CN114168963A - Repeated vulnerability searching method and device - Google Patents
Repeated vulnerability searching method and device Download PDFInfo
- Publication number
- CN114168963A CN114168963A CN202111361415.8A CN202111361415A CN114168963A CN 114168963 A CN114168963 A CN 114168963A CN 202111361415 A CN202111361415 A CN 202111361415A CN 114168963 A CN114168963 A CN 114168963A
- Authority
- CN
- China
- Prior art keywords
- vulnerability
- information
- sample
- classified
- category
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 230000011218 segmentation Effects 0.000 claims description 97
- 238000012545 processing Methods 0.000 claims description 60
- 230000008030 elimination Effects 0.000 claims description 4
- 238000003379 elimination reaction Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 description 17
- 238000012360 testing method Methods 0.000 description 12
- 239000013598 vector Substances 0.000 description 12
- 230000007717 exclusion Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 10
- 238000004590 computer program Methods 0.000 description 9
- 241000282693 Cercopithecidae Species 0.000 description 8
- 230000018109 developmental process Effects 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 6
- 230000019771 cognition Effects 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000002996 emotional effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003058 natural language processing Methods 0.000 description 2
- 238000012038 vulnerability analysis Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000003062 neural network model Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/35—Clustering; Classification
- G06F16/353—Clustering; Classification into predefined classes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a repeated vulnerability searching method and a repeated vulnerability searching device, relates to the technical field of computers, and mainly aims to improve vulnerability duplicate searching efficiency and accuracy; the main technical scheme comprises: determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified; selecting target sample information matched with the vulnerability information from sample information corresponding to the vulnerability categories, wherein each vulnerability category corresponds to at least one sample information, and one sample information corresponds to one sample vulnerability; and determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a repeated vulnerability searching method and device.
Background
In the development process of application software or operating system software, a defect in the logic design or an error generated during programming is a vulnerability. The existence of a vulnerability may result in an attacker being able to access or destroy the system without authorization. In order to reduce the possibility of malicious attack, the vulnerability needs to be detected in the design stage of application software or operating system software, and the detected vulnerability needs to be eliminated. Repeated vulnerabilities may be processed using the same or similar vulnerability exclusion methods, thus requiring determination of repeated vulnerabilities.
At present, the method for determining the repeated vulnerability generally comprises the following steps: judging whether the root cause of the vulnerability being processed is the same as the root cause of the vulnerability processed before or not by depending on the subjective cognition of the engineer, and if the root cause of the vulnerability being processed is consistent, determining the vulnerability being processed as a repeated vulnerability if no other vulnerability analysis is carried out. The method for determining the repeated vulnerabilities completely depends on individual subjective judgment of engineers, so that misjudgment is easy to occur, on one hand, the new vulnerabilities are treated as the repeated vulnerabilities, the new vulnerabilities exist in a software development project all the time, on the other hand, the repeated vulnerabilities cannot be identified, the originally repeated vulnerabilities are analyzed again in a time consuming mode, and the labor cost is increased.
Therefore, the method for searching for the repeated loopholes by relying on subjective cognition of engineers is low in efficiency and accuracy.
Disclosure of Invention
In view of this, the invention provides a repeated vulnerability searching method and a repeated vulnerability searching device, and mainly aims to improve the efficiency and accuracy of vulnerability duplication checking.
In order to achieve the above purpose, the present invention mainly provides the following technical solutions:
in a first aspect, the present invention provides a method for searching for a repeated vulnerability, the method including:
determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified;
selecting target sample information matched with the vulnerability information from sample information corresponding to the vulnerability categories, wherein each vulnerability category corresponds to at least one sample information, and one sample information corresponds to one sample vulnerability;
and determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
In a second aspect, the present invention provides a device for searching for a repeat vulnerability, which includes:
the first determining unit is used for determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified;
the selecting unit is used for selecting target sample information matched with the vulnerability information from the sample information corresponding to the vulnerability categories, wherein each vulnerability category corresponds to at least one sample information, and one sample information corresponds to one sample vulnerability;
and the second determining unit is used for determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
In a third aspect, the present invention provides a computer-readable storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus on which the storage medium is located is controlled to execute the method for searching for a duplicate vulnerability according to the first aspect.
In a fourth aspect, the present invention provides a storage management apparatus, including:
a memory for storing a program;
a processor, coupled to the memory, for executing the program to perform the duplicate vulnerability discovery method of the first aspect.
By means of the technical scheme, when the vulnerability to be classified exists, the vulnerability category of the vulnerability to be classified is determined based on the vulnerability information of the vulnerability to be classified. And then selecting target sample information matched with the vulnerability information of the vulnerability to be classified from the sample information corresponding to the vulnerability category, and finally determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability. Therefore, when the vulnerability to be classified is determined to be a repeated vulnerability, manual intervention is not needed, and the vulnerability can be determined only by matching the vulnerability information of the vulnerability to be classified with the sample information corresponding to the sample vulnerability under the vulnerability category, so that the situation that the repeated vulnerability cannot be identified and the new vulnerability is treated as the repeated vulnerability due to manual misjudgment can be avoided, and the accuracy of vulnerability duplication checking can be improved. In addition, when the target sample information is determined, the target sample information is only selected from the sample information under the vulnerability category corresponding to the vulnerability to be classified, the vulnerability category limits the range of the target sample information, and the selected computation amount is reduced, so that the vulnerability duplicate checking efficiency can be improved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 shows a flowchart of a method for searching for a duplicate vulnerability according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a method for searching for a duplicate vulnerability according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram illustrating a repeated vulnerability discovery apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram illustrating a repeat vulnerability discovery apparatus according to another embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
A bug, i.e., a bug, refers to a bug in the logic design or an error in programming of application software or operating system software, which may cause an attacker to gain access to or damage the system without authorization. In order to reduce the possibility of malicious attack, the vulnerability needs to be detected in the design stage of application software or operating system software, and the detected vulnerability needs to be eliminated.
