Search

CN-121981115-A - Method and device for generating vulnerability verification code based on prompt word guidance

CN121981115ACN 121981115 ACN121981115 ACN 121981115ACN-121981115-A

Abstract

The invention relates to a method and a device for generating a vulnerability verification code based on prompt word guidance, wherein the method comprises the steps of obtaining a vulnerability report and verification codes, constructing a training data set after data extraction, training a large language model by adopting the training data set, generating a corresponding vulnerability verification code by guiding the large language model through the prompt words in the training process, selecting the prompt words from a prompt template library, classifying and storing the prompt words according to different vulnerability types in the prompt template library, recording context information corresponding to each prompt word, wherein the context information comprises vulnerability description and expected effects, is used for selecting proper prompt words according to classification and corresponding context information, and inputting the vulnerability information to be verified into the trained large language model to obtain the corresponding vulnerability verification code. Compared with the prior art, the method and the device can conveniently, quickly and accurately select the best matched prompt words for training according to different vulnerability reporting conditions, and improve training efficiency.

Inventors

  • ZHANG WANGJUN
  • ZHU MINJIE
  • SONG YAN
  • JIANG YI
  • ZHU YUNLONG
  • HUANG SONGLIN
  • LV KAIKAI

Assignees

  • 国网上海市电力公司
  • 上海久隆企业管理咨询有限公司

Dates

Publication Date
20260505
Application Date
20251121

Claims (10)

  1. 1. The method for generating the vulnerability verification code based on the guidance of the prompt words is characterized by comprising the following steps of acquiring a vulnerability report and a verification code, and constructing a training data set after data extraction; Training a large language model obtained in advance by adopting the training data set, and guiding the large language model to generate a corresponding vulnerability verification code through a prompt word in the training process, wherein the vulnerability verification code comprises input data and a logic structure required by triggering a vulnerability; the prompting words are selected from a prompting template library, the prompting words are classified and stored in the prompting template library according to different vulnerability types, and context information corresponding to each prompting word is recorded, wherein the context information comprises vulnerability description and expected effects and is used for selecting proper prompting words according to classification and corresponding context information; inputting the vulnerability information to be verified into the trained large language model, obtaining the corresponding vulnerability verification code, and verifying and optimizing the generated vulnerability verification code.
  2. 2. The method for generating a vulnerability verification code based on guidance of prompt words according to claim 1, wherein the structure of the prompt words comprises: An environment setting for initializing a necessary environment; An input construct for constructing input data according to the trigger condition; Execution logic to invoke or simulate user operations to trigger vulnerabilities; And verifying the result to check whether the expected result is achieved.
  3. 3. The method for generating a vulnerability verification code based on guidance of prompt words according to claim 1, wherein the environment setting is performed by setting a login page; the input construction acquires input data by setting a field in the login page; the execution logic is configured in the landing page.
  4. 4. The method for generating a vulnerability verification code based on guidance of prompt words according to claim 1, wherein the database table structure of the prompt template library specifically comprises: the classification and labeling are used for classifying and marking the vulnerability types and the technical stacks applicable to each prompt word; Version control, which is used for defining the version of the prompt word; Context information used for recording background information used by the prompt words; And the feedback mechanism is used for receiving feedback of the user on the effect of the prompt word.
  5. 5. The method for generating a vulnerability verification code based on prompt word guidance of claim 4, wherein the prompt template library comprises: the prompt word library is used for recording main fields of prompt words; The prompt word feedback library is used for recording feedback information of the prompt words; the tag library is used for recording tags; and the prompt word label association table is used for recording the association relation between the prompt word and the label.
  6. 6. The method for generating a vulnerability verification code based on guidance of claim 5, wherein the hint word library comprises unique identifier, associated vulnerability ID, hint word content, expected code language, hint word version number, creation time, last update time, hint word description and status; the cue word feedback library comprises a unique identifier, an associated cue word ID, feedback content, feedback scores and creation time; the prompt word label association table comprises a unique identifier, an associated prompt word ID and an associated label ID; the tag library includes a unique identifier and a tag name.
  7. 7. The method for generating the vulnerability verification code based on the guidance of the prompt words as set forth in claim 1, wherein the data extraction specifically comprises: And extracting key information from the obtained vulnerability report and verification code, and converting the extracted key information into structured data to construct a training data set.
  8. 8. The method for generating the vulnerability verification code based on the guidance of the prompting words according to claim 7, wherein the extracted key information comprises a vulnerability number, a vulnerability type and an attack load triggering the vulnerability; The training data set includes a detailed description of the vulnerability, input data triggering the vulnerability, and expected output results.
  9. 9. The method for generating vulnerability verification codes based on prompt word guidance according to claim 7, wherein in the training process, generating the corresponding vulnerability verification codes by the prompt word guidance large language model specifically comprises: constructing general prompt words of similar tasks according to vulnerability requirements, constructing a local knowledge base of user questions, and constructing vectorization and indexes of the local database; Obtaining actual user questions, comparing the actual user questions with the content of the local knowledge base in similarity, and screening out the content closest to the user questions from the previous k pieces of content as a reference basis; And combining the prompt word of the task of the corresponding type of the user question, the user question and the first k reference bases, and inputting the combined prompt word, the user question and the first k reference bases into the large language model to generate a corresponding vulnerability verification code.
  10. 10. A device for generating a vulnerability verification code based on guidance of a prompt word, comprising a memory and a processor, wherein the memory stores a computer program, and the processor calls the computer program to execute the steps of the method according to any one of claims 1-9.

Description

Method and device for generating vulnerability verification code based on prompt word guidance Technical Field The invention relates to the technical field of data processing, in particular to a method and a device for generating vulnerability verification codes based on prompt word guidance. Background At present, with the rapid development of network technology and the increasing complexity of hacking means, the network security problem is increasingly prominent, and the device firmware loopholes and protocol specification loopholes of a plurality of electric power systems discovered in recent years have higher requirements on network security operation and loophole detection of an electric power monitoring system. The traditional vulnerability scanning technology takes a long time, and accurate confirmation of the vulnerability depends on the expertise of the vulnerability verifier to a great extent. Therefore, the improvement of the network safety protection capability is more important, and an omnibearing and multi-layer network safety protection system is constructed by introducing advanced safety technology and means, so that the safe and stable operation of the power grid is ensured. The invention discloses a source code vulnerability detection method and system based on a large model, wherein the method and system comprise the steps of collecting source code historical data information and constructing a vulnerability data set, preprocessing source codes in the vulnerability data set, converting the preprocessed source codes into token sequences and dividing the token sequences into a training data set and a test data set, constructing a pre-training language large model, performing low-rank self-adaptive processing on each parameter of the pre-training language large model to obtain pre-training data, performing fine tuning training on the pre-training data, inputting prompt word texts and corresponding vulnerability type labels into the pre-training language large model to train, and inputting the test data set into the pre-training language large model to detect the vulnerability information corresponding to the source codes in the test data set. According to the scheme, the source code is subjected to vulnerability detection through the language big model, but further vulnerability analysis is still needed for the detected vulnerability, and a vulnerability analysis tool and a technology thereof in the network security field undergo a development process from manual audit to automation and intellectualization, so that the vulnerability detection and repair efficiency and accuracy are remarkably improved. In this regard, vulnerability verification by automatically generating vulnerability verification code is the most effective means. Disclosure of Invention The invention aims to overcome the defects of the prior art and provide a method and a device for generating a vulnerability verification code based on guidance of prompt words, which are convenient, quick and accurate to select the most matched prompt words for training according to different vulnerability reporting conditions and improve training efficiency. The aim of the invention can be achieved by the following technical scheme: a method for generating vulnerability verification codes based on prompt word guidance comprises the following steps: acquiring a vulnerability report and a verification code, and constructing a training data set after data extraction; Training a large language model obtained in advance by adopting the training data set, and guiding the large language model to generate a corresponding vulnerability verification code through a prompt word in the training process, wherein the vulnerability verification code comprises input data and a logic structure required by triggering a vulnerability; the prompting words are selected from a prompting template library, the prompting words are classified and stored in the prompting template library according to different vulnerability types, and context information corresponding to each prompting word is recorded, wherein the context information comprises vulnerability description and expected effects and is used for selecting proper prompting words according to classification and corresponding context information; inputting the vulnerability information to be verified into the trained large language model, obtaining the corresponding vulnerability verification code, and verifying and optimizing the generated vulnerability verification code. Further, the structure of the prompt word includes: An environment setting for initializing a necessary environment; An input construct for constructing input data according to the trigger condition; Execution logic to invoke or simulate user operations to trigger vulnerabilities; And verifying the result to check whether the expected result is achieved. Further, the environment setting is performed through setting a login page; the input c