Search

CN-122021573-A - Vulnerability report generation method and device based on field disambiguation and computer equipment

CN122021573ACN 122021573 ACN122021573 ACN 122021573ACN-122021573-A

Abstract

The application relates to a vulnerability report generation method and device based on field disambiguation and computer equipment. The method comprises the steps of obtaining a vulnerability report to be disambiguated, performing word segmentation and vectorization processing on the vulnerability report to generate input field features corresponding to fields, inputting the input field features and standard field features contained in a preset standard template into a dual-channel attention network, adjusting matching weights between an input field feature sequence and a standard field feature sequence based on topological bias represented by a pre-constructed field dependency graph in the attention weight processing process of the dual-channel attention network, mapping fields in the vulnerability report to standard template fields according to the matching weights, and outputting the disambiguated structured vulnerability report. The method and the device can accurately disambiguate the fields when generating the vulnerability report.

Inventors

  • CHEN LIANG
  • XU ZHONGHAO
  • XIE CHEN

Assignees

  • 上海斗象信息科技有限公司
  • 深圳斗象信息科技有限公司

Dates

Publication Date
20260512
Application Date
20260416

Claims (13)

  1. 1. A vulnerability report generation method based on field disambiguation, the method comprising: acquiring a vulnerability report to be disambiguated, performing word segmentation and vectorization on the vulnerability report, and generating input field characteristics corresponding to the fields; Inputting the input field features and standard field features contained in a preset standard template into a dual-channel attention network, and adjusting matching weights between the input field feature sequence and the standard field feature sequence based on topological bias represented by a pre-constructed field dependency graph in the attention weight processing process in the dual-channel attention network; and mapping the fields in the vulnerability report to standard template fields according to the matching weight, and outputting the disambiguated structured vulnerability report.
  2. 2. The method of claim 1, wherein said adjusting the matching weights between the input field feature sequence and the standard field feature sequence comprises: Determining a base attention weight in the dual channel attention network; extracting topological association parameters between input field features and standard field features from the field dependency graph; the topology correlation parameters are superimposed to the base attention weights to correct the matching weights.
  3. 3. The method of claim 2, wherein said determining a base attention weight in said dual channel attention network comprises: Determining a hidden semantic feature vector contained in the input field features and a standard field feature vector corresponding to the standard field features; Performing projective transformation on the hidden semantic feature vector and the standard field feature vector, and performing dot product operation on the projective transformed hidden semantic feature vector and the standard field feature vector; And scaling the dot product operation result to obtain the basic attention weight.
  4. 4. A method according to claim 3, wherein said superimposing the topology-dependent parameters to the base attention weights to correct the matching weights comprises: Weighting the topology association parameters based on a preset adjustment factor; and superposing the basic attention weight and the weighted topological association parameters to obtain the corrected matching weight.
  5. 5. The method of claim 1, wherein outputting the disambiguated structured vulnerability report comprises: after the mapped fields in the vulnerability report are determined according to the matching weights, detecting the matching states of the text fragments in the vulnerability report through dynamic cursors; if the matching state representation has unmatched text fragments, re-executing the step of inputting the input field features and standard field features contained in a preset standard template into a dual-channel attention network; and if the matching state representation does not have unmatched text fragments, outputting the mapped fields as a disambiguated structured vulnerability report.
  6. 6. The method according to claim 1 or 5, wherein said inputting the input field features and standard field features contained in a preset standard template into a dual channel attention network comprises: Inputting the input field features to a first channel of the dual-channel attention network, and inputting the standard field features to a second channel of the dual-channel attention network; and in the dual-channel attention network, multi-homing prediction is carried out on the same input field feature through a multi-label classification network, so that the input field feature is matched with a plurality of standard field features at the same time.
  7. 7. The method of claim 1, wherein outputting the disambiguated structured vulnerability report comprises: Based on a preset data mapping dictionary, the mapped fields in the vulnerability report are assembled into a standardized format to be used as the disambiguated structured vulnerability report to be output.
  8. 8. The method of claim 1, wherein the performing word segmentation and vectorization on the vulnerability report to generate input field features comprises: carrying out structural analysis on the vulnerability report by adopting an abstract syntax tree, and extracting vulnerability field characteristics associated with security threat; And converting the vulnerability field characteristics into vectorization characteristics through a word vector model, and generating input field characteristics.
  9. 9. The method of claim 1, wherein the field dependency graph is constructed by: acquiring a plurality of historical vulnerability report samples; Analyzing the logic dependency relationship among the fields in each historical vulnerability report; and taking the fields as nodes and the logical dependency relationship among the fields as relationship edges to construct a field dependency relationship graph.
  10. 10. A vulnerability report generation apparatus based on field disambiguation, the apparatus comprising: The input characteristic generating module is used for acquiring a vulnerability report to be disambiguated, performing word segmentation and vectorization on the vulnerability report, and generating input field characteristics corresponding to the fields; the matching weight adjusting module is used for inputting the input field characteristics and standard field characteristics contained in a preset standard template into a dual-channel attention network, and adjusting the matching weight between the input field characteristic sequence and the standard field characteristic sequence based on the topological bias represented by a pre-constructed field dependency graph in the attention weight processing process in the dual-channel attention network; And the vulnerability report output module is used for mapping the fields in the vulnerability report to the standard template fields according to the matching weight and outputting the disambiguated structured vulnerability report.
  11. 11. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 9 when the computer program is executed.
  12. 12. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any of claims 1 to 9.
  13. 13. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, implements the steps of the method of any one of claims 1 to 9.

Description

Vulnerability report generation method and device based on field disambiguation and computer equipment Technical Field The present application relates to the field of computer technologies, and in particular, to a method and apparatus for generating a vulnerability report based on field disambiguation, and a computer device. Background In the field of network security, vulnerability reports are key carriers for transmitting security threat information and evaluating system security among security testers, penetration testers and enterprise security teams. With the increasing level of enterprise informatization, network environments and business architectures become increasingly complex, and enterprises often need to receive vulnerability reports generated from multiple different security vendors, third-party security test platforms, and internal automated scanning tools at the same time. However, there is currently a lack of unified vulnerability reporting template enforcement standards in the industry, and reporting templates of different vendors have significant differences in field naming schemes, data structure organization, and business format definitions. For example, the same semantic meaning may be respectively named as different field names such as "vulnerability harm", "impact level" or "Severity" in report templates of different vendors. The objective state that the field naming is not uniform and the data structure is not compatible directly leads to the fact that the field matching accuracy is greatly limited when an automation system performs external template field alignment and cross-internal system data circulation. Aiming at the technical problems, the related technology generally adopts a manual configuration mode or a partial automatic extraction mode, and establishes a fixed dictionary mapping rule to carry out field screening and matching. However, it is difficult to precisely disambiguate fields when generating vulnerability reports. Disclosure of Invention In view of the foregoing, it is desirable to provide a method, an apparatus, and a computer device for generating a vulnerability report based on field disambiguation, which can accurately disambiguate fields when generating the vulnerability report. In a first aspect, the present application provides a vulnerability report generation method based on field disambiguation, the method comprising: acquiring a vulnerability report to be disambiguated, performing word segmentation and vectorization on the vulnerability report, and generating input field characteristics corresponding to the fields; Inputting input field features and standard field features contained in a preset standard template into a dual-channel attention network, and adjusting matching weights between an input field feature sequence and a standard field feature sequence based on topological bias represented by a pre-constructed field dependency graph in the attention weight processing process in the dual-channel attention network; And mapping the fields in the vulnerability report to standard template fields according to the matching weights, and outputting the disambiguated structured vulnerability report. In one embodiment, adjusting the matching weights between the input field feature sequence and the standard field feature sequence includes: In a dual channel attention network, determining a base attention weight; extracting topological association parameters between input field features and standard field features from the field dependency graph; The topology association parameters are superimposed to the base attention weights to correct the matching weights. In one embodiment, in a dual channel attention network, determining a base attention weight includes: Determining a hidden semantic feature vector contained in the input field features and a standard field feature vector corresponding to the standard field features; Performing projective transformation on the hidden semantic feature vector and the standard field feature vector, and performing dot product operation on the projective transformed hidden semantic feature vector and the standard field feature vector; and scaling the dot product operation result to obtain the basic attention weight. In one embodiment, superimposing the topology-associated parameters to the base attention weights to correct the matching weights includes: weighting topology association parameters based on a preset adjustment factor; and superposing the basic attention weight and the weighted topological association parameters to obtain the corrected matching weight. In one embodiment, outputting the disambiguated structured vulnerability report includes: After the mapped fields in the vulnerability report are determined according to the matching weights, detecting the matching states of the text fragments in the vulnerability report through dynamic cursors; If the matching state representation has unmatched text fragments, re-exec