CN118036019A - Vulnerability positioning method and system based on code automatic detection - Google Patents
Vulnerability positioning method and system based on code automatic detection Download PDFInfo
- Publication number
- CN118036019A CN118036019A CN202410432734.0A CN202410432734A CN118036019A CN 118036019 A CN118036019 A CN 118036019A CN 202410432734 A CN202410432734 A CN 202410432734A CN 118036019 A CN118036019 A CN 118036019A
- Authority
- CN
- China
- Prior art keywords
- software
- vulnerability
- code
- party
- detection model
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000001514 detection method Methods 0.000 title claims abstract description 235
- 238000000034 method Methods 0.000 title claims abstract description 52
- 230000003068 static effect Effects 0.000 claims abstract description 47
- 230000000694 effects Effects 0.000 claims abstract description 46
- 238000012549 training Methods 0.000 claims abstract description 44
- 238000004458 analytical method Methods 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims abstract description 17
- 238000012423 maintenance Methods 0.000 claims description 60
- 230000015654 memory Effects 0.000 claims description 55
- 230000006870 function Effects 0.000 claims description 24
- 239000000243 solution Substances 0.000 claims description 23
- 238000011156 evaluation Methods 0.000 claims description 18
- 238000005457 optimization Methods 0.000 claims description 18
- 238000003860 storage Methods 0.000 claims description 15
- 238000013528 artificial neural network Methods 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 14
- 238000004590 computer program Methods 0.000 claims description 13
- 239000012482 calibration solution Substances 0.000 claims description 12
- 238000004422 calculation algorithm Methods 0.000 claims description 10
- 238000003066 decision tree Methods 0.000 claims description 10
- 238000004519 manufacturing process Methods 0.000 claims description 10
- 230000004807 localization Effects 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 5
- 238000012216 screening Methods 0.000 claims description 5
- 238000004088 simulation Methods 0.000 claims description 5
- 238000013433 optimization analysis Methods 0.000 claims description 4
- 230000008439 repair process Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 7
- 238000010276 construction Methods 0.000 description 4
- 230000001360 synchronised effect Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000000605 extraction Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000013524 data verification Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012038 vulnerability analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/362—Software debugging
- G06F11/3628—Software debugging of optimised code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Evolutionary Computation (AREA)
- Molecular Biology (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Biophysics (AREA)
- Mathematical Physics (AREA)
- Biomedical Technology (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a vulnerability positioning method and a vulnerability positioning system based on automatic code detection, which relate to the technical field of data processing, wherein the vulnerability positioning method comprises the following steps: grabbing and obtaining the software database of the party, carrying out static analysis and dynamic tracking on the loopholes, comparing and verifying the static code loopholes based on the dynamic code loopholes of the software, obtaining the software code loopholes set of the party, constructing the software loopholes feature detection model of the party, carrying out distributed training to obtain the multi-party software loopholes feature detection model set, carrying out parameter collaborative training on the software loopholes feature detection model of the party and the multi-party software loopholes feature detection model set, obtaining the software loopholes feature global detection model, carrying out loopholes detection and positioning on the source code of the target software, and generating a software loopholes detection positioning result. The intelligent automatic scanning and positioning of the software loopholes are realized, the accuracy of the loopholes detection and positioning is improved, false alarm and missing report are reduced, the loophole detection period is shortened, and the technical effect of improving the loophole detection efficiency is further achieved.
Description
Technical Field
The invention relates to the technical field of data processing, in particular to a vulnerability positioning method and system based on automatic code detection.
Background
With the rapid development of information technology, software is used as a core for supporting various business systems and key infrastructures, and the security of the software is directly related to the economic benefit of enterprises. With the increasing prominence of software security problems, software vulnerabilities are one of the main threats of software security, which may cause serious consequences such as data leakage, system crashes, etc. Therefore, the method has important significance in detecting and positioning the loopholes of the software. However, the existing software vulnerability detection tool has low intelligent degree, low positioning accuracy and low vulnerability detection efficiency and is easy to make mistakes.
Disclosure of Invention
By providing the method and the system for positioning the loopholes based on the code automatic detection, the technical problems that in the prior art, the software loophole detection tool is low in intelligent degree, low in positioning accuracy and low in loophole detection efficiency and easy to make mistakes are solved, the technical effects of realizing intelligent automatic scanning and positioning of the software loopholes by combining static analysis and dynamic tracking, improving the positioning accuracy of the loophole detection, reducing false alarm and missing report, shortening the loophole detection period and further improving the loophole detection efficiency are achieved.
In view of the above problems, the present invention provides a vulnerability positioning method and system based on code automatic detection.
In a first aspect, the present application provides a vulnerability localization method based on code automatic detection, the method comprising: s1: grabbing the software source code of the party to obtain a software database of the party, and carrying out static analysis on the software database of the party to obtain software static code vulnerability information; s2: inserting a tracking code into the software database of the party to dynamically track the loopholes, obtaining software dynamic code loopholes, and comparing and verifying the software static code loopholes based on the software dynamic code loopholes to obtain a software code loopholes set of the party; s3: performing detection training on the multi-party software code vulnerability set by using a deep neural network structure, constructing a multi-party software vulnerability feature detection model, acquiring a multi-party software database, performing static analysis and dynamic tracking verification on the multi-party software database to obtain a multi-party software code vulnerability set, and performing distributed training on the multi-party software code vulnerability set to obtain a multi-party software vulnerability feature detection model set; s4: and performing model parameter collaborative training on the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, performing vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generating a software vulnerability detection positioning result.
In another aspect, the present application also provides a vulnerability localization system based on automatic code detection, the system comprising: the static code vulnerability acquisition module is used for capturing the source code of the software of the party to obtain a software database of the party, and carrying out static analysis on the software database of the party to obtain software static code vulnerability information; the code vulnerability set acquisition module is used for inserting a tracking code into the software database of the party to carry out vulnerability dynamic tracking, acquiring software dynamic code vulnerability information, and carrying out comparison verification on the software static code vulnerability information based on the software dynamic code vulnerability information to acquire the software code vulnerability set of the party; the distributed training module is used for carrying out detection training on the software code vulnerability set by utilizing a deep neural network structure, constructing a software vulnerability feature detection model of the party, acquiring a multiparty software database, carrying out static analysis and dynamic tracking verification on the multiparty software database to obtain a multiparty software code vulnerability set, and carrying out distributed training on the multiparty software code vulnerability set to obtain a multiparty software vulnerability feature detection model set; and the vulnerability detection positioning module is used for carrying out model parameter collaborative training on the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, carrying out vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generating a software vulnerability detection positioning result.
In a third aspect, the present application provides an electronic device comprising a bus, a transceiver, a memory, a processor and a computer program stored on the memory and executable on the processor, the transceiver, the memory and the processor being connected by the bus, the computer program when executed by the processor implementing the steps of any of the methods described above.
In a fourth aspect, the application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of any of the methods described above.
One or more technical schemes provided by the application have at least the following technical effects or advantages:
The method comprises the steps of capturing a software source code of the party to obtain a software database of the party, performing static analysis and inserting a tracking code to perform vulnerability dynamic tracking, comparing and verifying software static code vulnerability information based on the obtained software dynamic code vulnerability information to obtain a software code vulnerability set of the party, performing detection training on the software code vulnerability set of the party by using a deep neural network structure, constructing a software vulnerability feature detection model of the party, and performing distributed training to obtain a multiparty software vulnerability feature detection model set; and performing model parameter collaborative training on the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a technical scheme that the software vulnerability feature global detection model performs vulnerability detection and positioning on a target software source code to generate a software vulnerability detection positioning result. And further, intelligent automatic scanning and positioning of the software loopholes are realized by combining static analysis and dynamic tracking, the accuracy of the loophole detection and positioning is improved, false alarm and missing report are reduced, the loophole detection period is shortened, and the technical effect of improving the loophole detection efficiency is further achieved.
The foregoing description is only an overview of the present application, and is intended to be implemented in accordance with the teachings of the present application in order that the same may be more clearly understood and to make the same and other objects, features and advantages of the present application more readily apparent.
Drawings
FIG. 1 is a flow chart of a vulnerability localization method based on code automatic detection of the present application;
FIG. 2 is a schematic flow chart of dynamic vulnerability tracking by inserting tracking codes in the vulnerability positioning method based on automatic code detection;
FIG. 3 is a schematic diagram of a code-based vulnerability positioning system according to the present application;
fig. 4 is a schematic structural view of an exemplary electronic device of the present application.
Reference numerals illustrate: the system comprises a static code vulnerability acquisition module 11, a code vulnerability collection module 12, a distributed training module 13, a vulnerability detection positioning module 14, a bus 1110, a processor 1120, a transceiver 1130, a bus interface 1140, a memory 1150, an operating system 1151, an application 1152 and a user interface 1160.
Detailed Description
In the description of the present application, those skilled in the art will appreciate that the present application may be embodied as methods, apparatus, electronic devices, and computer-readable storage media. Accordingly, the present application may be embodied in the following forms: complete hardware, complete software (including firmware, resident software, micro-code, etc.), a combination of hardware and software. Furthermore, in some embodiments, the application may also be embodied in the form of a computer program product in one or more computer-readable storage media, which contain computer program code.
Any combination of one or more computer-readable storage media may be employed by the computer-readable storage media described above. The computer-readable storage medium includes: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer readable storage medium include the following: portable computer magnetic disks, hard disks, random access memories, read-only memories, erasable programmable read-only memories, flash memories, optical fibers, optical disk read-only memories, optical storage devices, magnetic storage devices, or any combination thereof. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, device.
The technical scheme of the application obtains, stores, uses, processes and the like the data, which all meet the relevant regulations of national laws.
The application provides a method, a device and electronic equipment through flow charts and/or block diagrams.
It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions. These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer readable program instructions may also be stored in a computer readable storage medium that can cause a computer or other programmable data processing apparatus to function in a particular manner. Thus, instructions stored in a computer-readable storage medium produce an instruction means which implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The present application will be described below with reference to the drawings in the present application.
Embodiment one:
as shown in fig. 1, the present application provides a vulnerability positioning method based on automatic code detection, which comprises:
step S1: grabbing the software source code of the party to obtain a software database of the party, and carrying out static analysis on the software database of the party to obtain software static code vulnerability information;
Specifically, in order to realize intelligent automatic scanning and positioning of software vulnerabilities, the source codes of the software of the party are grabbed, wherein the software of the party can be produced by the same manufacturer, and a corresponding software database of the party is obtained, and the software database of the party comprises source code databases of all production software of the manufacturer. Performing static analysis on the software database of the party to obtain corresponding potential software static code vulnerability information, wherein the static analysis comprises the steps of identifying the problems of misspellings, illegal characters, missing semicolons or other separators in codes by using lexical analysis; syntax analysis, detecting syntax errors in source codes, such as mismatching brackets, lack of necessary sentence components and the like; and (3) analyzing the control flow, detecting potential logic errors, dead codes, infinite recursion in the circulation and the like, and automatically detecting and comprehensively identifying the potential vulnerability information of the software through the codes.
Step S2: inserting a tracking code into the software database of the party to dynamically track the loopholes, obtaining software dynamic code loopholes, and comparing and verifying the software static code loopholes based on the software dynamic code loopholes to obtain a software code loopholes set of the party;
as shown in fig. 2, further, in S2, a trace code is inserted into the software database for performing vulnerability dynamic tracing, and the steps of the present application further include:
s21: dynamic tracking control element information is obtained, wherein the dynamic tracking control element information comprises tracking code granularity, a data processing mechanism and running environment configuration;
s22: constructing a code dynamic tracking solution space, wherein the code dynamic tracking solution space comprises dynamic tracking control element parameters of a software source code and tracking effect data;
s23: performing cluster division on the code dynamic tracking solution space based on the dynamic tracking control element information to generate a code dynamic tracking calibration solution space;
s24: and carrying out optimization analysis on the production environment of each software data in the software database of the party in the code dynamic tracking calibration solution space as an optimization constraint condition, determining dynamic tracking control parameters, and carrying out dynamic tracking control on the software database of the party through the dynamic tracking control parameters.
Further, in the step S24, the step of determining the dynamic tracking control parameter further includes:
Taking the production environment of each piece of software data as an optimizing constraint condition to perform similarity calculation with the code dynamic tracking calibration solution space, so as to obtain a code tracking data similarity set;
Data screening within a preset similarity threshold is conducted based on the code tracking data similarity set, and a code dynamic tracking memory library is obtained;
Fitting the tracking effect data to extract tracking indexes, determining a code tracking effect index set, and fitting based on the code tracking effect index set to generate a dynamic tracking effect fitness function;
And evaluating and optimizing the code dynamic tracking memory based on the dynamic tracking effect fitness function, and determining the dynamic tracking control parameters.
