be classified and related information based on the pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes.
Specifically, the obtained vulnerability codes to be classified and relevant information thereof are input into a pre-trained neural network model, and the vulnerability codes and relevant information thereof are identified and analyzed through the pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes.
The pre-trained neural network model may be a model of a neural network based on RNN (Recurrent Neural Network ) or LSTM (Long Short-Term Memory network), among others. The pre-trained neural network model may be obtained by training according to a plurality of vulnerability codes and related information thereof, and each vulnerability code type marked manually or in other manners.
Compared with the prior art that the vulnerability codes are classified in a manual mode, the vulnerability classification method based on the vulnerability codes, provided by the embodiment of the application, has the advantages that the vulnerability codes to be classified and the relevant information of the vulnerability codes to be classified are obtained, then the obtained vulnerability codes to be classified and the relevant information are identified and analyzed based on the pre-trained neural network model, so that vulnerability classification result information of the vulnerability codes is obtained, namely, the vulnerability codes are classified based on the vulnerability codes and the relevant information thereof, automatic classification of the vulnerability codes is realized, the classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is more, the classification of the vulnerability codes is not needed to be carried out by adding relevant staff, so that the labor cost of the vulnerability code classification is reduced.
The embodiment of the present application provides a possible implementation manner, specifically, step S102 includes:
step S1021 (not shown), determining an initial vector characterization of the obtained vulnerability code and related information;
specifically, the initial vector representation of the vulnerability codes and related information thereof can be obtained through a corresponding word embedding method, wherein the word embedding method can be a word embedding layer of a pre-trained neural network, wherein the obtained vulnerability codes and related information thereof can be preprocessed, for example, the obtained vulnerability codes and related information thereof can be subjected to word segmentation through a corresponding western text word segmentation method or a Chinese text word segmentation method, and related text words after word segmentation can be subjected to word disabling operation, so that some stop words in Chinese and western texts, such as ' a, an, and, are, then ' and the like of the western text, and Chinese ' places, and the like are removed.
Step S1022 (not shown), performing feature extraction based on the determined initial vector representation through a feature extraction network of the pre-trained neural network model to obtain feature vector representations of the vulnerability codes and related information;
specifically, feature extraction can be performed on the determined initial vector representation through a convolution layer of the pre-trained neural network model, so as to obtain feature vector representations of the vulnerability codes and relevant information thereof.
Step S1023 (not shown in the figure), inputting the feature vector representation into a classification network of the pre-trained neural network to obtain vulnerability classification result information of the vulnerability codes to be classified.
Specifically, feature vector characterization is input to a classification network of a pre-trained neural network model, such as a network layer based on softmax, so as to obtain vulnerability classification result information of vulnerability codes to be classified, wherein the vulnerability classification result information can be probability values of various vulnerability types corresponding to the vulnerability codes respectively, or can be determined by determining a certain vulnerability type, wherein the determined certain vulnerability type can be determined according to the probability values of the various vulnerability types corresponding to the vulnerability codes respectively.
For the embodiment of the application, the initial vector representation of the vulnerability codes to be classified and the relevant information thereof is determined, the feature extraction is carried out based on the initial vector representation to obtain the feature vector representation, and then the vulnerability classification result information of the vulnerability codes to be classified is determined through the classification network of the pre-trained neural network model, so that the automatic classification of the vulnerability codes to be classified is realized, and the vulnerability classification efficiency of the vulnerability codes is improved.
Wherein, the relevant information of the vulnerability codes to be classified comprises at least one of the following: code repository information; project related information;
wherein the code repository information includes at least one of:
a code storage address; code version information;
the item-related information includes at least one of:
a file name; a file path; item name; group information; responsible person information.
The relevant information of the vulnerability codes to be classified comprises, but is not limited to, code warehouse information and project relevant information, wherein the code warehouse information comprises, but is not limited to, code storage addresses and code version information, and the project relevant information comprises, but is not limited to, file names, file paths, project names, group information and responsible person information.
For the embodiment of the application, the relevant information of the vulnerability codes to be classified comprises a plurality of pieces of information with different dimensionalities, so that a basis is provided for obtaining more semantic information of the vulnerability codes to be classified, and the accuracy of vulnerability classification of the vulnerability codes can be improved.
The vulnerability classification result information comprises vulnerability types of vulnerability codes, wherein the vulnerability types comprise at least one of the following:
redundant repeat holes; false alarm loopholes; useless code loopholes.
The vulnerability classification result information comprises but is not limited to vulnerability types of vulnerability codes, wherein the vulnerability types comprise but are not limited to redundant repeated vulnerabilities, false alarm vulnerabilities and useless code vulnerabilities.
For the embodiment of the application, the types of the loopholes are various, and the refined classification of the loopholes provides a basis for carrying out corresponding processing on the loopholes in a follow-up targeted manner and improving the quality of the codes.
The embodiment of the application provides a possible implementation manner, and further, the method further comprises the following steps:
step S103 (not shown in the figure), pushing corresponding processing suggestion information according to the vulnerability classification result information.
Specifically, corresponding processing suggestion information can be respectively pushed according to different vulnerability classification result information.
For the embodiment of the application, corresponding processing suggestion information is respectively pushed according to different vulnerability classification result information, so that targeted processing of different vulnerability types is realized, and the vulnerability problem solving efficiency of corresponding vulnerability codes is improved.
The embodiment of the present application provides a possible implementation manner, specifically, step S103 includes:
step S1031 (not shown in the figure), if the vulnerability type of the vulnerability code is redundancy repetition vulnerability, pushing suggestion information for deleting the redundancy code and replacing the redundancy code by using the common code base code;
step S1032 (not shown in the figure), if the vulnerability type of the vulnerability code is false alarm vulnerability, pushing the suggestion information for adding the vulnerability code into the white list and modifying the code vulnerability detection rule;
in step S1033 (not shown in the figure), if the bug type of the bug code is a bug of the unnecessary code, advice information for deleting the unnecessary code is pushed.
For the embodiment of the application, if the vulnerability type of the vulnerability code is redundancy repeated vulnerability, the redundancy rate of the project code can be reduced by pushing the suggestion information for deleting the redundancy code and replacing the redundancy code by using the common code library code; if the vulnerability type of the vulnerability code is false alarm vulnerability, pushing suggested information for adding the vulnerability code into a white list and modifying a code vulnerability detection rule, so that the corresponding code to be detected is prevented from being detected as the vulnerability code; if the vulnerability type of the vulnerability code is the useless code vulnerability, pushing the suggested information for deleting the useless code, so that the space storage amount of the project code can be reduced.
For the embodiment of the application, corresponding suggested information is respectively pushed aiming at different vulnerability types, so that the efficiency of solving the vulnerability problem of the corresponding vulnerability code can be improved.
Fig. 2 is a vulnerability classification device based on vulnerability codes according to an embodiment of the present application, where the device 20 includes: an acquisition module 201 and an identification module 202;
an obtaining module 201, configured to obtain a vulnerability code to be classified and related information of the vulnerability code to be classified;
the identifying module 202 is configured to identify and analyze the vulnerability codes to be classified and related information obtained by the obtaining module based on the pre-trained neural network model, so as to obtain vulnerability classification result information of the vulnerability codes
Compared with the prior art that the vulnerability codes are classified in a manual mode, the vulnerability classification device based on the vulnerability codes, in the embodiment of the application, has the advantages that the vulnerability codes to be classified and the relevant information of the vulnerability codes to be classified are obtained, then the obtained vulnerability codes to be classified and the relevant information are identified and analyzed based on the pre-trained neural network model, so that the vulnerability classification result information of the vulnerability codes is obtained, namely, the vulnerability codes are classified based on the vulnerability codes and the relevant information thereof, the automatic classification of the vulnerability codes is realized, the classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is more, the classification of the vulnerability codes is not needed to be carried out by adding relevant staff, so that the labor cost of the vulnerability code classification is reduced.
The vulnerability classification device based on the vulnerability codes in this embodiment may execute the vulnerability classification method based on the vulnerability codes provided in the above embodiment of the present application, and its implementation principle is similar, and will not be described here again.
The embodiment of the present application provides another vulnerability classification device based on vulnerability codes, as shown in fig. 3, the device 30 of the present embodiment includes: an acquisition module 301 and an identification module 302;
the obtaining module 301 is configured to obtain a vulnerability code to be classified and related information of the vulnerability code to be classified;
wherein the acquisition module 301 in fig. 3 is the same as or similar to the function of the acquisition module 201 in fig. 2.
The identifying module 302 is configured to identify and analyze the vulnerability code to be classified and related information obtained by the obtaining module based on the pre-trained neural network model, so as to obtain vulnerability classification result information of the vulnerability code.
Wherein the identification module 302 in fig. 3 is the same as or similar to the function of the identification module 202 in fig. 2.
The present embodiments provide one possible implementation, and in particular,
the recognition module 302 includes a first determination unit 3021, a feature extraction unit 3022, and a classification unit 3023;
a first determining unit 3021, configured to determine an initial vector representation of the obtained vulnerability code and related information;
a feature extraction unit 3022, configured to perform feature extraction based on the initial vector representation determined by the first determination unit 3021 through a feature extraction network of the pre-trained neural network model, to obtain feature vector representations of the vulnerability code and related information;
the classification unit 3023 is configured to input the feature vector representation extracted by the feature extraction unit 3022 into a classification network of the pre-trained neural network to obtain vulnerability classification result information of the vulnerability code to be classified.
For the embodiment of the application, the initial vector representation of the vulnerability codes to be classified and the relevant information thereof is determined, the feature extraction is carried out based on the initial vector representation to obtain the feature vector representation, and then the vulnerability classification result information of the vulnerability codes to be classified is determined through the classification network of the pre-trained neural network model, so that the automatic classification of the vulnerability codes to be classified is realized, and the vulnerability classification efficiency of the vulnerability codes is improved.
Wherein, the relevant information of the vulnerability codes to be classified comprises at least one of the following: code repository information; project related information;
wherein the code repository information includes at least one of:
a code storage address; code version information;
the item-related information includes at least one of:
a file name; a file path; item name; group information; responsible person information.
For the embodiment of the application, the relevant information of the vulnerability codes to be classified comprises a plurality of pieces of information with different dimensionalities, so that a basis is provided for obtaining more semantic information of the vulnerability codes to be classified, and the accuracy of vulnerability classification of the vulnerability codes can be improved.
The vulnerability classification result information comprises vulnerability types of vulnerability codes, wherein the vulnerability types comprise at least one of the following:
redundant repeat holes; false alarm loopholes; useless code loopholes.
For the embodiment of the application, the types of the loopholes are various, and the refined classification of the loopholes provides a basis for carrying out corresponding processing on the loopholes in a follow-up targeted manner and improving the quality of the codes.
The embodiment of the application provides a possible implementation manner, and further, the device further comprises a pushing module 303;
and the pushing module 303 is configured to push corresponding processing suggestion information according to the vulnerability classification result information.
The embodiment of the present application provides a possible implementation manner, specifically, a pushing module 303, configured to push suggestion information for deleting a redundant code and replacing the redundant code with a common code library code if a vulnerability type of the vulnerability code is a redundancy repetition vulnerability;
and/or pushing suggested information for adding the bug code into the white list and modifying the code bug detection rule if the bug type of the bug code is false bug;
and/or pushing suggested information for deleting the useless code if the vulnerability type of the vulnerability code is the useless code vulnerability.
For the embodiment of the application, corresponding processing suggestion information is respectively pushed according to different vulnerability classification result information, so that targeted processing of different vulnerability types is realized, and the vulnerability problem solving efficiency of corresponding vulnerability codes is improved.
Compared with the prior art that the vulnerability codes are classified in a manual mode, the vulnerability classification device based on the vulnerability codes, in the embodiment of the application, has the advantages that the vulnerability codes to be classified and the relevant information of the vulnerability codes to be classified are obtained, then the obtained vulnerability codes to be classified and the relevant information are identified and analyzed based on the pre-trained neural network model, so that the vulnerability classification result information of the vulnerability codes is obtained, namely, the vulnerability codes are classified based on the vulnerability codes and the relevant information thereof, the automatic classification of the vulnerability codes is realized, the classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is more, the classification of the vulnerability codes is not needed to be carried out by adding relevant staff, so that the labor cost of the vulnerability code classification is reduced.
The vulnerability classification device based on the vulnerability codes in this embodiment may execute the vulnerability classification method based on the vulnerability codes provided in the above embodiment of the present application, and its implementation principle is similar, and will not be described here again.
The embodiment of the application provides an electronic device, as shown in fig. 4, an electronic device 40 shown in fig. 4 includes: a processor 4001 and a memory 4003. Wherein the processor 4001 is coupled to the memory 4003, such as via a bus 4002. Further, the electronic device 40 may also include a transceiver 4004. Note that, in practical applications, the transceiver 4004 is not limited to one, and the structure of the electronic device 400 is not limited to the embodiment of the present application.
The processor 4001 is applied in the embodiment of the present application, and is configured to implement the functions of the acquisition module and the identification module shown in fig. 2 or fig. 3, and to implement the function of the push module shown in fig. 3. The transceiver 4004 includes a receiver and a transmitter.
The processor 4001 may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various exemplary logic blocks, modules, and circuits described in connection with this disclosure. The processor 4001 may also be a combination that implements computing functionality, e.g., comprising one or more microprocessor combinations, a combination of a DSP and a microprocessor, etc.
Bus 4002 may include a path to transfer information between the aforementioned components. Bus 4002 may be a PCI bus or an EISA bus, or the like. The bus 4002 can be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in fig. 4, but not only one bus or one type of bus.
The memory 4003 may be, but is not limited to, ROM or other type of static storage device that can store static information and instructions, RAM or other type of dynamic storage device that can store information and instructions, EEPROM, CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 4003 is used for storing application program codes for executing the present application, and execution is controlled by the processor 4001. The processor 4001 is configured to execute application code stored in the memory 4003 to implement the functionality of the vulnerability classification apparatus based on vulnerability code provided by the embodiment shown in fig. 2 or fig. 3.
The embodiment of the application provides electronic equipment which is suitable for the embodiment of the method. And will not be described in detail herein.
Compared with the prior art that the vulnerability codes are classified in a manual mode, the embodiment of the application identifies and analyzes the obtained vulnerability codes to be classified and related information based on the pre-trained neural network model, so that vulnerability classification result information of the vulnerability codes is obtained, namely, the vulnerability codes are classified based on the vulnerability codes and related information thereof through the pre-trained neural network model, so that automatic classification of the vulnerability codes is realized, classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is more, the classification of the vulnerability codes is not needed to be carried out by related staff, so that labor cost of the vulnerability code classification is reduced.
The present embodiment provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method shown in the above embodiment.
Embodiments of the present application provide a computer readable storage medium,
compared with the prior art that the vulnerability codes are classified in a manual mode, the vulnerability classification method based on the vulnerability codes, provided by the embodiment of the application, has the advantages that the vulnerability codes to be classified and the relevant information of the vulnerability codes to be classified are obtained, then the obtained vulnerability codes to be classified and the relevant information are identified and analyzed based on the pre-trained neural network model, so that vulnerability classification result information of the vulnerability codes is obtained, namely, the vulnerability codes are classified based on the vulnerability codes and the relevant information thereof, automatic classification of the vulnerability codes is realized, the classification efficiency of the vulnerability codes is improved, and in addition, even if the number of the vulnerability codes is more, the classification of the vulnerability codes is not needed to be carried out by adding relevant staff, so that the labor cost of the vulnerability code classification is reduced.
The present application provides a computer readable storage medium suitable for use in the above method embodiments. And will not be described in detail herein.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
The foregoing is only a partial embodiment of the present application and it should be noted that, for a person skilled in the art, several improvements and modifications can be made without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (10)
1. A vulnerability classification method based on vulnerability codes, comprising:
acquiring a vulnerability code to be classified and related information of the vulnerability code to be classified, wherein the related information of the vulnerability code to be classified comprises at least one of the following: code repository information; project related information; wherein the code repository information includes at least one of: a code storage address; code version information; the item-related information includes at least one of: a file name; a file path; item name; group information; responsible person information;
identifying and analyzing the obtained vulnerability codes to be classified and the related information based on a pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes;
the identifying and analyzing the obtained vulnerability codes to be classified and the related information based on the pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes to be classified comprises the following steps:
determining the initial vector representation of the obtained vulnerability codes and the related information;
performing feature extraction based on the determined initial vector characterization through a feature extraction network of the pre-trained neural network model to obtain feature vector characterization of the vulnerability codes and the related information;
and inputting the feature vector representation to a classification network of the pre-trained neural network to obtain vulnerability classification result information of the vulnerability codes to be classified.
2. The method of claim 1, wherein the vulnerability classification result information comprises a vulnerability type of the vulnerability code, the vulnerability type comprising at least one of:
redundant repeat holes; false alarm loopholes; useless code loopholes.
3. The method according to any one of claims 1-2, further comprising:
and pushing corresponding processing suggestion information according to the vulnerability classification result information.
4. The method of claim 3, wherein pushing corresponding processing suggestion information according to the vulnerability classification result information comprises:
if the vulnerability type of the vulnerability code is redundancy repeated vulnerability, pushing suggestion information for deleting the redundancy code and replacing the redundancy code by using a public code library code;
if the vulnerability type of the vulnerability code is false alarm vulnerability, pushing suggested information for adding the vulnerability code into a white list and modifying a code vulnerability detection rule;
if the vulnerability type of the vulnerability code is the useless code vulnerability, pushing the suggested information for deleting the useless code.
5. A vulnerability classification device based on vulnerability codes, comprising:
the system comprises an acquisition module, a classification module and a classification module, wherein the acquisition module is used for acquiring a to-be-classified vulnerability code and related information of the to-be-classified vulnerability code, and the related information of the to-be-classified vulnerability code comprises at least one of the following items: code repository information; project related information; wherein the code repository information includes at least one of: a code storage address; code version information; the item-related information includes at least one of: a file name; a file path; item name; group information; responsible person information;
the identifying module is used for identifying and analyzing the vulnerability codes to be classified and the related information acquired by the acquiring module based on a pre-trained neural network model to obtain vulnerability classification result information of the vulnerability codes, and comprises a first determining unit, a feature extracting unit and a classifying unit;
the first determining unit is used for determining the initial vector representation of the obtained vulnerability codes and the related information;
the feature extraction unit is used for carrying out feature extraction on the basis of the initial vector characterization determined by the first determination unit through a feature extraction network of the pre-trained neural network model to obtain feature vector characterizations of the vulnerability codes and the related information;
the classifying unit is used for inputting the feature vector representation extracted by the feature extracting unit into the classifying network of the pre-trained neural network to obtain vulnerability classifying result information of the vulnerability codes to be classified.
6. The apparatus of claim 5, wherein the vulnerability classification result information comprises a vulnerability type of the vulnerability code, the vulnerability type comprising at least one of:
redundant repeat holes; false alarm loopholes; useless code loopholes.
7. The apparatus of any one of claims 5-6, further comprising a push module;
and the pushing module is used for pushing corresponding processing suggestion information according to the vulnerability classification result information.
8. The apparatus of claim 7, wherein the pushing module is configured to push suggestion information for deleting the redundant code and replacing with the common code base code if the vulnerability type of the vulnerability code is a redundant duplicate vulnerability;
and/or pushing suggested information for adding the vulnerability code into a white list and modifying a code vulnerability detection rule if the vulnerability type of the vulnerability code is false alarm vulnerability;
and/or pushing suggested information for deleting the useless code if the vulnerability type of the vulnerability code is the useless code vulnerability.
9. An electronic device, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more applications configured to: a vulnerability classification method based on vulnerability codes according to any one of claims 1 to 4 is performed.
10. A computer readable storage medium storing computer instructions which, when run on a computer, cause the computer to perform the vulnerability classification method of any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811550878.7A CN111338692B (en) | 2018-12-18 | 2018-12-18 | Vulnerability classification method and device based on vulnerability codes and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811550878.7A CN111338692B (en) | 2018-12-18 | 2018-12-18 | Vulnerability classification method and device based on vulnerability codes and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111338692A CN111338692A (en) | 2020-06-26 |
| CN111338692B true CN111338692B (en) | 2024-04-16 |
Family
ID=71181417
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811550878.7A Active CN111338692B (en) | 2018-12-18 | 2018-12-18 | Vulnerability classification method and device based on vulnerability codes and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111338692B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112115476B (en) * | 2020-08-06 | 2023-10-24 | 扬州大学 | Automatic vulnerability classification method, system and computer equipment based on LSTM |
| CN111967021B (en) * | 2020-08-27 | 2022-06-03 | 山东英信计算机技术有限公司 | Vulnerability processing method, device and equipment and computer readable storage medium |
| CN112733137B (en) * | 2020-12-24 | 2021-11-16 | 哈尔滨工业大学 | Binary code similarity analysis method for vulnerability detection |
| CN112988447B (en) * | 2021-05-20 | 2021-08-20 | 全时云商务服务股份有限公司 | Method, system and readable storage medium for automatically correcting vulnerability information |
| CN113343248A (en) * | 2021-07-19 | 2021-09-03 | 北京有竹居网络技术有限公司 | Vulnerability identification method, device, equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017181286A1 (en) * | 2016-04-22 | 2017-10-26 | Lin Tan | Method for determining defects and vulnerabilities in software code |
| CN107885999A (en) * | 2017-11-08 | 2018-04-06 | 华中科技大学 | A kind of leak detection method and system based on deep learning |
| CN108376220A (en) * | 2018-02-01 | 2018-08-07 | 东巽科技(北京)有限公司 | A kind of malice sample program sorting technique and system based on deep learning |
| CN108509958A (en) * | 2018-03-30 | 2018-09-07 | 北京金山安全软件有限公司 | Defect type detection method, defect type detection device, electronic equipment and medium |
| CN108549817A (en) * | 2018-04-19 | 2018-09-18 | 北京理工大学 | A kind of software security flaw prediction technique based on text deep learning |
| CN108763928A (en) * | 2018-05-03 | 2018-11-06 | 北京邮电大学 | A kind of open source software leak analysis method, apparatus and storage medium |
| CN108763931A (en) * | 2018-05-28 | 2018-11-06 | 上海交通大学 | Leak detection method based on Bi-LSTM and text similarity |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11074494B2 (en) * | 2016-09-09 | 2021-07-27 | Cylance Inc. | Machine learning model for analysis of instruction sequences |
| US11288592B2 (en) * | 2017-03-24 | 2022-03-29 | Microsoft Technology Licensing, Llc | Bug categorization and team boundary inference via automated bug detection |
| US10685284B2 (en) * | 2017-04-03 | 2020-06-16 | Royal Bank Of Canada | Systems and methods for malicious code detection |
-
2018
- 2018-12-18 CN CN201811550878.7A patent/CN111338692B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2017181286A1 (en) * | 2016-04-22 | 2017-10-26 | Lin Tan | Method for determining defects and vulnerabilities in software code |
| CN107885999A (en) * | 2017-11-08 | 2018-04-06 | 华中科技大学 | A kind of leak detection method and system based on deep learning |
| CN108376220A (en) * | 2018-02-01 | 2018-08-07 | 东巽科技(北京)有限公司 | A kind of malice sample program sorting technique and system based on deep learning |
| CN108509958A (en) * | 2018-03-30 | 2018-09-07 | 北京金山安全软件有限公司 | Defect type detection method, defect type detection device, electronic equipment and medium |
| CN108549817A (en) * | 2018-04-19 | 2018-09-18 | 北京理工大学 | A kind of software security flaw prediction technique based on text deep learning |
| CN108763928A (en) * | 2018-05-03 | 2018-11-06 | 北京邮电大学 | A kind of open source software leak analysis method, apparatus and storage medium |
| CN108763931A (en) * | 2018-05-28 | 2018-11-06 | 上海交通大学 | Leak detection method based on Bi-LSTM and text similarity |
Non-Patent Citations (5)
| Title |
|---|
| 2018 IEEE International Conference on Software Quality, Reliability and Security (QRS);Xian Zhang等;《Cross-Entropy: A New Metric for Software Defect Prediction》;20180806;111-122 * |
| 人工智能技术在安全漏洞领域的应用;孙鸿宇等;《通信学报》;20180831(第08期);1-17 * |
| 基于IPV6的入侵检测系统的研究与实现;李楠;《中国优秀硕士学位论文全文数据库(信息科技 辑)》;20060815(第08期);I139-95 * |
| 无线传感器网络漏洞扫描系统研究与实现;郭敏洁;《中国优秀硕士学位论文全文数据库(信息科技辑)》;20180415(第04期);I140-233 * |
| 软件源代码安全分析研究;张立勇;《中国优秀博士学位论文全文数据库(信息科技辑)》;20111215(第12期);I138-11 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111338692A (en) | 2020-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111338692B (en) | Vulnerability classification method and device based on vulnerability codes and electronic equipment | |
| CN106778241B (en) | Malicious file identification method and device | |
| CN109978060B (en) | Training method and device of natural language element extraction model | |
| US10839308B2 (en) | Categorizing log records at run-time | |
| CN110474900B (en) | Game protocol testing method and device | |
| CN109783346B (en) | Keyword-driven automatic testing method and device and terminal equipment | |
| CN111753290B (en) | Software type detection method and related equipment | |
| CN111783812B (en) | Forbidden image recognition method, forbidden image recognition device and computer readable storage medium | |
| CN111160959A (en) | User click conversion estimation method and device | |
| CN112131249A (en) | Attack intention identification method and device | |
| CN114691196A (en) | Code defect detection method and device for dynamic language and electronic equipment | |
| CN113723467A (en) | Sample collection method, device and equipment for defect detection | |
| CN105164672A (en) | Content classification | |
| CN111767390A (en) | Skill word evaluation method and device, electronic equipment and computer readable medium | |
| CN111190973A (en) | Method, device, equipment and storage medium for classifying statement forms | |
| CN113778864A (en) | Test case generation method and device, electronic equipment and storage medium | |
| CN112116018A (en) | Sample classification method, apparatus, computer device, medium, and program product | |
| US10705810B2 (en) | Automatic code generation | |
| CN116541528A (en) | Labeling method and system for recruitment field knowledge graph construction | |
| CN114884686B (en) | PHP threat identification method and device | |
| CN114254588B (en) | Data tag processing method and device | |
| CN114139636B (en) | Abnormal operation processing method and device | |
| CN113836297A (en) | Training method and device for text emotion analysis model | |
| CN115349129A (en) | Generating performance predictions with uncertainty intervals | |
| US20220358400A1 (en) | Probing Model Signal Awareness |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |