Search

CN-121980568-A - Method and device for generating concept verification code

CN121980568ACN 121980568 ACN121980568 ACN 121980568ACN-121980568-A

Abstract

The invention provides a method for generating a concept verification code, and relates to the technical fields of artificial intelligence and information security. The method includes the steps of processing a first code by using a trained code generation model to output a first concept verification code corresponding to the first code, verifying the first concept verification code by using the trained code verification model, and outputting the first concept verification code when the first concept verification code is verified to be correct by the code verification model. The code generation model is trained based on a first training data set, wherein the first training data set comprises code samples with known vulnerabilities and corresponding concept verification code samples, and the code verification model is trained based on a second training data set, wherein the second training data set comprises the known correct concept verification code samples and the known incorrect concept verification code samples. The invention also provides a device, equipment, storage medium and program product for generating the concept verification code.

Inventors

  • WANG TAO
  • HU XINKANG
  • MENG FANSHUO
  • LIU BEIBEI

Assignees

  • 中国工商银行股份有限公司

Dates

Publication Date
20260505
Application Date
20250624

Claims (11)

  1. 1. A method of generating a concept verification code, comprising: Acquiring a first code; Processing the first code by using a trained code generation model to output a first concept verification code corresponding to the first code; Validating the first concept verification code using the trained code validation model, and Outputting a first concept verification code when the code verification model verifies that the first concept verification code is correct; wherein the code generation model comprises a sequence-to-sequence generation model trained based on a first training data set comprising code samples of known vulnerabilities and corresponding concept verification code samples, and The code verification model is a classification model and is trained based on a second training data set comprising known correct and known incorrect samples of the code verification code.
  2. 2. The method of claim 1, wherein the training process of the code generation model comprises: Performing a first level of training with a first penalty minimization as a goal, wherein the first penalty is a penalty determined based on a deviation between an output of the code generation model and a corresponding sample of concept-verification code in the first training dataset; After the first level training is completed, a second level training is performed on the code generation model based on reinforcement learning.
  3. 3. The method of claim 2, wherein the second level training of the code generation model based on reinforcement learning comprises: And taking the running program of the code sample in the first training data set as an intensive learning environment, and obtaining an intensive learning rewarding function based on the running result of the concept verification code output by the code generation model in the running program of the code sample corresponding to the first training data set.
  4. 4. The method of claim 1, wherein the code generation model includes a first neural network for processing sequence data, a second neural network for processing graph data, and the generation model, wherein processing the first code with the trained code generation model to output a first concept verification code corresponding to the first code includes: Preprocessing the first code to obtain a code sequence and graph structure information of the first code; Inputting a code sequence of the first code to a first neural network for processing sequence data to output a sequence feature of the first code through the first neural network; Inputting the graph structure information of the first code to a second neural network for processing graph data to output the structural features of the first code through the second neural network; inputting the sequence features and the structural features of the first code to a hybrid model to output the comprehensive features of the first code through the hybrid model; Inputting the comprehensive characteristics of the first code to the generation model to output a first concept verification code corresponding to the first code through the generation model; wherein the first neural network, the second neural network, the hybrid model, and the generative model are trained as a whole.
  5. 5. The method of claim 4, wherein, The hybrid model is built by adopting a transducer model, wherein a multi-head self-attention mechanism or a self-adaptive feature fusion mechanism is arranged, or The model parameters of the hybrid model comprise weight parameters corresponding to the sequence characteristics and the structural characteristics.
  6. 6. The method of claim 4, wherein the first neural network is constructed using a two-way long-short term memory network.
  7. 7. The method of claim 4, wherein the graph structure information of the first code includes at least a control flow graph or a data flow graph of the first code.
  8. 8. A concept-verification-code generating apparatus comprising: The acquisition module is used for acquiring the first code; The POC generation module is used for processing the first code by using the trained code generation model so as to output a first concept verification code corresponding to the first code; The POC verification module is used for verifying the first concept verification code by using the trained code verification model, and outputting the first concept verification code when the code verification model verifies that the first concept verification code is correct; wherein the code generation model comprises a sequence-to-sequence generation model trained based on a first training data set comprising code samples of known vulnerabilities and corresponding concept verification code samples, and The code verification model is a classification model and is trained based on a second training data set comprising known correct and known incorrect samples of the code verification code.
  9. 9. An electronic device, comprising: One or more processors; a memory for storing one or more computer programs, Characterized in that the one or more processors execute the one or more computer programs to implement the steps of the method according to any one of claims 1-7.
  10. 10. A computer-readable storage medium, on which a computer program or instructions is stored, which, when executed by a processor, carries out the steps of the method according to any one of claims 1 to 7.
  11. 11. A computer program product comprising a computer program or instructions which, when executed by a processor, implement the steps of the method according to any one of claims 1 to 7.

Description

Method and device for generating concept verification code Technical Field The present invention relates to the field of artificial intelligence, and in particular, to a method, apparatus, device, medium, and program product for generating a concept verification code. Background With the increasing complexity of software systems, code analysis and vulnerability discovery are becoming more and more challenging. Traditional code analysis methods rely mainly on static analysis and dynamic analysis, and although some results are achieved, there are limitations in handling large-scale code libraries and complex vulnerability patterns. In recent years, while some studies have attempted to apply deep learning to code analysis, code analysis tools have limited ability to automatically generate a concept-verifying code (Proof of Concept Code, POC) as a whole, and generally require manual intervention and modification, which is inefficient. Disclosure of Invention In view of the above, the present invention provides a method, apparatus, device, medium, and program product for generating a concept-verifying code that improves the quality of an automatically generated concept-verifying code. In a first aspect of an embodiment of the present invention, a method for generating a concept verification code is provided. The method includes obtaining a first code, processing the first code using a trained code generation model to output a first concept verification code corresponding to the first code, verifying the first concept verification code using the trained code verification model, and outputting the first concept verification code when the code verification model verifies that the first concept verification code is correct. The code generation model comprises a sequence-to-sequence generation model which is obtained by training based on a first training data set, wherein the first training data set comprises code samples with known vulnerabilities and corresponding concept verification code samples, and the code verification model is a classification model which is obtained by training based on a second training data set, and the second training data set comprises the known correct concept verification code samples and the known incorrect concept verification code samples. According to the embodiment of the invention, the training process of the code generation model comprises the steps of carrying out first-level training aiming at first loss minimization, wherein the first loss is determined based on deviation between output of the code generation model and corresponding concept verification code samples in the first training data set, and carrying out second-level training on the code generation model based on reinforcement learning after the first-level training is completed. According to the embodiment of the invention, the second-level training of the code generation model based on reinforcement learning comprises taking the running program of the code sample in the first training data set as the reinforcement learning environment, and obtaining the reinforcement learning rewarding function based on the running result of the concept verification code output by the code generation model in the running program of the corresponding code sample in the first training data set. According to the embodiment of the invention, the code generation model comprises a first neural network for processing sequence data, a second neural network for processing graph data and the generation model, wherein the processing of the first code by the trained code generation model to output a first concept verification code corresponding to the first code comprises preprocessing the first code to obtain a code sequence and graph structure information of the first code, inputting the code sequence of the first code to the first neural network for processing the sequence data to output the sequence feature of the first code through the first neural network, inputting the graph structure information of the first code to the second neural network for processing the graph data to output the structure feature of the first code through the second neural network, inputting the sequence feature and the structure feature of the first code to a hybrid model to output the comprehensive feature of the first code through the hybrid model, inputting the comprehensive feature of the first code to the generation model to output the sequence feature of the first code corresponding to the second code through the generation model, and generating the first concept verification code as a hybrid model. According to the embodiment of the invention, the hybrid model is built by adopting a transducer model, wherein a multi-head self-attention mechanism or a self-adaptive feature fusion mechanism is arranged, or the model parameters of the hybrid model comprise weight parameters corresponding to sequence features and structural features. According to an embodime