CN-122020665-A - Vulnerability detection method and device, storage medium and electronic equipment

Abstract

The application discloses a vulnerability detection method and device, a storage medium and electronic equipment. The method comprises the steps of obtaining a prompting word template corresponding to a to-be-detected vulnerability type, obtaining a to-be-detected code segment and target vulnerability knowledge corresponding to a target financial system, generating a target prompting word according to the prompting word template, the to-be-detected code segment and the target vulnerability knowledge, and performing vulnerability detection on the target financial system according to the target prompting word through a vulnerability detection model to obtain a vulnerability detection result, wherein the vulnerability detection result is used for representing whether the target financial system has a vulnerability of the to-be-detected vulnerability type. The method and the device solve the problems that in the related technology, the vulnerability detection is realized by relying on the manually maintained rule, and the accuracy of the vulnerability detection is low.

Inventors

• FAN LIHONG
• Hui Xiaojue
• ZHAO KAILUN
• GUO XINRONG

Assignees

• 中国工商银行股份有限公司

Dates

Publication Date

20260512

Application Date

20260130

Claims (10)

1. 1. A vulnerability detection method, comprising: Acquiring a prompting word template corresponding to the type of the vulnerability to be detected; Acquiring a code segment to be detected and target vulnerability knowledge corresponding to a target financial system, and generating a target prompting word according to the prompting word template, the code segment to be detected and the target vulnerability knowledge; And performing vulnerability detection on the target financial system according to the target prompt word through a vulnerability detection model to obtain a vulnerability detection result, wherein the vulnerability detection result is used for representing whether the target financial system has the vulnerability of the vulnerability type to be detected.
2. 2. The method of claim 1, wherein performing vulnerability detection on the target financial system according to the target hint word through a vulnerability detection model to obtain a vulnerability detection result comprises: Processing the target prompt word through an input embedding layer of the vulnerability detection model to obtain an embedded vector representation of the target prompt word; Performing deep semantic analysis according to the embedded vector representation through an encoder layer of the vulnerability detection model to obtain a code feature representation containing context information; Carrying out knowledge enhancement processing on the code feature representation containing the context information through a knowledge fusion layer of the vulnerability detection model to obtain a code feature representation after knowledge enhancement; Decoding the code characteristic representation with the knowledge enhanced through a decoder layer of the vulnerability detection model to obtain vulnerability detection information; And converting the vulnerability detection information through an output layer of the vulnerability detection model to obtain the vulnerability detection result.
3. 3. The method of claim 1, wherein prior to obtaining the code segment to be detected and the target vulnerability knowledge corresponding to the target financial system, the method further comprises: Analyzing the codes of the target financial system, identifying risk functions and generating a risk function list; And acquiring codes of each risk function and sub-functions thereof according to the risk function list, and determining the code segments to be detected according to the codes of each risk function and sub-functions thereof.
4. 4. A method according to claim 3, wherein determining the code segments to be detected based on the codes of each risk function and its sub-functions comprises: comparing the total code length of the codes of each risk function and the sub-functions thereof with a preset threshold value; Taking the codes of each risk function and the sub-functions thereof as the code segments to be detected under the condition that the total code length is smaller than the preset threshold value; and under the condition that the total code length is greater than or equal to the preset threshold value, code slicing is carried out on the codes of each risk function and the sub-functions thereof according to a preset rule, and the code segments to be detected are obtained.
5. 5. The method of claim 1, wherein prior to obtaining the code segment to be detected and the target vulnerability knowledge corresponding to the target financial system, the method further comprises: Retrieving corresponding security development document fragments from a vulnerability knowledge base according to the vulnerability type to be detected and the configuration information of the target financial system; retrieving vulnerability information associated with the vulnerability type to be detected from the vulnerability knowledge base, wherein the vulnerability information at least comprises vulnerability definitions, historical vulnerability cases and a repairing scheme; And determining the target vulnerability knowledge according to the security development document fragment and the vulnerability information.
6. 6. The method of claim 1, wherein prior to obtaining the alert word template corresponding to the type of vulnerability to be detected, the method further comprises: Acquiring preset security development document knowledge and preset vulnerability knowledge, and constructing a vulnerability knowledge base according to the preset security development document knowledge and the preset vulnerability knowledge.
7. 7. The method of claim 1, wherein after obtaining the vulnerability detection result, the method further comprises: And displaying the vulnerability detection result through a target interface.
8. 8. A vulnerability detection apparatus, comprising: The first acquisition unit is used for acquiring a prompt word template corresponding to the type of the vulnerability to be detected; The second acquisition unit is used for acquiring code segments to be detected and target vulnerability knowledge corresponding to the target financial system and generating target prompt words according to the prompt word templates, the code segments to be detected and the target vulnerability knowledge; The first processing unit is used for carrying out vulnerability detection on the target financial system according to the target prompt word through a vulnerability detection model to obtain a vulnerability detection result, wherein the vulnerability detection result is used for representing whether the target financial system has the vulnerability of the vulnerability type to be detected.
9. 9. A computer readable storage medium, characterized in that the computer readable storage medium comprises a stored executable program, wherein the executable program when run controls a device in which the computer readable storage medium is located to perform the vulnerability detection method according to any one of claims 1 to 7.
10. 10. An electronic device, comprising: A memory storing an executable program; a processor for running the program, wherein the program runs to perform the vulnerability detection method of any one of claims 1-7.

Description

Vulnerability detection method and device, storage medium and electronic equipment Technical Field The application relates to the field of financial science and technology, in particular to a vulnerability detection method and device, a storage medium and electronic equipment. Background The financial system is used as a core infrastructure of financial services, and the security and reliability of the financial system are of great importance, so that vulnerability detection on codes of the financial system is of great importance. In the related art, the vulnerability detection method is mainly based on methods such as rules, pattern matching and the like, and relies on manual maintenance rules, so that the accuracy of vulnerability detection is low. Aiming at the problem that the accuracy of vulnerability detection is low when the vulnerability detection is realized by relying on manually maintained rules in the related technology, no effective solution is proposed at present. Disclosure of Invention The application mainly aims to provide a vulnerability detection method and device, a storage medium and electronic equipment, so as to solve the problem that the accuracy of vulnerability detection is low because the vulnerability detection is realized by relying on manually maintained rules in the related technology. In order to achieve the above object, according to one aspect of the present application, there is provided a vulnerability detection method. The method comprises the steps of obtaining a prompt word template corresponding to a type of a vulnerability to be detected, obtaining a code segment to be detected and target vulnerability knowledge corresponding to a target financial system, generating a target prompt word according to the prompt word template, the code segment to be detected and the target vulnerability knowledge, and carrying out vulnerability detection on the target financial system according to the target prompt word through a vulnerability detection model to obtain a vulnerability detection result, wherein the vulnerability detection result is used for representing whether the target financial system has a vulnerability of the type of the vulnerability to be detected. Further, performing vulnerability detection on a target financial system according to target prompt words through a vulnerability detection model to obtain a vulnerability detection result, wherein the vulnerability detection result comprises the steps of processing the target prompt words through an input embedding layer of the vulnerability detection model to obtain embedded vector representations of the target prompt words, performing deep semantic analysis on the encoder layer of the vulnerability detection model according to the embedded vector representations to obtain code feature representations containing context information, performing knowledge enhancement processing on the code feature representations containing the context information through a knowledge fusion layer of the vulnerability detection model to obtain knowledge enhanced code feature representations, performing decoding processing on the knowledge enhanced code feature representations through a decoder layer of the vulnerability detection model to obtain vulnerability detection information, and converting the vulnerability detection information through an output layer of the vulnerability detection model to obtain the vulnerability detection result. Further, before the code segments to be detected and the target vulnerability knowledge corresponding to the target financial system are obtained, the method further comprises the steps of analyzing codes of the target financial system, identifying risk functions, generating a risk function list, obtaining codes of each risk function and sub-functions thereof according to the risk function list, and determining the code segments to be detected according to the codes of each risk function and the sub-functions thereof. Further, determining the code segment to be detected according to the codes of each risk function and the sub-functions thereof comprises comparing the total code length of the codes of each risk function and the sub-functions thereof with a preset threshold value, taking the codes of each risk function and the sub-functions thereof as the code segment to be detected under the condition that the total code length is smaller than the preset threshold value, and slicing the codes of each risk function and the sub-functions thereof according to a preset rule under the condition that the total code length is larger than or equal to the preset threshold value to obtain the code segment to be detected. Further, before the code segments to be detected and the target vulnerability knowledge corresponding to the target financial system are obtained, the method further comprises the steps of searching corresponding security development document segments from a vulnerability knowledge base accord