CN118349895B - Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium - Google Patents

Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium Download PDF

Info

Publication number
CN118349895B
CN118349895B CN202410780908.2A CN202410780908A CN118349895B CN 118349895 B CN118349895 B CN 118349895B CN 202410780908 A CN202410780908 A CN 202410780908A CN 118349895 B CN118349895 B CN 118349895B
Authority
CN
China
Prior art keywords
feature vector
vulnerability
information
group
vector matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410780908.2A
Other languages
Chinese (zh)
Other versions
CN118349895A (en
Inventor
李永刚
王利斌
林亮成
尹琴
潘善民
许斐
王延
陈晓雪
谷五勋
郑杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Siji Testing Technology Beijing Co ltd
State Grid Siji Network Security Beijing Co ltd
Original Assignee
State Grid Siji Testing Technology Beijing Co ltd
State Grid Siji Network Security Beijing Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Siji Testing Technology Beijing Co ltd, State Grid Siji Network Security Beijing Co ltd filed Critical State Grid Siji Testing Technology Beijing Co ltd
Priority to CN202410780908.2A priority Critical patent/CN118349895B/en
Publication of CN118349895A publication Critical patent/CN118349895A/en
Application granted granted Critical
Publication of CN118349895B publication Critical patent/CN118349895B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/213Feature extraction, e.g. by transforming the feature space; Summarisation; Mappings, e.g. subspace methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Computational Mathematics (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Analysis (AREA)
  • Software Systems (AREA)
  • Artificial Intelligence (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Evolutionary Computation (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Operations Research (AREA)
  • Probability & Statistics with Applications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本公开的实施例公开了漏洞样本库构建方法、漏洞识别方法、装置、设备和介质。该方法的一具体实施方式包括:将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组;对于每个历史信息安全漏洞数据,执行以下步骤:将特征信息组确定为待向量化特征信息组;对每个待向量化特征信息进行向量化处理,得到历史特征向量组;构建历史特征向量矩阵;将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组;对每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集;构建漏洞样本库。该实施方式减少了漏洞样本识别的计算量,提高了漏洞分类准确率。

The embodiments of the present disclosure disclose a vulnerability sample library construction method, a vulnerability identification method, an apparatus, a device and a medium. A specific implementation of the method includes: determining a pre-stored information security vulnerability data group as a historical information security vulnerability data group; for each historical information security vulnerability data, performing the following steps: determining a feature information group as a feature information group to be vectorized; vectorizing each feature information to be vectorized to obtain a historical feature vector group; constructing a historical feature vector matrix; determining each constructed historical feature vector matrix as a historical feature vector matrix group; classifying each historical feature vector matrix to obtain a vulnerability category information group set; and constructing a vulnerability sample library. This implementation reduces the amount of computation for vulnerability sample identification and improves the accuracy of vulnerability classification.

Description

漏洞样本库构建方法、漏洞识别方法、装置、设备和介质Vulnerability sample library construction method, vulnerability identification method, device, equipment and medium

技术领域Technical Field

本公开的实施例涉及计算机技术领域,具体涉及漏洞样本库构建方法、漏洞识别方法、装置、设备和介质。Embodiments of the present disclosure relate to the field of computer technology, and in particular to a vulnerability sample library construction method, a vulnerability identification method, a device, a equipment, and a medium.

背景技术Background Art

漏洞样本识别,是对漏洞数据进行分类识别的一项技术。目前,在对漏洞数据进行分类识别时,通常采用的方式为:函数相似性检测技术,该技术旨在通过比较不同程序间的函数代码,识别出具有相似性或相同功能的代码片段,从而发现漏洞以及漏洞数据所对应的类别。Vulnerability sample identification is a technology for classifying and identifying vulnerability data. At present, the method commonly used to classify and identify vulnerability data is: function similarity detection technology, which aims to identify code fragments with similarities or the same functions by comparing function codes between different programs, thereby discovering vulnerabilities and the categories corresponding to vulnerability data.

然而,当采用上述方式对漏洞样本识别时,经常会存在如下技术问题:However, when using the above method to identify vulnerability samples, the following technical problems often occur:

第一,比较不同程序间的函数代码在实际应用中面临计算量大、准确率低的问题,导致漏洞样本识别的准确率较低。First, comparing function codes between different programs faces the problems of large computational complexity and low accuracy in practical applications, resulting in low accuracy in vulnerability sample identification.

第二,只通过识别原有漏洞代码与想要进行识别的漏洞代码具有相似性或相同功能的代码片段,从而确定漏洞以及漏洞数据所对应的类别,然而实际过程中可能部分漏洞虽然有这相似性或相同功能的代码片段但漏洞本身的分类却不一样,导致漏洞分类准确率较低。Second, the vulnerability and the category corresponding to the vulnerability data are determined only by identifying the code fragments that have similarities or the same functions between the original vulnerability code and the vulnerability code to be identified. However, in the actual process, some vulnerabilities may have similarities or code fragments with the same functions, but the classification of the vulnerabilities themselves is different, resulting in a low accuracy rate in vulnerability classification.

发明内容Summary of the invention

本公开的内容部分用于以简要的形式介绍构思,这些构思将在后面的具体实施方式部分被详细描述。本公开的内容部分并不旨在标识要求保护的技术方案的关键特征或必要特征,也不旨在用于限制所要求的保护的技术方案的范围。The content of this disclosure is used to introduce concepts in a brief form, which will be described in detail in the detailed implementation section below. The content of this disclosure is not intended to identify the key features or essential features of the technical solution claimed for protection, nor is it intended to limit the scope of the technical solution claimed for protection.

本公开的一些实施例提出了用于信息安全漏洞识别的漏洞样本库构建方法、信息安全漏洞识别方法、装置、电子设备和计算机可读介质,来解决以上背景技术部分提到的技术问题中的一项或多项。Some embodiments of the present disclosure propose a vulnerability sample library construction method for information security vulnerability identification, an information security vulnerability identification method, an apparatus, an electronic device and a computer-readable medium to solve one or more of the technical problems mentioned in the above background technology section.

第一方面,本公开的一些实施例提供了一种用于信息安全漏洞识别的漏洞样本库构建方法,该方法包括:将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组,其中,上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;对于上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组;对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组;基于上述历史特征向量组,构建历史特征向量矩阵;将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组;对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集;基于上述漏洞类别信息组集,构建漏洞样本库,其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。In a first aspect, some embodiments of the present disclosure provide a method for constructing a vulnerability sample library for information security vulnerability identification, the method comprising: determining a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the above historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the above vulnerability information; for each historical information security vulnerability data in the above historical information security vulnerability data group, performing the following steps: determining the feature information group included in the above historical information security vulnerability data as a feature information group to be quantized; performing vectorization processing on each feature information to be quantized in the above feature information group to be quantized to obtain a historical feature vector group; constructing a historical feature vector matrix based on the above historical feature vector group; determining each constructed historical feature vector matrix as a historical feature vector matrix group; performing classification processing on each historical feature vector matrix in the above historical feature vector matrix group to obtain a vulnerability category information group set; constructing a vulnerability sample library based on the above vulnerability category information group set, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

第二方面,本公开的一些实施例提供了一种用于信息安全漏洞识别方法,该方法包括:获取当前信息安全漏洞数据,其中,上述当前信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;基于上述特征信息组,构建当前特征向量矩阵;基于预先构建的漏洞样本库,对上述当前特征向量矩阵进行匹配处理,得到上述当前特征向量矩阵对应的漏洞样本,其中,上述漏洞样本库是通过上述第一方面任一实现方式所描述的方法构建的。In a second aspect, some embodiments of the present disclosure provide a method for identifying information security vulnerabilities, the method comprising: obtaining current information security vulnerability data, wherein the current information security vulnerability data comprises vulnerability information and a feature information group corresponding to the vulnerability information; based on the feature information group, constructing a current feature vector matrix; based on a pre-constructed vulnerability sample library, performing matching processing on the current feature vector matrix to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method described in any implementation of the first aspect.

第三方面,本公开的一些实施例提供了一种信息安全漏洞识别的漏洞样本库构建装置,装置包括:第一确定单元,被配置成将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组,其中,上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;执行单元,被配置成对于上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组;对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组;基于上述历史特征向量组,构建历史特征向量矩阵;第二确定单元,被配置成将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组;分类单元,被配置成对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集;构建单元,被配置成基于上述漏洞类别信息组集,构建漏洞样本库,其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。In a third aspect, some embodiments of the present disclosure provide a device for constructing a vulnerability sample library for information security vulnerability identification, the device comprising: a first determining unit, configured to determine a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the historical information security vulnerability data group comprises vulnerability information and a feature information group corresponding to the vulnerability information; an executing unit, configured to execute the following steps for each historical information security vulnerability data in the historical information security vulnerability data group: determining the feature information group included in the historical information security vulnerability data as a feature information group to be quantized; Each feature information to be quantized in the information group is vectorized to obtain a historical feature vector group; based on the above historical feature vector group, a historical feature vector matrix is constructed; the second determination unit is configured to determine the constructed historical feature vector matrices as a historical feature vector matrix group; the classification unit is configured to classify each historical feature vector matrix in the above historical feature vector matrix group to obtain a vulnerability category information group set; the construction unit is configured to construct a vulnerability sample library based on the above vulnerability category information group set, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

第四方面,本公开的一些实施例提供了一种信息安全漏洞识别装置,装置包括:获取单元,被配置成获取当前信息安全漏洞数据,其中,上述当前信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;构建单元,被配置成基于上述特征信息组,构建当前特征向量矩阵;匹配单元,被配置成基于预先构建的漏洞样本库,对上述当前特征向量矩阵进行匹配处理,得到上述当前特征向量矩阵对应的漏洞样本,其中,上述漏洞样本库是通过上述第一方面任一实现方式所描述的方法构建的。In a fourth aspect, some embodiments of the present disclosure provide an information security vulnerability identification device, the device comprising: an acquisition unit, configured to acquire current information security vulnerability data, wherein the current information security vulnerability data comprises vulnerability information and a feature information group corresponding to the vulnerability information; a construction unit, configured to construct a current feature vector matrix based on the feature information group; a matching unit, configured to perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library, to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method described in any implementation of the first aspect.

第五方面,本公开的一些实施例提供了一种电子设备,包括:一个或多个处理器;存储装置,其上存储有一个或多个程序,当一个或多个程序被一个或多个处理器执行,使得一个或多个处理器实现上述第一方面或第二方面任一实现方式所描述的方法。In a fifth aspect, some embodiments of the present disclosure provide an electronic device, comprising: one or more processors; a storage device on which one or more programs are stored, and when the one or more programs are executed by one or more processors, the one or more processors implement the method described in any implementation of the first or second aspect above.

第六方面,本公开的一些实施例提供了一种计算机可读介质,其上存储有计算机程序,其中,程序被处理器执行时实现上述第一方面或第二方面任一实现方式所描述的方法。In a sixth aspect, some embodiments of the present disclosure provide a computer-readable medium having a computer program stored thereon, wherein when the program is executed by a processor, the method described in any implementation of the first aspect or the second aspect is implemented.

本公开的上述各个实施例中具有如下有益效果:通过本公开的一些实施例的用于信息安全漏洞识别的漏洞样本库构建方法得到的漏洞样本库,信息安全漏洞识别有所提高。具体来说,造成漏洞样本识别的准确率较低的原因在于:比较不同程序间的函数代码在实际应用中面临计算量大、准确率低的问题,导致漏洞样本识别的准确率较低。基于此,本公开的一些实施例的用于信息安全漏洞识别的漏洞样本库构建方法,首先,将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组,其中,上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组。由此,可以获取到需要进行处理的信息安全漏洞数据。然后,对于上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:首先,将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组。由此,可以获得信息安全漏洞数据所包括的特征信息组。然后,对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组。由此,可以将特征信息转换为历史特征向量。然后,基于上述历史特征向量组,构建历史特征向量矩阵。由此,可以获得历史特征向量组所构成的历史特征向量矩阵。再然后,将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组。由此,可以得到各个历史信息安全漏洞数据所对应的历史特征向量矩阵。其次,对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集。由此,可以得到每个历史信息安全漏洞数据所对应的漏洞类别信息。然后,基于上述漏洞类别信息组集,构建漏洞样本库,其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。由此,可以构建用于信息安全漏洞识别的漏洞样本库。也因为通过历史信息安全漏洞数据组构建的漏洞样本库,可以对漏洞特征信息进行分类识别,避免了因比较不同程序间的函数代码在实际应用中面临计算量大问题。还因为漏洞样本库是基于历史信息安全漏洞数据组构建的,漏洞样本库与历史信息安全漏洞数据组之间的关联性较高,因此在获取到新的漏洞特征信息时进行漏洞数据识别的准确率较高。The above-mentioned various embodiments of the present disclosure have the following beneficial effects: the vulnerability sample library obtained by the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure improves information security vulnerability identification. Specifically, the reason for the low accuracy of vulnerability sample identification is that the comparison of function codes between different programs faces the problem of large calculation amount and low accuracy in actual application, resulting in low accuracy of vulnerability sample identification. Based on this, the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure, first, the pre-stored information security vulnerability data group is determined as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the above historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the above vulnerability information. Thus, the information security vulnerability data to be processed can be obtained. Then, for each historical information security vulnerability data in the above historical information security vulnerability data group, the following steps are performed: First, the feature information group included in the above historical information security vulnerability data is determined as a feature information group to be vectorized. Thus, the feature information group included in the information security vulnerability data can be obtained. Then, each feature information to be vectorized in the above feature information group to be vectorized is vectorized to obtain a historical feature vector group. Thus, the feature information can be converted into a historical feature vector. Then, based on the above historical feature vector group, a historical feature vector matrix is constructed. Thus, a historical feature vector matrix composed of the historical feature vector group can be obtained. Then, each constructed historical feature vector matrix is determined as a historical feature vector matrix group. Thus, the historical feature vector matrix corresponding to each historical information security vulnerability data can be obtained. Secondly, each historical feature vector matrix in the above historical feature vector matrix group is classified and processed to obtain a vulnerability category information group set. Thus, the vulnerability category information corresponding to each historical information security vulnerability data can be obtained. Then, based on the above vulnerability category information group set, a vulnerability sample library is constructed, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information. Thus, a vulnerability sample library for information security vulnerability identification can be constructed. Also, because the vulnerability sample library constructed by the historical information security vulnerability data group can classify and identify the vulnerability feature information, it avoids the problem of large amount of calculation in actual application due to comparing function codes between different programs. Also, because the vulnerability sample library is constructed based on the historical information security vulnerability data group, the correlation between the vulnerability sample library and the historical information security vulnerability data group is high, so the accuracy of vulnerability data identification is high when new vulnerability feature information is obtained.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

结合附图并参考以下具体实施方式,本公开各实施例的上述和其他特征、优点及方面将变得更加明显。贯穿附图中,相同或相似的附图标记表示相同或相似的元素。应当理解附图是示意性的,元件和元素不一定按照比例绘制。The above and other features, advantages and aspects of the embodiments of the present disclosure will become more apparent with reference to the following detailed description in conjunction with the accompanying drawings. Throughout the accompanying drawings, the same or similar reference numerals represent the same or similar elements. It should be understood that the drawings are schematic and that components and elements are not necessarily drawn to scale.

图1是根据本公开的用于信息安全漏洞识别的漏洞样本库构建方法的一些实施例的流程图;FIG1 is a flow chart of some embodiments of a method for constructing a vulnerability sample library for information security vulnerability identification according to the present disclosure;

图2是根据本公开的信息安全漏洞识别方法的一些实施例的流程图;FIG2 is a flow chart of some embodiments of the information security vulnerability identification method according to the present disclosure;

图3是根据本公开的用于信息安全漏洞识别的漏洞样本库构建装置的一些实施例的结构示意图;FIG3 is a schematic diagram of the structure of some embodiments of a device for constructing a vulnerability sample library for information security vulnerability identification according to the present disclosure;

图4是根据本公开的信息安全漏洞识别装置的一些实施例的结构示意图;FIG4 is a schematic diagram of the structure of some embodiments of the information security vulnerability identification device according to the present disclosure;

图5是适于用来实现本公开的一些实施例的电子设备的结构示意图。FIG. 5 is a schematic diagram of the structure of an electronic device suitable for implementing some embodiments of the present disclosure.

具体实施方式DETAILED DESCRIPTION

下面将参照附图更详细地描述本公开的实施例。虽然附图中显示了本公开的某些实施例,然而应当理解的是,本公开可以通过各种形式来实现,而且不应该被解释为限于这里阐述的实施例。相反,提供这些实施例是为了更加透彻和完整地理解本公开。应当理解的是,本公开的附图及实施例仅用于示例性作用,并非用于限制本公开的保护范围。Embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although certain embodiments of the present disclosure are shown in the accompanying drawings, it should be understood that the present disclosure can be implemented in various forms and should not be construed as being limited to the embodiments set forth herein. On the contrary, these embodiments are provided to provide a more thorough and complete understanding of the present disclosure. It should be understood that the drawings and embodiments of the present disclosure are only for exemplary purposes and are not intended to limit the scope of protection of the present disclosure.

另外还需要说明的是,为了便于描述,附图中仅示出了与有关发明相关的部分。在不冲突的情况下,本公开中的实施例及实施例中的特征可以相互组合。It should also be noted that, for ease of description, only the parts related to the invention are shown in the drawings. In the absence of conflict, the embodiments and features in the embodiments of the present disclosure may be combined with each other.

需要注意,本公开中提及的“第一”、“第二”等概念仅用于对不同的装置、模块或单元进行区分,并非用于限定这些装置、模块或单元所执行的功能的顺序或者相互依存关系。It should be noted that the concepts such as "first" and "second" mentioned in the present disclosure are only used to distinguish different devices, modules or units, and are not used to limit the order or interdependence of the functions performed by these devices, modules or units.

需要注意,本公开中提及的“一个”、“多个”的修饰是示意性而非限制性的,本领域技术人员应当理解,除非在上下文另有明确指出,否则应该理解为“一个或多个”。It should be noted that the modifications of "one" and "plurality" mentioned in the present disclosure are illustrative rather than restrictive, and those skilled in the art should understand that unless otherwise clearly indicated in the context, it should be understood as "one or more".

本公开实施方式中的多个装置之间所交互的消息或者信息的名称仅用于说明性的目的,而并不是用于对这些消息或信息的范围进行限制。The names of the messages or information exchanged between multiple devices in the embodiments of the present disclosure are only used for illustrative purposes and are not used to limit the scope of these messages or information.

下面将参考附图并结合实施例来详细说明本公开。The present disclosure will be described in detail below with reference to the accompanying drawings and in conjunction with embodiments.

图1,示出了根据本公开的用于信息安全漏洞识别的漏洞样本库构建方法的一些实施例的流程100。该用于信息安全漏洞识别的漏洞样本库构建方法,包括以下步骤:FIG1 shows a process 100 of some embodiments of a method for constructing a vulnerability sample library for information security vulnerability identification according to the present disclosure. The method for constructing a vulnerability sample library for information security vulnerability identification includes the following steps:

步骤101,将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组。Step 101: determine a pre-stored information security vulnerability data group as a historical information security vulnerability data group.

在一些实施例中,漏洞样本库构建方法的执行主体(例如计算设备)可以将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组。其中,上述信息安全漏洞数据组可以为用于信息安全漏洞管理及控制工作的国家数据库中的数据。上述历史信息安全漏洞数据可以为用于表征信息安全漏洞的数据。例如,上述历史信息安全漏洞数据可以为但不限于金融信息安全漏洞数据、电力信息安全漏洞数据、能源信息安全漏洞数据和电信信息安全漏洞数据。上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据可以包括漏洞信息和对应上述漏洞信息的特征信息组。上述漏洞信息可以为国家漏洞库中对上述历史信息安全漏洞数据描述的信息。上述特征信息组可以为国家漏洞库中的数据的特征信息组。上述特征信息组可以包括各个特征标签类型,每个特征信息对应有特征标签类型。上述特征标签类型可以包括但不限于:系统标签、环境标签。上述系统标签可以为用于表征特征信息为“系统”的标签。上述环境标签可以为用于表征特征信息为“环境”的标签。具体地,当上述特征标签类型为系统标签时,表示该特征信息为“系统”所对应的特征信息。当上述特征标签类型为环境标签时,表示该特征信息为“系统编程语言环境”所对应的特征信息。上述执行主体可以为对信息安全漏洞进行识别或处理的服务器。In some embodiments, the execution subject (e.g., computing device) of the vulnerability sample library construction method may determine the pre-stored information security vulnerability data group as the historical information security vulnerability data group. The above-mentioned information security vulnerability data group may be data in a national database used for information security vulnerability management and control. The above-mentioned historical information security vulnerability data may be data used to characterize information security vulnerabilities. For example, the above-mentioned historical information security vulnerability data may be, but not limited to, financial information security vulnerability data, electric power information security vulnerability data, energy information security vulnerability data, and telecommunications information security vulnerability data. Each historical information security vulnerability data in the above-mentioned historical information security vulnerability data group may include vulnerability information and a feature information group corresponding to the above-mentioned vulnerability information. The above-mentioned vulnerability information may be information describing the above-mentioned historical information security vulnerability data in the national vulnerability library. The above-mentioned feature information group may be a feature information group of data in the national vulnerability library. The above-mentioned feature information group may include various feature label types, and each feature information corresponds to a feature label type. The above-mentioned feature label type may include, but is not limited to: system label, environment label. The above-mentioned system label may be a label used to characterize the feature information as "system". The above-mentioned environment label may be a label used to characterize the feature information as "environment". Specifically, when the above-mentioned feature tag type is a system tag, it means that the feature information is the feature information corresponding to the "system". When the above-mentioned feature tag type is an environment tag, it means that the feature information is the feature information corresponding to the "system programming language environment". The above-mentioned execution subject can be a server that identifies or processes information security vulnerabilities.

步骤102,对于历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:Step 102: for each piece of historical information security vulnerability data in the historical information security vulnerability data group, perform the following steps:

步骤1021,将历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组。Step 1021: determine the feature information group included in the historical information security vulnerability data as the feature information group to be quantized.

在一些实施例中,上述执行主体可以将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组。In some embodiments, the execution entity may determine the feature information group included in the historical information security vulnerability data as the feature information group to be quantized.

步骤1022,对待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组。Step 1022: perform vectorization processing on each feature information to be quantized in the feature information group to be quantized to obtain a historical feature vector group.

在一些实施例中,上述执行主体可以对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组。实践中,上述执行主体可以采用预设编码方式对待向量化特征信息组中的各个待向量化特征信息进行向量化处理,得到历史特征向量。其中,上述预设编码方式可以为但不限于:独热编码、标签编码、最小-最大归一化或Z得分标准化。上述历史特征向量可以为用于机器学习模型处理的数值型数据。In some embodiments, the execution subject may perform vectorization processing on each feature information to be quantized in the feature information group to be quantized to obtain a historical feature vector group. In practice, the execution subject may perform vectorization processing on each feature information to be quantized in the feature information group to be quantized using a preset encoding method to obtain a historical feature vector. The preset encoding method may be, but is not limited to, one-hot encoding, label encoding, minimum-maximum normalization, or Z-score normalization. The historical feature vector may be numerical data for machine learning model processing.

步骤1023,基于历史特征向量组,构建历史特征向量矩阵。Step 1023, constructing a historical feature vector matrix based on the historical feature vector group.

在一些实施例中,上述执行主体可以基于上述历史特征向量组,构建历史特征向量矩阵。其中,上述历史特征向量矩阵可以为用于表征上述历史特征向量组对应漏洞信息的矩阵。实践中,上述执行主体可以将上述历史特征向量组中的每个历史特征向量构建为历史特征向量矩阵。In some embodiments, the execution subject may construct a historical feature vector matrix based on the historical feature vector group. The historical feature vector matrix may be a matrix used to characterize vulnerability information corresponding to the historical feature vector group. In practice, the execution subject may construct each historical feature vector in the historical feature vector group into a historical feature vector matrix.

在一些实施例的一些可选的实现方式中,上述执行主体可以通过以下步骤基于上述历史特征向量组,构建历史特征向量矩阵:In some optional implementations of some embodiments, the execution subject may construct a historical feature vector matrix based on the historical feature vector group through the following steps:

第一步,根据各个特征标签类型对上述待向量化特征信息组进行分类处理,得到各个特征标签信息组。其中,每个特征标签信息组中的特征标签信息对应同一特征标签类型。上述特征标签类型可以包括但不限于:系统标签、环境标签。上述系统标签可以为用于表征特征信息为系统的标签。上述环境标签可以为用于表征特征信息为环境的标签。实践中,上述执行主体可以将待向量化特征信息组中对应的特征标签类型相同的各个特征标签信息划分至同一特征标签信息组,得到各个特征标签信息组。The first step is to classify the above-mentioned feature information groups to be quantized according to each feature label type to obtain each feature label information group. Among them, the feature label information in each feature label information group corresponds to the same feature label type. The above-mentioned feature label types may include but are not limited to: system labels, environment labels. The above-mentioned system label may be a label used to characterize the feature information as a system. The above-mentioned environment label may be a label used to characterize the feature information as an environment. In practice, the above-mentioned execution entity may classify each feature label information with the same corresponding feature label type in the feature information group to be quantized into the same feature label information group to obtain each feature label information group.

第二步,将所得到的各个特征标签信息组确定为特征标签信息组集。In the second step, the obtained characteristic label information groups are determined as characteristic label information group sets.

第三步,对上述特征标签信息组集中的每个特征标签信息组执行以下步骤:The third step is to perform the following steps on each feature label information group in the feature label information group set:

第一子步骤,将上述特征标签信息组中的每个特征标签信息对应的历史特征向量确定为待添加特征向量,得到待添加特征向量组。In the first sub-step, the historical feature vector corresponding to each feature label information in the feature label information group is determined as the feature vector to be added, so as to obtain a feature vector group to be added.

第二子步骤,将上述待添加特征向量组添加至特征向量矩阵,以对上述特征向量矩阵进行更新。其中,上述特征向量矩阵可以为空矩阵,上述特征向量矩阵中行数可以为上述特征标签信息组集中特征标签信息组的数量。上述特征向量矩阵中列数可以为上述特征标签信息组集中特征标签信息最多的特征标签信息组的特征标签信息的数量。实践中,首先,上述执行主体可以按照从上至下的排列方式,将上述待添加特征向量组中的各个待添加特征向量依次添加至特征向量矩阵的各行。其中,上述特征向量矩阵中的特征向量可以为空值。The second sub-step is to add the above-mentioned feature vector group to be added to the feature vector matrix to update the above-mentioned feature vector matrix. Among them, the above-mentioned feature vector matrix can be an empty matrix, and the number of rows in the above-mentioned feature vector matrix can be the number of feature label information groups in the above-mentioned feature label information group set. The number of columns in the above-mentioned feature vector matrix can be the number of feature label information of the feature label information group with the most feature label information in the above-mentioned feature label information group set. In practice, first, the above-mentioned execution subject can add each feature vector to be added in the above-mentioned feature vector group to be added to each row of the feature vector matrix in sequence according to the arrangement from top to bottom. Among them, the eigenvectors in the above-mentioned eigenvector matrix can be null values.

第四步,将所更新的特征向量矩阵确定为历史特征向量矩阵。The fourth step is to determine the updated eigenvector matrix as the historical eigenvector matrix.

步骤103,将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组。Step 103: determine the constructed historical feature vector matrices as a historical feature vector matrix group.

在一些实施例中,上述执行主体可以将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组。In some embodiments, the execution entity may determine the constructed historical feature vector matrices as a historical feature vector matrix group.

步骤104,对历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集。Step 104 , classify each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set.

在一些实施例中,上述执行主体可以对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集。其中,上述漏洞类别信息组集中的每个漏洞类别信息组中可以包括各个历史特征向量矩阵。实践中,首先,上述执行主体可以对每个历史特征向量矩阵进行分类处理,以得到各个漏洞列表信息组。然后,将所得到的各个漏洞列表信息组确定为漏洞类别信息组集。In some embodiments, the execution subject may classify each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set. Each vulnerability category information group in the vulnerability category information group set may include various historical feature vector matrices. In practice, first, the execution subject may classify each historical feature vector matrix to obtain various vulnerability list information groups. Then, the obtained various vulnerability list information groups are determined as vulnerability category information group sets.

在一些实施例的一些可选的实现方式中,上述执行主体可以通过以下步骤对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集:In some optional implementations of some embodiments, the execution subject may classify each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set by the following steps:

第一步,基于上述历史特征向量矩阵组,执行以下第一循环步骤:The first step is to perform the following first loop steps based on the above historical eigenvector matrix group:

第一子步骤,对上述历史特征向量矩阵组中的各个历史特征向量矩阵进行随机降维处理,得到降维特征向量矩阵组。其中,上述降维特征向量矩阵组可以为上述历史特征向量矩阵经过随机降维处理后的矩阵。上述降维特征向量矩阵组中的各个降维特征向量矩阵可以包括选择信息。上述选择信息可以为用于表征降维特征向量矩阵是否被选择的字符串。上述选择信息可以为空字符串。实践中,上述执行主体可以对上述历史特征向量矩阵组中的各个历史特征向量矩阵进行随机降维处理,得到降维特征向量矩阵组。具体地,上述随机降维处理可以包括但不限于:主成分分析、线性判别分析、t-分布邻域嵌入算法。The first sub-step is to perform random dimensionality reduction processing on each historical feature vector matrix in the above-mentioned historical feature vector matrix group to obtain a reduced-dimensional feature vector matrix group. Among them, the above-mentioned reduced-dimensional feature vector matrix group can be a matrix of the above-mentioned historical feature vector matrix after random dimensionality reduction processing. Each reduced-dimensional feature vector matrix in the above-mentioned reduced-dimensional feature vector matrix group can include selection information. The above-mentioned selection information can be a string used to characterize whether the reduced-dimensional feature vector matrix is selected. The above-mentioned selection information can be an empty string. In practice, the above-mentioned execution entity can perform random dimensionality reduction processing on each historical feature vector matrix in the above-mentioned historical feature vector matrix group to obtain a reduced-dimensional feature vector matrix group. Specifically, the above-mentioned random dimensionality reduction processing can include but is not limited to: principal component analysis, linear discriminant analysis, and t-distribution neighborhood embedding algorithm.

第二子步骤,基于上述降维特征向量矩阵组,执行以下第二循环步骤:The second sub-step is to perform the following second loop step based on the above-mentioned reduced dimension feature vector matrix group:

子步骤一,将上述降维特征向量矩阵组中满足预设选择条件的降维特征向量矩阵确定为待比对降维特征向量矩阵。上述预设选择条件可以为:降维特征向量矩阵是上述降维特征向量矩阵组中选择信息为空字符串的任意一个降维特征向量矩阵。Sub-step 1: Determine the reduced dimension feature vector matrix that meets the preset selection condition in the reduced dimension feature vector matrix group as the reduced dimension feature vector matrix to be compared. The preset selection condition may be: the reduced dimension feature vector matrix is any reduced dimension feature vector matrix in the reduced dimension feature vector matrix group whose selection information is an empty string.

子步骤二,将预设选择信息确定为选择信息。上述预设选择信息可以为“已选择”。Sub-step 2: determining the preset selection information as the selection information. The preset selection information may be "selected".

子步骤三,将上述选择信息添加至上述待比对降维特征向量矩阵,以对待比对降维特征向量矩阵进行更新。Sub-step three: adding the selection information to the reduced-dimensional feature vector matrix to be compared, so as to update the reduced-dimensional feature vector matrix to be compared.

子步骤四,将上述降维特征向量矩阵组中满足预设比对条件的预设数量个降维特征向量矩阵确定为待比对特征向量矩阵组。上述预设比对条件可以为降维特征向量矩阵为上述降维特征向量矩阵组中与上述待比对降维特征向量矩阵相异的降维特征向量矩阵。上述预设数量可以为降维特征向量矩阵组包括的各个降维特征向量矩阵的数量与1的差值。Sub-step 4: Determine a preset number of reduced dimension feature vector matrices in the reduced dimension feature vector matrix group that meet the preset comparison condition as the feature vector matrix group to be compared. The preset comparison condition may be that the reduced dimension feature vector matrix is a reduced dimension feature vector matrix in the reduced dimension feature vector matrix group that is different from the reduced dimension feature vector matrix to be compared. The preset number may be the difference between the number of each reduced dimension feature vector matrix included in the reduced dimension feature vector matrix group and 1.

子步骤五,对于上述待比对特征向量矩阵组中的每个待比对特征向量矩阵,将上述待比对降维特征向量矩阵与上述待比对特征向量矩阵之间的距离确定为比对距离。Sub-step five: for each feature vector matrix to be compared in the feature vector matrix group to be compared, the distance between the reduced-dimensional feature vector matrix to be compared and the feature vector matrix to be compared is determined as the comparison distance.

子步骤六,对所确定的各个比对距离进行排序处理,得到比对距离序列。上述比对距离序列可以为用于表征比对距离大小的序列。实践中,上述执行主体可以按照升序排序的方式对上述比对距离序列进行重排序。Sub-step six: sorting the determined comparison distances to obtain a comparison distance sequence. The comparison distance sequence may be a sequence used to characterize the size of the comparison distances. In practice, the execution subject may re-sort the comparison distance sequence in ascending order.

子步骤七,将上述比对距离序列中满足预设排序条件的比对距离作为比对距离组。上述预设排序条件可以为比对距离小于预设距离阈值。上述预设距离阈值可以为预先设定的数值。这里对于上述预设距离阈值的具体设定,不作限制。Sub-step 7: taking the comparison distances in the comparison distance sequence that meet the preset sorting condition as the comparison distance group. The preset sorting condition may be that the comparison distance is less than a preset distance threshold. The preset distance threshold may be a preset value. The specific setting of the preset distance threshold is not limited here.

子步骤八,基于上述比对距离组,确定类别矩阵组。其中,上述类别矩阵组可以为各个历史特征向量矩阵所组成的组。Sub-step eight: determining a category matrix group based on the comparison distance group, wherein the category matrix group may be a group composed of various historical feature vector matrices.

子步骤九,响应于确定上述降维特征向量矩阵组中的各个降维特征向量矩阵不满足预设添加条件,再次执行上述第二循环步骤。其中,上述预设添加条件可以为上述降维特征向量矩阵组中存在没有选择信息的降维特征向量矩阵。Sub-step nine, in response to determining that each reduced dimension feature vector matrix in the reduced dimension feature vector matrix group does not satisfy a preset adding condition, executing the second loop step again. The preset adding condition may be that there is a reduced dimension feature vector matrix without selection information in the reduced dimension feature vector matrix group.

子步骤十,响应于确定上述降维特征向量矩阵组中的各个降维特征向量矩阵满足预设添加条件,将所确定的各个类别矩阵组确定为类别信息组集。Sub-step ten: in response to determining that each reduced-dimensionality feature vector matrix in the reduced-dimensionality feature vector matrix group meets a preset adding condition, determining each determined category matrix group as a category information group set.

第三子步骤,响应于确定上述类别信息组集中的各个类别矩阵组不满足预设数量条件,清空上述类别信息组集,以及再次执行上述第一循环步骤。其中,上述预设数量条件可以为各个类别矩阵组中的历史特征向量矩阵数量小于预设数量阈值。上述预设数量阈值可以为预先设定的数值。这里对于上述预设数量阈值的具体设定,不作限制。The third sub-step is, in response to determining that each category matrix group in the above category information group set does not meet the preset quantity condition, clearing the above category information group set, and executing the above first loop step again. The above preset quantity condition may be that the number of historical feature vector matrices in each category matrix group is less than a preset quantity threshold. The above preset quantity threshold may be a pre-set value. There is no limitation on the specific setting of the above preset quantity threshold.

第四子步骤,响应于确定上述类别信息组集中的各个类别矩阵组满足预设数量条件,对上述类别信息组集中的每个类别矩阵组进行差异值处理,得到类别差异值组。其中,上述类别差异值组中的各个类别差异值可以为用于表征类别信息组中各个类别矩阵组中历史特征向量矩阵差异程度的数值。实践中,第一步,上述执行主体可以对上述类别信息组集中的每个类别矩阵组执行以下步骤:首先,上述执行主体可以将上述类别矩阵组中的各个历史特征向量矩阵的和作为历史加和矩阵。然后,上述执行主体可以将历史加和矩阵与类别矩阵组中各个历史特征向量矩阵的数量的比值作为历史平均矩阵。再然后,上述执行主体可以将各个历史特征向量矩阵与历史平均矩阵的差值作为各个历史差值矩阵。其次,上述执行主体可以将各个历史差值矩阵的Frobenius范数作为各个差值范数。最后,上述执行主体可以将各个差值范数的和作为类别差异值。第二步,上述执行主体可以将所得到的各个类别差异值确定为类别差异值组。The fourth sub-step, in response to determining that each category matrix group in the above-mentioned category information group set meets the preset quantity condition, performs difference value processing on each category matrix group in the above-mentioned category information group set to obtain a category difference value group. Among them, each category difference value in the above-mentioned category difference value group can be a numerical value used to characterize the degree of difference of the historical feature vector matrix in each category matrix group in the category information group. In practice, in the first step, the above-mentioned execution subject can perform the following steps on each category matrix group in the above-mentioned category information group set: First, the above-mentioned execution subject can use the sum of each historical feature vector matrix in the above-mentioned category matrix group as a historical sum matrix. Then, the above-mentioned execution subject can use the ratio of the historical sum matrix to the number of each historical feature vector matrix in the category matrix group as a historical average matrix. Then, the above-mentioned execution subject can use the difference between each historical feature vector matrix and the historical average matrix as each historical difference matrix. Secondly, the above-mentioned execution subject can use the Frobenius norm of each historical difference matrix as each difference norm. Finally, the above-mentioned execution subject can use the sum of each difference norm as a category difference value. In the second step, the above-mentioned execution subject can determine the obtained each category difference value as a category difference value group.

第五子步骤,响应于确定上述类别差异值组中的各个类别差异值不满足预设阈值条件,再次执行上述第一循环步骤。其中,上述预设阈值条件可以为上述类别差异值小于预设差异阈值。上述预设差异阈值可以为预先设定的数值、这里对于上述预设差异阈值的具体设定,不作限制。In a fifth sub-step, in response to determining that each of the category difference values in the category difference value group does not satisfy a preset threshold condition, the first loop step is executed again. The preset threshold condition may be that the category difference value is less than a preset difference threshold. The preset difference threshold may be a pre-set value, and the specific setting of the preset difference threshold is not limited here.

第六子步骤,响应于确定上述类别差异值组中的各个类别差异值满足预设阈值条件,将上述类别信息组集确定为漏洞类别信息组集。其中,上述漏洞类别信息组集中的每个漏洞类别信息组可以为上述类别矩阵组。In a sixth sub-step, in response to determining that each category difference value in the category difference value group meets a preset threshold condition, the category information group set is determined as a vulnerability category information group set, wherein each vulnerability category information group in the vulnerability category information group set can be the category matrix group.

在一些实施例的一些可选的实现方式中,上述执行主体可以通过以下步骤基于上述比对距离组,确定类别矩阵组:In some optional implementations of some embodiments, the execution subject may determine the category matrix group based on the comparison distance group through the following steps:

第一步,对上述比对距离组中的每个比对距离,执行以下步骤:In the first step, for each comparison distance in the above comparison distance group, perform the following steps:

第一子步骤,将上述预设选择信息确定为选择信息。The first sub-step is to determine the above-mentioned preset selection information as the selection information.

第二子步骤,将上述选择信息添加至上述比对距离对应的待比对特征向量矩阵,以对待比对特征向量矩阵进行更新。The second sub-step is to add the selection information to the feature vector matrix to be compared corresponding to the comparison distance, so as to update the feature vector matrix to be compared.

第二步,将所更新的各个待比对特征向量矩阵与上述比对距离组对应的待比对降维特征向量进行组合处理,作为类别矩阵组。实践中,首先,上述执行主体可以将上述比对距离组对应的待比对降维特征向量对应的历史特征向量矩阵与所更新的各个待比对特征向量矩阵对应的各个历史特征向量矩阵进行组合,将所得到的各个历史特征向量矩阵作为类别矩阵组。The second step is to combine the updated feature vector matrices to be compared with the feature vectors to be compared with the reduced dimension feature vectors to be compared corresponding to the comparison distance group as a category matrix group. In practice, first, the execution subject can combine the historical feature vector matrices corresponding to the reduced dimension feature vectors to be compared corresponding to the comparison distance group with the historical feature vector matrices corresponding to the updated feature vector matrices to be compared, and use the obtained historical feature vector matrices as the category matrix group.

在一些实施例的一些可选的实现方式中,上述执行主体可以通过以下步骤将上述待比对降维特征向量矩阵与上述待比对特征向量矩阵之间的距离确定为比对距离:In some optional implementations of some embodiments, the execution subject may determine the distance between the reduced-dimensional feature vector matrix to be compared and the feature vector matrix to be compared as the comparison distance by the following steps:

第一步,将上述待比对降维特征向量矩阵与上述待比对特征向量矩阵各个对应位置中的每个对应位置的特征向量分别确定为第一特征向量和第二特征向量。实践中,上述执行主体可以将上述待比对降维特征向量矩阵与上述待比对特征向量矩阵各个对应位置上的特征向量提取出来作为第一特征向量和第二特征向量。例如,上述待比对降维特征向量矩阵可以为,上述待比对特征向量矩阵可以为时,其中,上述待比对降维特征向量矩阵与上述待比对特征向量矩阵可以为步骤1023中所构成的历史特征向量矩阵。矩阵第1行第1列的向量。矩阵第1行第1列的向量。矩阵第1行第列的向量。矩阵第1行第列的向量。矩阵第行第1列的向量。为矩阵第1行第1列的向量。互为对应位置,则第一特征向量可以为,第二特征向量可以为互为对应位置,则第一特征向量可以为,第二特征向量可以为In the first step, the eigenvectors of each corresponding position of the above-mentioned reduced-dimensional feature vector matrix to be compared and the above-mentioned eigenvector matrix to be compared are respectively determined as the first eigenvector and the second eigenvector. In practice, the above-mentioned execution subject can extract the eigenvectors of each corresponding position of the above-mentioned reduced-dimensional feature vector matrix to be compared and the above-mentioned eigenvector matrix to be compared as the first eigenvector and the second eigenvector. For example, the above-mentioned reduced-dimensional feature vector matrix to be compared can be , the above-mentioned feature vector matrix to be compared can be When, the above-mentioned reduced-dimensional feature vector matrix to be compared and the above-mentioned feature vector matrix to be compared can be the historical feature vector matrix constructed in step 1023. for The vector at row 1 and column 1 of the matrix. for The vector at row 1 and column 1 of the matrix. for Matrix row 1 Vector of columns. for Matrix row 1 Vector of columns. for Matrix The vector of row and column 1. The vector at row 1 and column 1 of the matrix. and are in corresponding positions, then the first eigenvector can be , the second eigenvector can be . and are in corresponding positions, then the first eigenvector can be , the second eigenvector can be .

第二步,对上述各个对应位置中的每个对应位置对应的第一特征向量和第二特征向量,执行以下步骤:In the second step, for each of the first and second eigenvectors corresponding to the corresponding positions, the following steps are performed:

第一子步骤,将上述第一特征向量与上述第二特征向量的差值确定为差值特征向量。In the first sub-step, a difference between the first eigenvector and the second eigenvector is determined as a difference eigenvector.

第二子步骤,基于上述差值特征向量,生成平方值。实践中,上述执行主体可以将上述差值特征向量的平方确定为平方值。The second sub-step is to generate a square value based on the difference feature vector. In practice, the execution subject may determine the square of the difference feature vector as the square value.

第三子步骤,基于上述平方值,生成标准值。实践中,上述执行主体可以将上述平方值的平方根确定为标准值。The third sub-step is to generate a standard value based on the square value. In practice, the execution subject may determine the square root of the square value as the standard value.

第三步,将所得到的各个标准值的和确定为比对距离。In the third step, the sum of the obtained standard values is determined as the comparison distance.

步骤105,基于漏洞类别信息组集,构建漏洞样本库。Step 105: construct a vulnerability sample library based on the vulnerability category information set.

在一些实施例中,上述执行主体可以基于上述漏洞类别信息组集,构建漏洞样本库。其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。In some embodiments, the execution subject may construct a vulnerability sample library based on the vulnerability category information set, wherein the vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

在一些实施例的一些可选的实现方式中,上述执行主体可以通过以下步骤基于上述漏洞类别信息组集,构建漏洞样本库:In some optional implementations of some embodiments, the execution subject may construct a vulnerability sample library based on the vulnerability category information set through the following steps:

第一步,对于上述漏洞类别信息组集中的每个漏洞类别信息组,执行以下步骤:In the first step, for each vulnerability category information group in the above vulnerability category information group set, perform the following steps:

第一子步骤,基于上述漏洞类别信息组,生成上述漏洞类别信息组对应的漏洞平均矩阵。实践中,首先,上述执行主体可以将上述漏洞类别信息组对应的类别矩阵组中各个降维特征向量矩阵中的各个元素输入至第一预设公式中,得到各个元素对应的各个第一向量。上述第一预设公式可以为。其中,上述第一向量可以用表示。为漏洞平均矩阵中的第行第列的向量。为第个降维特征向量矩阵中第行第列的向量。为类别矩阵组包含的降维特征向量矩阵的数量。然后,上述执行主体可以将各个第一向量作为矩阵中的各行各列组合为漏洞平均矩阵。The first sub-step is to generate a vulnerability average matrix corresponding to the vulnerability category information group based on the vulnerability category information group. In practice, first, the execution subject can input each element in each dimension reduction feature vector matrix in the category matrix group corresponding to the vulnerability category information group into the first preset formula to obtain each first vector corresponding to each element. The first preset formula can be . The first vector can be expressed as express. is the first Line Vector of columns. For the The first Line Vector of columns. is the number of reduced-dimensional feature vector matrices included in the category matrix group. Then, the execution subject may combine the first vectors as rows and columns in the matrix into a vulnerability average matrix.

第二子步骤,基于上述漏洞类别信息组,生成上述漏洞类别信息组对应的漏洞最大矩阵。实践中,首先,上述执行主体可以将上述漏洞类别信息组对应的类别矩阵组中各个降维特征向量矩阵中的各个元素输入至第二预设公式中,得到各个元素对应的各个第二向量。上述第二预设公式可以为。其中,上述第二向量可以用表示。为漏洞最大矩阵中的第行第列的向量。然后,上述执行主体可以将各个第二向量作为矩阵中的各行各列组合为漏洞最大矩阵。The second sub-step is to generate the maximum vulnerability matrix corresponding to the vulnerability category information group based on the vulnerability category information group. In practice, first, the execution subject can input each element in each dimension reduction feature vector matrix in the category matrix group corresponding to the vulnerability category information group into the second preset formula to obtain each second vector corresponding to each element. The second preset formula can be . The second vector can be expressed as express. The largest vulnerability matrix Line Then, the execution subject can combine the second vectors as rows and columns in a matrix to form a maximum vulnerability matrix.

第三子步骤,基于上述漏洞类别信息组,生成上述漏洞类别信息组对应的漏洞最小矩阵。实践中,首先,上述执行主体可以将上述漏洞类别信息组对应的类别矩阵组中各个降维特征向量矩阵中的各个元素输入至第三预设公式中,得到各个元素对应的各个第三向量。上述第三预设公式可以为。其中,上述第三向量可以用表示。为漏洞最小矩阵中的第行第列的向量。然后,上述执行主体可以将各个第三向量作为矩阵中的各行各列组合为漏洞最小矩阵。The third sub-step is to generate a minimum vulnerability matrix corresponding to the vulnerability category information group based on the vulnerability category information group. In practice, first, the execution subject can input each element in each dimension reduction feature vector matrix in the category matrix group corresponding to the vulnerability category information group into the third preset formula to obtain each third vector corresponding to each element. The third preset formula can be . The third vector can be expressed as express. is the first in the vulnerability minimum matrix Line Then, the execution subject can combine the third vectors as rows and columns in a matrix to form a matrix with the minimum vulnerability.

第四子步骤,基于上述漏洞最小矩阵和上述漏洞最大矩阵,生成上述漏洞类别信息组对应的漏洞波动值。其中,上述漏洞波动值可以为用于表征漏洞类别信息组波动程度的矩阵。实践中,首先,上述执行主体可以将上述漏洞最小矩阵中的各个元素与上述漏洞最大矩阵中的各个元素输入至第四预设公式中,得到各个元素对应的各个第四向量。上述第四预设公式可以为。其中,上述第四向量可以用表示。为漏洞波动值中的第行第列的向量。然后,上述执行主体可以将各个第四向量作为矩阵中的各行各列组合为漏洞波动值。The fourth sub-step is to generate the vulnerability fluctuation value corresponding to the vulnerability category information group based on the above-mentioned minimum vulnerability matrix and the above-mentioned maximum vulnerability matrix. The above-mentioned vulnerability fluctuation value can be a matrix used to characterize the degree of fluctuation of the vulnerability category information group. In practice, first, the above-mentioned execution subject can input each element in the above-mentioned minimum vulnerability matrix and each element in the above-mentioned maximum vulnerability matrix into the fourth preset formula to obtain each fourth vector corresponding to each element. The above-mentioned fourth preset formula can be . The fourth vector can be expressed as express. is the first value in the vulnerability fluctuation value Line Then, the execution subject may combine the fourth vectors as rows and columns in the matrix into vulnerability fluctuation values.

第五子步骤,基于上述漏洞平均矩阵和上述漏洞波动值,生成上述漏洞类别信息组对应的共性特征。其中,上述共性特征可以为用于表征漏洞类别信息组共性特征的矩阵。实践中,首先,上述执行主体可以将上述漏洞平均矩阵中的各个元素与上述漏洞波动值输入至第五预设公式中,得到各个元素对应的各个第五向量。上述第五预设公式可以为。其中,上述第五向量可以用表示。为漏洞最小矩阵中的第行第列的向量。为上述漏洞平均矩阵中的第行第列的向量。为上述漏洞波动值中的第行第列的向量。然后,上述执行主体可以将各个第五向量作为矩阵中的各行各列组合为共性特征。The fifth sub-step is to generate the common features corresponding to the vulnerability category information group based on the vulnerability average matrix and the vulnerability fluctuation value. The common features can be a matrix used to characterize the common features of the vulnerability category information group. In practice, first, the execution subject can input each element in the vulnerability average matrix and the vulnerability fluctuation value into the fifth preset formula to obtain each fifth vector corresponding to each element. The fifth preset formula can be . The fifth vector can be expressed as express. is the first in the vulnerability minimum matrix Line Vector of columns. is the first in the above vulnerability average matrix Line Vector of columns. is the first of the above vulnerability fluctuation values Line Then, the execution subject may combine the fifth vectors as the rows and columns in the matrix into common features.

第六子步骤,将上述漏洞平均矩阵、上述漏洞最大矩阵、上述漏洞最小矩阵、上述漏洞波动值、上述共性特征进行组合处理,得到漏洞样本信息。实践中,上述执行主体可以将上述漏洞平均矩阵、上述漏洞最大矩阵、上述漏洞最小矩阵、上述漏洞波动值、上述共性特征进行组合,从而得到漏洞样本信息。In the sixth sub-step, the vulnerability average matrix, the maximum vulnerability matrix, the minimum vulnerability matrix, the vulnerability fluctuation value, and the common features are combined to obtain vulnerability sample information. In practice, the execution subject may combine the vulnerability average matrix, the maximum vulnerability matrix, the minimum vulnerability matrix, the vulnerability fluctuation value, and the common features to obtain vulnerability sample information.

第七子步骤,将上述漏洞类别信息组中的每个漏洞类别信息对应的历史信息安全漏洞数据确定为漏洞样本数据,得到漏洞样本数据组。实践中,首先,上述执行主体可以从上述漏洞类别信息组中提取每个漏洞类别信息对应的历史信息安全漏洞数据。然后,上述执行主体可以将所得到的各个历史信息安全漏洞数据作为漏洞样本数据组。In the seventh sub-step, the historical information security vulnerability data corresponding to each vulnerability category information in the vulnerability category information group is determined as vulnerability sample data to obtain a vulnerability sample data group. In practice, first, the execution subject may extract the historical information security vulnerability data corresponding to each vulnerability category information from the vulnerability category information group. Then, the execution subject may use the obtained historical information security vulnerability data as a vulnerability sample data group.

第八子步骤,将上述漏洞样本信息和上述漏洞样本数据组确定为漏洞样本。In an eighth sub-step, the vulnerability sample information and the vulnerability sample data group are determined as vulnerability samples.

第二步,基于所确定的各个漏洞样本,构建漏洞样本库。实践中,上述执行主体可以将所得到的各个漏洞样本存储至数据库中,从而得到漏洞样本库。The second step is to construct a vulnerability sample library based on the determined vulnerability samples. In practice, the execution subject may store the obtained vulnerability samples in a database to obtain a vulnerability sample library.

上述漏洞样本库构建方案作为本公开的实施例的一个发明点,解决了“只通过识别原有漏洞代码与想要进行识别的漏洞代码具有相似性或相同功能的代码片段,从而确定漏洞以及漏洞数据所对应的类别,然而实际过程中可能部分漏洞虽然有这相似性或相同功能的代码片段但漏洞本身的分类却不一样,导致漏洞分类准确率较低。”的技术问题。如果解决了上述因素,就能达到提高漏洞分类准确率的效果。为了达到这一效果。本公开通过以下步骤构建漏洞样本库:首先,对于上述漏洞类别信息组集中的每个漏洞类别信息组,执行以下步骤:基于上述漏洞类别信息组,生成上述漏洞类别信息组对应的漏洞平均矩阵。然后,基于上述漏洞类别信息组,生成上述漏洞类别信息组对应的漏洞最大矩阵。再然后,基于上述漏洞类别信息组,生成上述漏洞类别信息组对应的漏洞最小矩阵。其次,基于上述漏洞最小矩阵和上述漏洞最大矩阵,生成上述漏洞类别信息组对应的漏洞波动值。然后,基于上述漏洞平均矩阵和上述漏洞波动值,生成上述漏洞类别信息组对应的共性特征。由此,可以获得漏洞类别信息组对应的漏洞样本信息。再然后,将上述漏洞平均矩阵、上述漏洞最大矩阵、上述漏洞最小矩阵、上述漏洞波动值、上述共性特征进行组合处理,得到漏洞样本信息。其次,将上述漏洞类别信息组中的每个漏洞类别信息对应的历史信息安全漏洞数据确定为漏洞样本数据,得到漏洞样本数据组。然后,将上述漏洞样本信息和上述漏洞样本数据组确定为漏洞样本。由此,可以将漏洞样本信息和漏洞样本数据组作为漏洞样本。再然后,基于所确定的各个漏洞样本,构建漏洞样本库。由此,可以将所得到的各个漏洞样本构建成为漏洞样本库。也因为是漏洞样本库是基于历史信息安全漏洞数据组构建得到的,不依赖具有相似性或相同功能的代码片段确定漏洞以及漏洞数据所对应的类别,因此所得到的漏洞样本库可靠性较高,从而可以提高漏洞分类准确率。As an inventive point of an embodiment of the present disclosure, the above vulnerability sample library construction scheme solves the technical problem of "only by identifying the code fragments with similarities or the same functions between the original vulnerability code and the vulnerability code to be identified, the vulnerability and the category corresponding to the vulnerability data are determined. However, in the actual process, although some vulnerabilities have code fragments with similarities or the same functions, the classification of the vulnerability itself is different, resulting in a low vulnerability classification accuracy." If the above factors are solved, the effect of improving the vulnerability classification accuracy can be achieved. In order to achieve this effect. The present disclosure constructs a vulnerability sample library through the following steps: First, for each vulnerability category information group in the above vulnerability category information group set, the following steps are performed: Based on the above vulnerability category information group, the vulnerability average matrix corresponding to the above vulnerability category information group is generated. Then, based on the above vulnerability category information group, the vulnerability maximum matrix corresponding to the above vulnerability category information group is generated. Then, based on the above vulnerability category information group, the vulnerability minimum matrix corresponding to the above vulnerability category information group is generated. Secondly, based on the above vulnerability minimum matrix and the above vulnerability maximum matrix, the vulnerability fluctuation value corresponding to the above vulnerability category information group is generated. Then, based on the above vulnerability average matrix and the above vulnerability fluctuation value, the common characteristics corresponding to the above vulnerability category information group are generated. Thus, the vulnerability sample information corresponding to the vulnerability category information group can be obtained. Then, the above-mentioned vulnerability average matrix, the above-mentioned vulnerability maximum matrix, the above-mentioned vulnerability minimum matrix, the above-mentioned vulnerability fluctuation value, and the above-mentioned common characteristics are combined and processed to obtain vulnerability sample information. Secondly, the historical information security vulnerability data corresponding to each vulnerability category information in the above-mentioned vulnerability category information group is determined as vulnerability sample data to obtain a vulnerability sample data group. Then, the above-mentioned vulnerability sample information and the above-mentioned vulnerability sample data group are determined as vulnerability samples. Thus, the vulnerability sample information and the vulnerability sample data group can be used as vulnerability samples. Then, based on the determined vulnerability samples, a vulnerability sample library is constructed. Thus, the obtained vulnerability samples can be constructed into a vulnerability sample library. Also because the vulnerability sample library is constructed based on the historical information security vulnerability data group, it does not rely on code fragments with similarities or the same functions to determine the vulnerability and the category corresponding to the vulnerability data, so the obtained vulnerability sample library has high reliability, thereby improving the accuracy of vulnerability classification.

本公开的上述各个实施例中具有如下有益效果:通过本公开的一些实施例的用于信息安全漏洞识别的漏洞样本库构建方法得到的漏洞样本库,信息安全漏洞识别有所提高。具体来说,造成漏洞样本识别的准确率较低的原因在于:比较不同程序间的函数代码在实际应用中面临计算量大、准确率低的问题,导致漏洞样本识别的准确率较低。基于此,本公开的一些实施例的用于信息安全漏洞识别的漏洞样本库构建方法,首先,将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组,其中,上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组。由此,可以获取到需要进行处理的信息安全漏洞数据。然后,对于上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:首先,将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组。由此,可以获得信息安全漏洞数据所包括的特征信息组。然后,对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组。由此,可以将特征信息转换为历史特征向量。然后,基于上述历史特征向量组,构建历史特征向量矩阵。由此,可以获得历史特征向量组所构成的历史特征向量矩阵。再然后,将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组。由此,可以得到各个历史信息安全漏洞数据所对应的历史特征向量矩阵。其次,对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集。由此,可以得到每个历史信息安全漏洞数据所对应的漏洞类别信息。然后,基于上述漏洞类别信息组集,构建漏洞样本库,其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。由此,可以构建用于信息安全漏洞识别的漏洞样本库。也因为通过历史信息安全漏洞数据组构建的漏洞样本库,可以对漏洞特征信息进行分类识别,避免了因比较不同程序间的函数代码在实际应用中面临计算量大问题。还因为漏洞样本库是基于历史信息安全漏洞数据组构建的,漏洞样本库与历史信息安全漏洞数据组之间的关联性较高,因此在获取到新的漏洞特征信息时进行漏洞数据识别的准确率较高。The above-mentioned various embodiments of the present disclosure have the following beneficial effects: the vulnerability sample library obtained by the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure improves information security vulnerability identification. Specifically, the reason for the low accuracy of vulnerability sample identification is that the comparison of function codes between different programs faces the problem of large calculation amount and low accuracy in actual application, resulting in low accuracy of vulnerability sample identification. Based on this, the vulnerability sample library construction method for information security vulnerability identification of some embodiments of the present disclosure, first, the pre-stored information security vulnerability data group is determined as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the above historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the above vulnerability information. Thus, the information security vulnerability data to be processed can be obtained. Then, for each historical information security vulnerability data in the above historical information security vulnerability data group, the following steps are performed: First, the feature information group included in the above historical information security vulnerability data is determined as a feature information group to be vectorized. Thus, the feature information group included in the information security vulnerability data can be obtained. Then, each feature information to be vectorized in the above feature information group to be vectorized is vectorized to obtain a historical feature vector group. Thus, the feature information can be converted into a historical feature vector. Then, based on the above historical feature vector group, a historical feature vector matrix is constructed. Thus, a historical feature vector matrix composed of the historical feature vector group can be obtained. Then, each constructed historical feature vector matrix is determined as a historical feature vector matrix group. Thus, the historical feature vector matrix corresponding to each historical information security vulnerability data can be obtained. Secondly, each historical feature vector matrix in the above historical feature vector matrix group is classified and processed to obtain a vulnerability category information group set. Thus, the vulnerability category information corresponding to each historical information security vulnerability data can be obtained. Then, based on the above vulnerability category information group set, a vulnerability sample library is constructed, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information. Thus, a vulnerability sample library for information security vulnerability identification can be constructed. Also, because the vulnerability sample library constructed by the historical information security vulnerability data group can classify and identify the vulnerability feature information, it avoids the problem of large amount of calculation in actual application due to comparing function codes between different programs. Also, because the vulnerability sample library is constructed based on the historical information security vulnerability data group, the correlation between the vulnerability sample library and the historical information security vulnerability data group is high, so the accuracy of vulnerability data identification is high when new vulnerability feature information is obtained.

继续参考图2,示出了根据本公开的信息安全漏洞识别方法的一些实施例的流程200。该信息安全漏洞识别方法,包括以下步骤:2, a process 200 of some embodiments of the information security vulnerability identification method according to the present disclosure is shown. The information security vulnerability identification method comprises the following steps:

步骤201,获取当前信息安全漏洞数据。Step 201, obtaining current information security vulnerability data.

在一些实施例中,信息安全漏洞识别方法的执行主体(例如计算设备)可以获取当前信息安全漏洞数据。其中,上述当前信息安全漏洞数据可以为目标用户提供的数据。上述当前信息安全漏洞数据可以包括漏洞信息和对应上述漏洞信息的特征信息组。In some embodiments, the execution subject (e.g., computing device) of the information security vulnerability identification method may obtain current information security vulnerability data. The current information security vulnerability data may be data provided by the target user. The current information security vulnerability data may include vulnerability information and a feature information group corresponding to the vulnerability information.

步骤202,基于特征信息组,构建当前特征向量矩阵。Step 202: construct a current feature vector matrix based on the feature information group.

在一些实施例中,上述执行主体可以基于上述特征信息组,构建当前特征向量矩阵。构建当前特征向量矩阵的方式可以参考图1中步骤1023的具体实现方式,在此不做赘述。In some embodiments, the execution subject may construct a current feature vector matrix based on the feature information group. The method of constructing the current feature vector matrix may refer to the specific implementation method of step 1023 in FIG. 1 , which will not be described in detail here.

步骤203,基于预先构建的漏洞样本库,对当前特征向量矩阵进行匹配处理,得到当前特征向量矩阵对应的漏洞样本。Step 203: Based on the pre-built vulnerability sample library, the current feature vector matrix is matched to obtain the vulnerability samples corresponding to the current feature vector matrix.

在一些实施例中,上述执行主体可以基于预先构建的漏洞样本库,对上述当前特征向量矩阵进行匹配处理,得到上述当前特征向量矩阵对应的漏洞样本。其中,上述漏洞样本库是通过图1中对应的那些实施例中的步骤构建的。实践中,首先,上述执行主体可以生成上述当前特征向量矩阵和上述漏洞样本库中各个漏洞样本包括的漏洞样本信息的相似度作为相似度比对结果。具体地,上述相似度可以为余弦相似度。然后,上述执行主体可以从各个相似度比对结果中选择相似度最高的相似度比对结果所对应的漏洞样本作为当前特征向量矩阵对应的漏洞样本。In some embodiments, the execution subject may perform matching processing on the current feature vector matrix based on a pre-built vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix. The vulnerability sample library is constructed by the steps in the corresponding embodiments shown in FIG. 1. In practice, first, the execution subject may generate the similarity between the current feature vector matrix and the vulnerability sample information included in each vulnerability sample in the vulnerability sample library as a similarity comparison result. Specifically, the similarity may be cosine similarity. Then, the execution subject may select the vulnerability sample corresponding to the similarity comparison result with the highest similarity from each similarity comparison result as the vulnerability sample corresponding to the current feature vector matrix.

本公开的上述各个实施例中具有如下有益效果:通过本公开的一些实施例的信息安全漏洞识别方法得到的信息安全漏洞对应的漏洞样本,信息安全漏洞识别有所提高。具体来说,造成漏洞样本识别的准确率较低的原因在于:比较不同程序间的函数代码在实际应用中面临计算量大、准确率低的问题,导致漏洞样本识别的准确率较低。基于此,本公开的一些实施例的信息安全漏洞识别方法,首先,获取当前信息安全漏洞数据,其中,上述当前信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组。由此,可以获得信息安全漏洞数据。然后,基于上述特征信息组,构建当前特征向量矩阵。由此,可以获得当前信息安全漏洞数据所对应的当前特征向量矩阵。再然后,基于预先构建的漏洞样本库,对上述当前特征向量矩阵进行匹配处理,得到上述当前特征向量矩阵对应的漏洞样本,其中,上述漏洞样本库是通过上述第一方面任一实现方式所描述的方法构建的。由此,可以获得当前信息安全漏洞数据对应的漏洞样本。也因为是通过预先构建的漏洞样本库进行信息安全漏洞的分类识别,从而提高了漏洞样本识别的准确率。The above-mentioned various embodiments of the present disclosure have the following beneficial effects: the vulnerability samples corresponding to the information security vulnerabilities obtained by the information security vulnerability identification method of some embodiments of the present disclosure improve the identification of information security vulnerabilities. Specifically, the reason for the low accuracy of vulnerability sample identification is that the comparison of function codes between different programs faces the problem of large computational complexity and low accuracy in practical applications, resulting in a low accuracy of vulnerability sample identification. Based on this, the information security vulnerability identification method of some embodiments of the present disclosure first obtains current information security vulnerability data, wherein the current information security vulnerability data includes vulnerability information and a feature information group corresponding to the vulnerability information. Thus, the information security vulnerability data can be obtained. Then, based on the feature information group, a current feature vector matrix is constructed. Thus, the current feature vector matrix corresponding to the current information security vulnerability data can be obtained. Then, based on the pre-constructed vulnerability sample library, the current feature vector matrix is matched to obtain the vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method described in any implementation of the first aspect. Thus, the vulnerability samples corresponding to the current information security vulnerability data can be obtained. This is also because information security vulnerabilities are classified and identified through a pre-built vulnerability sample library, thereby improving the accuracy of vulnerability sample identification.

进一步参考图3,作为对上述各图所示方法的实现,本公开提供了一种用于信息安全漏洞识别的漏洞样本库构建装置的一些实施例,这些装置实施例与图1所示的那些方法实施例相对应,该装置具体可以应用于各种电子设备中。Further referring to FIG. 3 , as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of a device for constructing a vulnerability sample library for information security vulnerability identification. These device embodiments correspond to the method embodiments shown in FIG. 1 , and the device can be specifically applied to various electronic devices.

如图3所示,一些实施例的用于信息安全漏洞识别的漏洞样本库构建装置300包括:第一确定单元301、执行单元302、第二确定单元303、分类单元304和构建单元305。其中,第一确定单元301被配置成将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组,其中,上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;执行单元302被配置成对于上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组;对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组;基于上述历史特征向量组,构建历史特征向量矩阵;第二确定单元303被配置成将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组;分类单元304被配置成对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集;构建单元305被配置成基于上述漏洞类别信息组集,构建漏洞样本库,其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。As shown in FIG3 , a vulnerability sample library construction device 300 for information security vulnerability identification in some embodiments includes: a first determination unit 301, an execution unit 302, a second determination unit 303, a classification unit 304, and a construction unit 305. The first determination unit 301 is configured to determine a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the vulnerability information; the execution unit 302 is configured to perform the following steps for each historical information security vulnerability data in the historical information security vulnerability data group: determine the feature information group included in the historical information security vulnerability data as a feature information group to be quantized; perform vectorization processing on each feature information to be quantized in the feature information group to be quantized Processing, to obtain a historical feature vector group; based on the above historical feature vector group, construct a historical feature vector matrix; the second determining unit 303 is configured to determine the constructed historical feature vector matrices as a historical feature vector matrix group; the classification unit 304 is configured to classify each historical feature vector matrix in the above historical feature vector matrix group to obtain a vulnerability category information group set; the construction unit 305 is configured to construct a vulnerability sample library based on the above vulnerability category information group set, wherein the above vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability samples corresponding to the vulnerability feature information.

可以理解的是,该装置300中记载的诸单元与参考图1描述的方法中的各个步骤相对应。由此,上文针对方法描述的操作、特征以及产生的有益效果同样适用于装置300及其中包含的单元,在此不再赘述。It is understandable that the units recorded in the device 300 correspond to the steps in the method described with reference to Figure 1. Therefore, the operations, features and beneficial effects described above for the method are also applicable to the device 300 and the units contained therein, and will not be repeated here.

进一步参考图4,作为对上述各图所示方法的实现,本公开提供了一种信息安全漏洞识别装置的一些实施例,这些装置实施例与图2所示的那些方法实施例相对应,该装置具体可以应用于各种电子设备中。Further referring to FIG. 4 , as an implementation of the methods shown in the above figures, the present disclosure provides some embodiments of an information security vulnerability identification device, which correspond to the method embodiments shown in FIG. 2 , and the device can be specifically applied to various electronic devices.

如图4所示,一些实施例的信息安全漏洞识别装置400包括:获取单元401、构建单元402和匹配单元403。其中,获取单元401被配置成获取当前信息安全漏洞数据,其中,上述当前信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;构建单元402被配置成基于上述特征信息组,构建当前特征向量矩阵;匹配单元403被配置成基于预先构建的漏洞样本库,对上述当前特征向量矩阵进行匹配处理,得到上述当前特征向量矩阵对应的漏洞样本,其中,上述漏洞样本库是通过图1中对应的那些实施例中的步骤构建的。As shown in Fig. 4, the information security vulnerability identification device 400 of some embodiments includes: an acquisition unit 401, a construction unit 402 and a matching unit 403. The acquisition unit 401 is configured to acquire current information security vulnerability data, wherein the current information security vulnerability data includes vulnerability information and a feature information group corresponding to the vulnerability information; the construction unit 402 is configured to construct a current feature vector matrix based on the feature information group; the matching unit 403 is configured to perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the steps in the corresponding embodiments in Fig. 1.

可以理解的是,该装置400中记载的诸单元与参考图2描述的方法中的各个步骤相对应。由此,上文针对方法描述的操作、特征以及产生的有益效果同样适用于装置400及其中包含的单元,在此不再赘述。It is understandable that the units recorded in the device 400 correspond to the steps in the method described with reference to Figure 2. Therefore, the operations, features and beneficial effects described above for the method are also applicable to the device 400 and the units contained therein, and will not be repeated here.

下面参考图5,其示出了适于用来实现本公开的一些实施例的电子设备500的结构示意图。图5示出的电子设备仅仅是一个示例,不应对本公开的实施例的功能和使用范围带来任何限制。Referring to Figure 5, a schematic diagram of the structure of an electronic device 500 suitable for implementing some embodiments of the present disclosure is shown. The electronic device shown in Figure 5 is only an example and should not bring any limitation to the functions and scope of use of the embodiments of the present disclosure.

如图5所示,电子设备500可以包括处理装置(例如中央处理器、图形处理器等)501,其可以根据存储在只读存储器(ROM)502中的程序或者从存储装置508加载到随机访问存储器(RAM)503中的程序而执行各种适当的动作和处理。在RAM 503中,还存储有电子设备500操作所需的各种程序和数据。处理装置501、ROM 502以及RAM 503通过总线504彼此相连。输入/输出(I/O)接口505也连接至总线504。As shown in FIG5 , the electronic device 500 may include a processing device (e.g., a central processing unit, a graphics processing unit, etc.) 501, which can perform various appropriate actions and processes according to a program stored in a read-only memory (ROM) 502 or a program loaded from a storage device 508 into a random access memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the electronic device 500 are also stored. The processing device 501, the ROM 502, and the RAM 503 are connected to each other via a bus 504. An input/output (I/O) interface 505 is also connected to the bus 504.

通常,以下装置可以连接至I/O接口505:包括例如触摸屏、触摸板、键盘、鼠标、摄像头、麦克风、加速度计、陀螺仪等的输入装置506;包括例如液晶显示器(LCD)、扬声器、振动器等的输出装置507;包括例如磁带、硬盘等的存储装置508;以及通信装置509。通信装置509可以允许电子设备500与其他设备进行无线或有线通信以交换数据。虽然图5示出了具有各种装置的电子设备500,但是应理解的是,并不要求实施或具备所有示出的装置。可以替代地实施或具备更多或更少的装置。图5中示出的每个方框可以代表一个装置,也可以根据需要代表多个装置。Typically, the following devices may be connected to the I/O interface 505: input devices 506 including, for example, a touch screen, a touchpad, a keyboard, a mouse, a camera, a microphone, an accelerometer, a gyroscope, etc.; output devices 507 including, for example, a liquid crystal display (LCD), a speaker, a vibrator, etc.; storage devices 508 including, for example, a magnetic tape, a hard disk, etc.; and communication devices 509. The communication device 509 may allow the electronic device 500 to communicate with other devices wirelessly or by wire to exchange data. Although FIG. 5 shows an electronic device 500 with various devices, it should be understood that it is not required to implement or have all the devices shown. More or fewer devices may be implemented or have alternatively. Each box shown in FIG. 5 may represent one device, or may represent multiple devices as needed.

特别地,根据本公开的一些实施例,上文参考流程图描述的过程可以被实现为计算机软件程序。例如,本公开的一些实施例包括一种计算机程序产品,其包括承载在计算机可读介质上的计算机程序,该计算机程序包含用于执行流程图所示的方法的程序代码。在这样的一些实施例中,该计算机程序可以通过通信装置509从网络上被下载和安装,或者从存储装置508被安装,或者从ROM 502被安装。在该计算机程序被处理装置501执行时,执行本公开的一些实施例的方法中限定的上述功能。In particular, according to some embodiments of the present disclosure, the process described above with reference to the flowchart can be implemented as a computer software program. For example, some embodiments of the present disclosure include a computer program product, which includes a computer program carried on a computer-readable medium, and the computer program contains program code for executing the method shown in the flowchart. In some such embodiments, the computer program can be downloaded and installed from the network through the communication device 509, or installed from the storage device 508, or installed from the ROM 502. When the computer program is executed by the processing device 501, the above-mentioned functions defined in the method of some embodiments of the present disclosure are executed.

需要说明的是,本公开的一些实施例中记载的计算机可读介质可以是计算机可读信号介质或者计算机可读存储介质或者是上述两者的任意组合。计算机可读存储介质例如可以是——但不限于——电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合。计算机可读存储介质的更具体的例子可以包括但不限于:具有一个或多个导线的电连接、便携式计算机磁盘、硬盘、随机访问存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、光纤、便携式紧凑磁盘只读存储器(CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。在本公开的一些实施例中,计算机可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。而在本公开的一些实施例中,计算机可读信号介质可以包括在基带中或者作为载波一部分传播的数据信号,其中承载了计算机可读的程序代码。这种传播的数据信号可以采用多种形式,包括但不限于电磁信号、光信号或上述的任意合适的组合。计算机可读信号介质还可以是计算机可读存储介质以外的任何计算机可读介质,该计算机可读信号介质可以发送、传播或者传输用于由指令执行系统、装置或者器件使用或者与其结合使用的程序。计算机可读介质上包含的程序代码可以用任何适当的介质传输,包括但不限于:电线、光缆、RF(射频)等等,或者上述的任意合适的组合。It should be noted that the computer-readable medium recorded in some embodiments of the present disclosure may be a computer-readable signal medium or a computer-readable storage medium or any combination of the above two. The computer-readable storage medium may be, for example, but not limited to, an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, device or device, or any combination of the above. More specific examples of computer-readable storage media may include, but are not limited to: an electrical connection with one or more wires, a portable computer disk, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the above. In some embodiments of the present disclosure, a computer-readable storage medium may be any tangible medium containing or storing a program that can be used by or in combination with an instruction execution system, device or device. In some embodiments of the present disclosure, a computer-readable signal medium may include a data signal propagated in a baseband or as part of a carrier wave, which carries a computer-readable program code. This propagated data signal may take a variety of forms, including but not limited to electromagnetic signals, optical signals, or any suitable combination of the above. Computer readable signal media may also be any computer readable medium other than computer readable storage media, which may send, propagate or transmit a program for use by or in conjunction with an instruction execution system, apparatus or device. The program code contained on the computer readable medium may be transmitted using any appropriate medium, including but not limited to: wires, optical cables, RF (radio frequency), etc., or any suitable combination of the above.

在一些实施方式中,客户端、服务器可以利用诸如HTTP(HyperText TransferProtocol,超文本传输协议)之类的任何当前已知或未来研发的网络协议进行通信,并且可以与任意形式或介质的数字数据通信(例如,通信网络)互连。通信网络的示例包括局域网(“LAN”),广域网(“WAN”),网际网(例如,互联网)以及端对端网络(例如,adhoc端对端网络),以及任何当前已知或未来研发的网络。In some embodiments, the client and the server may communicate using any currently known or future developed network protocol such as HTTP (HyperText Transfer Protocol), and may be interconnected with any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), an internet (e.g., the Internet), and a peer-to-peer network (e.g., an adhoc peer-to-peer network), as well as any currently known or future developed network.

上述计算机可读介质可以是上述电子设备中所包含的;也可以是单独存在,而未装配入该电子设备中。上述计算机可读介质承载有一个或者多个程序,当上述一个或者多个程序被该电子设备执行时,使得该电子设备:将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组,其中,上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;对于上述历史信息安全漏洞数据组中的每个历史信息安全漏洞数据,执行以下步骤:将上述历史信息安全漏洞数据包括的特征信息组确定为待向量化特征信息组;对上述待向量化特征信息组中的每个待向量化特征信息进行向量化处理,得到历史特征向量组;基于上述历史特征向量组,构建历史特征向量矩阵;将所构建的各个历史特征向量矩阵确定为历史特征向量矩阵组;对上述历史特征向量矩阵组中的每个历史特征向量矩阵进行分类处理,得到漏洞类别信息组集;基于上述漏洞类别信息组集,构建漏洞样本库,其中,上述漏洞样本库用于对所获取的实时漏洞特征信息进行匹配处理,以识别漏洞特征信息对应的漏洞样本。The computer-readable medium may be included in the electronic device, or may exist independently without being incorporated into the electronic device. The computer-readable medium carries one or more programs. When the one or more programs are executed by the electronic device, the electronic device: determines a pre-stored information security vulnerability data group as a historical information security vulnerability data group, wherein each historical information security vulnerability data in the historical information security vulnerability data group includes vulnerability information and a feature information group corresponding to the vulnerability information; for each historical information security vulnerability data in the historical information security vulnerability data group, performs the following steps: determines the feature information group included in the historical information security vulnerability data as a feature information group to be quantized; performs vectorization processing on each feature information to be quantized in the feature information group to be quantized to obtain a historical feature vector group; constructs a historical feature vector matrix based on the historical feature vector group; determines each constructed historical feature vector matrix as a historical feature vector matrix group; performs classification processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set; constructs a vulnerability sample library based on the vulnerability category information group set, wherein the vulnerability sample library is used to match the acquired real-time vulnerability feature information to identify the vulnerability sample corresponding to the vulnerability feature information.

或使得该电子设备:获取当前信息安全漏洞数据,其中,上述当前信息安全漏洞数据包括漏洞信息和对应上述漏洞信息的特征信息组;基于上述特征信息组,构建当前特征向量矩阵;基于预先构建的漏洞样本库,对上述当前特征向量矩阵进行匹配处理,得到上述当前特征向量矩阵对应的漏洞样本,其中,上述漏洞样本库是通过图1中对应的那些实施例中的步骤构建的。Or enable the electronic device to: obtain current information security vulnerability data, wherein the current information security vulnerability data includes vulnerability information and a feature information group corresponding to the vulnerability information; construct a current feature vector matrix based on the feature information group; and perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed through the steps in the corresponding embodiments in Figure 1.

可以以一种或多种程序设计语言或其组合来编写用于执行本公开的一些实施例的操作的计算机程序代码,上述程序设计语言包括面向对象的程序设计语言—诸如Java、Smalltalk、C++,还包括常规的过程式程序设计语言—诸如“C”语言或类似的程序设计语言。程序代码可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络——包括局域网(LAN)或广域网(WAN)——连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。Computer program code for performing the operations of some embodiments of the present disclosure may be written in one or more programming languages or a combination thereof, including object-oriented programming languages such as Java, Smalltalk, C++, and conventional procedural programming languages such as "C" or similar programming languages. The program code may be executed entirely on the user's computer, partially on the user's computer, as a separate software package, partially on the user's computer and partially on a remote computer, or entirely on a remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or may be connected to an external computer (e.g., via the Internet using an Internet service provider).

附图中的流程图和框图,图示了按照本公开各种实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段、或代码的一部分,该模块、程序段、或代码的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。也应当注意,在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个接连地表示的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或操作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flow chart and block diagram in the accompanying drawings illustrate the possible architecture, function and operation of the system, method and computer program product according to various embodiments of the present disclosure. In this regard, each square box in the flow chart or block diagram can represent a module, a program segment or a part of a code, and the module, the program segment or a part of the code contains one or more executable instructions for realizing the specified logical function. It should also be noted that in some implementations as replacements, the functions marked in the square box can also occur in a sequence different from that marked in the accompanying drawings. For example, two square boxes represented in succession can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, depending on the functions involved. It should also be noted that each square box in the block diagram and/or flow chart, and the combination of the square boxes in the block diagram and/or flow chart can be implemented with a dedicated hardware-based system that performs the specified function or operation, or can be implemented with a combination of dedicated hardware and computer instructions.

描述于本公开的一些实施例中的单元可以通过软件的方式实现,也可以通过硬件的方式来实现。所描述的单元也可以设置在处理器中,例如,可以描述为:一种处理器包括第一确定单元、执行单元、第二确定单元、分类单元和构建单元。其中,这些单元的名称在某种情况下并不构成对该单元本身的限定,例如,第一确定单元还可以被描述为“将预先存储的信息安全漏洞数据组确定为历史信息安全漏洞数据组的单元”。The units described in some embodiments of the present disclosure may be implemented by software or by hardware. The described units may also be provided in a processor, for example, may be described as: a processor comprising a first determination unit, an execution unit, a second determination unit, a classification unit, and a construction unit. The names of these units do not, in certain cases, constitute limitations on the units themselves, for example, the first determination unit may also be described as "a unit for determining a pre-stored information security vulnerability data group as a historical information security vulnerability data group".

本文中以上描述的功能可以至少部分地由一个或多个硬件逻辑部件来执行。例如,非限制性地,可以使用的示范类型的硬件逻辑部件包括:现场可编程门阵列(FPGA)、专用集成电路(ASIC)、专用标准产品(ASSP)、片上系统(SOC)、复杂可编程逻辑设备(CPLD)等等。The functions described above herein may be performed at least in part by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field programmable gate arrays (FPGAs), application specific integrated circuits (ASICs), application specific standard products (ASSPs), systems on chips (SOCs), complex programmable logic devices (CPLDs), and the like.

以上描述仅为本公开的一些较佳实施例以及对所运用技术原理的说明。本领域技术人员应当理解,本公开的实施例中所涉及的发明范围,并不限于上述技术特征的特定组合而成的技术方案,同时也应涵盖在不脱离上述发明构思的情况下,由上述技术特征或其等同特征进行任意组合而形成的其它技术方案。例如上述特征与本公开的实施例中公开的(但不限于)具有类似功能的技术特征进行互相替换而形成的技术方案。The above descriptions are only some preferred embodiments of the present disclosure and an explanation of the technical principles used. Those skilled in the art should understand that the scope of the invention involved in the embodiments of the present disclosure is not limited to the technical solutions formed by a specific combination of the above technical features, but should also cover other technical solutions formed by any combination of the above technical features or their equivalent features without departing from the above inventive concept. For example, the above features are replaced with (but not limited to) technical features with similar functions disclosed in the embodiments of the present disclosure.

Claims (9)

1. A loophole sample library construction method for information security loophole identification comprises the following steps:
Determining a pre-stored information security vulnerability data set as a historical information security vulnerability data set, wherein each historical information security vulnerability data set comprises vulnerability information and a characteristic information set corresponding to the vulnerability information;
For each historical information security vulnerability data in the set of historical information security vulnerability data, performing the steps of:
Determining a characteristic information group included in the historical information security vulnerability data as a characteristic information group to be vectorized;
carrying out vectorization processing on each piece of feature information to be vectorized in the feature information group to be vectorized to obtain a historical feature vector group;
constructing a historical feature vector matrix based on the historical feature vector group;
determining each constructed historical feature vector matrix as a historical feature vector matrix group;
Classifying each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability category information group set, wherein classifying each historical feature vector matrix in the historical feature vector matrix group to obtain the vulnerability category information group set comprises the following steps: based on the historical feature vector matrix set, performing the following first loop step: performing random dimension reduction processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a dimension reduction feature vector matrix group; based on the dimension-reduction feature vector matrix group, the following second loop step is executed: determining a dimension reduction feature vector matrix meeting a preset selection condition in the dimension reduction feature vector matrix group as a dimension reduction feature vector matrix to be compared; determining preset selection information as selection information; adding the selection information to the dimension-reduction feature vector matrix to be compared so as to update the dimension-reduction feature vector matrix to be compared; determining a preset number of dimension reduction feature vector matrixes meeting preset comparison conditions in the dimension reduction feature vector matrix group as a feature vector matrix group to be compared; for each feature vector matrix to be compared in the feature vector matrix group to be compared, determining the distance between the feature vector matrix to be compared and the dimension reduction feature vector matrix to be compared as a comparison distance; sequencing the determined comparison distances to obtain a comparison distance sequence; taking the comparison distances meeting the preset ordering condition in the comparison distance sequence as a comparison distance group; determining a category matrix set based on the comparison distance set; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set does not meet a preset addition condition, executing the second looping step again; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set meets a preset addition condition, determining each determined category matrix set as a category information set; in response to determining that each of the set of category matrix groups does not meet a preset number of conditions, emptying the set of category information groups and performing the first looping step again; responding to the fact that each category matrix group in the category information group meets the preset quantity condition, and performing difference value processing on each category matrix group in the category information group to obtain a category difference value group; in response to determining that each of the set of class difference values does not meet a preset threshold condition, performing the first looping step again; in response to determining that each of the class difference values in the class difference value set meets a preset threshold condition, determining the class information set as a vulnerability class information set;
And constructing a vulnerability sample library based on the vulnerability category information set, wherein the vulnerability sample library is used for carrying out matching processing on the acquired real-time vulnerability characteristic information so as to identify a vulnerability sample corresponding to the vulnerability characteristic information.
2. The method of claim 1, wherein the constructing a historical feature vector matrix based on the set of historical feature vectors comprises:
classifying the feature information groups to be vectorized according to each feature tag type to obtain each feature tag information group, wherein feature tag information in each feature tag information group corresponds to the same feature tag type;
determining each obtained characteristic tag information group as a characteristic tag information group set;
The following steps are performed for each feature tag information group in the feature tag information group set:
determining a history feature vector corresponding to each feature tag information in the feature tag information group as a feature vector to be added to obtain a feature vector group to be added;
Adding the feature vector group to be added to a feature vector matrix to update the feature vector matrix;
the updated feature vector matrix is determined as a historical feature vector matrix.
3. The method of claim 1, wherein the determining a set of category matrices based on the set of alignment distances comprises:
For each alignment distance in the alignment distance group, performing the steps of:
Determining the preset selection information as selection information;
Adding the selection information to a feature vector matrix to be compared corresponding to the comparison distance so as to update the feature vector matrix to be compared;
and combining the updated feature vector matrixes to be compared with the feature vectors to be compared, which correspond to the comparison distance group, to obtain a category matrix group.
4. The method of claim 1, wherein the determining, for each feature vector matrix to be aligned in the set of feature vector matrices to be aligned, a distance between the feature vector matrix to be aligned and the feature vector matrix to be aligned as an alignment distance comprises:
Respectively determining the feature vector of each corresponding position in each corresponding position of the feature vector matrix to be compared and the feature vector matrix to be compared as a first feature vector and a second feature vector;
the following steps are performed for the first feature vector and the second feature vector corresponding to each of the respective corresponding positions:
determining a difference value between the first feature vector and the second feature vector as a difference feature vector;
generating a square value based on the difference feature vector;
Generating a standard value based on the square value;
the sum of the obtained individual standard values is determined as the alignment distance.
5. An information security vulnerability identification method, comprising:
Obtaining current information security vulnerability data, wherein the current information security vulnerability data comprises vulnerability information and a characteristic information group corresponding to the vulnerability information;
Constructing a current feature vector matrix based on the feature information set;
Based on a pre-constructed vulnerability sample library, carrying out matching processing on the current feature vector matrix to obtain a vulnerability sample corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method according to one of claims 1-4.
6. A vulnerability sample library construction apparatus for information security vulnerability identification, comprising:
A first determining unit configured to determine a pre-stored information security vulnerability data set as a history information security vulnerability data set, wherein each history information security vulnerability data in the history information security vulnerability data set includes vulnerability information and a feature information set corresponding to the vulnerability information;
An execution unit configured to, for each historical information security vulnerability data in the set of historical information security vulnerability data, perform the steps of: determining a characteristic information group included in the historical information security vulnerability data as a characteristic information group to be vectorized; carrying out vectorization processing on each piece of feature information to be vectorized in the feature information group to be vectorized to obtain a historical feature vector group; constructing a historical feature vector matrix based on the historical feature vector group;
A second determining unit configured to determine each of the constructed history feature vector matrices as a history feature vector matrix group;
The classification unit is configured to perform classification processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a vulnerability class information group set, where the classification processing on each historical feature vector matrix in the historical feature vector matrix group to obtain the vulnerability class information group set includes: based on the historical feature vector matrix set, performing the following first loop step: performing random dimension reduction processing on each historical feature vector matrix in the historical feature vector matrix group to obtain a dimension reduction feature vector matrix group; based on the dimension-reduction feature vector matrix group, the following second loop step is executed: determining a dimension reduction feature vector matrix meeting a preset selection condition in the dimension reduction feature vector matrix group as a dimension reduction feature vector matrix to be compared; determining preset selection information as selection information; adding the selection information to the dimension-reduction feature vector matrix to be compared so as to update the dimension-reduction feature vector matrix to be compared; determining a preset number of dimension reduction feature vector matrixes meeting preset comparison conditions in the dimension reduction feature vector matrix group as a feature vector matrix group to be compared; for each feature vector matrix to be compared in the feature vector matrix group to be compared, determining the distance between the feature vector matrix to be compared and the dimension reduction feature vector matrix to be compared as a comparison distance; sequencing the determined comparison distances to obtain a comparison distance sequence; taking the comparison distances meeting the preset ordering condition in the comparison distance sequence as a comparison distance group; determining a category matrix set based on the comparison distance set; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set does not meet a preset addition condition, executing the second looping step again; in response to determining that each dimension reduction feature vector matrix in the dimension reduction feature vector matrix set meets a preset addition condition, determining each determined category matrix set as a category information set; in response to determining that each of the set of category matrix groups does not meet a preset number of conditions, emptying the set of category information groups and performing the first looping step again; responding to the fact that each category matrix group in the category information group meets the preset quantity condition, and performing difference value processing on each category matrix group in the category information group to obtain a category difference value group; in response to determining that each of the set of class difference values does not meet a preset threshold condition, performing the first looping step again; in response to determining that each of the class difference values in the class difference value set meets a preset threshold condition, determining the class information set as a vulnerability class information set;
the construction unit is configured to construct a vulnerability sample library based on the vulnerability category information set, wherein the vulnerability sample library is used for carrying out matching processing on the acquired real-time vulnerability characteristic information so as to identify a vulnerability sample corresponding to the vulnerability characteristic information.
7. An information security breach identification device, comprising:
The system comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is configured to acquire current information security vulnerability data, and the current information security vulnerability data comprises vulnerability information and a characteristic information group corresponding to the vulnerability information;
A construction unit configured to construct a current feature vector matrix based on the feature information group;
the matching unit is configured to perform matching processing on the current feature vector matrix based on a pre-constructed vulnerability sample library to obtain vulnerability samples corresponding to the current feature vector matrix, wherein the vulnerability sample library is constructed by the method according to one of claims 1-4.
8. An electronic device, comprising:
One or more processors;
A storage device having one or more programs stored thereon;
When executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1 to 4 or 5.
9. A computer readable medium having stored thereon a computer program, wherein the program when executed by a processor implements the method of any of claims 1 to 4 or 5.
CN202410780908.2A 2024-06-18 2024-06-18 Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium Active CN118349895B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410780908.2A CN118349895B (en) 2024-06-18 2024-06-18 Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410780908.2A CN118349895B (en) 2024-06-18 2024-06-18 Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium

Publications (2)

Publication Number Publication Date
CN118349895A CN118349895A (en) 2024-07-16
CN118349895B true CN118349895B (en) 2024-09-13

Family

ID=91821115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410780908.2A Active CN118349895B (en) 2024-06-18 2024-06-18 Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium

Country Status (1)

Country Link
CN (1) CN118349895B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388551A (en) * 2017-08-07 2019-02-26 北京京东尚科信息技术有限公司 There are the method for loophole probability, leak detection method, relevant apparatus for prediction code
CN117034159A (en) * 2022-06-14 2023-11-10 腾讯科技(深圳)有限公司 Abnormal data identification method and device, electronic equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118134581A (en) * 2022-12-02 2024-06-04 北京京东尚科信息技术有限公司 Article identification information generation method, apparatus, device, medium and program product
CN117056940B (en) * 2023-10-12 2024-01-16 中关村科学城城市大脑股份有限公司 Method, device, electronic equipment and medium for repairing loopholes of server system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109388551A (en) * 2017-08-07 2019-02-26 北京京东尚科信息技术有限公司 There are the method for loophole probability, leak detection method, relevant apparatus for prediction code
CN117034159A (en) * 2022-06-14 2023-11-10 腾讯科技(深圳)有限公司 Abnormal data identification method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN118349895A (en) 2024-07-16

Similar Documents

Publication Publication Date Title
CN109697641A (en) The method and apparatus for calculating commodity similarity
WO2022228392A1 (en) Blockchain address classification method and apparatus
CN114360027A (en) A training method, device and electronic device for feature extraction network
CN113254716B (en) Video clip retrieval method and device, electronic equipment and readable storage medium
CN118811699A (en) A crane adaptive control method and control system
CN118520115A (en) Information management system and method based on RPA and AI technology
WO2020128606A1 (en) Method for reducing computing operation time or computer resource usage
CN118349895B (en) Vulnerability sample library construction method, vulnerability identification device, vulnerability sample library construction equipment and vulnerability sample library medium
CN114357180A (en) Knowledge graph updating method and electronic device
CN118784342A (en) Access device anomaly detection method, device, electronic device and computer medium
CN110390011A (en) The method and apparatus of data classification
CN118626536A (en) Object mining method, device, equipment and storage medium
CN118504000A (en) Service data dynamic access control method, device, electronic equipment and medium
CN114625876B (en) Method for generating author characteristic model, method and device for processing author information
CN115309534B (en) Cloud resource scheduling method and device, storage medium and electronic equipment
CN111046892A (en) Abnormal identification method and device
CN115527025A (en) Method and apparatus for clustering
CN116501993B (en) House source data recommendation method and device
CN113535847B (en) Block chain address classification method and device
CN117636100B (en) Pre-training task model adjustment processing method and device, electronic equipment and medium
CN118261117B (en) Book rating intelligent processing method based on big data resource service
EP4293534A1 (en) Blockchain address classification method and apparatus
CN118861775A (en) Abnormal fund flow monitoring method, system and readable storage medium
CN118569951A (en) Order processing method, order processing device, electronic equipment and computer readable medium
CN119377665A (en) Method, device, equipment, storage medium and program product for generating simulation data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant