Detailed Description
In the description of the present application, those skilled in the art will appreciate that the present application may be embodied as methods, apparatus, electronic devices, and computer-readable storage media. Accordingly, the present application may be embodied in the following forms: complete hardware, complete software (including firmware, resident software, micro-code, etc.), a combination of hardware and software. Furthermore, in some embodiments, the application may also be embodied in the form of a computer program product in one or more computer-readable storage media, which contain computer program code.
Any combination of one or more computer-readable storage media may be employed by the computer-readable storage media described above. The computer-readable storage medium includes: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer readable storage medium include the following: portable computer magnetic disks, hard disks, random access memories, read-only memories, erasable programmable read-only memories, flash memories, optical fibers, optical disk read-only memories, optical storage devices, magnetic storage devices, or any combination thereof. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, device.
The technical scheme of the application obtains, stores, uses, processes and the like the data, which all meet the relevant regulations of national laws.
The application provides a method, a device and electronic equipment through flow charts and/or block diagrams.
It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions. These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer readable program instructions may also be stored in a computer readable storage medium that can cause a computer or other programmable data processing apparatus to function in a particular manner. Thus, instructions stored in a computer-readable storage medium produce an instruction means which implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The present application will be described below with reference to the drawings in the present application.
Embodiment one:
as shown in fig. 1, the present application provides a vulnerability positioning method based on automatic code detection, which comprises:
step S1: grabbing the software source code of the party to obtain a software database of the party, and carrying out static analysis on the software database of the party to obtain software static code vulnerability information;
Specifically, in order to realize intelligent automatic scanning and positioning of software vulnerabilities, the source codes of the software of the party are grabbed, wherein the software of the party can be produced by the same manufacturer, and a corresponding software database of the party is obtained, and the software database of the party comprises source code databases of all production software of the manufacturer. Performing static analysis on the software database of the party to obtain corresponding potential software static code vulnerability information, wherein the static analysis comprises the steps of identifying the problems of misspellings, illegal characters, missing semicolons or other separators in codes by using lexical analysis; syntax analysis, detecting syntax errors in source codes, such as mismatching brackets, lack of necessary sentence components and the like; and (3) analyzing the control flow, detecting potential logic errors, dead codes, infinite recursion in the circulation and the like, and automatically detecting and comprehensively identifying the potential vulnerability information of the software through the codes.
Step S2: inserting a tracking code into the software database of the party to dynamically track the loopholes, obtaining software dynamic code loopholes, and comparing and verifying the software static code loopholes based on the software dynamic code loopholes to obtain a software code loopholes set of the party;
As shown in fig. 2, further, in S2, a trace code is inserted into the software database for performing vulnerability dynamic tracing, and the steps of the present application further include:
s21: dynamic tracking control element information is obtained, wherein the dynamic tracking control element information comprises tracking code granularity, a data processing mechanism and running environment configuration;
S22: constructing a code dynamic tracking solution space, wherein the code dynamic tracking solution space comprises dynamic tracking control element parameters of a software source code and tracking effect data;
s23: performing cluster division on the code dynamic tracking solution space based on the dynamic tracking control element information to generate a code dynamic tracking calibration solution space;
S24: and carrying out optimization analysis on the production environment of each software data in the software database of the party in the code dynamic tracking calibration solution space as an optimization constraint condition, determining dynamic tracking control parameters, and carrying out dynamic tracking control on the software database of the party through the dynamic tracking control parameters.
Further, in the step S24, the step of determining the dynamic tracking control parameter further includes:
taking the production environment of each piece of software data as an optimizing constraint condition to perform similarity calculation with the code dynamic tracking calibration solution space, so as to obtain a code tracking data similarity set;
data screening within a preset similarity threshold is conducted based on the code tracking data similarity set, and a code dynamic tracking memory library is obtained;
Fitting the tracking effect data to extract tracking indexes, determining a code tracking effect index set, and fitting based on the code tracking effect index set to generate a dynamic tracking effect fitness function;
and evaluating and optimizing the code dynamic tracking memory based on the dynamic tracking effect fitness function, and determining the dynamic tracking control parameters.
Specifically, in order to improve the accuracy of software bug detection, a tracking code is inserted into the software database to dynamically track the bug, the tracking code can record information such as an execution path of a program, function call, change of a variable value and the like, and the information is output to a file or a console in a log form, and can also be sent to a remote server through a network to be collected and analyzed. When the code is dynamically tracked, the vulnerability tracking precision is affected by various factors, so that dynamic tracking control element information is analyzed and acquired, wherein the dynamic tracking control element information is the relevant influence factor of the vulnerability tracking precision, and comprises tracking code granularity, the inserted tracking code is sufficiently detailed so as to capture the information related to the potential vulnerability point, and excessive tracking is avoided at the same time so as to avoid generating excessive noise data; processing mechanisms, data generated at run-time can be very bulky, so efficient data processing mechanisms need to be designed to ensure processing tracking accuracy; the configuration of the operating environment, the results of the dynamic analysis are affected by the operating environment and the configuration, and when the dynamic analysis is performed, the configuration and conditions similar to those of the production environment should be ensured to be used.
And constructing a code dynamic tracking solution space by a data mining technology, wherein the code dynamic tracking solution space is historical code tracking dynamic data and comprises various dynamic tracking control element parameters of a software source code and corresponding tracking effect data. And carrying out cluster division on the code dynamic tracking solution space based on the dynamic tracking control element information, gathering the tracking data of the same dynamic tracking control element type into one type, and generating a code dynamic tracking calibration solution space after integrating and calibrating according to the dynamic tracking control element type. And carrying out optimization analysis on the production environment of each software data in the software database of the party in the code dynamic tracking calibration solution space as an optimizing constraint condition, firstly, carrying out similarity calculation on the production environment of each software data and the code dynamic tracking calibration solution space respectively as the optimizing constraint condition, and carrying out similarity calculation on the production environment configuration parameters of each software data and the dynamic tracking control element parameters in the solution space by adopting a cosine similarity algorithm and the like to obtain a corresponding code tracking data similarity set. And then, carrying out data screening within a preset similarity threshold based on the code tracking data similarity set, wherein the preset similarity threshold is a tracking data screening standard, and can be set empirically by itself to obtain dynamic tracking data within the preset similarity threshold, so that a code dynamic tracking memory library is formed, the parameter optimizing range is reduced, and the optimizing efficiency is improved.
And fitting the tracking effect data to extract tracking indexes, and determining a code tracking effect index set, wherein the code tracking effect index set is used for evaluating the dynamic tracking effect of the software vulnerability and comprises tracking precision, tracking speed and the like. And performing relevance fitting on the tracking data in the code dynamic tracking solution space based on the code tracking effect index set to generate a dynamic tracking effect fitness function, wherein the dynamic tracking effect fitness function is used for performing tracking effect evaluation on the dynamic tracking control element parameters, and the larger the fitness is, the better the tracking effect of the dynamic tracking control element parameters is. And carrying out fitness evaluation on the code dynamic tracking memory based on the dynamic tracking effect fitness function to obtain a corresponding parameter fitness evaluation set, comparing and optimizing the parameter fitness evaluation set, and determining the dynamic tracking control parameter with the maximum fitness.
And carrying out dynamic tracking control on the software database through the dynamic tracking control parameters, running a program with tracking codes, collecting data generated during running, analyzing the collected data during running, including analyzing the execution path of the program and the state of analysis variables, and acquiring the software dynamic code vulnerability information obtained by tracking, wherein the software dynamic code vulnerability information comprises relevant information of potential vulnerability points identified in a static analysis stage, and if the static analysis finds a possible buffer overflow problem, the tracking codes should record the values of the relevant variables and the use condition of the buffer. Based on the software dynamic code vulnerability information, comparing and verifying the software static code vulnerability information, and comparing the static analysis result with data collected during dynamic running to verify whether potential vulnerability points are real vulnerabilities, so as to determine the software code vulnerability set of the party. By combining static analysis and dynamic tracking technology to detect software loopholes, the real loopholes can be more accurately identified, and false alarms and missing reports are reduced.
Step S3: performing detection training on the multi-party software code vulnerability set by using a deep neural network structure, constructing a multi-party software vulnerability feature detection model, acquiring a multi-party software database, performing static analysis and dynamic tracking verification on the multi-party software database to obtain a multi-party software code vulnerability set, and performing distributed training on the multi-party software code vulnerability set to obtain a multi-party software vulnerability feature detection model set;
Further, in the step S3, a software vulnerability characteristic detection model is constructed, and the steps of the present application further include:
s31: obtaining software vulnerability association factors, wherein the software vulnerability association factors comprise vulnerability types, influence degrees, vulnerability causes and repair states;
S32: performing information entropy operation comparison on the software vulnerability association factors, determining root node characteristic information, and constructing a software vulnerability characteristic decision tree according to the root node characteristic information;
S33: carrying out factor vector identification on each code vulnerability in the software code vulnerability set of the party based on the software vulnerability feature decision tree to obtain a software vulnerability feature vector set;
S34: and detecting and training the software vulnerability feature vector set as sample data by using a deep neural network structure to generate the software vulnerability feature detection model.
Further, the steps of the application also comprise:
Performing accuracy verification on the software vulnerability feature detection model to obtain detection accuracy, and adding a regular term to a detection evaluation function if the detection accuracy does not reach the standard;
performing minimized solution on the detection evaluation function added with the regular term through a gradient descent algorithm to obtain a parameter optimization variable;
and carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain the software vulnerability feature optimization detection model.
Specifically, in order to realize intelligent detection and positioning of software bugs, a deep neural network structure is utilized to detect and train the software code bugs set, firstly, software bugs association factors are obtained, the software bugs association factors are bug feature description indexes and comprise bug types, such as cross-site script attack bugs, cross-site request forging bugs, file containing bugs, logic bugs and the like; the degree of impact, vulnerability can be classified into low, medium, important or serious levels, etc., according to the severity and scope of impact; vulnerability causes such as memory corruption, logic errors, input verification errors, design errors, or configuration errors; and repair states, from the lifecycle of the vulnerability, the software vulnerability can be divided into a 0 day vulnerability (found but not disclosed and repaired), a1 day vulnerability (vendor has disclosed and released a patch but the software has not yet been patched), and a historical vulnerability (the patch release has been long and no longer available).
And carrying out information entropy operation comparison on the software vulnerability association factors, converting the characteristics of each software vulnerability association factor into corresponding information quantity by using a coding function in an information theory, calculating uncertainty or information quantity of each characteristic by comparing distribution conditions of the characteristics in different categories, evaluating the importance of each characteristic, and calculating information entropy of each software vulnerability association factor characteristic by using an information entropy formula, wherein the information entropy is used for evaluating the importance of each factor characteristic. After the information entropy of each factor characteristic is calculated, the information entropy of each factor characteristic is compared, and as the lower information entropy shows higher certainty, namely the characteristic has stronger designability to the classification result, the characteristic with the minimum information entropy is selected as the root node characteristic, so that the root node characteristic information is determined. And recursively constructing branches of the decision tree according to the root node characteristic information, selecting a subset of characteristics for further classification for each branch, selecting characteristics capable of minimizing subset classification uncertainty as characteristics of the next node by using information entropy as an evaluation standard when selecting the subset of characteristics, and repeating the process until a certain termination condition is reached, such as reaching a preset depth or meeting a certain threshold value, so as to complete construction of a software vulnerability characteristic decision tree for rapid characteristic classification of software code vulnerabilities.
And classifying factor characteristics of each code vulnerability in the software code vulnerability set based on the software vulnerability characteristic decision tree, and carrying out characteristic vector identification on each code vulnerability through the classified factor characteristic types to obtain a software vulnerability characteristic vector set, wherein the software vulnerability characteristic vector set is used for representing descriptive characteristic information of each code vulnerability. And detecting and training the software vulnerability feature vector set as sample data by using a deep neural network structure to generate a software vulnerability feature detection model, wherein the software vulnerability feature detection model is used for carrying out local vulnerability feature detection identification on software manufacturers.
Furthermore, in order to improve the model detection accuracy, the accuracy verification is carried out on the software vulnerability feature detection model through a data verification set, so that the corresponding detection accuracy is obtained. If the detection accuracy rate does not reach the standard, which indicates that the model detection accuracy rate is insufficient and needs to be optimized, a regular term is added to the detection evaluation function for controlling the complexity of the model, so that the model detection is more stable, and common regular terms comprise L1 regularization, L2 regularization and the like. And performing minimized solution on the model loss function added with the regular term through a gradient descent algorithm to obtain an optimized parameter optimization variable, namely a model optimization parameter. And carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain an optimized software vulnerability feature optimization detection model. The generalization capability and performance stability of the model are improved, and further, the accuracy of model vulnerability feature detection is ensured.
In order to improve model training comprehensiveness, a multiparty software database is acquired and obtained, the multiparty software database is a source code database of software produced by other multiple manufacturers, the multiparty software database is respectively subjected to static analysis and dynamic tracking verification by adopting the same vulnerability analysis method to obtain a corresponding multiparty software code vulnerability set, the multiparty software code vulnerability set is subjected to distributed training by utilizing a deep neural network structure to obtain a corresponding multiparty software vulnerability feature detection model set, and the multiparty software vulnerability feature detection model set is used for respectively carrying out local hole feature detection identification on other multiple software manufacturers.
Step S4: and performing model parameter collaborative training on the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, performing vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generating a software vulnerability detection positioning result.
Further, the step of obtaining the global detection model of the software vulnerability characteristics in S4 further includes:
s41: respectively extracting model parameters of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain parameter sets of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model;
S42: encrypting the party detection model parameters and the multiparty detection model parameter sets based on an encryption algorithm, and sending the encrypted party detection model parameters and multiparty detection model parameter sets to a cross-domain trusted learning platform;
S43: setting a local learning factor and a global learning factor according to the model detection accuracy, and carrying out cooperative training on the encrypted square detection model parameter and the multipartite detection model parameter set by the cross-domain trusted learning platform based on the local learning factor and the global learning factor to obtain the software vulnerability characteristic global detection model.
Further, the steps of the application also comprise:
Constructing a software vulnerability operation and maintenance knowledge base, and carrying out matching analysis on the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space;
Performing operation simulation evaluation based on the software vulnerability operation and maintenance knowledge space to obtain software vulnerability operation and maintenance effect information, comparing and optimizing the software vulnerability operation and maintenance effect information, and determining a target software vulnerability operation and maintenance scheme;
and obtaining an operation and maintenance resource configuration table according to the target software vulnerability operation and maintenance scheme, and performing vulnerability operation and maintenance on the target software source code based on the target software vulnerability operation and maintenance scheme according to the operation and maintenance resource configuration table.
Specifically, model parameter collaborative training is performed on the software vulnerability feature detection model of the party and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform, wherein the cross-domain trusted learning platform is a trusted platform for model collaborative learning, and can provide common learning of a plurality of participants under the condition of not sharing original data, so that model learning comprehensiveness is improved. Firstly, respectively extracting model parameters including weights, biases and the like from the square software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain corresponding square detection model parameters and multiparty detection model parameter sets. And then encrypting the party detection model parameters and the multiparty detection model parameter sets based on an encryption algorithm, for example, encrypting the model parameters through an asymmetric encryption algorithm, improving the transmission safety of the model parameters, and sending the encrypted party detection model parameters and multiparty detection model parameter sets to a cross-domain trusted learning platform, thereby effectively ensuring the safety and the integrity of the model parameters.
Setting a local learning factor and a global learning factor according to the model detection accuracy of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set, and distributing learning factor weights to the software vulnerability feature detection models according to the model detection accuracy, wherein the local learning factor is a training decision weight of the software vulnerability feature detection model, the global learning factor is a training decision weight of other multiparty software vulnerability feature detection models, and the model with higher model detection accuracy has larger occupied decision weight, and the corresponding learning factor is correspondingly larger. And the cross-domain trusted learning platform carries out collaborative training on the encrypted square detection model parameter and the multiparty detection model parameter set based on the local learning factor and the global learning factor to obtain a software vulnerability feature global detection model after collaborative learning fusion, and improves the comprehensiveness and accuracy of software vulnerability feature detection.
Performing vulnerability detection and positioning on a target software source code based on the global software vulnerability feature detection model, wherein the target software source code is software source code information to be subjected to vulnerability detection, a corresponding model output result is obtained, namely target software vulnerability feature detection information, and then performing specific position positioning on each vulnerability feature in the target software vulnerability feature detection information to generate a software vulnerability detection positioning result, wherein the software vulnerability detection positioning result comprises description information such as vulnerability type, influence degree, vulnerability cause, vulnerability position and the like, so that developers can conveniently and rapidly position and repair the vulnerability. And constructing a software vulnerability operation and maintenance knowledge base through software operation and maintenance experience data, wherein the software vulnerability operation and maintenance knowledge base is an operation and maintenance solution base aiming at software vulnerability characteristics. And carrying out matching analysis on the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space, wherein the software vulnerability operation and maintenance knowledge space is an operation and maintenance solution set matched with vulnerability characteristics in the software vulnerability detection and positioning result.
And carrying out operation and maintenance simulation evaluation on the basis of the software vulnerability operation and maintenance knowledge space, and carrying out operation and maintenance simulation evaluation on each operation and maintenance solution in the software vulnerability operation and maintenance knowledge space through a computer simulation system to obtain corresponding software vulnerability operation and maintenance effect information. And comparing and optimizing through the software vulnerability operation and maintenance effect information, and determining a target software vulnerability operation and maintenance scheme with the optimal software vulnerability operation and maintenance effect. And obtaining an operation and maintenance resource configuration table corresponding to the target software vulnerability operation and maintenance scheme according to the target software vulnerability operation and maintenance scheme, wherein the operation and maintenance resource configuration table comprises operation and maintenance resource equipment types, quantity, priority and the like. And performing vulnerability operation on the target software source code based on the target software vulnerability operation scheme according to the operation resource configuration table, so as to ensure timeliness and operation efficiency of software vulnerability operation, thereby improving safety and stability of software.
In summary, the vulnerability positioning method and system based on code automatic detection provided by the application have the following technical effects:
The method comprises the steps of capturing a software source code of the party to obtain a software database of the party, performing static analysis and inserting a tracking code to perform vulnerability dynamic tracking, comparing and verifying software static code vulnerability information based on the obtained software dynamic code vulnerability information to obtain a software code vulnerability set of the party, performing detection training on the software code vulnerability set of the party by using a deep neural network structure, constructing a software vulnerability feature detection model of the party, and performing distributed training to obtain a multiparty software vulnerability feature detection model set; and performing model parameter collaborative training on the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a technical scheme that the software vulnerability feature global detection model performs vulnerability detection and positioning on a target software source code to generate a software vulnerability detection positioning result. And further, intelligent automatic scanning and positioning of the software loopholes are realized by combining static analysis and dynamic tracking, the accuracy of the loophole detection and positioning is improved, false alarm and missing report are reduced, the loophole detection period is shortened, and the technical effect of improving the loophole detection efficiency is further achieved.
Embodiment two:
Based on the same inventive concept as the vulnerability positioning method based on automatic code detection in the foregoing embodiment, the present invention also provides a vulnerability positioning system based on automatic code detection, as shown in fig. 3, the system includes:
The static code vulnerability acquisition module 11 is used for capturing the source code of the software of the party to obtain a software database of the party, and performing static analysis on the software database of the party to obtain software static code vulnerability information;
the code vulnerability set obtaining module 12 is configured to insert a tracking code into the software database of the party to perform vulnerability dynamic tracking, obtain software dynamic code vulnerability information, and perform comparison verification on the software static code vulnerability information based on the software dynamic code vulnerability information to obtain a software code vulnerability set of the party;
The distributed training module 13 is configured to perform detection training on the set of software code vulnerabilities by using a deep neural network structure, construct a model for detecting software code vulnerabilities, acquire and obtain a multiparty software database at the same time, perform static analysis and dynamic tracking verification on the multiparty software database to obtain a set of multiparty software code vulnerabilities, and perform distributed training on the set of multiparty software code vulnerabilities to obtain a set of models for detecting the characteristics of multiparty software vulnerabilities;
The vulnerability detection positioning module 14 is configured to perform model parameter collaborative training on the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set based on a cross-domain trusted learning platform to obtain a software vulnerability feature global detection model, perform vulnerability detection and positioning on a target software source code based on the software vulnerability feature global detection model, and generate a software vulnerability detection positioning result.
Further, the system further comprises:
the control element acquisition unit is used for acquiring dynamic tracking control element information, wherein the dynamic tracking control element information comprises tracking code granularity, a data processing mechanism and running environment configuration;
The system comprises a solution space construction unit, a code dynamic tracking unit and a code dynamic tracking unit, wherein the solution space construction unit is used for constructing a code dynamic tracking solution space, and the code dynamic tracking solution space comprises dynamic tracking control element parameters of a software source code and tracking effect data;
The clustering division unit is used for carrying out clustering division on the code dynamic tracking solution space based on the dynamic tracking control element information to generate a code dynamic tracking calibration solution space;
And the dynamic tracking control unit is used for carrying out optimization analysis in the code dynamic tracking calibration solution space by taking the production environment of each software data in the software database of the party as an optimization constraint condition, determining dynamic tracking control parameters and carrying out dynamic tracking control on the software database of the party through the dynamic tracking control parameters.
Further, the system further comprises:
The similarity calculation unit is used for carrying out similarity calculation on the production environment of each piece of software data serving as an optimizing constraint condition and the code dynamic tracking calibration solution space to obtain a code tracking data similarity set;
the memory bank obtaining unit is used for screening data within a preset similarity threshold value based on the code tracking data similarity set to obtain a code dynamic tracking memory bank;
The fitness function generating unit is used for carrying out fitting on the tracking effect data to carry out tracking index extraction, determining a code tracking effect index set and generating a dynamic tracking effect fitness function based on the code tracking effect index set fitting;
And the evaluation optimization unit is used for evaluating and optimizing the code dynamic tracking memory based on the dynamic tracking effect fitness function and determining the dynamic tracking control parameters.
Further, the system further comprises:
The system comprises a correlation factor acquisition unit, a software vulnerability correlation factor generation unit and a restoration unit, wherein the correlation factor acquisition unit is used for acquiring software vulnerability correlation factors, and the software vulnerability correlation factors comprise vulnerability types, influence degrees, vulnerability causes and restoration states;
The decision tree construction unit is used for carrying out information entropy operation comparison on the software vulnerability association factors, determining root node characteristic information and constructing a software vulnerability characteristic decision tree according to the root node characteristic information;
The factor vector identification unit is used for carrying out factor vector identification on each code vulnerability in the software code vulnerability set of the party based on the software vulnerability feature decision tree to obtain a software vulnerability feature vector set;
And the detection training unit is used for performing detection training by using the software vulnerability characteristic vector set as sample data by using a deep neural network structure, and generating the software vulnerability characteristic detection model.
Further, the system further comprises:
The regular term adding unit is used for verifying the accuracy of the software vulnerability feature detection model to obtain detection accuracy, and adding a regular term to a detection evaluation function if the detection accuracy does not reach the standard;
the parameter optimization variable obtaining unit is used for carrying out minimized solution on the detection evaluation function added with the regular term through a gradient descent algorithm to obtain a parameter optimization variable;
and the model parameter configuration unit is used for carrying out model parameter configuration on the software vulnerability feature detection model based on the parameter optimization variables to obtain the software vulnerability feature optimization detection model.
Further, the system further comprises:
The model parameter extraction unit is used for respectively extracting model parameters of the software vulnerability feature detection model and the multiparty software vulnerability feature detection model set to obtain a detection model parameter of the party and a multiparty detection model parameter set;
The encryption processing unit is used for carrying out encryption processing on the party detection model parameter and the multiparty detection model parameter set based on an encryption algorithm, and sending the encrypted party detection model parameter and multiparty detection model parameter set to a cross-domain trusted learning platform;
And the cross-domain trusted learning platform carries out cooperative training on the encrypted square detection model parameter and the multiparty detection model parameter set based on the local learning factor and the global learning factor to obtain the software vulnerability characteristic global detection model.
Further, the system further comprises:
the matching analysis unit is used for constructing a software vulnerability operation and maintenance knowledge base, and carrying out matching analysis on the basis of the software vulnerability detection and positioning result and the software vulnerability operation and maintenance knowledge base to obtain a software vulnerability operation and maintenance knowledge space;
The comparison optimizing unit is used for carrying out operation and maintenance simulation evaluation based on the software vulnerability operation and maintenance knowledge space to obtain software vulnerability operation and maintenance effect information, carrying out comparison optimizing through the software vulnerability operation and maintenance effect information and determining a target software vulnerability operation and maintenance scheme;
And the vulnerability operation and maintenance unit is used for obtaining an operation and maintenance resource configuration table according to the target software vulnerability operation and maintenance scheme, and carrying out vulnerability operation and maintenance on the target software source code based on the target software vulnerability operation and maintenance scheme according to the operation and maintenance resource configuration table.
The foregoing various modifications and specific examples of the code-based automatic detection vulnerability positioning method in the first embodiment of fig. 1 are equally applicable to the code-based automatic detection vulnerability positioning system of this embodiment, and those skilled in the art will be aware of the implementation method of the code-based automatic detection vulnerability positioning system of this embodiment through the foregoing detailed description of the code-based automatic detection vulnerability positioning method, so that, for brevity of description, they will not be described in detail herein.
In addition, the application also provides an electronic device, which comprises a bus, a transceiver, a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the transceiver, the memory and the processor are respectively connected through the bus, and when the computer program is executed by the processor, the processes of the method embodiment for controlling output data are realized, and the same technical effects can be achieved, so that repetition is avoided and redundant description is omitted.
Exemplary electronic device
In particular, referring to FIG. 4, the present application also provides an electronic device comprising a bus 1110, a processor 1120, a transceiver 1130, a bus interface 1140, a memory 1150, and a user interface 1160.
In the present application, the electronic device further includes: computer programs stored on the memory 1150 and executable on the processor 1120, which when executed by the processor 1120, implement the various processes of the method embodiments described above for controlling output data.
A transceiver 1130 for receiving and transmitting data under the control of the processor 1120.
In the present application, bus architecture (represented by bus 1110), bus 1110 may include any number of interconnected buses and bridges, with bus 1110 connecting various circuits, including one or more processors, represented by processor 1120, and memory, represented by memory 1150.
Bus 1110 represents one or more of any of several types of bus structures, including a memory bus and memory controller, a peripheral bus, an accelerated graphics port, a processor, or a local bus using any of a variety of bus architectures. By way of example, and not limitation, such an architecture includes: industry standard architecture buses, micro-channel architecture buses, expansion buses, video electronics standards association, and peripheral component interconnect buses.
Processor 1120 may be an integrated circuit chip with signal processing capabilities. In implementation, the steps of the above method embodiments may be implemented by instructions in the form of integrated logic circuits in hardware or software in a processor. The processor includes: general purpose processors, central processing units, network processors, digital signal processors, application specific integrated circuits, field programmable gate arrays, complex programmable logic devices, programmable logic arrays, micro control units or other programmable logic devices, discrete gates, transistor logic devices, discrete hardware components. The methods, steps and logic blocks disclosed in the present application may be implemented or performed. For example, the processor may be a single-core processor or a multi-core processor, and the processor may be integrated on a single chip or located on multiple different chips.
The processor 1120 may be a microprocessor or any conventional processor. The method steps disclosed in connection with the present application may be performed directly by a hardware decoding processor or by a combination of hardware and software modules in a decoding processor. The software modules may be located in random access memory, flash memory, read only memory, programmable read only memory, erasable programmable read only memory, registers, and the like, as known in the art. The readable storage medium is located in a memory, and the processor reads the information in the memory and, in combination with its hardware, performs the steps of the above method.
Bus 1110 may also connect together various other circuits such as peripheral devices, voltage regulators, or power management circuits, bus interface 1140 providing an interface between bus 1110 and transceiver 1130, all of which are well known in the art. Therefore, the present application will not be further described.
The transceiver 1130 may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. For example: the transceiver 1130 receives external data from other devices, and the transceiver 1130 is configured to transmit the data processed by the processor 1120 to the other devices. Depending on the nature of the computer device, a user interface 1160 may also be provided, for example: touch screen, physical keyboard, display, mouse, speaker, microphone, trackball, joystick, stylus.
It should be appreciated that in the present application, the memory 1150 may further include memory located remotely from the processor 1120, which may be connected to a server through a network. One or more portions of the above-described networks may be an ad hoc network, an intranet, an extranet, a virtual private network, a local area network, a wireless local area network, a wide area network, a wireless wide area network, a metropolitan area network, an internet, a public switched telephone network, a plain old telephone service network, a cellular telephone network, a wireless fidelity network, and combinations of two or more of the foregoing. For example, the cellular telephone network and wireless network may be global system for mobile communications devices, code division multiple access devices, worldwide interoperability for microwave access devices, general packet radio service devices, wideband code division multiple access devices, long term evolution devices, LTE frequency division duplex devices, LTE time division duplex devices, advanced long term evolution devices, general mobile communications devices, enhanced mobile broadband devices, mass machine class communications devices, ultra-reliable low-latency communications devices, and the like.
It should be appreciated that the memory 1150 in the present application can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory. Wherein the nonvolatile memory includes: read-only memory, programmable read-only memory, erasable programmable read-only memory, electrically erasable programmable read-only memory, or flash memory.
The volatile memory includes: random access memory, which serves as an external cache. By way of example, and not limitation, many forms of RAM are available, such as: static random access memory, dynamic random access memory, synchronous dynamic random access memory, double data rate synchronous dynamic random access memory, enhanced synchronous dynamic random access memory, synchronous link dynamic random access memory, and direct memory bus random access memory. The memory 1150 of the electronic device described herein includes, but is not limited to, the memory described above and any other suitable type of memory.
In the present application, memory 1150 stores the following elements of operating system 1151 and application programs 1152: an executable module, a data structure, or a subset thereof, or an extended set thereof.
Specifically, the operating system 1151 includes various device programs, such as: a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks. The applications 1152 include various applications such as: and the media player and the browser are used for realizing various application services. A program for implementing the method of the present application may be included in the application 1152. The application 1152 includes: applets, objects, components, logic, data structures, and other computer apparatus-executable instructions that perform particular tasks or implement particular abstract data types.
In addition, the application also provides a computer readable storage medium, on which a computer program is stored, where the computer program when executed by a processor implements each process of the above-mentioned method embodiment for controlling output data, and the same technical effects can be achieved, and for avoiding repetition, a detailed description is omitted herein.
The foregoing is merely illustrative of the present application, and the present application is not limited thereto, and any person skilled in the art will readily recognize that variations or substitutions are within the scope of the present application. Therefore, the protection scope of the application is subject to the protection scope of the claims.