Specifically, in order to improve the accuracy of software bug detection, a tracking code is inserted into the software database to dynamically track the bug, the tracking code can record information such as an execution path of a program, function call, change of a variable value and the like, and the information is output to a file or a console in a log form, and can also be sent to a remote server through a network to be collected and analyzed. When the code is dynamically tracked, the vulnerability tracking precision is affected by various factors, so that dynamic tracking control element information is analyzed and acquired, wherein the dynamic tracking control element information is the relevant influence factor of the vulnerability tracking precision, and comprises tracking code granularity, the inserted tracking code is sufficiently detailed so as to capture the information related to the potential vulnerability point, and excessive tracking is avoided at the same time so as to avoid generating excessive noise data; processing mechanisms, data generated at run-time can be very bulky, so efficient data processing mechanisms need to be designed to ensure processing tracking accuracy; the configuration of the operating environment, the results of the dynamic analysis are affected by the operating environment and the configuration, and when the dynamic analysis is performed, the configuration and conditions similar to those of the production environment should be ensured to be used.
And constructing a code dynamic tracking solution space by a data mining technology, wherein the code dynamic tracking solution space is historical code tracking dynamic data and comprises various dynamic tracking control element parameters of a software source code and corresponding tracking effect data. And carrying out cluster division on the code dynamic tracking solution space based on the dynamic tracking control element information, gathering the tracking data of the same dynamic tracking control element type into one type, and generating a code dynamic tracking calibration solution space after integrating and calibrating according to the dynamic tracking control element type. And carrying out optimization analysis on the production environment of each software data in the software database of the party in the code dynamic tracking calibration solution space as an optimizing constraint condition, firstly, carrying out similarity calculation on the production environment of each software data and the code dynamic tracking calibration solution space respectively as the optimizing constraint condition, and carrying out similarity calculation on the production environment configuration parameters of each software data and the dynamic tracking control element parameters in the solution space by adopting a cosine similarity algorithm and the like to obtain a corresponding code tracking data similarity set. And then, carrying out data screening within a preset similarity threshold based on the code tracking data similarity set, wherein the preset similarity threshold is a tracking data screening standard, and can be set empirically by itself to obtain dynamic tracking data within the preset similarity threshold, so that a code dynamic tracking memory library is formed, the parameter optimizing range is reduced, and the optimizing efficiency is improved.
And fitting the tracking effect data to extract tracking indexes, and determining a code tracking effect index set, wherein the code tracking effect index set is used for evaluating the dynamic tracking effect of the software vulnerability and comprises tracking precision, tracking speed and the like. And performing relevance fitting on the tracking data in the code dynamic tracking solution space based on the code tracking effect index set to generate a dynamic tracking effect fitness function, wherein the dynamic tracking effect fitness function is used for performing tracking effect evaluation on the dynamic tracking control element parameters, and the larger the fitness is, the better the tracking effect of the dynamic tracking control element parameters is. And carrying out fitness evaluation on the code dynamic tracking memory based on the dynamic tracking effect fitness function to obtain a corresponding parameter fitness evaluation set, comparing and optimizing the parameter fitness evaluation set, and determining the dynamic tracking control parameter with the maximum fitness.
And carrying out dynamic tracking control on the software database through the dynamic tracking control parameters, running a program with tracking codes, collecting data generated during running, analyzing the collected data during running, including analyzing the execution path of the program and the state of analysis variables, and acquiring the software dynamic code vulnerability information obtained by tracking, wherein the software dynamic code vulnerability information comprises relevant information of potential vulnerability points identified in a static analysis stage, and if the static analysis finds a possible buffer overflow problem, the tracking codes should record the values of the relevant variables and the use condition of the buffer. Based on the software dynamic code vulnerability information, comparing and verifying the software static code vulnerability information, and comparing the static analysis result with data collected during dynamic running to verify whether potential vulnerability points are real vulnerabilities, so as to determine the software code vulnerability set of the party. By combining static analysis and dynamic tracking technology to detect software loopholes, the real loopholes can be more accurately identified, and false alarms and missing reports are reduced.
Step S3: performing detection training on the multi-party software code vulnerability set by using a deep neural network structure, constructing a multi-party software vulnerability feature detection model, acquiring a multi-party software database, performing static analysis and dynamic tracking verification on the multi-party software database to obtain a multi-party software code vulnerability set, and performing distributed training on the multi-party software code vulnerability set to obtain a multi-party software vulnerability feature detection model set;
further, in the step S3, a software vulnerability characteristic detection model is constructed, and the steps of the present application further include:
S31: obtaining software vulnerability association factors, wherein the software vulnerability association factors comprise vulnerability types, influence degrees, vulnerability causes and repair states;
S32: performing information entropy operation comparison on the software vulnerability association factors, determining root node characteristic information, and constructing a software vulnerability characteristic decision tree according to the root node characteristic information;
S33: carrying out factor vector identification on each code vulnerability in the software code vulnerability set of the party based on the software vulnerability feature decision tree to obtain a software vulnerability feature vector set;
s34: and detecting and training the software vulnerability feature vector set as sample data by using a deep neural network structure to generate the software vulnerability feature detection model.
Further, the steps of the application also comprise:
performing accuracy verification on the software vulnerability feature detection model to obtain detection accuracy, and adding a regular term to a detection evaluation function if the detection accuracy does not reach the standard;
Performing minimized solution on the detection evaluation function added with the regular term through a gradient descent algorithm to obtain a parameter optimization variable;
and carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain the software vulnerability feature optimization detection model.
Specifically, in order to realize intelligent detection and positioning of software bugs, a deep neural network structure is utilized to detect and train the software code bugs set, firstly, software bugs association factors are obtained, the software bugs association factors are bug feature description indexes and comprise bug types, such as cross-site script attack bugs, cross-site request forging bugs, file containing bugs, logic bugs and the like; the degree of impact, vulnerability can be classified into low, medium, important or serious levels, etc., according to the severity and scope of impact; vulnerability causes such as memory corruption, logic errors, input verification errors, design errors, or configuration errors; and repair states, from the lifecycle of the vulnerability, the software vulnerability can be divided into a 0 day vulnerability (found but not disclosed and repaired), a1 day vulnerability (vendor has disclosed and released a patch but the software has not yet been patched), and a historical vulnerability (the patch release has been long and no longer available).