Repeated vulnerabilities may be processed by the same or similar vulnerability removal methods, and therefore, to improve vulnerability removal efficiency, the repeated vulnerabilities need to be determined when vulnerability removal is performed. At present, a method for searching for a repeated vulnerability generally comprises the following steps: judging whether the root cause of the vulnerability being processed is the same as the root cause of the vulnerability processed before or not by depending on the subjective cognition of the engineer, and if the root cause of the vulnerability being processed is consistent, determining the vulnerability being processed as a repeated vulnerability if no other vulnerability analysis is carried out. The above method for determining the repeat vulnerability has at least the following two defects: one is that the personal experience of an engineer is limited, the situation of misjudgment is easy to occur depending on the personal subjective judgment of the engineer, and a new vulnerability is treated as a repeated vulnerability, so that the new vulnerability always exists in a software development project. Alternatively, if the engineer does not know that the same bug exists in the software development project based on his own subjective judgment of the perceived or processed bugs, the original repeated bugs will again consume time to analyze, so that the software development project adds ineffective labor cost.
Therefore, the method for determining the repeated loopholes by relying on the subjective cognition of engineers is low in efficiency and accuracy, and in order to improve the efficiency and accuracy of loophole duplicate checking, the embodiment of the invention provides the repeated loophole searching method and the repeated loophole searching device, so that the efficiency of loophole duplicate checking is improved, and meanwhile, the accuracy of loophole duplicate checking is improved. The following describes a method and an apparatus for searching for a duplicate vulnerability according to an embodiment of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a method for searching for a repeat vulnerability, where the method mainly includes:
101. and determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified.
The to-be-classified bugs are to-be-bug-classified bugs, in order to improve the bug-classified bug-to-bug-exclusion efficiency, whether bugs identical to the to-be-classified bugs exist in the to-be-classified bugs needs to be searched, and the two identical bugs are repeated bugs. The vulnerability exclusion methods related to the repeated vulnerabilities are the same, so that when the repeated vulnerabilities are faced, the vulnerability exclusion method does not need to be redesigned, and the vulnerability exclusion operation can be directly carried out by using the used vulnerability exclusion method, so that the vulnerability exclusion efficiency can be improved.
After determining the vulnerability to be classified, vulnerability information of the vulnerability to be classified needs to be acquired, wherein the vulnerability information is information describing the specific situation of the vulnerability to be classified. And when the vulnerability information is acquired, the vulnerability can be crawled from the vulnerability to be classified through a web crawler. The specific content included in the vulnerability information may be determined based on the specific service requirement, and this embodiment is not specifically limited.
Illustratively, the vulnerability information includes one or more of the following: vulnerability profiles, vulnerability descriptions, and vulnerability annotations. The vulnerability summary, namely summary, is used for describing category information of the corresponding vulnerability. And the vulnerability description, namely the description, is used for describing specific contents in the software development project to which the corresponding vulnerability belongs, such as which steps of which specific module unit in the software development project the vulnerability relates to. And vulnerability annotations, namely comments, which are manually annotated and evaluated by engineers aiming at the vulnerability.
After vulnerability information of the vulnerability to be classified is obtained, vulnerability categories of the vulnerability to be classified need to be determined, and the vulnerability categories are used as a basis for searching repeated vulnerabilities. A specific process for determining vulnerability categories of vulnerabilities to be classified based on vulnerability information of vulnerabilities to be classified is described below, and the process includes the following steps one to two:
step one, performing word segmentation processing on vulnerability information of a vulnerability to be classified.
The vulnerability information can represent the category of the vulnerability to be classified, so that the vulnerability information can be used as a basis for determining the vulnerability category of the vulnerability to be classified.
When the vulnerability information of the vulnerability to be classified is subjected to word segmentation processing, firstly, the vulnerability information needs to be processed in the following aspects: first, punctuation and arabic numbers in the vulnerability information, e.g., <,. "123", and the like. Secondly, for the vulnerability information with English, words of verbs in English description, which change according to different names or tenses, are converted into verb original forms, for example, "attaching" and "attached" can be divided into words belonging to the same type and are all converted into original forms "attaching". Third, stop words are filtered, which refer to words that frequently appear in the text and do not contribute much or even contribute nothing to the content or classification category of the text information, such as prepositions, articles, auxiliary words, emotional verbs, pronouns, conjunctions, and the like. For example, all of the words "g", "n", and "d" are stop words. After the vulnerability information is processed, the processed vulnerability information can be segmented by using the following two tools: first, the bug information is segmented using NLTK (Natural Language processing kit) tool. The second method is to perform word segmentation on the vulnerability information in a mode of matching the vulnerability information with a word segmentation library, wherein the specific type of the word segmentation library can be determined based on business requirements, and the embodiment is not specifically limited, and optionally, the word segmentation library is a jieba word segmentation library.
Illustratively, the vulnerability summary of the vulnerability to be classified "test machine reboots. "perform word segmentation processing. Punctuation symbols are removed first ". And as the vulnerability summary has no stop words and verbs which need to be converted into original shapes, the jueba word segmentation library is used for directly segmenting the 'restart of the test machine', and the segmentation result is 'test machine, occurrence and restart'.
It should be noted that the vulnerability information used for determining the vulnerability category of the vulnerability to be classified may be one or more of vulnerability summary, vulnerability description and vulnerability annotation. Optionally, in order to reduce the calculation amount for determining the vulnerability category of the vulnerability to be classified, only the vulnerability summary is selected for the vulnerability information, because the vulnerability summary describes the category information of the corresponding vulnerability.
And step two, inputting the word segmentation processing result of the vulnerability information into a vulnerability class identification model to obtain the vulnerability class of the vulnerability to be classified.
The vulnerability category identification model is a model which is trained in advance and used for identifying vulnerability categories. The vulnerability category identification model takes the word segmentation processing result of vulnerability information as input and takes the vulnerability category as output. Optionally, the vulnerability category identification model is a neural network model or a clustering model.
And after the word segmentation processing result of the vulnerability information is obtained, the word segmentation processing result of the vulnerability information is used as input and is input into the vulnerability category identification model. And then the vulnerability category identification model identifies and processes the word segmentation processing result, and the output vulnerability category after processing is the vulnerability category of the vulnerability to be classified.
Illustratively, the word segmentation result of the vulnerability summary of the vulnerability to be classified is 'test machine, occurrence and restart', the word segmentation result is input into the clustering model, and after the word segmentation result is identified by the clustering model, the vulnerability category of the vulnerability to be classified is output as restart.
102. And selecting target sample information matched with the vulnerability information from the sample information corresponding to the vulnerability category.
In order to improve the efficiency of bug duplicate checking and reduce the calculation amount of bug duplicate checking, a plurality of bug categories need to be set, each bug category corresponds to at least one sample information, and one sample information corresponds to one sample bug. How to set vulnerability categories and sample information under each vulnerability category is described below, and the process of setting vulnerability categories and sample information under each vulnerability category may include the following steps one to four:
step one, performing word segmentation processing on vulnerability information of each sample vulnerability in a vulnerability library.
The vulnerability database is a database deployed on a bug server, and comprises a large number of sample vulnerabilities, vulnerability elimination methods of the sample vulnerabilities are determined, and vulnerabilities repeated with the vulnerability database can be directly eliminated by corresponding vulnerability methods. After the vulnerability library is determined, the key field content of each sample vulnerability can be crawled from the bug server by using a web crawler, and the key field content is vulnerability information. Optionally, the vulnerability information may be one or more of a vulnerability summary, a vulnerability description and a vulnerability annotation.
The following explains the process of performing word segmentation processing on the vulnerability information of each sample vulnerability in the vulnerability database: firstly, the vulnerability information needs to be processed in the following aspects: first, punctuation and arabic numbers in the vulnerability information, e.g., <,. "123", and the like. Secondly, for the vulnerability information with English, words of verbs in English description, which change according to different names or tenses, are converted into verb original forms, for example, "attaching" and "attached" can be divided into words belonging to the same type and are all converted into original forms "attaching". Third, stop words are filtered, which refer to words that frequently appear in the text and do not contribute much or even contribute nothing to the content or classification category of the text information, such as prepositions, articles, auxiliary words, emotional verbs, pronouns, conjunctions, and the like. For example, all of the words "g", "n", and "d" are stop words. Then, after the vulnerability information is processed, the processed vulnerability information can be segmented by using the following two tools: first, the bug information is segmented using NLTK (Natural Language processing kit) tool. And secondly, performing word segmentation on the vulnerability information in a mode of matching the vulnerability information with a word segmentation library, wherein the specific type of the word segmentation library can be determined based on service requirements, the embodiment is not specifically limited, and optionally, the word segmentation library is a jieba word segmentation library.
Illustratively, the vulnerability information 1 of the sample vulnerability 1 "crash occurs in the tester" is subjected to word segmentation processing as follows: testing machine, generation and crash; the vulnerability information 2 of the sample vulnerability 2, namely the test machine is restarted, is subjected to word segmentation treatment as follows: testing machine, generating and restarting; the vulnerability information 3 "tester occurrence anr" of the sample vulnerability 3 is subjected to word segmentation processing as follows: tester, generator, anr; the word segmentation processing of the vulnerability information 4 'monkey screen fixing' of the sample vulnerability 4 is as follows: monkey and screen fixing.
It should be noted that, in order to expand the number of sample vulnerabilities in the vulnerability library, after vulnerability removal is performed on vulnerabilities to be classified, the vulnerabilities to be classified are added to the vulnerability library as sample vulnerabilities. When the setting of the vulnerability category needs to be updated again, the updated vulnerability database can be used for setting the vulnerability category, so that the accuracy and the comprehensiveness of the vulnerability category setting are continuously improved.
And step two, inputting the word segmentation processing result of the vulnerability information of each sample vulnerability into a vulnerability class clustering model for clustering.
The clustering model is used for vulnerability category clustering identification, the word segmentation processing result of the vulnerability information is used as input, the word segmentation processing result of the vulnerability information of the acquired sample vulnerability is classified, and the vulnerability category is used as output. The specific type of the clustering model is not specifically limited in this embodiment, and may be determined based on the service requirement, and optionally, the clustering model is an unsupervised clustering model.
The following describes a process of inputting the word segmentation processing result of the vulnerability information of each sample vulnerability into the vulnerability classification clustering model for clustering: firstly, after word segmentation processing is performed on vulnerability information of each sample vulnerability in a vulnerability database, word segmentation results of the sample vulnerabilities are arranged into a word segmentation list, such as a keyword list. The word segmentation list records keywords extracted from each word segmentation result and which sample vulnerability each keyword appears from. Secondly, calculating the TF-IDF value of each keyword in the word segmentation list by using a TF-IDF (erm frequency-inverse document frequency) algorithm. And finally, calculating respective vectors of all sample vulnerabilities according to respective TF-IDF values of all key words in the word segmentation list, and inputting the obtained vectors into a vulnerability category clustering model for clustering.
Exemplarily, the word segmentation processing is performed on the vulnerability information 1 of the sample vulnerability 1 as follows: testing machine, generation and crash; the word segmentation processing is carried out on the vulnerability information 2 of the sample vulnerability 2 as follows: testing machine, generating and restarting; the word segmentation processing is carried out on the vulnerability information 3 of the sample vulnerability 3 as follows: tester, generator, anr; the word segmentation processing is carried out on the vulnerability information 4 of the sample vulnerability 4 as follows: monkey and screen fixing. And forming a word segmentation list based on the word segmentation result of the vulnerability information of the sample vulnerabilities, wherein the word segmentation list comprises related key words and a description of which sample vulnerability the keyword appears in. The participle list comprises the following keywords of ' tester, occurrence, crash, restart, anr, fixed screen, monkey ' and the provenance situation of each keyword ' the tester appears in sample vulnerability 1, sample vulnerability 2 and sample vulnerability 3; occurs in sample vulnerability 1, sample vulnerability 2 and sample vulnerability 3; crash appears in a sample vulnerability 1, and restart appears in a sample vulnerability 2; anr occur in sample leak 3; screen fixing occurs in sample hole 4. monkey appears in sample hole 4 ". Then, calculating the TF-IDF value of each keyword in the word segmentation list by using a TF-IDF algorithm, and taking the TF-IDF value of the keyword "test machine" as an example to explain the process of calculating the TF-IDF value of the keyword: the TF value of the tester is 3/(3+3+3+2), wherein 3 in the numerator means that the tester appears 3 times in the segmentation results of the vulnerability information 1 to the vulnerability information 4, and 3, 3 and 2 in the denominator respectively mean the number of the segmentation results of the vulnerability information 1 to the vulnerability information 4. The IDF value of the "tester" is lg (4/3), where 4 refers to the total number of sample bugs, and 3 refers to the word "tester" appearing in the three participle results of bug information 1 to bug information 3. The product of the TF value and the IDF value of the "tester" is then determined as the TF-IDF value of the "tester". And calculating respective vectors of the sample vulnerabilities according to respective TF-IDF values of the keywords in the participle list, wherein the vector of the sample vulnerability 1 is a TF-IDF value of a [ tester ], "occurrence" TF-IDF value, a "crash", "0, 0, 0], and the filling is 0 because the 'restart' and the 'screen fixing' and the 'anr' and the 'monkey' do not appear in the participle result of the vulnerability information 1 of the sample vulnerability 1. Similarly, the vector for sample hole 2 is [ TF-IDF value for "tester", "TF-IDF value for" occurrence "," 0 "," TF-IDF value for "restart", "0, 0, 0], the vector for sample hole 3 is [ TF-IDF value for" tester "," TF-IDF value for "occurrence", "0, 0", "anr", "TF-IDF value for" occurrence "," 0, 0 ", and the vector for sample hole 4 is [0, 0, 0, 0, 0, 0", "screen-in", "monkey" TF-IDF value ]. And finally, inputting the vector of each sample vulnerability into a vulnerability category clustering model for clustering.
And step three, determining a plurality of vulnerability categories and determining sample vulnerabilities corresponding to each vulnerability category based on the clustering result of the clustering model.
And classifying the word segmentation processing result of the acquired vulnerability information of the sample vulnerability by the clustering model, wherein the clustering result obtained after classification comprises classification categories and the sample vulnerability related under each classification category. And after the clustering result is obtained, determining each classification category as a vulnerability category, and determining the sample vulnerability under each classification category as the sample vulnerability under the corresponding vulnerability category.
Illustratively, the clustering result of the clustering model is: the classification categories comprise an application problem, a restart problem and an anr problem, wherein the application problem corresponds to sample vulnerabilities 1-3, the restart problem corresponds to sample vulnerabilities 4-9 and the anr problem corresponds to sample vulnerabilities 10-16. Setting the vulnerability category as an application problem category, a restart problem category and an anr problem category, wherein the application problem category corresponds to sample vulnerabilities 1-3, the restart problem category corresponds to sample vulnerabilities 4-9 and the anr problem category corresponds to sample vulnerabilities 10-16.
And step four, setting sample information corresponding to each sample vulnerability according to the word segmentation processing result of the vulnerability information of each sample vulnerability.
The sample loopholes are loopholes which are already subjected to loophole removal, and loopholes which are repeated can be subjected to loophole removal by using the same loophole removal method, so that sample information corresponding to each sample loophole can be set according to the word segmentation processing result of the loophole information of each sample loophole, so that repeated loopholes can be searched according to the sample information, and the setting process of the sample information can be described as follows:
executing for each sample vulnerability: extracting target information from the word segmentation processing result of the vulnerability information of the sample vulnerability, and setting the target information as the sample information of the sample vulnerability. The target information comprises the following information: firstly, extracting a word segmentation processing result of at least one of vulnerability summary, vulnerability description and vulnerability annotation related to vulnerability information as target information. And secondly, extracting word segmentation processing results of vulnerability descriptions and vulnerability annotations related to vulnerability information as target information.
Exemplarily, the word segmentation processing is performed on the vulnerability information 1 of the sample vulnerability 1 as follows: testing machine, generation and crash; the word segmentation processing is carried out on the vulnerability information 2 of the sample vulnerability 2 as follows: testing machine, generating and restarting; the word segmentation processing is carried out on the vulnerability information 3 of the sample vulnerability 3 as follows: tester, generator, anr; the word segmentation processing is carried out on the vulnerability information 4 of the sample vulnerability 4 as follows: monkey and screen fixing. The word segmentation processing results are all word segmentation processing results with the vulnerability summary, the target information of the sample vulnerability corresponding to each word segmentation result is selected from all the word segmentation results, and the target information is set as the sample information of the sample vulnerability corresponding to each word segmentation result.
After the vulnerability category of the vulnerability to be classified is determined, selecting target sample information matched with the vulnerability information of the vulnerability to be classified from sample information corresponding to the vulnerability category, wherein the selection process comprises the following steps from one step to the second step:
step one, determining similarity between vulnerability information of a vulnerability to be classified and sample information of corresponding vulnerability categories.
Specifically, word segmentation processing is performed on the vulnerability information of the vulnerability to be classified, and the word segmentation processing process is basically the same as the word segmentation processing process mentioned in step 101, and will not be described herein again. After word segmentation processing, word segmentation results of the vulnerability to be classified and words related to each sample information are arranged into a word segmentation list. The word segmentation list records keywords extracted from the word segmentation result and each sample information, and where each keyword appears, for example, the keyword appears in the word segmentation result and the sample information of the vulnerability to be classified, and if the keyword appears in the sample information, which sample information is required to be recorded. Secondly, calculating the TF-IDF value of each keyword in the word segmentation list by using a TF-IDF (erm frequency-inverse document frequency) algorithm. And finally, calculating a vector of the sample vulnerability corresponding to each sample information and a vector of the vulnerability to be classified according to the respective TF-IDF value of each keyword in the word segmentation list. And finally, determining a similarity value between the vector of the vulnerability to be classified and the vector of each sample vulnerability, wherein the calculation method of the similarity value can be any one of the following methods: euclidean distance algorithm, Pearson correlation coefficient algorithm and cosine similarity algorithm.
And step two, if the number of the maximum similarity is 1 and the maximum similarity is greater than the similarity threshold, selecting the sample information corresponding to the maximum similarity as the target sample information.
The greater the similarity between the vulnerability information of the vulnerability to be classified and the sample information, the higher the probability that the vulnerability to be classified and the sample vulnerability corresponding to the sample information are repeated vulnerabilities. Therefore, the sample information corresponding to the maximum similarity can be selected as the target sample information matched with the vulnerability information of the vulnerability to be classified, so that the vulnerability to be classified and the sample vulnerability corresponding to the target sample information are determined to be the repeated vulnerability.
In practical application, the following two factors need to be considered for selecting the target sample information:
first, the magnitude of the maximum similarity.
Specifically, if the similarity between the vulnerability information of the vulnerability to be classified and the sample information is not large, in this case, the probability that the sample vulnerability corresponding to the sample information with the maximum similarity and the vulnerability to be classified are repeated vulnerabilities is also low. In order to avoid the above situation, a similarity threshold needs to be set, where the similarity threshold is used to limit the probability that the sample vulnerability and the vulnerability to be classified are repeated vulnerabilities, and when the similarity of the sample vulnerability is greater than the similarity threshold, the probability that the sample vulnerability and the vulnerability to be classified are repeated vulnerabilities is greater, otherwise, when the similarity of the sample vulnerability is not greater than the similarity threshold, the probability that the sample vulnerability and the vulnerability to be classified are repeated vulnerabilities is smaller.
Second, the number of maximum similarities.
Under the condition that the number of the maximum similarities is 1, the probability that only one sample vulnerability and the vulnerability to be classified are repeated vulnerabilities is high, and the probability that the sample vulnerability corresponding to the sample information with the maximum similarities and the vulnerability to be classified are repeated vulnerabilities is high. And under the condition that the maximum similarity is more than 1, the probability that the sample vulnerabilities and the vulnerabilities to be classified are repeated vulnerabilities is high, and if the probability that the sample vulnerabilities and the vulnerabilities to be classified are abnormal, a classification prompt aiming at the vulnerabilities to be classified is sent out, so that an engineer carries out manual intervention according to the classification prompt.
And combining the two factors, if the number of the maximum similarities is 1 after the maximum similarities are determined, and the maximum similarities are greater than the similarity threshold, the probability that the sample vulnerability corresponding to the maximum similarities and the vulnerability to be classified are repeated vulnerabilities is higher, and the sample information corresponding to the maximum similarities is selected as the target sample information. And if the number of the maximum similarities is greater than 1 or the maximum similarities are not greater than the similarity threshold value, sending out a classification prompt aiming at the vulnerability to be classified. And under the condition that the maximum similarity is not greater than the similarity threshold, indicating that no sample vulnerability repeated with the vulnerability to be classified exists, sending a classification prompt aiming at the vulnerability to be classified so that an engineer performs manual intervention according to the classification prompt. And under the condition that the maximum similarity is more than 1, the probability that the sample vulnerabilities and the vulnerabilities to be classified are repeated vulnerabilities is high, and if the probability that the sample vulnerabilities and the vulnerabilities to be classified are abnormal, a classification prompt aiming at the vulnerabilities to be classified is sent out, so that an engineer carries out manual intervention according to the classification prompt.
103. And determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
And determining that the sample loopholes corresponding to the loopholes to be classified and the target sample information are repeated loopholes, namely determining that the sample loopholes corresponding to the loopholes to be classified and the target sample information are repeated loopholes. The vulnerability exclusion methods related to the repeated vulnerabilities are the same, so that when the repeated vulnerabilities are faced, the vulnerability exclusion method does not need to be redesigned, and the vulnerability exclusion method of the sample vulnerabilities is directly used for conducting vulnerability exclusion operation on the vulnerabilities to be classified, so that the vulnerability exclusion efficiency can be improved.
According to the repeated vulnerability searching method provided by the embodiment of the invention, when the vulnerability to be classified exists, the vulnerability category of the vulnerability to be classified is determined based on the vulnerability information of the vulnerability to be classified. And then selecting target sample information matched with the vulnerability information of the vulnerability to be classified from the sample information corresponding to the vulnerability category, and finally determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability. Therefore, when the vulnerability to be classified is determined to be a repeated vulnerability, manual intervention is not needed, and the vulnerability can be determined only by matching the vulnerability information of the vulnerability to be classified with the sample information corresponding to the sample vulnerability under the vulnerability category, so that the situation that the repeated vulnerability cannot be identified and the new vulnerability is treated as the repeated vulnerability due to manual misjudgment can be avoided, and the accuracy of vulnerability duplication checking can be improved. In addition, when the target sample information is determined, the target sample information is only selected from the sample information under the vulnerability category corresponding to the vulnerability to be classified, the vulnerability category limits the range of the target sample information, and the selected computation amount is reduced, so that the vulnerability duplicate checking efficiency can be improved.
Further, according to the method shown in fig. 1, another embodiment of the present invention further provides a method for searching for a repeat vulnerability, as shown in fig. 2, the method mainly includes:
201. and performing word segmentation processing on the vulnerability information of each sample vulnerability in the vulnerability database.
In this embodiment, the word segmentation processing of the vulnerability information of each sample vulnerability in the vulnerability database can be started under the following two conditions: first, when a clustering instruction is received. Second, at the beginning of a new clustering cycle.
202. And inputting the word segmentation processing result of the vulnerability information of each sample vulnerability into a vulnerability class clustering model for clustering.
203. And determining a plurality of vulnerability categories and determining sample vulnerabilities corresponding to each vulnerability category based on the clustering result of the clustering model.
204. And setting sample information corresponding to each sample vulnerability according to the word segmentation processing result of the vulnerability information of each sample vulnerability.
205. And determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified.
206. And performing word segmentation processing on the vulnerability information.
207. And calculating the similarity between the vulnerability information and each sample information according to the word segmentation processing result of the vulnerability information.
208. Judging whether the number of the maximum similarity is 1, if so, executing 209; otherwise, 213 is performed.
209. Judging whether the maximum similarity is greater than a similarity threshold, if so, executing 210; otherwise, 213 is performed.
210. And selecting the sample information corresponding to the maximum similarity as the target sample information matched with the vulnerability information.
211. And determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
212. And after the vulnerability to be classified is subjected to vulnerability elimination, adding the vulnerability to be classified as a sample vulnerability into the vulnerability library, and executing 201.
213. And sending out a classification prompt aiming at the vulnerability to be classified, and executing 212.
It should be noted that after a classification prompt for a vulnerability to be classified is sent, if an engineer determines a vulnerability elimination method for the vulnerability to be classified, whether the vulnerability to be classified is a new category vulnerability or not, the vulnerability to be classified can be added to the vulnerability database to enrich the vulnerability database.
Further, according to the above method embodiment, another embodiment of the present invention further provides a device for searching for a repeat vulnerability, as shown in fig. 3, the device includes:
the first determining unit 31 is configured to determine a vulnerability category of a vulnerability to be classified based on vulnerability information of the vulnerability to be classified;
a selecting unit 32, configured to select target sample information matched with the vulnerability information from sample information corresponding to the vulnerability categories, where each vulnerability category corresponds to at least one sample information, and one sample information corresponds to one sample vulnerability;
a second determining unit 33, configured to determine that the vulnerability to be classified and the sample vulnerability corresponding to the target sample information are repeated vulnerabilities.
According to the repeated vulnerability searching device provided by the embodiment of the invention, when the vulnerability to be classified exists, the vulnerability category of the vulnerability to be classified is determined based on the vulnerability information of the vulnerability to be classified. And then selecting target sample information matched with the vulnerability information of the vulnerability to be classified from the sample information corresponding to the vulnerability category, and finally determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability. Therefore, when the vulnerability to be classified is determined to be a repeated vulnerability, manual intervention is not needed, and the vulnerability can be determined only by matching the vulnerability information of the vulnerability to be classified with the sample information corresponding to the sample vulnerability under the vulnerability category, so that the situation that the repeated vulnerability cannot be identified and the new vulnerability is treated as the repeated vulnerability due to manual misjudgment can be avoided, and the accuracy of vulnerability duplication checking can be improved. In addition, when the target sample information is determined, the target sample information is only selected from the sample information under the vulnerability category corresponding to the vulnerability to be classified, the vulnerability category limits the range of the target sample information, and the selected computation amount is reduced, so that the vulnerability duplicate checking efficiency can be improved.
Optionally, as shown in fig. 4, the selecting unit 32 includes:
a first determining module 321, configured to determine similarity between the vulnerability information and each sample information of the vulnerability category;
a selecting module 322, configured to select, if the number of the maximum similarities is 1 and the maximum similarity is greater than a similarity threshold, the sample information corresponding to the maximum similarity as the target sample information.
Optionally, as shown in fig. 4, the apparatus further includes:
and the prompt unit 34 is configured to send a classification prompt for the vulnerability to be classified if the number of the maximum similarities is greater than 1 or the maximum similarities is not greater than a similarity threshold value.
Optionally, the first determining module 321 is specifically configured to perform word segmentation processing on the vulnerability information; and calculating the similarity between the vulnerability information and each sample information according to the word segmentation processing result of the vulnerability information.
Optionally, as shown in fig. 4, the apparatus further includes:
the setting unit 35 is configured to perform word segmentation on vulnerability information of each sample vulnerability in the vulnerability database; inputting the word segmentation processing result of the vulnerability information of each sample vulnerability into a vulnerability class clustering model for clustering; determining a plurality of vulnerability categories and determining sample vulnerabilities corresponding to each vulnerability category based on clustering results of the clustering model; and setting sample information corresponding to each sample vulnerability according to the word segmentation processing result of the vulnerability information of each sample vulnerability.
Optionally, as shown in fig. 4, the apparatus further includes:
and the adding unit 36 is configured to add the vulnerability to be classified as a sample vulnerability to the vulnerability database after the vulnerability to be classified is excluded.
Alternatively, as shown in fig. 4, the first determining unit 31 includes:
a word segmentation module 311, configured to perform word segmentation on the vulnerability information of the vulnerability to be classified;
the second determining module 312 is configured to input the word segmentation processing result of the vulnerability information into a vulnerability classification identification model, so as to obtain a vulnerability classification of the vulnerability to be classified.
In the repeated vulnerability finding device provided in the embodiment of the present invention, for a detailed description of the method adopted in the operation process of each functional module, reference may be made to the corresponding method in the method embodiments of fig. 1-2 for a detailed description, and no further description is given here.
Further, according to the foregoing embodiment, another embodiment of the present invention further provides a computer-readable storage medium, where the storage medium includes a stored program, and when the program runs, the apparatus where the storage medium is located is controlled to execute the repeat vulnerability discovery method described in fig. 1 or fig. 2.
Further, according to the above embodiment, another embodiment of the present invention provides a storage management apparatus, including:
a memory for storing a program;
a processor, coupled to the memory, for executing the program to perform the duplicate vulnerability discovery method of fig. 1 or fig. 2.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). The memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in the process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, embodiments of the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The above are merely examples of the present application and are not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (10)
1. A method for searching repeated vulnerabilities, the method comprising:
determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified;
selecting target sample information matched with the vulnerability information from sample information corresponding to the vulnerability categories, wherein each vulnerability category corresponds to at least one sample information, and one sample information corresponds to one sample vulnerability;
and determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
2. The method of claim 1, wherein selecting target sample information matching the vulnerability information from the sample information corresponding to the vulnerability category comprises:
determining similarity between the vulnerability information and each sample information of the vulnerability category;
and if the number of the maximum similarity is 1 and the maximum similarity is greater than a similarity threshold, selecting the sample information corresponding to the maximum similarity as the target sample information.
3. The method of claim 2, further comprising:
and if the number of the maximum similarity is greater than 1 or the maximum similarity is not greater than a similarity threshold value, sending a classification prompt aiming at the vulnerability to be classified.
4. The method of claim 2, wherein determining similarity between the vulnerability information and sample information of the vulnerability category comprises:
performing word segmentation processing on the vulnerability information;
and calculating the similarity between the vulnerability information and each sample information according to the word segmentation processing result of the vulnerability information.
5. The method according to any one of claims 1-4, further comprising:
performing word segmentation on vulnerability information of each sample vulnerability in a vulnerability library;
inputting the word segmentation processing result of the vulnerability information of each sample vulnerability into a vulnerability class clustering model for clustering;
determining a plurality of vulnerability categories and determining sample vulnerabilities corresponding to each vulnerability category based on clustering results of the clustering model;
and setting sample information corresponding to each sample vulnerability according to the word segmentation processing result of the vulnerability information of each sample vulnerability.
6. The method of claim 5, further comprising:
and after the vulnerability to be classified is subjected to vulnerability elimination, adding the vulnerability to be classified into the vulnerability library as a sample vulnerability.
7. The method according to any one of claims 1 to 4, wherein determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified comprises:
performing word segmentation processing on the vulnerability information of the vulnerability to be classified;
and inputting the word segmentation processing result of the vulnerability information into a vulnerability category identification model to obtain the vulnerability category of the vulnerability to be classified.
8. A duplicate vulnerability discovery apparatus, the apparatus comprising:
the first determining unit is used for determining the vulnerability category of the vulnerability to be classified based on vulnerability information of the vulnerability to be classified;
the selecting unit is used for selecting target sample information matched with the vulnerability information from the sample information corresponding to the vulnerability categories, wherein each vulnerability category corresponds to at least one sample information, and one sample information corresponds to one sample vulnerability;
and the second determining unit is used for determining the vulnerability to be classified and the sample vulnerability corresponding to the target sample information as a repeated vulnerability.
9. A computer-readable storage medium, wherein the storage medium includes a stored program, and wherein when the program runs, the apparatus on which the storage medium is located is controlled to execute the repeat vulnerability discovery method according to any one of claims 1 to 7.
10. A storage management apparatus, characterized in that the storage management apparatus comprises:
a memory for storing a program;
a processor, coupled to the memory, for executing the program to perform the duplicate vulnerability discovery method of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111361415.8A CN114168963A (en) | 2021-11-17 | 2021-11-17 | Repeated vulnerability searching method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111361415.8A CN114168963A (en) | 2021-11-17 | 2021-11-17 | Repeated vulnerability searching method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114168963A true CN114168963A (en) | 2022-03-11 |
Family
ID=80479351
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111361415.8A Pending CN114168963A (en) | 2021-11-17 | 2021-11-17 | Repeated vulnerability searching method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114168963A (en) |
-
2021
- 2021-11-17 CN CN202111361415.8A patent/CN114168963A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7026092B2 (en) | How to determine descriptive information, devices, electronic devices, computer-readable media and computer programs | |
| Menzies et al. | Automated severity assessment of software defect reports | |
| US10423624B2 (en) | Event log analysis | |
| US10970326B2 (en) | Retrieving device, retrieving method, and retrieving program | |
| CN112579155B (en) | Code similarity detection method and device and storage medium | |
| US20110029476A1 (en) | Indicating relationships among text documents including a patent based on characteristics of the text documents | |
| CN113609261B (en) | Vulnerability information mining method and device based on knowledge graph of network information security | |
| CN111522708B (en) | Log recording method, computer equipment and storage medium | |
| WO2021121279A1 (en) | Text document categorization using rules and document fingerprints | |
| US20200125532A1 (en) | Fingerprints for open source code governance | |
| CN113407721A (en) | Method, device and computer storage medium for detecting log sequence abnormity | |
| CN110806962B (en) | Log level prediction method, device and storage medium | |
| Levy et al. | RoMA: A method for neural network robustness measurement and assessment | |
| CN116841779A (en) | Abnormality log detection method, abnormality log detection device, electronic device and readable storage medium | |
| US20170140010A1 (en) | Automatically Determining a Recommended Set of Actions from Operational Data | |
| US20230385037A1 (en) | Method and system for automated discovery of artificial intelligence (ai)/ machine learning (ml) assets in an enterprise | |
| Abbas et al. | Making sense of failure logs in an industrial devops environment | |
| CN114168963A (en) | Repeated vulnerability searching method and device | |
| CN117112642A (en) | Cross-domain data reference integrity analysis method, device, terminal and storage medium | |
| CN113591480B (en) | Named entity identification method and device for electric power metering and computer equipment | |
| CN115186001A (en) | Patch processing method and device | |
| Arganese et al. | Nuts and bolts of extracting variability models from natural language requirements documents | |
| JP2019200582A (en) | Search device, search method, and search program | |
| Chen et al. | Automated system change discovery and management in the cloud | |
| CN113392016A (en) | Protocol generation method, device, equipment and medium for processing program abnormal condition |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 263, block B, science and technology innovation center, 128 Shuanglian Road, Haining Economic Development Zone, Haining City, Jiaxing City, Zhejiang Province, 314400 Applicant after: Haining yisiwei IC Design Co.,Ltd. Applicant after: Beijing ESWIN Computing Technology Co.,Ltd. Address before: Room 263, block B, science and technology innovation center, 128 Shuanglian Road, Haining Economic Development Zone, Haining City, Jiaxing City, Zhejiang Province, 314400 Applicant before: Haining yisiwei IC Design Co.,Ltd. Applicant before: Beijing yisiwei Computing Technology Co.,Ltd. |
|
| CB02 | Change of applicant information |