CN118349895B - Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium - Google Patents

Abstract

The embodiments of the present disclosure disclose a vulnerability sample library construction method, a vulnerability identification method, an apparatus, a device and a medium. A specific implementation of the method includes: determining a pre-stored information security vulnerability data group as a historical information security vulnerability data group; for each historical information security vulnerability data, performing the following steps: determining a feature information group as a feature information group to be vectorized; vectorizing each feature information to be vectorized to obtain a historical feature vector group; constructing a historical feature vector matrix; determining each constructed historical feature vector matrix as a historical feature vector matrix group; classifying each historical feature vector matrix to obtain a vulnerability category information group set; and constructing a vulnerability sample library. This implementation reduces the amount of computation for vulnerability sample identification and improves the accuracy of vulnerability classification.

Description

Vulnerability sample library construction method, vulnerability identification method, device, equipment and medium

Technical Field

Embodiments of the present disclosure relate to the field of computer technology, and in particular to a vulnerability sample library construction method, a vulnerability identification method, a device, a equipment, and a medium.

Background Art

Vulnerability sample identification is a technology for classifying and identifying vulnerability data. At present, the method commonly used to classify and identify vulnerability data is: function similarity detection technology, which aims to identify code fragments with similarities or the same functions by comparing function codes between different programs, thereby discovering vulnerabilities and the categories corresponding to vulnerability data.

However, when using the above method to identify vulnerability samples, the following technical problems often occur:

First, comparing function codes between different programs faces the problems of large computational complexity and low accuracy in practical applications, resulting in low accuracy in vulnerability sample identification.

Second, the vulnerability and the category corresponding to the vulnerability data are determined only by identifying the code fragments that have similarities or the same functions between the original vulnerability code and the vulnerability code to be identified. However, in the actual process, some vulnerabilities may have similarities or code fragments with the same functions, but the classification of the vulnerabilities themselves is different, resulting in a low accuracy rate in vulnerability classification.

Summary of the invention

The content of this disclosure is used to introduce concepts in a brief form, which will be described in detail in the detailed implementation section below. The content of this disclosure is not intended to identify the key features or essential features of the technical solution claimed for protection, nor is it intended to limit the scope of the technical solution claimed for protection.

Some embodiments of the present disclosure propose a vulnerability sample library construction method for information security vulnerability identification, an information security vulnerability identification method, an apparatus, an electronic device and a computer-readable medium to solve one or more of the technical problems mentioned in the above background technology section.

In a first aspect, some embodiments of the present disclosure provide a method for constructing a vulnerability sample library for information security vulnerability identification, the method comprising: determining a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the above historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the above vulnerability information; for each historical information security vulnerability data in the above historical information security vulnerability data group, performing the following steps: determining the feature information group included in the above historical information security vulnerability data as a feature information group to be quantized; performing vectorization processing on each feature information to be quantized in the above feature information group to be quantized to obtain a historical feature vector group; constructing a historical feature vector matrix based on the above historical feature vector group; determining each constructed historical feature vector matrix as a historical feature vector matrix group; performing classification processing on each historical feature vector matrix in the above historical feature vector matrix group to obtain a vulnerability category information group set; constructing a vulnerability sample library based on the above vulnerability category information group set, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

In a second aspect, some embodiments of the present disclosure provide a method for identifying information security vulnerabilities, the method comprising: obtaining current information security vulnerability data, wherein the current information security vulnerability data comprises vulnerability information and a feature information group corresponding to the vulnerability information; based on the feature information group, constructing a current feature vector matrix; based on a pre-constructed vulnerability sample library, performing matching processing on the current feature vector matrix to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method described in any implementation of the first aspect.

In a third aspect, some embodiments of the present disclosure provide a device for constructing a vulnerability sample library for information security vulnerability identification, the device comprising: a first determining unit, configured to determine a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the historical information security vulnerability data group comprises vulnerability information and a feature information group corresponding to the vulnerability information; an executing unit, configured to execute the following steps for each historical information security vulnerability data in the historical information security vulnerability data group: determining the feature information group included in the historical information security vulnerability data as a feature information group to be quantized; Each feature information to be quantized in the information group is vectorized to obtain a historical feature vector group; based on the above historical feature vector group, a historical feature vector matrix is constructed; the second determination unit is configured to determine the constructed historical feature vector matrices as a historical feature vector matrix group; the classification unit is configured to classify each historical feature vector matrix in the above historical feature vector matrix group to obtain a vulnerability category information group set; the construction unit is configured to construct a vulnerability sample library based on the above vulnerability category information group set, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

In a fourth aspect, some embodiments of the present disclosure provide an information security vulnerability identification device, the device comprising: an acquisition unit, configured to acquire current information security vulnerability data, wherein the current information security vulnerability data comprises vulnerability information and a feature information group corresponding to the vulnerability information; a construction unit, configured to construct a current feature vector matrix based on the feature information group; a matching unit, configured to perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library, to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method described in any implementation of the first aspect.

In a fifth aspect, some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device on which one or more programs are stored, and when the one or more programs are executed by one or more processors, the one or more processors implement the method described in any implementation of the first or second aspect above.

In a sixth aspect, some embodiments of the present disclosure provide a computer-readable medium having a computer program stored thereon, wherein when the program is executed by a processor, the method described in any implementation of the first aspect or the second aspect is implemented.

The above-mentioned various embodiments of the present disclosure have the following beneficial effects: the vulnerability sample library obtained by the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure improves information security vulnerability identification. Specifically, the reason for the low accuracy of vulnerability sample identification is that the comparison of function codes between different programs faces the problem of large calculation amount and low accuracy in actual application, resulting in low accuracy of vulnerability sample identification. Based on this, the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure, first, the pre-stored information security vulnerability data group is determined as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the above historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the above vulnerability information. Thus, the information security vulnerability data to be processed can be obtained. Then, for each historical information security vulnerability data in the above historical information security vulnerability data group, the following steps are performed: First, the feature information group included in the above historical information security vulnerability data is determined as a feature information group to be vectorized. Thus, the feature information group included in the information security vulnerability data can be obtained. Then, each feature information to be vectorized in the above feature information group to be vectorized is vectorized to obtain a historical feature vector group. Thus, the feature information can be converted into a historical feature vector. Then, based on the above historical feature vector group, a historical feature vector matrix is constructed. Thus, a historical feature vector matrix composed of the historical feature vector group can be obtained. Then, each constructed historical feature vector matrix is determined as a historical feature vector matrix group. Thus, the historical feature vector matrix corresponding to each historical information security vulnerability data can be obtained. Secondly, each historical feature vector matrix in the above historical feature vector matrix group is classified and processed to obtain a vulnerability category information group set. Thus, the vulnerability category information corresponding to each historical information security vulnerability data can be obtained. Then, based on the above vulnerability category information group set, a vulnerability sample library is constructed, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information. Thus, a vulnerability sample library for information security vulnerability identification can be constructed. Also, because the vulnerability sample library constructed by the historical information security vulnerability data group can classify and identify the vulnerability feature information, it avoids the problem of large amount of calculation in actual application due to comparing function codes between different programs. Also, because the vulnerability sample library is constructed based on the historical information security vulnerability data group, the correlation between the vulnerability sample library and the historical information security vulnerability data group is high, so the accuracy of vulnerability data identification is high when new vulnerability feature information is obtained.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other features, advantages and aspects of the embodiments of the present disclosure will become more apparent with reference to the following detailed description in conjunction with the accompanying drawings. Throughout the accompanying drawings, the same or similar reference numerals represent the same or similar elements. It should be understood that the drawings are schematic and that components and elements are not necessarily drawn to scale.

FIG1 is a flow chart of some embodiments of a method for constructing a vulnerability sample library for information security vulnerability identification according to the present disclosure;

FIG2 is a flow chart of some embodiments of the information security vulnerability identification method according to the present disclosure;

FIG3 is a schematic diagram of the structure of some embodiments of a device for constructing a vulnerability sample library for information security vulnerability identification according to the present disclosure;

FIG4 is a schematic diagram of the structure of some embodiments of the information security vulnerability identification device according to the present disclosure;

FIG. 5 is a schematic diagram of the structure of an electronic device suitable for implementing some embodiments of the present disclosure.

DETAILED DESCRIPTION

Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although certain embodiments of the present disclosure are shown in the accompanying drawings, it should be understood that the present disclosure can be implemented in various forms and should not be construed as being limited to the embodiments set forth herein. On the contrary, these embodiments are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are only for exemplary purposes and are not intended to limit the scope of protection of the present disclosure.

It should also be noted that, for ease of description, only the parts related to the invention are shown in the drawings. In the absence of conflict, the embodiments and features in the embodiments of the present disclosure may be combined with each other.

It should be noted that the concepts such as "first" and "second" mentioned in the present disclosure are only used to distinguish different devices, modules or units, and are not used to limit the order or interdependence of the functions performed by these devices, modules or units.

It should be noted that the modifications of "one" and "plurality" mentioned in the present disclosure are illustrative rather than restrictive, and those skilled in the art should understand that unless otherwise clearly indicated in the context, it should be understood as "one or more".

The names of the messages or information exchanged between multiple devices in the embodiments of the present disclosure are only used for illustrative purposes and are not used to limit the scope of these messages or information.

The present disclosure will be described in detail below with reference to the accompanying drawings and in conjunction with embodiments.

FIG1 shows a process 100 of some embodiments of a method for constructing a vulnerability sample library for information security vulnerability identification according to the present disclosure. The method for constructing a vulnerability sample library for information security vulnerability identification includes the following steps:

Step 101: determine a pre-stored information security vulnerability data group as a historical information security vulnerability data group.

In some embodiments, the execution subject (e.g., computing device) of the vulnerability sample library construction method may determine the pre-stored information security vulnerability data group as the historical information security vulnerability data group. The above-mentioned information security vulnerability data group may be data in a national database used for information security vulnerability management and control. The above-mentioned historical information security vulnerability data may be data used to characterize information security vulnerabilities. For example, the above-mentioned historical information security vulnerability data may be, but not limited to, financial information security vulnerability data, electric power information security vulnerability data, energy information security vulnerability data, and telecommunications information security vulnerability data. Each historical information security vulnerability data in the above-mentioned historical information security vulnerability data group may include vulnerability information and a feature information group corresponding to the above-mentioned vulnerability information. The above-mentioned vulnerability information may be information describing the above-mentioned historical information security vulnerability data in the national vulnerability library. The above-mentioned feature information group may be a feature information group of data in the national vulnerability library. The above-mentioned feature information group may include various feature label types, and each feature information corresponds to a feature label type. The above-mentioned feature label type may include, but is not limited to: system label, environment label. The above-mentioned system label may be a label used to characterize the feature information as "system". The above-mentioned environment label may be a label used to characterize the feature information as "environment". Specifically, when the above-mentioned feature tag type is a system tag, it means that the feature information is the feature information corresponding to the "system". When the above-mentioned feature tag type is an environment tag, it means that the feature information is the feature information corresponding to the "system programming language environment". The above-mentioned execution subject can be a server that identifies or processes information security vulnerabilities.

Step 102: for each piece of historical information security vulnerability data in the historical information security vulnerability data group, perform the following steps:

Step 1021: determine the feature information group included in the historical information security vulnerability data as the feature information group to be quantized.

In some embodiments, the execution entity may determine the feature information group included in the historical information security vulnerability data as the feature information group to be quantized.

Step 1022: perform vectorization processing on each feature information to be quantized in the feature information group to be quantized to obtain a historical feature vector group.

In some embodiments, the execution subject may perform vectorization processing on each feature information to be quantized in the feature information group to be quantized to obtain a historical feature vector group. In practice, the execution subject may perform vectorization processing on each feature information to be quantized in the feature information group to be quantized using a preset encoding method to obtain a historical feature vector. The preset encoding method may be, but is not limited to, one-hot encoding, label encoding, minimum-maximum normalization, or Z-score normalization. The historical feature vector may be numerical data for machine learning model processing.

Step 1023, constructing a historical feature vector matrix based on the historical feature vector group.

In some embodiments, the execution subject may construct a historical feature vector matrix based on the historical feature vector group. The historical feature vector matrix may be a matrix used to characterize vulnerability information corresponding to the historical feature vector group. In practice, the execution subject may construct each historical feature vector in the historical feature vector group into a historical feature vector matrix.

In some optional implementations of some embodiments, the execution subject may construct a historical feature vector matrix based on the historical feature vector group through the following steps:

The first step is to classify the above-mentioned feature information groups to be quantized according to each feature label type to obtain each feature label information group. Among them, the feature label information in each feature label information group corresponds to the same feature label type. The above-mentioned feature label types may include but are not limited to: system labels, environment labels. The above-mentioned system label may be a label used to characterize the feature information as a system. The above-mentioned environment label may be a label used to characterize the feature information as an environment. In practice, the above-mentioned execution entity may classify each feature label information with the same corresponding feature label type in the feature information group to be quantized into the same feature label information group to obtain each feature label information group.

In the second step, the obtained characteristic label information groups are determined as characteristic label information group sets.

The third step is to perform the following steps on each feature label information group in the feature label information group set:

In the first sub-step, the historical feature vector corresponding to each feature label information in the feature label information group is determined as the feature vector to be added, so as to obtain a feature vector group to be added.

The second sub-step is to add the above-mentioned feature vector group to be added to the feature vector matrix to update the above-mentioned feature vector matrix. Among them, the above-mentioned feature vector matrix can be an empty matrix, and the number of rows in the above-mentioned feature vector matrix can be the number of feature label information groups in the above-mentioned feature label information group set. The number of columns in the above-mentioned feature vector matrix can be the number of feature label information of the feature label information group with the most feature label information in the above-mentioned feature label information group set. In practice, first, the above-mentioned execution subject can add each feature vector to be added in the above-mentioned feature vector group to be added to each row of the feature vector matrix in sequence according to the arrangement from top to bottom. Among them, the eigenvectors in the above-mentioned eigenvector matrix can be null values.

The fourth step is to determine the updated eigenvector matrix as the historical eigenvector matrix.

Step 103: determine the constructed historical feature vector matrices as a historical feature vector matrix group.

In some embodiments, the execution entity may determine the constructed historical feature vector matrices as a historical feature vector matrix group.

Step 104 , classify each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set.

In some embodiments, the execution subject may classify each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set. Each vulnerability category information group in the vulnerability category information group set may include various historical feature vector matrices. In practice, first, the execution subject may classify each historical feature vector matrix to obtain various vulnerability list information groups. Then, the obtained various vulnerability list information groups are determined as vulnerability category information group sets.

In some optional implementations of some embodiments, the execution subject may classify each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set by the following steps:

The first step is to perform the following first loop steps based on the above historical eigenvector matrix group:

The first sub-step is to perform random dimensionality reduction processing on each historical feature vector matrix in the above-mentioned historical feature vector matrix group to obtain a reduced-dimensional feature vector matrix group. Among them, the above-mentioned reduced-dimensional feature vector matrix group can be a matrix of the above-mentioned historical feature vector matrix after random dimensionality reduction processing. Each reduced-dimensional feature vector matrix in the above-mentioned reduced-dimensional feature vector matrix group can include selection information. The above-mentioned selection information can be a string used to characterize whether the reduced-dimensional feature vector matrix is selected. The above-mentioned selection information can be an empty string. In practice, the above-mentioned execution entity can perform random dimensionality reduction processing on each historical feature vector matrix in the above-mentioned historical feature vector matrix group to obtain a reduced-dimensional feature vector matrix group. Specifically, the above-mentioned random dimensionality reduction processing can include but is not limited to: principal component analysis, linear discriminant analysis, and t-distribution neighborhood embedding algorithm.

The second sub-step is to perform the following second loop step based on the above-mentioned reduced dimension feature vector matrix group:

Sub-step 1: Determine the reduced dimension feature vector matrix that meets the preset selection condition in the reduced dimension feature vector matrix group as the reduced dimension feature vector matrix to be compared. The preset selection condition may be: the reduced dimension feature vector matrix is any reduced dimension feature vector matrix in the reduced dimension feature vector matrix group whose selection information is an empty string.

Sub-step 2: determining the preset selection information as the selection information. The preset selection information may be "selected".

Sub-step three: adding the selection information to the reduced-dimensional feature vector matrix to be compared, so as to update the reduced-dimensional feature vector matrix to be compared.

Sub-step 4: Determine a preset number of reduced dimension feature vector matrices in the reduced dimension feature vector matrix group that meet the preset comparison condition as the feature vector matrix group to be compared. The preset comparison condition may be that the reduced dimension feature vector matrix is a reduced dimension feature vector matrix in the reduced dimension feature vector matrix group that is different from the reduced dimension feature vector matrix to be compared. The preset number may be the difference between the number of each reduced dimension feature vector matrix included in the reduced dimension feature vector matrix group and 1.

Sub-step five: for each feature vector matrix to be compared in the feature vector matrix group to be compared, the distance between the reduced-dimensional feature vector matrix to be compared and the feature vector matrix to be compared is determined as the comparison distance.

Sub-step six: sorting the determined comparison distances to obtain a comparison distance sequence. The comparison distance sequence may be a sequence used to characterize the size of the comparison distances. In practice, the execution subject may re-sort the comparison distance sequence in ascending order.

Sub-step 7: taking the comparison distances in the comparison distance sequence that meet the preset sorting condition as the comparison distance group. The preset sorting condition may be that the comparison distance is less than a preset distance threshold. The preset distance threshold may be a preset value. The specific setting of the preset distance threshold is not limited here.

Sub-step eight: determining a category matrix group based on the comparison distance group, wherein the category matrix group may be a group composed of various historical feature vector matrices.

Sub-step nine, in response to determining that each reduced dimension feature vector matrix in the reduced dimension feature vector matrix group does not satisfy a preset adding condition, executing the second loop step again. The preset adding condition may be that there is a reduced dimension feature vector matrix without selection information in the reduced dimension feature vector matrix group.

Sub-step ten: in response to determining that each reduced-dimensionality feature vector matrix in the reduced-dimensionality feature vector matrix group meets a preset adding condition, determining each determined category matrix group as a category information group set.

The third sub-step is, in response to determining that each category matrix group in the above category information group set does not meet the preset quantity condition, clearing the above category information group set, and executing the above first loop step again. The above preset quantity condition may be that the number of historical feature vector matrices in each category matrix group is less than a preset quantity threshold. The above preset quantity threshold may be a pre-set value. There is no limitation on the specific setting of the above preset quantity threshold.

The fourth sub-step, in response to determining that each category matrix group in the above-mentioned category information group set meets the preset quantity condition, performs difference value processing on each category matrix group in the above-mentioned category information group set to obtain a category difference value group. Among them, each category difference value in the above-mentioned category difference value group can be a numerical value used to characterize the degree of difference of the historical feature vector matrix in each category matrix group in the category information group. In practice, in the first step, the above-mentioned execution subject can perform the following steps on each category matrix group in the above-mentioned category information group set: First, the above-mentioned execution subject can use the sum of each historical feature vector matrix in the above-mentioned category matrix group as a historical sum matrix. Then, the above-mentioned execution subject can use the ratio of the historical sum matrix to the number of each historical feature vector matrix in the category matrix group as a historical average matrix. Then, the above-mentioned execution subject can use the difference between each historical feature vector matrix and the historical average matrix as each historical difference matrix. Secondly, the above-mentioned execution subject can use the Frobenius norm of each historical difference matrix as each difference norm. Finally, the above-mentioned execution subject can use the sum of each difference norm as a category difference value. In the second step, the above-mentioned execution subject can determine the obtained each category difference value as a category difference value group.

In a fifth sub-step, in response to determining that each of the category difference values in the category difference value group does not satisfy a preset threshold condition, the first loop step is executed again. The preset threshold condition may be that the category difference value is less than a preset difference threshold. The preset difference threshold may be a pre-set value, and the specific setting of the preset difference threshold is not limited here.

In a sixth sub-step, in response to determining that each category difference value in the category difference value group meets a preset threshold condition, the category information group set is determined as a vulnerability category information group set, wherein each vulnerability category information group in the vulnerability category information group set can be the category matrix group.

In some optional implementations of some embodiments, the execution subject may determine the category matrix group based on the comparison distance group through the following steps:

In the first step, for each comparison distance in the above comparison distance group, perform the following steps:

The first sub-step is to determine the above-mentioned preset selection information as the selection information.

The second sub-step is to add the selection information to the feature vector matrix to be compared corresponding to the comparison distance, so as to update the feature vector matrix to be compared.

The second step is to combine the updated feature vector matrices to be compared with the feature vectors to be compared with the reduced dimension feature vectors to be compared corresponding to the comparison distance group as a category matrix group. In practice, first, the execution subject can combine the historical feature vector matrices corresponding to the reduced dimension feature vectors to be compared corresponding to the comparison distance group with the historical feature vector matrices corresponding to the updated feature vector matrices to be compared, and use the obtained historical feature vector matrices as the category matrix group.

In some optional implementations of some embodiments, the execution subject may determine the distance between the reduced-dimensional feature vector matrix to be compared and the feature vector matrix to be compared as the comparison distance by the following steps:

In the first step, the eigenvectors of each corresponding position of the above-mentioned reduced-dimensional feature vector matrix to be compared and the above-mentioned eigenvector matrix to be compared are respectively determined as the first eigenvector and the second eigenvector. In practice, the above-mentioned execution subject can extract the eigenvectors of each corresponding position of the above-mentioned reduced-dimensional feature vector matrix to be compared and the above-mentioned eigenvector matrix to be compared as the first eigenvector and the second eigenvector. For example, the above-mentioned reduced-dimensional feature vector matrix to be compared can be , the above-mentioned feature vector matrix to be compared can be When, the above-mentioned reduced-dimensional feature vector matrix to be compared and the above-mentioned feature vector matrix to be compared can be the historical feature vector matrix constructed in step 1023. for The vector at row 1 and column 1 of the matrix. for The vector at row 1 and column 1 of the matrix. for Matrix row 1 Vector of columns. for Matrix row 1 Vector of columns. for Matrix The vector of row and column 1. The vector at row 1 and column 1 of the matrix. and are in corresponding positions, then the first eigenvector can be , the second eigenvector can be . and are in corresponding positions, then the first eigenvector can be , the second eigenvector can be .

In the second step, for each of the first and second eigenvectors corresponding to the corresponding positions, the following steps are performed:

In the first sub-step, a difference between the first eigenvector and the second eigenvector is determined as a difference eigenvector.

The second sub-step is to generate a square value based on the difference feature vector. In practice, the execution subject may determine the square of the difference feature vector as the square value.

The third sub-step is to generate a standard value based on the square value. In practice, the execution subject may determine the square root of the square value as the standard value.

In the third step, the sum of the obtained standard values is determined as the comparison distance.

Step 105: construct a vulnerability sample library based on the vulnerability category information set.

In some embodiments, the execution subject may construct a vulnerability sample library based on the vulnerability category information set, wherein the vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

In some optional implementations of some embodiments, the execution subject may construct a vulnerability sample library based on the vulnerability category information set through the following steps:

In the first step, for each vulnerability category information group in the above vulnerability category information group set, perform the following steps:

The first sub-step is to generate a vulnerability average matrix corresponding to the vulnerability category information group based on the vulnerability category information group. In practice, first, the execution subject can input each element in each dimension reduction feature vector matrix in the category matrix group corresponding to the vulnerability category information group into the first preset formula to obtain each first vector corresponding to each element. The first preset formula can be . The first vector can be expressed as express. is the first Line Vector of columns. For the The first Line Vector of columns. is the number of reduced-dimensional feature vector matrices included in the category matrix group. Then, the execution subject may combine the first vectors as rows and columns in the matrix into a vulnerability average matrix.

The second sub-step is to generate the maximum vulnerability matrix corresponding to the vulnerability category information group based on the vulnerability category information group. In practice, first, the execution subject can input each element in each dimension reduction feature vector matrix in the category matrix group corresponding to the vulnerability category information group into the second preset formula to obtain each second vector corresponding to each element. The second preset formula can be . The second vector can be expressed as express. The largest vulnerability matrix Line Then, the execution subject can combine the second vectors as rows and columns in a matrix to form a maximum vulnerability matrix.

The third sub-step is to generate a minimum vulnerability matrix corresponding to the vulnerability category information group based on the vulnerability category information group. In practice, first, the execution subject can input each element in each dimension reduction feature vector matrix in the category matrix group corresponding to the vulnerability category information group into the third preset formula to obtain each third vector corresponding to each element. The third preset formula can be . The third vector can be expressed as express. is the first in the vulnerability minimum matrix Line Then, the execution subject can combine the third vectors as rows and columns in a matrix to form a matrix with the minimum vulnerability.

The fourth sub-step is to generate the vulnerability fluctuation value corresponding to the vulnerability category information group based on the above-mentioned minimum vulnerability matrix and the above-mentioned maximum vulnerability matrix. The above-mentioned vulnerability fluctuation value can be a matrix used to characterize the degree of fluctuation of the vulnerability category information group. In practice, first, the above-mentioned execution subject can input each element in the above-mentioned minimum vulnerability matrix and each element in the above-mentioned maximum vulnerability matrix into the fourth preset formula to obtain each fourth vector corresponding to each element. The above-mentioned fourth preset formula can be . The fourth vector can be expressed as express. is the first value in the vulnerability fluctuation value Line Then, the execution subject may combine the fourth vectors as rows and columns in the matrix into vulnerability fluctuation values.

The fifth sub-step is to generate the common features corresponding to the vulnerability category information group based on the vulnerability average matrix and the vulnerability fluctuation value. The common features can be a matrix used to characterize the common features of the vulnerability category information group. In practice, first, the execution subject can input each element in the vulnerability average matrix and the vulnerability fluctuation value into the fifth preset formula to obtain each fifth vector corresponding to each element. The fifth preset formula can be . The fifth vector can be expressed as express. is the first in the vulnerability minimum matrix Line Vector of columns. is the first in the above vulnerability average matrix Line Vector of columns. is the first of the above vulnerability fluctuation values Line Then, the execution subject may combine the fifth vectors as the rows and columns in the matrix into common features.

In the sixth sub-step, the vulnerability average matrix, the maximum vulnerability matrix, the minimum vulnerability matrix, the vulnerability fluctuation value, and the common features are combined to obtain vulnerability sample information. In practice, the execution subject may combine the vulnerability average matrix, the maximum vulnerability matrix, the minimum vulnerability matrix, the vulnerability fluctuation value, and the common features to obtain vulnerability sample information.

In the seventh sub-step, the historical information security vulnerability data corresponding to each vulnerability category information in the vulnerability category information group is determined as vulnerability sample data to obtain a vulnerability sample data group. In practice, first, the execution subject may extract the historical information security vulnerability data corresponding to each vulnerability category information from the vulnerability category information group. Then, the execution subject may use the obtained historical information security vulnerability data as a vulnerability sample data group.

In an eighth sub-step, the vulnerability sample information and the vulnerability sample data group are determined as vulnerability samples.

The second step is to construct a vulnerability sample library based on the determined vulnerability samples. In practice, the execution subject may store the obtained vulnerability samples in a database to obtain a vulnerability sample library.

As an inventive point of an embodiment of the present disclosure, the above vulnerability sample library construction scheme solves the technical problem of "only by identifying the code fragments with similarities or the same functions between the original vulnerability code and the vulnerability code to be identified, the vulnerability and the category corresponding to the vulnerability data are determined. However, in the actual process, although some vulnerabilities have code fragments with similarities or the same functions, the classification of the vulnerability itself is different, resulting in a low vulnerability classification accuracy." If the above factors are solved, the effect of improving the vulnerability classification accuracy can be achieved. In order to achieve this effect. The present disclosure constructs a vulnerability sample library through the following steps: First, for each vulnerability category information group in the above vulnerability category information group set, the following steps are performed: Based on the above vulnerability category information group, the vulnerability average matrix corresponding to the above vulnerability category information group is generated. Then, based on the above vulnerability category information group, the vulnerability maximum matrix corresponding to the above vulnerability category information group is generated. Then, based on the above vulnerability category information group, the vulnerability minimum matrix corresponding to the above vulnerability category information group is generated. Secondly, based on the above vulnerability minimum matrix and the above vulnerability maximum matrix, the vulnerability fluctuation value corresponding to the above vulnerability category information group is generated. Then, based on the above vulnerability average matrix and the above vulnerability fluctuation value, the common characteristics corresponding to the above vulnerability category information group are generated. Thus, the vulnerability sample information corresponding to the vulnerability category information group can be obtained. Then, the above-mentioned vulnerability average matrix, the above-mentioned vulnerability maximum matrix, the above-mentioned vulnerability minimum matrix, the above-mentioned vulnerability fluctuation value, and the above-mentioned common characteristics are combined and processed to obtain vulnerability sample information. Secondly, the historical information security vulnerability data corresponding to each vulnerability category information in the above-mentioned vulnerability category information group is determined as vulnerability sample data to obtain a vulnerability sample data group. Then, the above-mentioned vulnerability sample information and the above-mentioned vulnerability sample data group are determined as vulnerability samples. Thus, the vulnerability sample information and the vulnerability sample data group can be used as vulnerability samples. Then, based on the determined vulnerability samples, a vulnerability sample library is constructed. Thus, the obtained vulnerability samples can be constructed into a vulnerability sample library. Also because the vulnerability sample library is constructed based on the historical information security vulnerability data group, it does not rely on code fragments with similarities or the same functions to determine the vulnerability and the category corresponding to the vulnerability data, so the obtained vulnerability sample library has high reliability, thereby improving the accuracy of vulnerability classification.

The above-mentioned various embodiments of the present disclosure have the following beneficial effects: the vulnerability sample library obtained by the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure improves information security vulnerability identification. Specifically, the reason for the low accuracy of vulnerability sample identification is that the comparison of function codes between different programs faces the problem of large calculation amount and low accuracy in actual application, resulting in low accuracy of vulnerability sample identification. Based on this, the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure, first, the pre-stored information security vulnerability data group is determined as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the above historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the above vulnerability information. Thus, the information security vulnerability data to be processed can be obtained. Then, for each historical information security vulnerability data in the above historical information security vulnerability data group, the following steps are performed: First, the feature information group included in the above historical information security vulnerability data is determined as a feature information group to be vectorized. Thus, the feature information group included in the information security vulnerability data can be obtained. Then, each feature information to be vectorized in the above feature information group to be vectorized is vectorized to obtain a historical feature vector group. Thus, the feature information can be converted into a historical feature vector. Then, based on the above historical feature vector group, a historical feature vector matrix is constructed. Thus, a historical feature vector matrix composed of the historical feature vector group can be obtained. Then, each constructed historical feature vector matrix is determined as a historical feature vector matrix group. Thus, the historical feature vector matrix corresponding to each historical information security vulnerability data can be obtained. Secondly, each historical feature vector matrix in the above historical feature vector matrix group is classified and processed to obtain a vulnerability category information group set. Thus, the vulnerability category information corresponding to each historical information security vulnerability data can be obtained. Then, based on the above vulnerability category information group set, a vulnerability sample library is constructed, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information. Thus, a vulnerability sample library for information security vulnerability identification can be constructed. Also, because the vulnerability sample library constructed by the historical information security vulnerability data group can classify and identify the vulnerability feature information, it avoids the problem of large amount of calculation in actual application due to comparing function codes between different programs. Also, because the vulnerability sample library is constructed based on the historical information security vulnerability data group, the correlation between the vulnerability sample library and the historical information security vulnerability data group is high, so the accuracy of vulnerability data identification is high when new vulnerability feature information is obtained.

2, a process 200 of some embodiments of the information security vulnerability identification method according to the present disclosure is shown. The information security vulnerability identification method comprises the following steps:

Step 201, obtaining current information security vulnerability data.

In some embodiments, the execution subject (e.g., computing device) of the information security vulnerability identification method may obtain current information security vulnerability data. The current information security vulnerability data may be data provided by the target user. The current information security vulnerability data may include vulnerability information and a feature information group corresponding to the vulnerability information.

Step 202: construct a current feature vector matrix based on the feature information group.

In some embodiments, the execution subject may construct a current feature vector matrix based on the feature information group. The method of constructing the current feature vector matrix may refer to the specific implementation method of step 1023 in FIG. 1 , which will not be described in detail here.

Step 203: Based on the pre-built vulnerability sample library, the current feature vector matrix is matched to obtain the vulnerability samples corresponding to the current feature vector matrix.

In some embodiments, the execution subject may perform matching processing on the current feature vector matrix based on a pre-built vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix. The vulnerability sample library is constructed by the steps in the corresponding embodiments shown in FIG. 1. In practice, first, the execution subject may generate the similarity between the current feature vector matrix and the vulnerability sample information included in each vulnerability sample in the vulnerability sample library as a similarity comparison result. Specifically, the similarity may be cosine similarity. Then, the execution subject may select the vulnerability sample corresponding to the similarity comparison result with the highest similarity from each similarity comparison result as the vulnerability sample corresponding to the current feature vector matrix.

The above-mentioned various embodiments of the present disclosure have the following beneficial effects: the vulnerability samples corresponding to the information security vulnerabilities obtained by the information security vulnerability identification method of some embodiments of the present disclosure improve the identification of information security vulnerabilities. Specifically, the reason for the low accuracy of vulnerability sample identification is that the comparison of function codes between different programs faces the problem of large computational complexity and low accuracy in practical applications, resulting in a low accuracy of vulnerability sample identification. Based on this, the information security vulnerability identification method of some embodiments of the present disclosure first obtains current information security vulnerability data, wherein the current information security vulnerability data includes vulnerability information and a feature information group corresponding to the vulnerability information. Thus, the information security vulnerability data can be obtained. Then, based on the feature information group, a current feature vector matrix is constructed. Thus, the current feature vector matrix corresponding to the current information security vulnerability data can be obtained. Then, based on the pre-constructed vulnerability sample library, the current feature vector matrix is matched to obtain the vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method described in any implementation of the first aspect. Thus, the vulnerability samples corresponding to the current information security vulnerability data can be obtained. This is also because information security vulnerabilities are classified and identified through a pre-built vulnerability sample library, thereby improving the accuracy of vulnerability sample identification.

Further referring to FIG. 3 , as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of a device for constructing a vulnerability sample library for information security vulnerability identification. These device embodiments correspond to the method embodiments shown in FIG. 1 , and the device can be specifically applied to various electronic devices.

As shown in FIG3 , a vulnerability sample library construction device 300 for information security vulnerability identification in some embodiments includes: a first determination unit 301, an execution unit 302, a second determination unit 303, a classification unit 304, and a construction unit 305. The first determination unit 301 is configured to determine a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the vulnerability information; the execution unit 302 is configured to perform the following steps for each historical information security vulnerability data in the historical information security vulnerability data group: determine the feature information group included in the historical information security vulnerability data as a feature information group to be quantized; perform vectorization processing on each feature information to be quantized in the feature information group to be quantized Processing, to obtain a historical feature vector group; based on the above historical feature vector group, construct a historical feature vector matrix; the second determining unit 303 is configured to determine the constructed historical feature vector matrices as a historical feature vector matrix group; the classification unit 304 is configured to classify each historical feature vector matrix in the above historical feature vector matrix group to obtain a vulnerability category information group set; the construction unit 305 is configured to construct a vulnerability sample library based on the above vulnerability category information group set, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability samples corresponding to the vulnerability feature information.

It is understandable that the units recorded in the device 300 correspond to the steps in the method described with reference to Figure 1. Therefore, the operations, features and beneficial effects described above for the method are also applicable to the device 300 and the units contained therein, and will not be repeated here.

Further referring to FIG. 4 , as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of an information security vulnerability identification device, which correspond to the method embodiments shown in FIG. 2 , and the device can be specifically applied to various electronic devices.

As shown in Fig. 4, the information security vulnerability identification device 400 of some embodiments includes: an acquisition unit 401, a construction unit 402 and a matching unit 403. The acquisition unit 401 is configured to acquire current information security vulnerability data, wherein the current information security vulnerability data includes vulnerability information and a feature information group corresponding to the vulnerability information; the construction unit 402 is configured to construct a current feature vector matrix based on the feature information group; the matching unit 403 is configured to perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the steps in the corresponding embodiments in Fig. 1.

It is understandable that the units recorded in the device 400 correspond to the steps in the method described with reference to Figure 2. Therefore, the operations, features and beneficial effects described above for the method are also applicable to the device 400 and the units contained therein, and will not be repeated here.

Referring to Figure 5, a schematic diagram of the structure of an electronic device 500 suitable for implementing some embodiments of the present disclosure is shown. The electronic device shown in Figure 5 is only an example and should not bring any limitation to the functions and scope of use of the embodiments of the present disclosure.

As shown in FIG5 , the electronic device 500 may include a processing device (e.g., a central processing unit, a graphics processing unit, etc.) 501, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 502 or a program loaded from a storage device 508 into a random access memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the electronic device 500 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to the bus 504.

Typically, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, a touchpad, a keyboard, a mouse, a camera, a microphone, an accelerometer, a gyroscope, etc.; output devices 507 including, for example, a liquid crystal display (LCD), a speaker, a vibrator, etc.; storage devices 508 including, for example, a magnetic tape, a hard disk, etc.; and communication devices 509. The communication device 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. Although FIG. 5 shows an electronic device 500 with various devices, it should be understood that it is not required to implement or have all the devices shown. More or fewer devices may be implemented or have alternatively. Each box shown in FIG. 5 may represent one device, or may represent multiple devices as needed.

In particular, according to some embodiments of the present disclosure, the process described above with reference to the flowchart can be implemented as a computer software program. For example, some embodiments of the present disclosure include a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program contains program code for executing the method shown in the flowchart. In some such embodiments, the computer program can be downloaded and installed from the network through the communication device 509, or installed from the storage device 508, or installed from the ROM 502. When the computer program is executed by the processing device 501, the above-mentioned functions defined in the method of some embodiments of the present disclosure are executed.

It should be noted that the computer-readable medium recorded in some embodiments of the present disclosure may be a computer-readable signal medium or a computer-readable storage medium or any combination of the above two. The computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination of the above. More specific examples of computer-readable storage media may include, but are not limited to: an electrical connection with one or more wires, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the above. In some embodiments of the present disclosure, a computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in combination with an instruction execution system, device or device. In some embodiments of the present disclosure, a computer-readable signal medium may include a data signal propagated in a baseband or as part of a carrier wave, which carries a computer-readable program code. This propagated data signal may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above. Computer readable signal media may also be any computer readable medium other than computer readable storage media, which may send, propagate or transmit a program for use by or in conjunction with an instruction execution system, apparatus or device. The program code contained on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wires, optical cables, RF (radio frequency), etc., or any suitable combination of the above.

In some embodiments, the client and the server may communicate using any currently known or future developed network protocol such as HTTP (HyperText Transfer Protocol), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), an internet (e.g., the Internet), and a peer-to-peer network (e.g., an adhoc peer-to-peer network), as well as any currently known or future developed network.

The computer-readable medium may be included in the electronic device, or may exist independently without being incorporated into the electronic device. The computer-readable medium carries one or more programs. When the one or more programs are executed by the electronic device, the electronic device: determines a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the vulnerability information; for each historical information security vulnerability data in the historical information security vulnerability data group, performs the following steps: determines the feature information group included in the historical information security vulnerability data as a feature information group to be quantized; performs vectorization processing on each feature information to be quantized in the feature information group to be quantized to obtain a historical feature vector group; constructs a historical feature vector matrix based on the historical feature vector group; determines each constructed historical feature vector matrix as a historical feature vector matrix group; performs classification processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set; constructs a vulnerability sample library based on the vulnerability category information group set, wherein the vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

Or enable the electronic device to: obtain current information security vulnerability data, wherein the current information security vulnerability data includes vulnerability information and a feature information group corresponding to the vulnerability information; construct a current feature vector matrix based on the feature information group; and perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed through the steps in the corresponding embodiments in Figure 1.

Computer program code for performing the operations of some embodiments of the present disclosure may be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, C++, and conventional procedural programming languages such as "C" or similar programming languages. The program code may be executed entirely on the user's computer, partially on the user's computer, as a separate software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (e.g., via the Internet using an Internet service provider).

The flow chart and block diagram in the accompanying drawings illustrate the possible architecture, function and operation of the system, method and computer program product according to various embodiments of the present disclosure. In this regard, each square box in the flow chart or block diagram can represent a module, a program segment or a part of a code, and the module, the program segment or a part of the code contains one or more executable instructions for realizing the specified logical function. It should also be noted that in some implementations as replacements, the functions marked in the square box can also occur in a sequence different from that marked in the accompanying drawings. For example, two square boxes represented in succession can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, depending on the functions involved. It should also be noted that each square box in the block diagram and/or flow chart, and the combination of the square boxes in the block diagram and/or flow chart can be implemented with a dedicated hardware-based system that performs the specified function or operation, or can be implemented with a combination of dedicated hardware and computer instructions.

The units described in some embodiments of the present disclosure may be implemented by software or by hardware. The described units may also be provided in a processor, for example, may be described as: a processor comprising a first determination unit, an execution unit, a second determination unit, a classification unit, and a construction unit. The names of these units do not, in certain cases, constitute limitations on the units themselves, for example, the first determination unit may also be described as "a unit for determining a pre-stored information security vulnerability data group as a historical information security vulnerability data group".

The functions described above herein may be performed at least in part by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), application specific standard products (ASSPs), systems on chips (SOCs), complex programmable logic devices (CPLDs), and the like.

The above descriptions are only some preferred embodiments of the present disclosure and an explanation of the technical principles used. Those skilled in the art should understand that the scope of the invention involved in the embodiments of the present disclosure is not limited to the technical solutions formed by a specific combination of the above technical features, but should also cover other technical solutions formed by any combination of the above technical features or their equivalent features without departing from the above inventive concept. For example, the above features are replaced with (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure.

Claims (9)

1. A loophole sample library construction method for information security loophole identification comprises the following steps:

Determining a pre-stored information security vulnerability data set as a historical information security vulnerability data set, wherein each historical information security vulnerability data set comprises vulnerability information and a characteristic information set corresponding to the vulnerability information;

For each historical information security vulnerability data in the set of historical information security vulnerability data, performing the steps of:

Determining a characteristic information group included in the historical information security vulnerability data as a characteristic information group to be vectorized;

carrying out vectorization processing on each piece of feature information to be vectorized in the feature information group to be vectorized to obtain a historical feature vector group;

constructing a historical feature vector matrix based on the historical feature vector group;

determining each constructed historical feature vector matrix as a historical feature vector matrix group;

Classifying each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set, wherein classifying each historical feature vector matrix in the historical feature vector matrix group to obtain the vulnerability category information group set comprises the following steps: based on the historical feature vector matrix set, performing the following first loop step: performing random dimension reduction processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a dimension reduction feature vector matrix group; based on the dimension-reduction feature vector matrix group, the following second loop step is executed: determining a dimension reduction feature vector matrix meeting a preset selection condition in the dimension reduction feature vector matrix group as a dimension reduction feature vector matrix to be compared; determining preset selection information as selection information; adding the selection information to the dimension-reduction feature vector matrix to be compared so as to update the dimension-reduction feature vector matrix to be compared; determining a preset number of dimension reduction feature vector matrixes meeting preset comparison conditions in the dimension reduction feature vector matrix group as a feature vector matrix group to be compared; for each feature vector matrix to be compared in the feature vector matrix group to be compared, determining the distance between the feature vector matrix to be compared and the dimension reduction feature vector matrix to be compared as a comparison distance; sequencing the determined comparison distances to obtain a comparison distance sequence; taking the comparison distances meeting the preset ordering condition in the comparison distance sequence as a comparison distance group; determining a category matrix set based on the comparison distance set; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set does not meet a preset addition condition, executing the second looping step again; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set meets a preset addition condition, determining each determined category matrix set as a category information set; in response to determining that each of the set of category matrix groups does not meet a preset number of conditions, emptying the set of category information groups and performing the first looping step again; responding to the fact that each category matrix group in the category information group meets the preset quantity condition, and performing difference value processing on each category matrix group in the category information group to obtain a category difference value group; in response to determining that each of the set of class difference values does not meet a preset threshold condition, performing the first looping step again; in response to determining that each of the class difference values in the class difference value set meets a preset threshold condition, determining the class information set as a vulnerability class information set;

And constructing a vulnerability sample library based on the vulnerability category information set, wherein the vulnerability sample library is used for carrying out matching processing on the acquired real-time vulnerability characteristic information so as to identify a vulnerability sample corresponding to the vulnerability characteristic information.

2. The method of claim 1, wherein the constructing a historical feature vector matrix based on the set of historical feature vectors comprises:

classifying the feature information groups to be vectorized according to each feature tag type to obtain each feature tag information group, wherein feature tag information in each feature tag information group corresponds to the same feature tag type;

determining each obtained characteristic tag information group as a characteristic tag information group set;

The following steps are performed for each feature tag information group in the feature tag information group set:

determining a history feature vector corresponding to each feature tag information in the feature tag information group as a feature vector to be added to obtain a feature vector group to be added;

Adding the feature vector group to be added to a feature vector matrix to update the feature vector matrix;

the updated feature vector matrix is determined as a historical feature vector matrix.

3. The method of claim 1, wherein the determining a set of category matrices based on the set of alignment distances comprises:

For each alignment distance in the alignment distance group, performing the steps of:

Determining the preset selection information as selection information;

Adding the selection information to a feature vector matrix to be compared corresponding to the comparison distance so as to update the feature vector matrix to be compared;

and combining the updated feature vector matrixes to be compared with the feature vectors to be compared, which correspond to the comparison distance group, to obtain a category matrix group.

4. The method of claim 1, wherein the determining, for each feature vector matrix to be aligned in the set of feature vector matrices to be aligned, a distance between the feature vector matrix to be aligned and the feature vector matrix to be aligned as an alignment distance comprises:

Respectively determining the feature vector of each corresponding position in each corresponding position of the feature vector matrix to be compared and the feature vector matrix to be compared as a first feature vector and a second feature vector;

the following steps are performed for the first feature vector and the second feature vector corresponding to each of the respective corresponding positions:

determining a difference value between the first feature vector and the second feature vector as a difference feature vector;

generating a square value based on the difference feature vector;

Generating a standard value based on the square value;

the sum of the obtained individual standard values is determined as the alignment distance.

5. An information security vulnerability identification method, comprising:

Obtaining current information security vulnerability data, wherein the current information security vulnerability data comprises vulnerability information and a characteristic information group corresponding to the vulnerability information;

Constructing a current feature vector matrix based on the feature information set;

Based on a pre-constructed vulnerability sample library, carrying out matching processing on the current feature vector matrix to obtain a vulnerability sample corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method according to one of claims 1-4.

6. A vulnerability sample library construction apparatus for information security vulnerability identification, comprising:

A first determining unit configured to determine a pre-stored information security vulnerability data set as a history information security vulnerability data set, wherein each history information security vulnerability data in the history information security vulnerability data set includes vulnerability information and a feature information set corresponding to the vulnerability information;

An execution unit configured to, for each historical information security vulnerability data in the set of historical information security vulnerability data, perform the steps of: determining a characteristic information group included in the historical information security vulnerability data as a characteristic information group to be vectorized; carrying out vectorization processing on each piece of feature information to be vectorized in the feature information group to be vectorized to obtain a historical feature vector group; constructing a historical feature vector matrix based on the historical feature vector group;

A second determining unit configured to determine each of the constructed history feature vector matrices as a history feature vector matrix group;

The classification unit is configured to perform classification processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability class information group set, where the classification processing on each historical feature vector matrix in the historical feature vector matrix group to obtain the vulnerability class information group set includes: based on the historical feature vector matrix set, performing the following first loop step: performing random dimension reduction processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a dimension reduction feature vector matrix group; based on the dimension-reduction feature vector matrix group, the following second loop step is executed: determining a dimension reduction feature vector matrix meeting a preset selection condition in the dimension reduction feature vector matrix group as a dimension reduction feature vector matrix to be compared; determining preset selection information as selection information; adding the selection information to the dimension-reduction feature vector matrix to be compared so as to update the dimension-reduction feature vector matrix to be compared; determining a preset number of dimension reduction feature vector matrixes meeting preset comparison conditions in the dimension reduction feature vector matrix group as a feature vector matrix group to be compared; for each feature vector matrix to be compared in the feature vector matrix group to be compared, determining the distance between the feature vector matrix to be compared and the dimension reduction feature vector matrix to be compared as a comparison distance; sequencing the determined comparison distances to obtain a comparison distance sequence; taking the comparison distances meeting the preset ordering condition in the comparison distance sequence as a comparison distance group; determining a category matrix set based on the comparison distance set; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set does not meet a preset addition condition, executing the second looping step again; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set meets a preset addition condition, determining each determined category matrix set as a category information set; in response to determining that each of the set of category matrix groups does not meet a preset number of conditions, emptying the set of category information groups and performing the first looping step again; responding to the fact that each category matrix group in the category information group meets the preset quantity condition, and performing difference value processing on each category matrix group in the category information group to obtain a category difference value group; in response to determining that each of the set of class difference values does not meet a preset threshold condition, performing the first looping step again; in response to determining that each of the class difference values in the class difference value set meets a preset threshold condition, determining the class information set as a vulnerability class information set;

the construction unit is configured to construct a vulnerability sample library based on the vulnerability category information set, wherein the vulnerability sample library is used for carrying out matching processing on the acquired real-time vulnerability characteristic information so as to identify a vulnerability sample corresponding to the vulnerability characteristic information.

7. An information security breach identification device, comprising:

The system comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is configured to acquire current information security vulnerability data, and the current information security vulnerability data comprises vulnerability information and a characteristic information group corresponding to the vulnerability information;

A construction unit configured to construct a current feature vector matrix based on the feature information group;

the matching unit is configured to perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method according to one of claims 1-4.

8. An electronic device, comprising:

One or more processors;

A storage device having one or more programs stored thereon;

When executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 4 or 5.

9. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1 to 4 or 5.