And carrying out information entropy operation comparison on the software vulnerability association factors, converting the characteristics of each software vulnerability association factor into corresponding information quantity by using a coding function in an information theory, calculating uncertainty or information quantity of each characteristic by comparing distribution conditions of the characteristics in different categories, evaluating the importance of each characteristic, and calculating information entropy of each software vulnerability association factor characteristic by using an information entropy formula, wherein the information entropy is used for evaluating the importance of each factor characteristic. After the information entropy of each factor characteristic is calculated, the information entropy of each factor characteristic is compared, and as the lower information entropy shows higher certainty, namely the characteristic has stronger designability to the classification result, the characteristic with the minimum information entropy is selected as the root node characteristic, so that the root node characteristic information is determined. And recursively constructing branches of the decision tree according to the root node characteristic information, selecting a subset of characteristics for further classification for each branch, selecting characteristics capable of minimizing subset classification uncertainty as characteristics of the next node by using information entropy as an evaluation standard when selecting the subset of characteristics, and repeating the process until a certain termination condition is reached, such as reaching a preset depth or meeting a certain threshold value, so as to complete construction of a software vulnerability characteristic decision tree for rapid characteristic classification of software code vulnerabilities.
And classifying factor characteristics of each code vulnerability in the software code vulnerability set based on the software vulnerability characteristic decision tree, and carrying out characteristic vector identification on each code vulnerability through the classified factor characteristic types to obtain a software vulnerability characteristic vector set, wherein the software vulnerability characteristic vector set is used for representing descriptive characteristic information of each code vulnerability. And detecting and training the software vulnerability feature vector set as sample data by using a deep neural network structure to generate a software vulnerability feature detection model, wherein the software vulnerability feature detection model is used for carrying out local vulnerability feature detection identification on software manufacturers.
Furthermore, in order to improve the model detection accuracy, the accuracy verification is carried out on the software vulnerability feature detection model through a data verification set, so that the corresponding detection accuracy is obtained. If the detection accuracy rate does not reach the standard, which indicates that the model detection accuracy rate is insufficient and needs to be optimized, a regular term is added to the detection evaluation function for controlling the complexity of the model, so that the model detection is more stable, and common regular terms comprise L1 regularization, L2 regularization and the like. And performing minimized solution on the model loss function added with the regular term through a gradient descent algorithm to obtain an optimized parameter optimization variable, namely a model optimization parameter. And carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain an optimized software vulnerability feature optimization detection model. The generalization capability and performance stability of the model are improved, and further, the accuracy of model vulnerability feature detection is ensured.
In order to improve model training comprehensiveness, a multiparty software database is acquired and obtained, the multiparty software database is a source code database of software produced by other multiple manufacturers, the multiparty software database is respectively subjected to static analysis and dynamic tracking verification by adopting the same vulnerability analysis method to obtain a corresponding multiparty software code vulnerability set, the multiparty software code vulnerability set is subjected to distributed training by utilizing a deep neural network structure to obtain a corresponding multiparty software vulnerability feature detection model set, and the multiparty software vulnerability feature detection model set is used for respectively carrying out local hole feature detection identification on other multiple software manufacturers.
Step S4: and performing model parameter collaborative training on the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, performing vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generating a software vulnerability detection positioning result.
Further, the step of obtaining the global detection model of the software vulnerability characteristics in S4 further includes:
s41: respectively extracting model parameters of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain parameter sets of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model;
S42: encrypting the party detection model parameters and the multiparty detection model parameter sets based on an encryption algorithm, and sending the encrypted party detection model parameters and multiparty detection model parameter sets to a cross-domain trusted learning platform;
S43: setting a local learning factor and a global learning factor according to the model detection accuracy, and carrying out cooperative training on the encrypted square detection model parameter and the multipartite detection model parameter set by the cross-domain trusted learning platform based on the local learning factor and the global learning factor to obtain the software vulnerability characteristic global detection model.
Further, the steps of the application also comprise:
Constructing a software vulnerability operation and maintenance knowledge base, and carrying out matching analysis on the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space;
performing operation simulation evaluation based on the software vulnerability operation and maintenance knowledge space to obtain software vulnerability operation and maintenance effect information, comparing and optimizing the software vulnerability operation and maintenance effect information, and determining a target software vulnerability operation and maintenance scheme;
And obtaining an operation and maintenance resource configuration table according to the target software vulnerability operation and maintenance scheme, and performing vulnerability operation and maintenance on the target software source code based on the target software vulnerability operation and maintenance scheme according to the operation and maintenance resource configuration table.
Specifically, model parameter collaborative training is performed on the software vulnerability feature detection model of the party and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform, wherein the cross-domain trusted learning platform is a trusted platform for model collaborative learning, and can provide common learning of a plurality of participants under the condition of not sharing original data, so that model learning comprehensiveness is improved. Firstly, respectively extracting model parameters including weights, biases and the like from the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain corresponding square detection model parameters and multiparty detection model parameter sets. And then encrypting the party detection model parameters and the multiparty detection model parameter sets based on an encryption algorithm, for example, encrypting the model parameters through an asymmetric encryption algorithm, improving the transmission safety of the model parameters, and sending the encrypted party detection model parameters and multiparty detection model parameter sets to a cross-domain trusted learning platform, thereby effectively ensuring the safety and the integrity of the model parameters.
Setting a local learning factor and a global learning factor according to the model detection accuracy of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set, and distributing learning factor weights to the software vulnerability feature detection models according to the model detection accuracy, wherein the local learning factor is a training decision weight of the software vulnerability feature detection model, the global learning factor is a training decision weight of other multiparty software vulnerability feature detection models, and the model with higher model detection accuracy has larger occupied decision weight, and the corresponding learning factor is correspondingly larger. And the cross-domain trusted learning platform carries out collaborative training on the encrypted square detection model parameter and the multiparty detection model parameter set based on the local learning factor and the global learning factor to obtain a software vulnerability feature global detection model after collaborative learning fusion, and improves the comprehensiveness and accuracy of software vulnerability feature detection.
Performing vulnerability detection and positioning on a target software source code based on the global software vulnerability feature detection model, wherein the target software source code is software source code information to be subjected to vulnerability detection, a corresponding model output result is obtained, namely target software vulnerability feature detection information, and then performing specific position positioning on each vulnerability feature in the target software vulnerability feature detection information to generate a software vulnerability detection positioning result, wherein the software vulnerability detection positioning result comprises description information such as vulnerability type, influence degree, vulnerability cause, vulnerability position and the like, so that developers can conveniently and rapidly position and repair the vulnerability. And constructing a software vulnerability operation and maintenance knowledge base through software operation and maintenance experience data, wherein the software vulnerability operation and maintenance knowledge base is an operation and maintenance solution base aiming at software vulnerability characteristics. And carrying out matching analysis on the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space, wherein the software vulnerability operation and maintenance knowledge space is an operation and maintenance solution set matched with vulnerability characteristics in the software vulnerability detection and positioning result.
And carrying out operation and maintenance simulation evaluation on the basis of the software vulnerability operation and maintenance knowledge space, and carrying out operation and maintenance simulation evaluation on each operation and maintenance solution in the software vulnerability operation and maintenance knowledge space through a computer simulation system to obtain corresponding software vulnerability operation and maintenance effect information. And comparing and optimizing through the software vulnerability operation and maintenance effect information, and determining a target software vulnerability operation and maintenance scheme with the optimal software vulnerability operation and maintenance effect. And obtaining an operation and maintenance resource configuration table corresponding to the target software vulnerability operation and maintenance scheme according to the target software vulnerability operation and maintenance scheme, wherein the operation and maintenance resource configuration table comprises operation and maintenance resource equipment types, quantity, priority and the like. And performing vulnerability operation on the target software source code based on the target software vulnerability operation scheme according to the operation resource configuration table, so as to ensure timeliness and operation efficiency of software vulnerability operation, thereby improving safety and stability of software.
In summary, the vulnerability positioning method and system based on code automatic detection provided by the application have the following technical effects:
The method comprises the steps of capturing a software source code of the party to obtain a software database of the party, performing static analysis and inserting a tracking code to perform vulnerability dynamic tracking, comparing and verifying software static code vulnerability information based on the obtained software dynamic code vulnerability information to obtain a software code vulnerability set of the party, performing detection training on the software code vulnerability set of the party by using a deep neural network structure, constructing a software vulnerability feature detection model of the party, and performing distributed training to obtain a multiparty software vulnerability feature detection model set; and performing model parameter collaborative training on the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a technical scheme that the software vulnerability feature global detection model performs vulnerability detection and positioning on a target software source code to generate a software vulnerability detection positioning result. And further, intelligent automatic scanning and positioning of the software loopholes are realized by combining static analysis and dynamic tracking, the accuracy of the loophole detection and positioning is improved, false alarm and missing report are reduced, the loophole detection period is shortened, and the technical effect of improving the loophole detection efficiency is further achieved.
Embodiment two:
based on the same inventive concept as the vulnerability positioning method based on automatic code detection in the foregoing embodiment, the present invention also provides a vulnerability positioning system based on automatic code detection, as shown in fig. 3, the system includes:
the static code vulnerability acquisition module 11 is used for capturing the source code of the software of the party to obtain a software database of the party, and performing static analysis on the software database of the party to obtain software static code vulnerability information;
The code vulnerability set obtaining module 12 is configured to insert a tracking code into the software database of the party to perform vulnerability dynamic tracking, obtain software dynamic code vulnerability information, and perform comparison verification on the software static code vulnerability information based on the software dynamic code vulnerability information to obtain a software code vulnerability set of the party;
The distributed training module 13 is configured to perform detection training on the set of software code vulnerabilities by using a deep neural network structure, construct a model for detecting software code vulnerabilities, acquire and obtain a multiparty software database at the same time, perform static analysis and dynamic tracking verification on the multiparty software database to obtain a set of multiparty software code vulnerabilities, and perform distributed training on the set of multiparty software code vulnerabilities to obtain a set of models for detecting the characteristics of multiparty software vulnerabilities;
The vulnerability detection positioning module 14 is configured to perform model parameter collaborative training on the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, perform vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generate a software vulnerability detection positioning result.
Further, the system further comprises:
The control element acquisition unit is used for acquiring dynamic tracking control element information, wherein the dynamic tracking control element information comprises tracking code granularity, a data processing mechanism and running environment configuration;
The system comprises a solution space construction unit, a code dynamic tracking unit and a code dynamic tracking unit, wherein the solution space construction unit is used for constructing a code dynamic tracking solution space, and the code dynamic tracking solution space comprises dynamic tracking control element parameters of a software source code and tracking effect data;
the clustering division unit is used for carrying out clustering division on the code dynamic tracking solution space based on the dynamic tracking control element information to generate a code dynamic tracking calibration solution space;
And the dynamic tracking control unit is used for carrying out optimization analysis in the code dynamic tracking calibration solution space by taking the production environment of each software data in the software database of the party as an optimization constraint condition, determining dynamic tracking control parameters and carrying out dynamic tracking control on the software database of the party through the dynamic tracking control parameters.
Further, the system further comprises:
The similarity calculation unit is used for carrying out similarity calculation on the production environment of each piece of software data serving as an optimizing constraint condition and the code dynamic tracking calibration solution space to obtain a code tracking data similarity set;
The memory bank obtaining unit is used for screening data within a preset similarity threshold value based on the code tracking data similarity set to obtain a code dynamic tracking memory bank;
The fitness function generating unit is used for carrying out fitting on the tracking effect data to carry out tracking index extraction, determining a code tracking effect index set and generating a dynamic tracking effect fitness function based on the code tracking effect index set fitting;
and the evaluation optimization unit is used for evaluating and optimizing the code dynamic tracking memory based on the dynamic tracking effect fitness function and determining the dynamic tracking control parameters.
Further, the system further comprises:
the system comprises a correlation factor acquisition unit, a software vulnerability correlation factor generation unit and a restoration unit, wherein the correlation factor acquisition unit is used for acquiring software vulnerability correlation factors, and the software vulnerability correlation factors comprise vulnerability types, influence degrees, vulnerability causes and restoration states;
The decision tree construction unit is used for carrying out information entropy operation comparison on the software vulnerability association factors, determining root node characteristic information and constructing a software vulnerability characteristic decision tree according to the root node characteristic information;
the factor vector identification unit is used for carrying out factor vector identification on each code vulnerability in the software code vulnerability set of the party based on the software vulnerability feature decision tree to obtain a software vulnerability feature vector set;
And the detection training unit is used for performing detection training by using the software vulnerability characteristic vector set as sample data by using a deep neural network structure, and generating the software vulnerability characteristic detection model.
Further, the system further comprises:
The regular term adding unit is used for verifying the accuracy of the software vulnerability feature detection model to obtain detection accuracy, and adding a regular term to a detection evaluation function if the detection accuracy does not reach the standard;
The parameter optimization variable obtaining unit is used for carrying out minimized solution on the detection evaluation function added with the regular term through a gradient descent algorithm to obtain a parameter optimization variable;
and the model parameter configuration unit is used for carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain the software vulnerability feature optimization detection model.
Further, the system further comprises:
The model parameter extraction unit is used for respectively extracting model parameters of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain a detection model parameter of the party and a multiparty detection model parameter set;
The encryption processing unit is used for carrying out encryption processing on the party detection model parameter and the multiparty detection model parameter set based on an encryption algorithm, and sending the encrypted party detection model parameter and multiparty detection model parameter set to a cross-domain trusted learning platform;
and the cross-domain trusted learning platform carries out cooperative training on the encrypted square detection model parameter and the multiparty detection model parameter set based on the local learning factor and the global learning factor to obtain the software vulnerability characteristic global detection model.
Further, the system further comprises:
the matching analysis unit is used for constructing a software vulnerability operation and maintenance knowledge base, and carrying out matching analysis on the basis of the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space;
The comparison optimizing unit is used for carrying out operation and maintenance simulation evaluation based on the software vulnerability operation and maintenance knowledge space to obtain software vulnerability operation and maintenance effect information, carrying out comparison optimizing through the software vulnerability operation and maintenance effect information and determining a target software vulnerability operation and maintenance scheme;
and the vulnerability operation and maintenance unit is used for obtaining an operation and maintenance resource configuration table according to the target software vulnerability operation and maintenance scheme, and carrying out vulnerability operation and maintenance on the target software source code based on the target software vulnerability operation and maintenance scheme according to the operation and maintenance resource configuration table.
The foregoing various modifications and specific examples of the code-based automatic detection vulnerability positioning method in the first embodiment of fig. 1 are equally applicable to the code-based automatic detection vulnerability positioning system of this embodiment, and those skilled in the art will be aware of the implementation method of the code-based automatic detection vulnerability positioning system of this embodiment through the foregoing detailed description of the code-based automatic detection vulnerability positioning method, so that, for brevity of description, they will not be described in detail herein.
In addition, the application also provides an electronic device, which comprises a bus, a transceiver, a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the transceiver, the memory and the processor are respectively connected through the bus, and when the computer program is executed by the processor, the processes of the method embodiment for controlling output data are realized, and the same technical effects can be achieved, so that repetition is avoided and redundant description is omitted.
Exemplary electronic device
In particular, referring to FIG. 4, the present application also provides an electronic device comprising a bus 1110, a processor 1120, a transceiver 1130, a bus interface 1140, a memory 1150, and a user interface 1160.
In the present application, the electronic device further includes: computer programs stored on the memory 1150 and executable on the processor 1120, which when executed by the processor 1120, implement the various processes of the method embodiments described above for controlling output data.
A transceiver 1130 for receiving and transmitting data under the control of the processor 1120.
In the present application, bus architecture (represented by bus 1110), bus 1110 may include any number of interconnected buses and bridges, with bus 1110 connecting various circuits, including one or more processors, represented by processor 1120, and memory, represented by memory 1150.
Bus 1110 represents one or more of any of several types of bus structures, including a memory bus and memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such an architecture includes: industry standard architecture buses, micro-channel architecture buses, expansion buses, video electronics standards association, and peripheral component interconnect buses.
Processor 1120 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method embodiments may be implemented by instructions in the form of integrated logic circuits in hardware or software in a processor. The processor includes: general purpose processors, central processing units, network processors, digital signal processors, application specific integrated circuits, field programmable gate arrays, complex programmable logic devices, programmable logic arrays, micro control units or other programmable logic devices, discrete gates, transistor logic devices, discrete hardware components. The methods, steps and logic blocks disclosed in the present application may be implemented or performed. For example, the processor may be a single-core processor or a multi-core processor, and the processor may be integrated on a single chip or located on multiple different chips.
The processor 1120 may be a microprocessor or any conventional processor. The method steps disclosed in connection with the present application may be performed directly by a hardware decoding processor or by a combination of hardware and software modules in a decoding processor. The software modules may be located in random access memory, flash memory, read only memory, programmable read only memory, erasable programmable read only memory, registers, and the like, as known in the art. The readable storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
Bus 1110 may also connect together various other circuits such as peripheral devices, voltage regulators, or power management circuits, bus interface 1140 providing an interface between bus 1110 and transceiver 1130, all of which are well known in the art. Therefore, the present application will not be further described.
The transceiver 1130 may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. For example: the transceiver 1130 receives external data from other devices, and the transceiver 1130 is configured to transmit the data processed by the processor 1120 to the other devices. Depending on the nature of the computer device, a user interface 1160 may also be provided, for example: touch screen, physical keyboard, display, mouse, speaker, microphone, trackball, joystick, stylus.
It should be appreciated that in the present application, the memory 1150 may further include memory located remotely from the processor 1120, which may be connected to a server through a network. One or more portions of the above-described networks may be an ad hoc network, an intranet, an extranet, a virtual private network, a local area network, a wireless local area network, a wide area network, a wireless wide area network, a metropolitan area network, an internet, a public switched telephone network, a plain old telephone service network, a cellular telephone network, a wireless fidelity network, and combinations of two or more of the foregoing. For example, the cellular telephone network and wireless network may be global system for mobile communications devices, code division multiple access devices, worldwide interoperability for microwave access devices, general packet radio service devices, wideband code division multiple access devices, long term evolution devices, LTE frequency division duplex devices, LTE time division duplex devices, advanced long term evolution devices, general mobile communications devices, enhanced mobile broadband devices, mass machine class communications devices, ultra-reliable low-latency communications devices, and the like.
It should be appreciated that the memory 1150 in the present application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. Wherein the nonvolatile memory includes: read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only memory, or flash memory.
The volatile memory includes: random access memory, which serves as an external cache. By way of example, and not limitation, many forms of RAM are available, such as: static random access memory, dynamic random access memory, synchronous dynamic random access memory, double data rate synchronous dynamic random access memory, enhanced synchronous dynamic random access memory, synchronous link dynamic random access memory, and direct memory bus random access memory. The memory 1150 of the electronic device described herein includes, but is not limited to, the memory described above and any other suitable type of memory.
In the present application, memory 1150 stores the following elements of operating system 1151 and application programs 1152: an executable module, a data structure, or a subset thereof, or an extended set thereof.
Specifically, the operating system 1151 includes various device programs, such as: a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks. The applications 1152 include various applications such as: and the media player and the browser are used for realizing various application services. A program for implementing the method of the present application may be included in the application 1152. The application 1152 includes: applets, objects, components, logic, data structures, and other computer apparatus-executable instructions that perform particular tasks or implement particular abstract data types.
In addition, the application also provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements each process of the above-mentioned method embodiment for controlling output data, and the same technical effects can be achieved, and for avoiding repetition, a detailed description is omitted herein.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.
Claims (10)
1. The vulnerability positioning method based on automatic code detection is characterized by comprising the following steps:
s1: grabbing the software source code of the party to obtain a software database of the party, and carrying out static analysis on the software database of the party to obtain software static code vulnerability information;
S2: inserting a tracking code into the software database of the party to dynamically track the loopholes, obtaining software dynamic code loopholes, and comparing and verifying the software static code loopholes based on the software dynamic code loopholes to obtain a software code loopholes set of the party;
S3: performing detection training on the multi-party software code vulnerability set by using a deep neural network structure, constructing a multi-party software vulnerability feature detection model, acquiring a multi-party software database, performing static analysis and dynamic tracking verification on the multi-party software database to obtain a multi-party software code vulnerability set, and performing distributed training on the multi-party software code vulnerability set to obtain a multi-party software vulnerability feature detection model set;
S4: and performing model parameter collaborative training on the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, performing vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generating a software vulnerability detection positioning result.
2. The method of claim 1, wherein inserting trace code in the software database at the party in S2 for vulnerability dynamic tracing comprises:
s21: dynamic tracking control element information is obtained, wherein the dynamic tracking control element information comprises tracking code granularity, a data processing mechanism and running environment configuration;
s22: constructing a code dynamic tracking solution space, wherein the code dynamic tracking solution space comprises dynamic tracking control element parameters of a software source code and tracking effect data;
s23: performing cluster division on the code dynamic tracking solution space based on the dynamic tracking control element information to generate a code dynamic tracking calibration solution space;
s24: and carrying out optimization analysis on the production environment of each software data in the software database of the party in the code dynamic tracking calibration solution space as an optimization constraint condition, determining dynamic tracking control parameters, and carrying out dynamic tracking control on the software database of the party through the dynamic tracking control parameters.
3. The method of claim 2, wherein determining the dynamic tracking control parameter in S24 comprises:
Taking the production environment of each piece of software data as an optimizing constraint condition to perform similarity calculation with the code dynamic tracking calibration solution space, so as to obtain a code tracking data similarity set;
Data screening within a preset similarity threshold is conducted based on the code tracking data similarity set, and a code dynamic tracking memory library is obtained;
Fitting the tracking effect data to extract tracking indexes, determining a code tracking effect index set, and fitting based on the code tracking effect index set to generate a dynamic tracking effect fitness function;
And evaluating and optimizing the code dynamic tracking memory based on the dynamic tracking effect fitness function, and determining the dynamic tracking control parameters.
4. The method of claim 1, wherein constructing the software vulnerability detection model in S3 comprises:
S31: obtaining software vulnerability association factors, wherein the software vulnerability association factors comprise vulnerability types, influence degrees, vulnerability causes and repair states;
S32: performing information entropy operation comparison on the software vulnerability association factors, determining root node characteristic information, and constructing a software vulnerability characteristic decision tree according to the root node characteristic information;
S33: carrying out factor vector identification on each code vulnerability in the software code vulnerability set of the party based on the software vulnerability feature decision tree to obtain a software vulnerability feature vector set;
s34: and detecting and training the software vulnerability feature vector set as sample data by using a deep neural network structure to generate the software vulnerability feature detection model.
5. The method of claim 1, wherein the method comprises:
performing accuracy verification on the software vulnerability feature detection model to obtain detection accuracy, and adding a regular term to a detection evaluation function if the detection accuracy does not reach the standard;
Performing minimized solution on the detection evaluation function added with the regular term through a gradient descent algorithm to obtain a parameter optimization variable;
and carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain the software vulnerability feature optimization detection model.
6. The method of claim 1, wherein the obtaining a global detection model of the software vulnerability characteristics in S4 comprises:
s41: respectively extracting model parameters of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain parameter sets of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model;
S42: encrypting the party detection model parameters and the multiparty detection model parameter sets based on an encryption algorithm, and sending the encrypted party detection model parameters and multiparty detection model parameter sets to a cross-domain trusted learning platform;
S43: setting a local learning factor and a global learning factor according to the model detection accuracy, and carrying out cooperative training on the encrypted square detection model parameter and the multipartite detection model parameter set by the cross-domain trusted learning platform based on the local learning factor and the global learning factor to obtain the software vulnerability characteristic global detection model.
7. The method of claim 1, wherein the method comprises:
Constructing a software vulnerability operation and maintenance knowledge base, and carrying out matching analysis on the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space;
performing operation simulation evaluation based on the software vulnerability operation and maintenance knowledge space to obtain software vulnerability operation and maintenance effect information, comparing and optimizing the software vulnerability operation and maintenance effect information, and determining a target software vulnerability operation and maintenance scheme;
And obtaining an operation and maintenance resource configuration table according to the target software vulnerability operation and maintenance scheme, and performing vulnerability operation and maintenance on the target software source code based on the target software vulnerability operation and maintenance scheme according to the operation and maintenance resource configuration table.
8. A code automatic detection-based vulnerability localization system for implementing the code automatic detection-based vulnerability localization method of any one of claims 1-7, the system comprising:
the static code vulnerability acquisition module is used for capturing the source code of the software of the party to obtain a software database of the party, and carrying out static analysis on the software database of the party to obtain software static code vulnerability information;
The code vulnerability set acquisition module is used for inserting a tracking code into the software database of the party to carry out vulnerability dynamic tracking, acquiring software dynamic code vulnerability information, and carrying out comparison verification on the software static code vulnerability information based on the software dynamic code vulnerability information to acquire the software code vulnerability set of the party;
The distributed training module is used for carrying out detection training on the software code vulnerability set by utilizing a deep neural network structure, constructing a software vulnerability feature detection model of the party, acquiring a multiparty software database, carrying out static analysis and dynamic tracking verification on the multiparty software database to obtain a multiparty software code vulnerability set, and carrying out distributed training on the multiparty software code vulnerability set to obtain a multiparty software vulnerability feature detection model set;
And the vulnerability detection positioning module is used for carrying out model parameter collaborative training on the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, carrying out vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generating a software vulnerability detection positioning result.
9. An electronic device comprising a bus, a transceiver, a memory, a processor and a computer program stored on the memory and executable on the processor, the transceiver, the memory and the processor being connected by the bus, characterized in that the computer program when executed by the processor implements the steps in the code automatic detection based vulnerability localization method of any one of claims 1-7.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps in the code automatic detection based vulnerability localization method of any one of claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410432734.0A CN118036019B (en) | 2024-04-11 | 2024-04-11 | Vulnerability positioning method and system based on code automatic detection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202410432734.0A CN118036019B (en) | 2024-04-11 | 2024-04-11 | Vulnerability positioning method and system based on code automatic detection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN118036019A true CN118036019A (en) | 2024-05-14 |
CN118036019B CN118036019B (en) | 2024-06-18 |
Family
ID=90989852
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202410432734.0A Active CN118036019B (en) | 2024-04-11 | 2024-04-11 | Vulnerability positioning method and system based on code automatic detection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN118036019B (en) |
Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101661543A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Method and device for detecting security flaws of software source codes |
CN101710378A (en) * | 2009-10-10 | 2010-05-19 | 北京理工大学 | Software security flaw detection method based on sequential pattern mining |
CN102411690A (en) * | 2011-12-31 | 2012-04-11 | 中国信息安全测评中心 | Safety loophole mining method and device of application software under Android platform |
CN107085687A (en) * | 2017-05-11 | 2017-08-22 | 北京理工大学 | Fuzz testing encryption and decryption function locating method based on binary system entropy |
US9868212B1 (en) * | 2016-02-18 | 2018-01-16 | X Development Llc | Methods and apparatus for determining the pose of an object based on point cloud data |
CN110046521A (en) * | 2019-04-24 | 2019-07-23 | 成都派沃特科技股份有限公司 | Decentralization method for secret protection |
CN110059503A (en) * | 2019-04-24 | 2019-07-26 | 成都派沃特科技股份有限公司 | The retrospective leakage-preventing method of social information |
CN111737150A (en) * | 2020-07-24 | 2020-10-02 | 江西师范大学 | Taint analysis and verification method and device for Java EE program SQLIA vulnerability |
CN113569246A (en) * | 2020-04-28 | 2021-10-29 | 腾讯科技(深圳)有限公司 | Vulnerability detection method and device, computer equipment and storage medium |
US20230195805A1 (en) * | 2017-12-08 | 2023-06-22 | Palantir Technologies Inc. | Systems and methods for using linked documents |
-
2024
- 2024-04-11 CN CN202410432734.0A patent/CN118036019B/en active Active
Patent Citations (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101661543A (en) * | 2008-08-28 | 2010-03-03 | 西门子(中国)有限公司 | Method and device for detecting security flaws of software source codes |
CN101710378A (en) * | 2009-10-10 | 2010-05-19 | 北京理工大学 | Software security flaw detection method based on sequential pattern mining |
CN102411690A (en) * | 2011-12-31 | 2012-04-11 | 中国信息安全测评中心 | Safety loophole mining method and device of application software under Android platform |
US9868212B1 (en) * | 2016-02-18 | 2018-01-16 | X Development Llc | Methods and apparatus for determining the pose of an object based on point cloud data |
CN107085687A (en) * | 2017-05-11 | 2017-08-22 | 北京理工大学 | Fuzz testing encryption and decryption function locating method based on binary system entropy |
US20230195805A1 (en) * | 2017-12-08 | 2023-06-22 | Palantir Technologies Inc. | Systems and methods for using linked documents |
CN110046521A (en) * | 2019-04-24 | 2019-07-23 | 成都派沃特科技股份有限公司 | Decentralization method for secret protection |
CN110059503A (en) * | 2019-04-24 | 2019-07-26 | 成都派沃特科技股份有限公司 | The retrospective leakage-preventing method of social information |
CN113569246A (en) * | 2020-04-28 | 2021-10-29 | 腾讯科技(深圳)有限公司 | Vulnerability detection method and device, computer equipment and storage medium |
CN111737150A (en) * | 2020-07-24 | 2020-10-02 | 江西师范大学 | Taint analysis and verification method and device for Java EE program SQLIA vulnerability |
Non-Patent Citations (2)
Title |
---|
THIAGARAJAR COLLEGE: "Machine learning-based malware detection on Android devices using behavioral features", pages 1 - 6, Retrieved from the Internet <URL:《网页在线公开:https://www.sciencedirect.com/science/article/pii/S2214785322014432》> * |
夏之阳等: "基于神经网络与代码相似性的静态漏洞检测", 《计算机工程》, vol. 45, no. 12, 7 January 2020 (2020-01-07), pages 141 - 146 * |
Also Published As
Publication number | Publication date |
---|---|
CN118036019B (en) | 2024-06-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Gupta et al. | PHP-sensor: a prototype method to discover workflow violation and XSS vulnerabilities in PHP web applications | |
CN111160749B (en) | Information quality assessment and information fusion method and device | |
Hu et al. | Attack scenario reconstruction approach using attack graph and alert data mining | |
CN104956372A (en) | Determining coverage of dynamic security scans using runtime and static code analyses | |
US20120131668A1 (en) | Policy-Driven Detection And Verification Of Methods Such As Sanitizers And Validators | |
CN111339535A (en) | Vulnerability prediction method and system for intelligent contract codes, computer equipment and storage medium | |
CN116389235A (en) | Fault monitoring method and system applied to industrial Internet of things | |
CN116915442A (en) | Vulnerability testing method, device, equipment and medium | |
CN118036009A (en) | Method and device for processing security vulnerabilities and electronic equipment | |
CN118036019B (en) | Vulnerability positioning method and system based on code automatic detection | |
CN115412358B (en) | Network security risk assessment method and device, electronic equipment and storage medium | |
CN117130906A (en) | Fuzzy test method and device for network server in embedded equipment | |
EP3970043A1 (en) | Apparatuses and methods for detecting malware | |
Mostafa et al. | Netdroid: Summarizing network behavior of android apps for network code maintenance | |
CN114546857A (en) | Interface test case generation method and device, electronic equipment and storage medium | |
Adebiyi et al. | Security Assessment of Software Design using Neural Network | |
CN113923007A (en) | Safety penetration testing method and device, electronic equipment and storage medium | |
CN115563657B (en) | Data information security processing method, system and cloud platform | |
Zhong et al. | Security‐based code smell definition, detection, and impact quantification in Android | |
CN118337403B (en) | Attack path restoration method and device based on IOC, electronic equipment and medium | |
Deptula | Automation of cyber penetration testing using the detect, identify, predict, react intelligence automation model | |
CN115348109B (en) | Industrial production threat early warning method and system, electronic equipment and storage medium | |
TWI726455B (en) | Penetration test case suggestion method and system | |
CN114598509B (en) | Method and device for determining vulnerability result | |
CN115277067A (en) | Computer network information vulnerability detection method based on artificial fish swarm algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |