[go: up one dir, main page]

CN120145397A - Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement - Google Patents

Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement Download PDF

Info

Publication number
CN120145397A
CN120145397A CN202510320737.XA CN202510320737A CN120145397A CN 120145397 A CN120145397 A CN 120145397A CN 202510320737 A CN202510320737 A CN 202510320737A CN 120145397 A CN120145397 A CN 120145397A
Authority
CN
China
Prior art keywords
vulnerability
code
node
language model
tested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202510320737.XA
Other languages
Chinese (zh)
Inventor
苏小红
郑伟宁
陶文鑫
董肇会
魏宏巍
蒋远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Institute of Technology Shenzhen
Original Assignee
Harbin Institute of Technology Shenzhen
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Institute of Technology Shenzhen filed Critical Harbin Institute of Technology Shenzhen
Priority to CN202510320737.XA priority Critical patent/CN120145397A/en
Publication of CN120145397A publication Critical patent/CN120145397A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/36Creation of semantic tools, e.g. ontology or thesauri
    • G06F16/367Ontology
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/22Matching criteria, e.g. proximity measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/042Knowledge-based neural networks; Logical representations of neural networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/0464Convolutional networks [CNN, ConvNet]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/04Architecture, e.g. interconnection topology
    • G06N3/048Activation functions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N5/00Computing arrangements using knowledge-based models
    • G06N5/04Inference or reasoning models

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Software Systems (AREA)
  • Evolutionary Computation (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Biophysics (AREA)
  • Molecular Biology (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Animal Behavior & Ethology (AREA)
  • Databases & Information Systems (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a method for generating vulnerability descriptions and repairing suggestions based on large language model reasoning and retrieval enhancement, which comprises the steps of integrating vulnerability databases such as CWE, CVE and the like and external knowledge sources, constructing a vulnerability knowledge base, providing prompt information of professional knowledge for a large language model, preprocessing codes to be detected by using a code analysis tool, extracting vulnerability knowledge most relevant to the codes to be detected from the vulnerability knowledge base through semantic matching and code matching, generating detailed vulnerability descriptions and repairing suggestions by using the large language model based on relevant vulnerability knowledge obtained in the retrieval enhancement stage, and optimizing a generated result through a thinking chain technology. The invention can quickly generate detailed and targeted bug descriptions and bug repairing suggestions by combining the semantic understanding capability, the retrieval enhancement technology and the reasoning enhancement technology of the large language model, remarkably improves the bug repairing efficiency, can be flexibly applied to the existing bug detection tool, and is suitable for various programming languages and bug types.

Description

Vulnerability description and restoration suggestion generation method based on large language model reasoning and retrieval enhancement
Technical Field
The invention relates to a description and repair suggestion generation method for software vulnerabilities, in particular to a vulnerability description and repair suggestion generation method based on large language model (Large Language Models, LLMs) reasoning and retrieval enhancement.
Background
In modern software development, the security of a software system is critical, and bug fixes are key links for guaranteeing the security of the system. Although vulnerability detection techniques have made significant progress to efficiently identify potential vulnerabilities in software, vulnerability remediation remains a complex and time-consuming process. After obtaining the vulnerability detection result, the developer often needs to spend a great deal of time and effort to analyze the cause of the vulnerability, evaluate the potential influence of the vulnerability, and formulate a reasonable repair strategy. This process places high demands on the experience and skill level of the developer, especially for less experienced developers, vulnerability remediation can be a difficult task.
Existing vulnerability detection tools (e.g., static analysis tools and dynamic analysis tools) can provide basic information about the location, type, and severity of vulnerabilities, but these tools often lack in-depth analysis of vulnerability causes, scope of impact, and repair methods. For example, one SQL injection hole may be due to a developer failing to adequately verify and filter user input, while one buffer overflow hole may be due to a lack of adequate boundary checking in code. The cause of these vulnerabilities is often related to details that the developer ignores in the encoding process, and it is difficult for the developer to determine how to repair them effectively without extensive analysis and understanding. Therefore, after the developer receives the vulnerability warning, a great deal of time and effort are often required to analyze the deep cause of the vulnerability and find an appropriate repair scheme. This process is particularly difficult for less experienced developers. Because of the lack of adequate vulnerability analysis and repair experience, they may not be able to understand the cause of the vulnerability accurately, and may even take erroneous repair measures, resulting in the vulnerability failing to be thoroughly resolved, or introducing new problems. For example, some developers may simply fix SQL injection holes by adding input validation, but ignore other potential injection points, resulting in holes still existing. Similarly, for a buffer overflow vulnerability, the developer may add a boundary check, but fail to properly handle all possible boundary conditions, resulting in that the vulnerability may still be exploited. In addition, the existing bug repair process has the problem of low efficiency. Because repair suggestions provided by vulnerability detection tools tend to be too general or lack of pertinence, developers need to spend a great deal of time reviewing related documents, reference cases, or discussions with other developers to develop reasonable repair strategies. The inefficient repair process not only prolongs the time window of bug repair and increases the time of exposure of the system to security risks, but also may cause delays or errors in the repair process, thereby increasing the security risks of the system.
In order to solve the above-mentioned problems, researchers have recently been exploring the use of artificial intelligence techniques, particularly Natural Language Processing (NLP) techniques, to assist in the repair suggestion generation of vulnerabilities. The large language model is used as a natural language processing technology based on deep learning, and has strong semantic understanding and natural language generating capability. The models can generate richer and more detailed vulnerability descriptions based on the characteristics, the contextual information and the prompt information of the vulnerability, and propose feasible repair suggestions. For example, a large language model may help a developer understand and repair vulnerabilities faster by analyzing contextual information of vulnerabilities, deducing potential causes of vulnerabilities, and generating targeted repair suggestions.
However, while large language models perform well in terms of vulnerability descriptions and repair suggestion generation, their performance is still subject to some limitations. First, the results of the generation of large language models often depend on the quality and coverage of their training data. If certain specific types of vulnerability cases are lacking in the training data, the model may not accurately generate relevant repair suggestions. Second, large language models have limited reasoning capabilities, making it difficult to capture complex logical relationships, especially where the causation and repair logic of vulnerabilities may take different forms in different contexts. Therefore, how to design an inference mechanism so that the model can accurately capture these logical relationships and generate a targeted repair suggestion is still a problem to be solved. In addition, retrieval enhancement techniques (RETRIEVAL-Augmented Generation, RAG) are also introduced into the task of vulnerability restoration suggestion generation. The retrieval enhancement technique improves the accuracy and practicality of the generated content by retrieving relevant information from an external knowledge base and combining it with the generated result of the model. However, existing search enhancement techniques still face some challenges in practical applications. For example, there may be some redundancy or irrelevance of the information extracted from the vulnerability database, and how to design efficient search algorithms to ensure that the extracted information is highly relevant to the description and repair suggestions of the current vulnerability remains a key issue.
Disclosure of Invention
In order to solve the problems of low efficiency and insufficient pertinence of generating vulnerability restoration suggestions in the prior art, the invention provides a vulnerability description and restoration suggestion generation method based on large language model reasoning and retrieval enhancement. For the bug codes detected by the bug detection tool, the method aims to generate detailed and accurate bug descriptions and repairing suggestions by combining semantic understanding capability and retrieval enhancement technology of a large language model so as to assist developers to quickly understand the causes of the bugs and formulate efficient repairing strategies. Specifically, the method utilizes the natural language generation capability of a large language model, combines an inference enhancement technology and a retrieval enhancement technology, extracts context information related to the vulnerability from a global angle, and generates a targeted repair suggestion. The method and the device can be flexibly applied to the existing vulnerability detection tools, and are applicable to various programming languages and vulnerability types.
The invention aims at realizing the following technical scheme:
a vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement comprises the following steps:
step 1, constructing a vulnerability knowledge base:
constructing a structured vulnerability knowledge base for providing prompt information of professional knowledge for a large language model, wherein the vulnerability knowledge base comprises vulnerability definition, vulnerability classification, semantic description, vulnerability restoration suggestion and related context information, and the specific steps are as follows:
step 11, integrating CWE and CVE databases, extracting definitions, types and relevant information of the loopholes, and forming a loophole classification system;
step 12, extracting the vulnerability codes and the corresponding repair patches from an external knowledge source, and enriching the content of a vulnerability knowledge base;
Step 13, generating function semantic description for the vulnerability example codes by using a large language model, and generating a repair suggestion by combining the repair cases in an external knowledge base;
Step 14, storing vulnerability definition, classification, semantic description, repair suggestion and related context information in a structured manner, and generating a code attribute graph of vulnerability example codes by using a code analysis tool;
Step 2, retrieval enhancement phase:
Calculating the similarity between semantic descriptions of codes to be tested and semantic descriptions of vulnerability example codes in a vulnerability knowledge base by using a preliminary screening and fine-ranking model, and screening vulnerability examples related to the semantics of the codes to be tested, wherein the specific steps are as follows:
Preprocessing the input code to be tested, wherein the preprocessing comprises the generation of function semantic description and the extraction of a code attribute graph;
Step 22, matching and searching:
Step 221, respectively obtaining embedded vectors of semantic descriptions of codes to be tested and semantic descriptions of vulnerability examples through a preliminary screening model, calculating semantic matching degree by utilizing cosine similarity, and screening vulnerability examples related to the codes to be tested in terms of semantics through setting a threshold value;
Step 222, after the primary screening is completed, the residual vulnerability code examples enter a fine-ranking model, the fine-ranking model splices semantic descriptions of the codes to be tested with semantic descriptions of the vulnerability examples to form a new input vector, and then the new input vector is sent into a RoBERTa model to obtain matching scores, and the vulnerability examples are ranked according to the matching scores to ensure that the most relevant vulnerability examples are ranked in front;
step 223, in the code matching stage, calculating the similarity between the code to be tested and the vulnerability example by utilizing a twin graph neural network and a weighted graph embedding and matching mechanism;
Step 23, retrieving results:
Integrating semantic matching and code matching results, and extracting vulnerability examples most relevant to the code to be tested, vulnerability descriptions, repairing suggestions and vulnerability related statement information;
step 3, reasoning enhancement stage:
based on the relevant vulnerability knowledge obtained in the retrieval enhancement stage, a detailed vulnerability description and restoration suggestion are generated by using a large language model, and the specific steps are as follows:
step 31, carrying out semantic understanding on the code to be detected by the large language model;
step 32, after the code semantic understanding is completed, the large language model is combined with the vulnerability related sentences to carry out deep analysis on the identified potential vulnerabilities;
step 33, after completing the vulnerability analysis, the large language model generates detailed vulnerability descriptions;
Step 34, on the basis of generating the vulnerability descriptions, the large language model further generates targeted repair suggestions;
and step 4, outputting the generated vulnerability description and the generated repair suggestions to a developer, and enabling the developer to verify and adjust the repair scheme.
Compared with the prior art, the invention has the following advantages:
(1) According to the method, detailed and targeted vulnerability description and repair suggestions can be quickly generated by combining the semantic understanding capability, the retrieval enhancement technology and the reasoning enhancement technology of the large language model, so that the vulnerability repair efficiency is remarkably improved. Compared with the prior art that only simple information of the position and the type of the vulnerability is provided, the method and the device can deeply analyze the cause and the influence of the vulnerability and provide a feasible repairing scheme.
(2) The invention utilizes the reasoning capability and the retrieval enhancement technology of the large language model to realize the intellectualization and automation of vulnerability description and restoration suggestion generation. The developer can automatically generate detailed repair suggestions without manually analyzing the deep cause of the vulnerability, so that the technical threshold of vulnerability repair is reduced.
(3) The retrieval enhancement technology and the reasoning enhancement mechanism have high expandability, and can continuously promote the generation effect along with the updating of the vulnerability knowledge base and the optimization of model training.
Drawings
FIG. 1 is an overall framework diagram of the vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement of the present invention.
Fig. 2 is a hint for semantic understanding of codes in the reasoning enhancement step.
FIG. 3 is a hint for code vulnerability analysis in the inference enhancement step.
FIG. 4 is a hint information for vulnerability description generation in the inference enhancement step.
Fig. 5 is a prompt for the repair advice generation phase in the reasoning enhancement step.
FIG. 6 is an example code and vulnerability description thereof.
FIG. 7 is a vulnerability description generated using only a large language model.
FIG. 8 is a repair suggestion generated using only a large language model.
FIG. 9 is a vulnerability description generated using the large language model of the present invention.
FIG. 10 is a repair suggestion generated using the large language model after the method of the present invention.
Detailed Description
The following description of the present invention is provided with reference to the accompanying drawings, but is not limited to the following description, and any modifications or equivalent substitutions of the present invention should be included in the scope of the present invention without departing from the spirit and scope of the present invention.
The invention provides a vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement, which comprises the following steps of firstly, by integrating vulnerability databases such as CWE, CVE and the like and external knowledge sources, a structured vulnerability knowledge base is constructed, and professional knowledge prompt information is provided for a large language model. And then, preprocessing the code to be detected by using a code analysis tool, and extracting vulnerability knowledge most relevant to the code to be detected from a vulnerability knowledge base through semantic matching and code matching. And finally, based on the relevant vulnerability knowledge obtained in the retrieval enhancement stage, generating detailed vulnerability descriptions and repairing suggestions by using a large language model, and optimizing and generating a result by using a thinking chain technology. As shown in fig. 1, the method specifically comprises the following steps:
step 1, constructing a vulnerability knowledge base:
And constructing a structured vulnerability knowledge base for providing prompt information of professional knowledge for the large language model, wherein the vulnerability knowledge base comprises vulnerability definition, vulnerability classification, semantic description, vulnerability restoration suggestion and related context information. The method comprises the following specific steps:
And 11, integrating CWE (Common Weakness Enumeration) and CVE (Common Vulnerabilities and Exposures) databases, and extracting definitions, types and relevant information of the loopholes to form a loophole classification system.
And step 12, extracting the vulnerability codes and the corresponding repair patches from external knowledge sources such as a vulnerability report, an open source code library, a vulnerability data set provided by the vulnerability related paper, and the like, and enriching the content of the vulnerability knowledge library.
And 13, generating function semantic description for the vulnerability example code by using the large language model, and generating a repair suggestion by combining the repair cases in the external knowledge base.
Step 14, storing vulnerability definition, classification, semantic description, repair suggestion and related context information in a structured manner, and generating a code attribute map of vulnerability example codes by using a code analysis tool (such as Joern) for the subsequent retrieval enhancement stage.
Step 2, retrieval enhancement phase:
And calculating the similarity between the semantic description of the code to be tested and the semantic description of the vulnerability example code in the vulnerability knowledge base by using the preliminary screening and the fine-ranking model, and screening vulnerability examples related to the semantics of the code to be tested. The method comprises the following specific steps:
step 21, preprocessing the code to be detected, namely preprocessing the input code to be detected, wherein the preprocessing mainly comprises two parts, namely generating function semantic description and extracting a code attribute graph, and the specific steps are as follows:
Step 211, generating a function semantic description, namely generating the function semantic description of the code to be tested by utilizing an advanced large language model (such as GPT-4 o), wherein the purpose is to express the function and logic of the code to be tested in a natural language form so as to carry out matching search on the function semantic description of other vulnerability code examples in a vulnerability knowledge base.
Extraction of code Attribute diagram the code Attribute diagram (Yamaguchi F,Golde N,Arp D,Rieck K.Modeling and discovering vulnerabilities with code property graphs.In2014 IEEE symposium on security and privacy 2014May 18(pp.590-604).IEEE.), code Attribute diagram can be extracted by using the code parsing tool Joern to expose the control and data flows of the code, better embodying the structure and execution path of the code.
Step 22, matching and searching:
Step 221, performing preliminary screening by using a preliminary screening model. At this stage the invention sets a threshold value and only examples of vulnerability codes whose semantic match exceeds this threshold value can be preserved. And the preliminary screening model adopts RoBERTa after fine adjustment training, and semantic matching degree is calculated by utilizing cosine similarity by respectively acquiring embedded vectors of semantic descriptions of codes to be tested and semantic descriptions of vulnerability examples. Thus, the loophole examples related to the code to be tested in the semanteme can be screened out quickly. Because the embedded vector of the semantic description of the vulnerability example can be calculated in advance and stored in the vulnerability knowledge base, the calculation efficiency of the preliminary screening model is high, and the method is suitable for large-scale screening of all examples of the knowledge base.
Step 222, after the primary screening is completed, the remaining vulnerability code examples enter the fine-ranking model for ranking. The fine-pitch model is also based on RoBERTa after fine-tuning training, but in a different manner than the primary screening model. The fine-ranking model splices semantic descriptions of the code to be detected and semantic descriptions of the vulnerability examples to form a new input vector, and then the new input vector is sent into the RoBERTa model to obtain matching scores. Finally, the vulnerability examples are ranked according to the matching score, and the most relevant vulnerability examples are guaranteed to be ranked in front. Since the splice vector needs to be re-entered each time the score is calculated, the fine-ranking model is computationally inefficient, but is suitable for ranking the small number of samples that are retained after the prescreening.
In step 223, in the code matching stage, the similarity between the code to be detected and the vulnerability example is calculated by mainly utilizing the neural network of the twin map and the embedding and matching mechanism of the weighted map. The method comprises the following specific steps:
Step 2231, for any statement node v i of the code attribute graph, generates its initial feature vector representation using CodeBERT, denoted as x i.
Step 2232, obtaining node hidden vector representation by using a twin graph neural network, wherein the specific calculation formula is as follows:
Wherein, AndA hidden vector representation obtained by node v i after passing through l-1 and l-layer siamese-GNN, respectively; Is a hidden vector representation of node v j, v j is a neighbor of v i and there is an edge from v j to v i, f is a propagation function of the Siamese-GNN model for collecting neighbor node information to update the state of the current node, and z is an output function for computing the final output feature vector o i of node v i. The calculation modes of f and z are different for different types of Siamese-GNN. The present invention is a general method and is not limited to the type of Siamese-GNN, so only the general formula is given here.
Step 2233, after obtaining the code attribute graph statement node representation of the code to be tested and the vulnerability example, further calculating the final vector representation of the code attribute graph statement node representation and the vulnerability example by adopting a weighted graph embedding mechanism, and calculating the similarity between the code to be tested and the vulnerability example, wherein the specific steps are as follows:
step 22331 for the known vulnerability example code, first calculate weights based on its graph structure to highlight the vulnerability information therein. Specifically, the present invention calculates data-dependent weights and control-dependent weights, denoted by α and β, respectively. For data dependency weights, vulnerability nodes are selected As the root node and is given a weight of α r. If there is a nodeWith the root nodeConnected by at least k data dependent edges, the nodeIs α i=αr·(Lα)k, where L α e (0, 1) is the decay coefficient, controlling the decay rate of the data dependent weights. For control dependent weights, the same is chosenAs the root node, the initial weight is β r. Suppose a nodeThe control dependent weight is β i=βr·(Lβ)k, where lβe (0, 1) is the decay factor of the control dependent weight, which can be connected to the root node by at least k control dependent edges.
By α i and β i, a node can be obtainedThe weight of (2) is calculated as follows:
Wherein, Is a nodeW S is the weight matrix of node set V S and n s is the number of statement nodes in the vulnerability example code.
Then, the final vector representation of the vulnerability example code can be obtained by combining the weights and the node representation matrix, and the calculation formula is as follows:
σ(·)=MaxPool(Relu(Conv(·)))
zs=AVG(MLP(σ(WS*OS)))
Where σ (·) is defined as the one-dimensional convolution layer Conv with maximum pooling MasPool, relu is the activation function, AVG is the average pooling, MLP represents the multi-layer perceptron, O S is the output feature vector set of nodes, and z s is the final vector representation of the vulnerability example code.
Step 22332, for the code to be tested, the present invention assigns weights using the vulnerability information and node attention mechanisms known in the vulnerability example. Specifically, for any node in the code under testSum z s previously obtainedOutput vector of (a)Make connections and input to the linear layer for computationIs a component of the attention of the person, then use the score asWeights are assigned. Finally, the final vector representation of the code to be tested is obtained in the same way as the vulnerability example, and the calculation formula is as follows:
zf=AVG(MLP(σ(WF*OF)))
Wherein, Is a nodeLinear is a full connection layer, W F is the weight matrix of node set V F, n f is the number of statement nodes in the code under test, and z f is the final vector representation of the code under test.
And 22333, calculating the Code similarity code_similarity between the vulnerability example Code and the Code to be tested by using the cosine similarity, wherein the calculation formula is as follows:
and sorting the search results according to the code_similarity.
Step 23, retrieving results:
Integrating semantic matching and code matching results, extracting the most relevant vulnerability examples of the codes to be tested and information such as vulnerability descriptions, repairing suggestions, vulnerability related sentences and the like of the vulnerability examples, and using the information in a subsequent reasoning enhancement stage.
Step 3, reasoning enhancement stage:
Based on the relevant vulnerability knowledge obtained in the retrieval enhancement stage, a detailed vulnerability description and restoration suggestion are generated by using a large language model. The method comprises the following specific steps:
Step 31, in the first step of the reasoning enhancement stage, the large language model needs to perform deep semantic understanding on the code to be tested. This process is not just a surface analysis of the code, but rather requires a comprehensive understanding of the functionality and potential risk of the code in combination with contextual information and vulnerability detection results, while also allowing for the large language model itself to attempt to locate potential security issues. The prompt message designed at this stage of the present invention is shown in fig. 2, in which [ # - # code# - ] is an alternative content where the CODE to be tested needs to be provided.
Step 32, after the code semantic understanding is completed, if the used vulnerability detection tool has vulnerability statement positioning capability, feedback can be performed on the result of one-step vulnerability positioning on the large language model to further optimize the understanding of the large language model on the code to be detected. In addition, the large language model can further conduct deep analysis on the identified potential vulnerabilities in combination with the vulnerability related sentences. Thus, the hint information constructed at this stage of the present invention is shown in FIG. 3. Wherein, # STATEMENTS # is an alternative content, and the vulnerability related sentences located by the vulnerability detection tool can be provided.
Step 33, after completing the vulnerability analysis, the large language model needs to generate detailed vulnerability descriptions. The process not only comprises the summary of basic information of the loopholes, but also needs to combine the retrieved related information to ensure the comprehensiveness and accuracy of the description. The prompt message constructed at this stage of the invention is shown in fig. 4. Wherein, # EXAMPLE CODE# # # and # # EXAMPLE DESCRIPTION # # are replaceable contents, and according to the search enhancement sequencing result, a vulnerability EXAMPLE and a vulnerability description thereof with the highest correlation with the semantics of the CODE to be tested and the highest CODE matching degree are provided.
Based on generating the vulnerability description, the large language model may further generate targeted repair suggestions 34. This process also relies on the deep understanding and analysis of vulnerabilities. The prompt message constructed at this stage of the invention is shown in fig. 5. Wherein, # EXAMPLE CODE# # # and # # FIX RECOMMENDATION # # are replaceable contents, and according to the search enhancement sequencing result, a vulnerability EXAMPLE with the highest correlation with the CODE semantics to be tested and the highest CODE matching degree and a restoration proposal thereof are provided.
And step 4, outputting the generated vulnerability description and the generated repair suggestions to a developer, and enabling the developer to verify and adjust the repair scheme.
Examples:
Taking the code bug shown in fig. 6 as an example, the code bug is marked with a bug statement in front, and the code bug is marked with a patch statement for repairing the bug. The code fragment exposes the portion of the ion_ioctl function that handles the ion_ioc_free command, and also contains the reference vulnerability description. Specifically, the root cause of the vulnerability is that when the ion_ioc_free is called concurrently, multiple threads may access the same ion_handle instance at the same time, resulting in use-after-FREE vulnerability. When the method of the invention is not used, the vulnerability descriptions and repair suggestions generated by the large language model are shown in fig. 7 and 8. From this result, descriptions generated using only large language models are primarily focused on a large number of potential problems in the code, such as mishandling, memory leaks, user input underverification, and the like. Although described more fully, the core problem of the use-after-free vulnerability cannot be accurately identified. Too extensive description, lack of analysis of specific mechanisms of vulnerabilities results in large deviation of the generated vulnerability descriptions from actual conditions. Further, using only a large language model to provide repair suggestions for the code also fails to accurately address the core problem of use-after-free loopholes. After the method of the invention is used, the vulnerability descriptions and the repair suggestions generated by the model are shown in fig. 9 and 10, and from the results, it can be seen that the descriptions generated by the model not only accurately identify the concurrent access problem of the vulnerability, but also analyze the specific mechanism and the potential influence of the use-after-free vulnerability in detail. The description indicates that the ion handle may still be accessed after release, resulting in a memory corruption or security hole. In addition, the model also provides specific repairing measures in detail. It is suggested that access to the ion handle instance should be synchronized by reference counting and mutex locking, ensuring that handles are no longer used by other threads before release. In addition, suggestions have emphasized the importance of verifying its state before operating the handle, and proposed strategies to delay releasing the handle to allow ongoing operations to complete. These measures significantly reduce the risk of use-after-free loopholes, enhancing the overall security of the ION driver. The method combines the advantages of retrieval enhancement and reasoning enhancement, and the generated description is accurate and detailed, so that clear vulnerability understanding and repairing suggestions can be provided for developers.

Claims (7)

1.一种基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述方法包括如下步骤:1. A method for generating vulnerability descriptions and repair suggestions based on large language model reasoning and retrieval enhancement, characterized in that the method comprises the following steps: 步骤1:漏洞知识库构建:Step 1: Vulnerability knowledge base construction: 构建一个结构化的漏洞知识库,用于为大语言模型提供专业知识的提示信息,漏洞知识库包括漏洞的定义、分类、语义描述、修复建议以及相关的上下文信息;Build a structured vulnerability knowledge base to provide professional knowledge prompt information for the large language model. The vulnerability knowledge base includes vulnerability definitions, classifications, semantic descriptions, repair suggestions, and related contextual information. 步骤2:检索增强阶段:Step 2: Retrieval enhancement phase: 利用初筛和精排模型,计算待测代码的语义描述与漏洞知识库中漏洞示例代码的语义描述之间的相似度,筛选和待测代码语义相关的漏洞示例;Using the preliminary screening and refined sorting models, the similarity between the semantic description of the code to be tested and the semantic description of the vulnerability sample code in the vulnerability knowledge base is calculated to screen out vulnerability samples that are semantically related to the code to be tested. 步骤3:推理增强阶段:Step 3: Reasoning enhancement phase: 基于检索增强阶段获得的相关漏洞知识,利用大语言模型生成详细的漏洞描述及修复建议;Based on the relevant vulnerability knowledge obtained in the retrieval enhancement phase, a large language model is used to generate detailed vulnerability descriptions and repair suggestions; 步骤4:将生成的漏洞描述及修复建议输出给开发者,让开发者验证和调整修复方案。Step 4: Output the generated vulnerability description and repair suggestions to the developer, allowing the developer to verify and adjust the repair plan. 2.根据权利要求1所述的基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述步骤1的具体步骤如下:2. According to the method for generating vulnerability description and repair suggestions based on large language model reasoning and retrieval enhancement in claim 1, it is characterized in that the specific steps of step 1 are as follows: 步骤11:整合CWE和CVE数据库,提取漏洞的定义、类型及其相关信息,形成漏洞分类体系;Step 11: Integrate the CWE and CVE databases, extract the definition, type and related information of the vulnerability, and form a vulnerability classification system; 步骤12:从外部知识源中提取漏洞代码和对应的修复补丁,丰富漏洞知识库的内容;Step 12: Extract vulnerability codes and corresponding repair patches from external knowledge sources to enrich the content of the vulnerability knowledge base; 步骤13:利用大语言模型为漏洞示例代码生成函数语义描述,并结合外部知识库中的修复案例生成修复建议;Step 13: Use the large language model to generate function semantic descriptions for the vulnerability sample code, and generate repair suggestions based on the repair cases in the external knowledge base; 步骤14:将漏洞定义、分类、语义描述、修复建议以及相关的上下文信息结构化存储,并利用代码解析工具生成漏洞示例代码的代码属性图。Step 14: The vulnerability definition, classification, semantic description, repair suggestion and related context information are stored in a structured manner, and a code property graph of the vulnerability sample code is generated using a code parsing tool. 3.根据权利要求1所述的基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述步骤2的具体步骤如下:3. According to the method for generating vulnerability description and repair suggestions based on large language model reasoning and retrieval enhancement in claim 1, it is characterized in that the specific steps of step 2 are as follows: 步骤21:待测代码预处理:对输入的待测代码进行预处理,预处理包括函数语义描述的生成和代码属性图的提取;Step 21: Preprocessing of the code to be tested: preprocessing the input code to be tested, including generating function semantic description and extracting code attribute graph; 步骤22:匹配检索:Step 22: Matching search: 步骤221:通过初筛模型分别获取待测代码语义描述和漏洞示例语义描述的嵌入向量,利用余弦相似度计算语义匹配度,通过设定阈值,筛选出与待测代码在语义上相关的漏洞示例;Step 221: Obtain the embedding vectors of the semantic description of the code to be tested and the semantic description of the vulnerability example through the preliminary screening model, calculate the semantic matching degree by using cosine similarity, and screen out the vulnerability examples that are semantically related to the code to be tested by setting a threshold; 步骤222:在初筛完成后,剩余的漏洞代码示例进入精排模型,精排模型将待测代码的语义描述与漏洞示例的语义描述进行拼接,形成一个新的输入向量,然后送入RoBERTa模型中,得到匹配分数,根据匹配分数对漏洞示例进行排序,确保最相关的漏洞示例排在前面;Step 222: After the initial screening is completed, the remaining vulnerability code examples enter the refined ranking model, which concatenates the semantic description of the code to be tested with the semantic description of the vulnerability example to form a new input vector, which is then sent to the RoBERTa model to obtain a matching score. The vulnerability examples are sorted according to the matching score to ensure that the most relevant vulnerability examples are ranked first; 步骤223:在代码匹配阶段,利用孪生图神经网络和加权图嵌入及匹配机制计算待测代码和漏洞示例之间的相似度;Step 223: In the code matching phase, the similarity between the code to be tested and the vulnerability example is calculated using the twin graph neural network and the weighted graph embedding and matching mechanism; 步骤23:检索结果:Step 23: Retrieve Results: 整合语义匹配和代码匹配的结果,提取与待测代码最相关的漏洞示例及其漏洞描述、修复建议、漏洞相关语句信息。Integrate the results of semantic matching and code matching to extract the vulnerability examples most relevant to the code to be tested, as well as their vulnerability descriptions, repair suggestions, and vulnerability-related statement information. 4.根据权利要求3所述的基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述步骤21的具体步骤如下:4. According to the method for generating vulnerability description and repair suggestions based on large language model reasoning and retrieval enhancement in claim 3, it is characterized in that the specific steps of step 21 are as follows: 步骤211:函数语义描述的生成:利用大语言模型,针对待测代码生成其函数语义描述,将待测代码的功能和逻辑以自然语言的形式表达出来,以便后续与漏洞知识库中其他漏洞代码示例的函数语义描述进行匹配检索;Step 211: Generate function semantic description: Generate function semantic description for the code to be tested by using the large language model, and express the function and logic of the code to be tested in the form of natural language, so as to match and retrieve the function semantic description of other vulnerability code examples in the vulnerability knowledge base later; 步骤212:代码属性图的提取:通过使用代码解析工具Joern提取代码属性图。Step 212: Extraction of code property graph: Extract the code property graph by using the code parsing tool Joern. 5.根据权利要求3所述的基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述步骤223的具体步骤如下:5. According to the method for generating vulnerability description and repair suggestions based on large language model reasoning and retrieval enhancement in claim 3, it is characterized in that the specific steps of step 223 are as follows: 步骤2231:对于代码属性图的任意语句节点vi,利用CodeBERT生成其初始的特征向量表示,计作xiStep 2231: For any sentence node v i in the code attribute graph, use CodeBERT to generate its initial feature vector representation, which is counted as x i ; 步骤2232:利用孪生图神经网络获取节点隐藏向量表示,具体计算公式如下:Step 2232: Use the twin graph neural network to obtain the node hidden vector representation. The specific calculation formula is as follows: 其中,分别是节点vi在经过l-1和l层siamese-GNN后获得的隐藏向量表示;是节点vj的隐藏向量表示,vj是vi的邻居,且从vj到vi存在一条边;f是Siamese-GNN模型的传播函数,用于收集邻居节点的信息以更新当前节点的状态;z是输出函数,用于计算节点vi的最终输出特征向量oiin, and are the hidden vector representations of node vi after passing through l-1 and l layers of siamese-GNN respectively; is the hidden vector representation of node vj , vj is a neighbor of vi , and there is an edge from vj to vi ; f is the propagation function of the Siamese-GNN model, which is used to collect information of neighboring nodes to update the state of the current node; z is the output function, which is used to calculate the final output feature vector o i of node vi ; 步骤2233:在获得待测代码和漏洞示例的代码属性图语句节点表示后,采用加权图嵌入机制进一步计算二者的最终向量表示,并计算待测代码和漏洞示例之间的相似度。Step 2233: After obtaining the code attribute graph statement node representations of the code to be tested and the vulnerability example, a weighted graph embedding mechanism is used to further calculate the final vector representations of the two, and calculate the similarity between the code to be tested and the vulnerability example. 6.根据权利要求5所述的基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述步骤2233的具体步骤如下:6. According to the method for generating vulnerability description and repair suggestions based on large language model reasoning and retrieval enhancement in claim 5, it is characterized in that the specific steps of step 2233 are as follows: 步骤22331:对于已知的漏洞示例代码,首先,基于其图结构分别计算数据依赖权重和控制依赖权重,分别用α和β来表示,对于数据依赖权重,选择漏洞节点作为根节点,并赋予其权重为αr,如果存在节点与根节点通过至少k条数据依赖边相连,则该节点的数据依赖权重为αi=αr·(Lα)k,其中Lα∈(0,1)是衰减系数,控制数据依赖权重的衰减速率;对于控制依赖权重,选择为根节点,初始权重为βr,假设节点能通过至少k条控制依赖边与根节点相连,则其控制依赖权重为βi=βr·(Lβ)k,其中Lβ∈(0,1)是控制依赖权重的衰减因子;Step 22331: For the known vulnerability sample code, first, calculate the data dependency weight and control dependency weight based on its graph structure, represented by α and β respectively. For the data dependency weight, select the vulnerability node As the root node, and give it a weight of α r , if there is a node With the root node If the node is connected by at least k data dependency edges, The data dependency weight is α ir ·(L α ) k , where L α ∈(0,1) is the decay coefficient, which controls the decay rate of the data dependency weight. For the control dependency weight, select is the root node, with an initial weight of β r , assuming that node can be connected to the root node through at least k control dependency edges, then its control dependency weight is β ir ·(L β ) k , where L β ∈(0,1) is the attenuation factor of the control dependency weight; 通过αi和βi,获得节点的权重,计算公式如下:Through α i and β i , we can get the node The weight is calculated as follows: 其中,是节点的权重,WS是节点集合VS的权重矩阵,ns是漏洞示例代码中语句节点的数量;in, Is a node , W S is the weight matrix of the node set V S , and n s is the number of statement nodes in the vulnerability sample code; 然后,通过结合权重和节点表示矩阵获得漏洞示例代码的最终向量表示,计算公式如下:Then, the final vector representation of the vulnerability sample code is obtained by combining the weights and the node representation matrix. The calculation formula is as follows: σ(·)=MaxPool(Relu(Conv(·)))σ(·)=MaxPool(Relu(Conv(·))) zs=AVG(MLP(σ(WS*OS)))z s =AVG(MLP(σ(W S *O S ))) 其中,σ(·)定义为带有最大池化MaxPool的一维卷积层Conv,Relu为激活函数,AVG为平均池化,MLP表示多层感知机,OS是节点的输出特征向量集合,zs是漏洞示例代码的最终向量表示;Where σ(·) is defined as a one-dimensional convolutional layer Conv with maximum pooling MaxPool, Relu is the activation function, AVG is average pooling, MLP represents multi-layer perceptron, O S is the output feature vector set of the node, and z s is the final vector representation of the vulnerability sample code; 步骤22332:对于待测代码,利用漏洞示例中已知的漏洞信息和节点注意力机制来分配权重,对于待测代码中的任意节点将先前获得的zs的输出向量进行连接,并输入到线性层中计算的注意力得分,然后用该得分为分配权重,最后,以与漏洞示例相同的方式获得待测代码的最终向量表示,计算公式如下:Step 22332: For the code to be tested, use the known vulnerability information in the vulnerability example and the node attention mechanism to assign weights. For any node in the code to be tested, The previously obtained z s and The output vector Connect and input into the linear layer to calculate The attention score is then used as Assign weights and finally obtain the final vector representation of the code to be tested in the same way as the vulnerability example. The calculation formula is as follows: zf=AVG(MLP(σ(WF*OF)))z f =AVG(MLP(σ(W F *O F ))) 其中,是节点的权重,Linear是一个全连接层,WF是节点集合VF的权重矩阵,nf是待测代码中语句节点的数量,zf是待测代码的最终向量表示;in, Is a node , Linear is a fully connected layer, W F is the weight matrix of the node set V F , n f is the number of statement nodes in the code to be tested, and z f is the final vector representation of the code to be tested; 步骤22333:使用余弦相似度计算漏洞示例代码和待测代码之间的代码相似度Code_similarity,计算公式如下:Step 22333: Use cosine similarity to calculate the code similarity Code_similarity between the vulnerability sample code and the code to be tested. The calculation formula is as follows: 根据Code_similarity对检索结果进行排序。Sort the search results by Code_similarity. 7.根据权利要求1所述的基于大语言模型推理及检索增强的漏洞描述及修复建议生成方法,其特征在于所述步骤3的具体步骤如下:7. According to the method for generating vulnerability description and repair suggestions based on large language model reasoning and retrieval enhancement in claim 1, it is characterized in that the specific steps of step 3 are as follows: 步骤31:大语言模型对待测代码进行语义理解;Step 31: The large language model performs semantic understanding on the code to be tested; 步骤32:在完成代码语义理解后,大语言模型结合漏洞相关语句对识别出的潜在漏洞进行深入分析;Step 32: After completing the semantic understanding of the code, the large language model combines vulnerability-related statements to conduct in-depth analysis of the identified potential vulnerabilities; 步骤33:在完成漏洞分析后,大语言模型生成详细的漏洞描述;Step 33: After completing the vulnerability analysis, the large language model generates a detailed vulnerability description; 步骤34:在生成漏洞描述的基础上,大语言模型进一步生成针对性的修复建议。Step 34: Based on the generated vulnerability description, the large language model further generates targeted repair suggestions.
CN202510320737.XA 2025-03-18 2025-03-18 Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement Pending CN120145397A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202510320737.XA CN120145397A (en) 2025-03-18 2025-03-18 Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202510320737.XA CN120145397A (en) 2025-03-18 2025-03-18 Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement

Publications (1)

Publication Number Publication Date
CN120145397A true CN120145397A (en) 2025-06-13

Family

ID=95955251

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202510320737.XA Pending CN120145397A (en) 2025-03-18 2025-03-18 Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement

Country Status (1)

Country Link
CN (1) CN120145397A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120373474A (en) * 2025-06-26 2025-07-25 上海交通大学 Logical vulnerability knowledge base construction method and device based on large language model, electronic equipment and storage medium
CN120541851A (en) * 2025-07-25 2025-08-26 天津开发区先特网络系统有限公司 A code evaluation and repair method based on large model technology
CN120611390A (en) * 2025-08-11 2025-09-09 杭州孝道科技有限公司 An AI-based vulnerability repair rule generation method and related equipment
CN120611388A (en) * 2025-08-11 2025-09-09 杭州孝道科技有限公司 A method, system and storage medium for generating open source component repair suggestions
CN121051762A (en) * 2025-11-03 2025-12-02 季华实验室 Method, device, equipment and storage medium for detecting cross-package vulnerability of supply chain

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120373474A (en) * 2025-06-26 2025-07-25 上海交通大学 Logical vulnerability knowledge base construction method and device based on large language model, electronic equipment and storage medium
CN120373474B (en) * 2025-06-26 2025-09-02 上海交通大学 Logical vulnerability knowledge base construction method and device based on large language model, electronic equipment and storage medium
CN120541851A (en) * 2025-07-25 2025-08-26 天津开发区先特网络系统有限公司 A code evaluation and repair method based on large model technology
CN120611390A (en) * 2025-08-11 2025-09-09 杭州孝道科技有限公司 An AI-based vulnerability repair rule generation method and related equipment
CN120611388A (en) * 2025-08-11 2025-09-09 杭州孝道科技有限公司 A method, system and storage medium for generating open source component repair suggestions
CN120611388B (en) * 2025-08-11 2025-10-28 杭州孝道科技有限公司 Method, system and storage medium for generating open source component restoration opinion
CN121051762A (en) * 2025-11-03 2025-12-02 季华实验室 Method, device, equipment and storage medium for detecting cross-package vulnerability of supply chain

Similar Documents

Publication Publication Date Title
Meng et al. Improving fault localization and program repair with deep semantic features and transferred knowledge
CN120145397A (en) Vulnerability description and repair suggestion generation method based on large language model reasoning and retrieval enhancement
CN120276718B (en) A multi-modal code automatic generation and optimization system
Haque et al. Action word prediction for neural source code summarization
North et al. Code gradients: Towards automated traceability of llm-generated code
JP2025521113A (en) System and method for search-enhanced patch generation for automatic program repair - Patents.com
CN118094561A (en) Code vulnerability detection method based on code attribute graph learning
Kim Enhancing code clone detection using control flow graphs.
CN119576363A (en) Adaptive code annotation updating method, system, terminal and storage medium
Xu et al. Data quality matters: A case study of obsolete comment detection
CN115098389A (en) REST interface test case generation method based on dependency model
Ahmed et al. Machine learning for software vulnerability detection: a survey
Nadim et al. Evaluating the performance of clone detection tools in detecting cloned co-change candidates
CN114741304B (en) A phased error localization method based on graph neural network
Bouzenia et al. Tracefixer: Execution trace-driven program repair
Khlif et al. A complete traceability methodology between UML diagrams and source code based on enriched use case textual description
CN120371710A (en) Front-end code testing method, system, electronic equipment and storage medium
CN119669034A (en) Code review model training and code review method, device and equipment
CN118940277A (en) A smart contract vulnerability detection method based on feature fusion and deep learning technology
Grafberger et al. Towards Interactively Improving ML Data Preparation Code via" Shadow Pipelines"
Wang et al. WheaCha: A method for explaining the predictions of models of code
Wang et al. Argument-structured justification generation for explainable fact-checking
CN117234908A (en) A method to automatically locate the root cause of defects
Aparicio et al. Natural language to SQL in low-code platforms
Zhang et al. Clone consistent-defect prediction based on deep learning method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination