CN117540378A - Training method, device and equipment for detection result judgment model - Google Patents

Training method, device and equipment for detection result judgment model Download PDF

Info

Publication number
CN117540378A
CN117540378A CN202311500532.7A CN202311500532A CN117540378A CN 117540378 A CN117540378 A CN 117540378A CN 202311500532 A CN202311500532 A CN 202311500532A CN 117540378 A CN117540378 A CN 117540378A
Authority
CN
China
Prior art keywords
detection result
result
detection
file
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311500532.7A
Other languages
Chinese (zh)
Inventor
王亚平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202311500532.7A priority Critical patent/CN117540378A/en
Publication of CN117540378A publication Critical patent/CN117540378A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application provides a training method, device and equipment for a detection result judgment model, which can be used in the technical field of artificial intelligence. The method comprises the following steps: acquiring a plurality of detection result files, wherein the detection result files comprise static scanning results of all detection items in an application installation package corresponding to the detection result files; determining a detection result file to be selected from a plurality of detection result files, wherein an application installation package corresponding to the detection result file to be selected comprises detection items which are not passed by scanning; acquiring a judging file of each detection result file to be selected, wherein the judging file is used for indicating whether a detection item which is not passed by scanning in the detection result file to be selected is a misjudging item or not; and carrying out machine learning processing on the detection result files to be selected and the judgment files of each detection result file to be selected to generate a detection result judgment model, wherein the detection result judgment model is used for outputting whether the detection items which are not passed by scanning in the detection result files to be judged are erroneous judgment items or not. The method can improve the accuracy of the scanning result.

Description

Training method, device and equipment for detection result judgment model
Technical Field
The embodiment of the application relates to the technical field of artificial intelligence, in particular to a training method, device and equipment for a detection result judgment model.
Background
When the application is subjected to static scanning, a plurality of detection items in the application installation package can be subjected to scanning detection, and detection items which are not passed through the scanning can be considered to be detection items with risks.
At present, due to the scanning rule of the scanning tool, misjudgment exists in the scanning result. Specifically, after research on the scanning result, a developer finds that the detection items which are not passed by partial scanning do not have risks, and the accuracy of the scanning result is poor.
Disclosure of Invention
The embodiment of the application provides a training method, device and equipment for a detection result judging model, and the method can improve the accuracy of a scanning result.
In a first aspect, the present application provides a training method of a detection result determination model, including:
acquiring a plurality of detection result files, wherein each detection result file comprises a static scanning result of each detection item in an application installation package corresponding to the detection result file, and the static scanning result is scanning passing or not scanning passing;
determining a plurality of detection result files to be selected from the plurality of detection result files, wherein an application installation package corresponding to the detection result files to be selected comprises the detection items which are not passed by scanning;
Acquiring a judging file of each detection result file to be selected, wherein the judging file is used for indicating whether the detection item which is not passed by scanning in the detection result files to be selected is a false judging item or not;
and performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate the detection result judgment model, wherein the detection result judgment model is used for outputting whether detection items which are not passed by scanning in the to-be-judged detection result file are misjudgment items or not.
In a possible implementation manner, the machine learning processing is performed on the plurality of to-be-selected detection result files and the determination file of each to-be-selected detection result file, so as to generate the detection result determination model, which includes:
determining a plurality of target detection results according to the plurality of to-be-selected detection result files, wherein a static scanning result corresponding to the target detection results is that scanning fails;
determining a plurality of sample data according to the plurality of target detection results and the judging file of each to-be-selected detection result file, wherein the sample data comprises an application identifier corresponding to the target detection result, a detection item identifier corresponding to the target detection result and a judging result corresponding to the detection item, and the judging result corresponding to the detection item is used for indicating whether the detection item is a misjudging item or not;
And performing machine learning processing on the plurality of sample data to generate the detection result judging model.
In a possible implementation manner, determining a plurality of target detection results according to the plurality of candidate detection result files includes:
identifying a plurality of field values corresponding to static scanning result fields in any one to-be-selected detection result file, wherein the field values are scanning passing or scanning failing;
determining at least one target field value among the plurality of field values, the target field value being that the scan fails;
determining each target field value and a detection item identifier of a detection item corresponding to the target field value as a target detection result;
and determining that the plurality of target detection results comprise at least one target detection result corresponding to each detection result file to be selected.
In a possible implementation manner, determining a plurality of sample data according to the plurality of target detection results and the determination file of each candidate detection result file includes:
determining a target application identifier and a target detection item identifier corresponding to any target detection result;
Determining a target judgment file corresponding to the target detection result according to the target application identifier, wherein the application identifier included in the target judgment file is the same as the target application identifier, and the target judgment file comprises a plurality of judgment results and detection item identifiers corresponding to each judgment result;
determining a judging result corresponding to the target detection result in the target judging file according to the target detection item identifier;
determining that the sample data corresponding to the target detection result comprises the target detection result, an application identifier corresponding to the target detection result and a judging result corresponding to the target detection result; the plurality of sample data comprise sample data corresponding to each target detection result.
In a possible implementation manner, after generating the detection result determination model, the method further includes:
acquiring a plurality of verification sample data, wherein the verification sample data comprises a first application identifier, a detection item identifier of a first detection item and a static scanning result of the first detection item, and the static scanning result of the first detection item is that scanning fails;
for any one verification sample data, verifying the detection result judgment model according to the verification sample data and the judgment result corresponding to the verification sample data to obtain a verification result, wherein the verification result is verification correct or verification error;
And if the verification result is a verification error, correcting the detection result judging model according to the verification result until the accuracy of the detection result judging model is greater than or equal to a preset threshold.
In a possible implementation manner, according to the verification sample data and the determination result corresponding to the verification sample data, verifying the detection result determination model and obtaining a verification result, the method includes:
inputting the verification sample data to the detection result judging model, and obtaining output data, wherein the output data is a misjudgment item or a non-misjudgment item;
and determining a verification result according to the output data and the judgment result corresponding to the verification sample data.
In a possible implementation manner, determining a verification result according to the output data and a determination result corresponding to the verification sample data includes:
if the output data is consistent with the judging result corresponding to the verification sample data, determining that the verification result is correct;
and if the output data is inconsistent with the judging result corresponding to the verification sample data, determining that the verification result is a verification error.
In a second aspect, the present application provides a training apparatus for a detection result determination model, the apparatus including: the device comprises an acquisition module, a determination module and a generation module, wherein,
The acquisition module is used for acquiring a plurality of detection result files, wherein each detection result file comprises a static scanning result of each detection item in an application installation package corresponding to the detection result file, and the static scanning result is scanning passing or not scanning passing;
the determining module is used for determining a plurality of to-be-selected detection result files from the plurality of detection result files, and an application installation package corresponding to the to-be-selected detection result files comprises the detection items which are not passed by scanning;
the acquisition module is further configured to acquire a judgment file of each detection result file to be selected, where the judgment file is used to indicate whether the detection item that is not passed by the scanning in the detection result file to be selected is a false judgment item;
the generating module is used for performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate the detection result judgment model, and the detection result judgment model is used for outputting whether the detection items which are not passed by scanning in the to-be-judged detection result files are erroneous judgment items or not.
In a possible implementation manner, the generating module is specifically configured to,
Determining a plurality of target detection results according to the plurality of to-be-selected detection result files, wherein a static scanning result corresponding to the target detection results is that scanning fails;
determining a plurality of sample data according to the plurality of target detection results and the judging file of each to-be-selected detection result file, wherein the sample data comprises an application identifier corresponding to the target detection result, a detection item identifier corresponding to the target detection result and a judging result corresponding to the detection item, and the judging result corresponding to the detection item is used for indicating whether the detection item is a misjudging item or not;
and performing machine learning processing on the plurality of sample data to generate the detection result judging model.
In a possible implementation manner, the generating module is specifically configured to,
identifying a plurality of field values corresponding to static scanning result fields in any one to-be-selected detection result file, wherein the field values are scanning passing or scanning failing;
determining at least one target field value among the plurality of field values, the target field value being that the scan fails;
determining each target field value and a detection item identifier of a detection item corresponding to the target field value as a target detection result;
And determining that the plurality of target detection results comprise at least one target detection result corresponding to each detection result file to be selected.
In a possible implementation manner, the generating module is specifically configured to,
determining a target application identifier and a target detection item identifier corresponding to any target detection result;
determining a target judgment file corresponding to the target detection result according to the target application identifier, wherein the application identifier included in the target judgment file is the same as the target application identifier, and the target judgment file comprises a plurality of judgment results and detection item identifiers corresponding to each judgment result;
determining a judging result corresponding to the target detection result in the target judging file according to the target detection item identifier;
determining that the sample data corresponding to the target detection result comprises the target detection result, an application identifier corresponding to the target detection result and a judging result corresponding to the target detection result; the plurality of sample data comprise sample data corresponding to each target detection result.
In a possible implementation manner, the generating module is specifically configured to,
Acquiring a plurality of verification sample data, wherein the verification sample data comprises a first application identifier, a detection item identifier of a first detection item and a static scanning result of the first detection item, and the static scanning result of the first detection item is that scanning fails;
for any one verification sample data, verifying the detection result judgment model according to the verification sample data and the judgment result corresponding to the verification sample data to obtain a verification result, wherein the verification result is verification correct or verification error;
and if the verification result is a verification error, correcting the detection result judging model according to the verification result until the accuracy of the detection result judging model is greater than or equal to a preset threshold.
In a possible implementation manner, the generating module is specifically configured to,
inputting the verification sample data to the detection result judging model, and obtaining output data, wherein the output data is a misjudgment item or a non-misjudgment item;
and determining a verification result according to the output data and the judgment result corresponding to the verification sample data.
In a possible implementation manner, the generating module is specifically configured to,
If the output data is consistent with the judging result corresponding to the verification sample data, determining that the verification result is correct;
and if the output data is inconsistent with the judging result corresponding to the verification sample data, determining that the verification result is a verification error.
In a third aspect, the present application provides a training apparatus of a detection result determination model, including: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the method of any one of the first aspects.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions for performing the method of any of the first aspects when executed by a processor.
In a fifth aspect, the present application provides a computer program product comprising a computer program which, when executed by a computer, implements the method according to any of the first aspects.
The training method, the training device and the training equipment for the detection result judging model can acquire a plurality of detection result files; a plurality of detection result files to be selected can be determined in the plurality of detection result files; a judging file of each detection result file to be selected can be obtained; and performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate a detection result judgment model. The detection result judgment model generated by the method can carry out secondary processing on the detection result file and judge whether the detection items which are not passed by the scanning in the detection result file are erroneous judgment items, so that the accuracy of the detection result can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application;
fig. 2 is a flow chart of a training method of a detection result judgment model according to an embodiment of the present application;
FIG. 3 is a flowchart of another training method of a detection result determination model according to an embodiment of the present application;
FIG. 4 is a flowchart of a training method of a detection result determination model according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of a training device for a test result determination model according to an embodiment of the present application
Fig. 6 is a schematic hardware structure diagram of a training device of a detection result determination model according to an embodiment of the present application.
Specific embodiments thereof have been shown by way of example in the drawings and will herein be described in more detail. These drawings and the written description are not intended to limit the scope of the inventive concepts in any way, but to illustrate the concepts of the present application to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present application as detailed in the accompanying claims.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the technical scheme of the application, the related information such as financial data or user data is collected, stored, used, processed, transmitted, provided, disclosed and the like, which accords with the regulations of related laws and regulations and does not violate the popular regulations of the public order.
For ease of understanding, technical terms related to the embodiments of the present application will be first described.
Static scanning: static scanning is an important part of security detection. The static scanning is to automatically scan the static resources of the application, analyze whether the static resources have code risks, known vulnerabilities, malicious codes such as backdoors and the like, have illegal violations, expose the sensitive information of the running logic of the application, and find out potential application safety problems. The static resources comprise codes, third-party controls, residual information and the like.
During static scanning, static resources in the application installation package are scanned and analyzed, and whether the application meets standardization, safety and reliability is verified. And aiming at possible risk types, sequentially analyzing whether risk vulnerabilities exist in the static resources, classifying and summarizing relevant file information with problems, and generating a detection report according to the scanning condition. And the development tester of the application needs to modify and retest the risk content existing in the problem file according to the report content, thereby ensuring the application quality and protecting the information security of the user.
Machine learning: is a science of artificial intelligence, and the main research object in the field is artificial intelligence, in particular, how to improve the performance of specific algorithms in experience learning. Machine learning can automatically refine computer algorithms through experience. The basic goal of machine learning algorithms is to generalize data beyond training samples, i.e., never "seen" before successful interpretation.
For easy understanding, an application scenario according to an embodiment of the present application is described below with reference to fig. 1.
Fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present application. Referring to fig. 1, a plurality of detection items may be included in an application installation package. For example, the plurality of test items may be test item 1, test items 2, … …, and test item n, where n is an integer greater than or equal to 1. The static scanning tool can perform static scanning on the application installation package to obtain a detection result of the installation package.
As shown in fig. 1, the scan result of each detection item may be included in the detection result of the installation package. For example, the scan result of test item 1 is a pass of the scan, the scan result of test item 2 is a fail of the scan, and the scan result of test item n is a fail of the scan … ….
For a test item that is not scanned as a result of the scanning, the test person may consider the test item to be at risk and need to communicate with the application developer to repair the test item at risk.
In the practical implementation process, the static scanning tool may perform static scanning on a plurality of application installation packages. In fig. 1, only static scanning of any application installation package by a static scanning tool is illustrated, and the embodiment of the present application is not limited.
At present, due to the scanning rule of the scanning tool, misjudgment exists in the detection result of the installation package. Specifically, after research on the scanning results of all the detection items, the developer finds that the detection items which are not passed by partial scanning do not have risks, and the accuracy of the detection results is poor.
In view of this, the embodiment of the application provides a training method of a detection result judgment model. In the method, a plurality of to-be-selected detection result files and judgment files corresponding to the to-be-selected detection result files can be learned through a machine learning algorithm so as to generate a detection result judgment model. The detection result file to be selected comprises detection items which are not passed through in scanning, and the judgment file corresponding to the detection result file to be selected is used for indicating whether the detection items which are not passed through in scanning in the detection result file to be selected are false judgment items. The detection result determination model may be used to determine whether a detection item that fails scanning in the detection result file is a false determination item. By the method, the detection result judging model can be generated, and can be used for carrying out secondary processing on the detection result file to judge whether the detection items which are not passed by scanning in the detection result file are erroneous judgment items or not, so that the accuracy of the detection result can be improved.
In addition, through the detection result judging model generated by the training method of the detection result judging model, the false judging items in the scanning result can be reduced after the detection result file is subjected to secondary treatment, so that the communication between a tester and a developer can be reduced, the workload of the tester and the developer is reduced, the manpower resource is saved, the time cost is reduced, and the static scanning efficiency of the application installation package is higher.
The following describes the technical solutions of the present application and how the technical solutions of the present application solve the above technical problems in detail with specific embodiments. The following embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
Fig. 2 is a flowchart of a training method of a detection result determination model according to an embodiment of the present application. The execution subject of the method may be a training system of the detection result determination model, or may be a training device of the detection result determination model provided in the training system of the detection result determination model. The training device of the detection result judging model can be realized by software or by the combination of software and hardware. Referring to fig. 2, the method may include:
S201, a plurality of detection result files are acquired.
The detection result file may include a detection result obtained by performing static scanning on any one of the application installation packages.
Each detection result file can comprise a static scanning result of each detection item in a corresponding application installation package, wherein the static scanning result is scanning passing or scanning failing.
In this embodiment, the training system of the detection result determination model may acquire a plurality of detection result files from the static scanning tool. Alternatively, a plurality of detection result files may be stored in the storage device, and the training system of the detection result determination model may acquire the plurality of detection result files from the storage device. The storage device may be, for example, a memory, a hard disk, a computer, a server, or the like.
S202, determining a plurality of detection result files to be selected from the plurality of detection result files.
In this embodiment, for any one detection result file, the training system of the detection result determination model may determine whether the detection result file includes a scanning result that fails the scanning. If yes, the training system of the detection result judging model can determine that the detection result file is a detection result file to be selected. That is, the application installation package corresponding to the detection result file to be selected includes detection items that have failed scanning.
Illustratively, it is assumed that the plurality of detection result files are detection result file 1, detection result files 2, … …, and detection result file m, where m is an integer greater than or equal to 2. It is assumed that the detection result file 1, the detection result files 2 and … … each include a scanning result that the scanning fails. The training system of the detection result judgment model may determine that the plurality of detection result files are all candidate detection result files.
S203, acquiring a judging file of each candidate detection result file.
The judging file is used for indicating whether the detection item which is not passed by scanning in the detection result file to be selected is a misjudging item.
In this embodiment, the determination file may include an application identifier corresponding to the determination file, detection item identifiers of a plurality of detection items, and a determination result corresponding to each detection item. For any one detection item, the judgment result corresponding to the detection item is used for indicating whether the detection item is a misjudgment item.
In this embodiment, each candidate detection result file may include an application identifier, and each determination file may also include an application identifier. For any one detection result file to be selected, the application identifier included in the detection result file to be selected is the same as the application identifier included in the judgment file corresponding to the detection result to be selected.
The application identifier may be used to uniquely identify an application and the test item identifier may be used to uniquely identify a test item.
Optionally, before the training system of the detection result judgment model obtains the judgment file of the to-be-selected detection result file, a technician may annotate the to-be-selected detection result file to obtain the judgment file corresponding to the to-be-selected detection result file.
S204, performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate a detection result judgment model.
The detection result judging model is used for outputting whether the detection items which are not passed by the scanning in the detection result file to be judged are erroneous judgment items or not.
In this embodiment, the training system of the detection result determination model may take the to-be-selected detection result file as input, may take the determination file of the to-be-selected detection result file as output, and performs machine learning processing on the plurality of to-be-selected detection result files and the determination file of each to-be-selected detection result file to generate the detection result determination model.
The training method of the detection result judgment model provided by the embodiment can acquire a plurality of detection result files; a plurality of detection result files to be selected can be determined in the plurality of detection result files; a judging file of each detection result file to be selected can be obtained; and performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate a detection result judgment model. The detection result judgment model generated by the method can carry out secondary processing on the detection result file and judge whether the detection items which are not passed by the scanning in the detection result file are erroneous judgment items, so that the accuracy of the detection result can be improved.
Based on the embodiment of fig. 2, the following describes the training process of the detection result determination model in detail with reference to fig. 3, so as to further describe the training method of the detection result determination model provided in the embodiment of the present application.
Fig. 3 is a flowchart of another training method of the detection result determination model according to the embodiment of the present application. The execution subject of the method may be a training system of the detection result determination model, or may be a training device of the detection result determination model provided in the training system of the detection result determination model. The training device of the detection result judging model can be realized by software or by the combination of software and hardware. Referring to fig. 3, the method may include:
s301, acquiring a plurality of detection result files.
S302, determining a plurality of candidate detection result files from the plurality of detection result files.
S303, acquiring a judging file of each candidate detection result file.
It should be noted that, the specific implementation manner of S301 to S303 may refer to S201 to S203, which are not described herein.
S304, determining a plurality of target detection results according to the plurality of candidate detection result files.
And the static scanning result corresponding to the target detection result is that the scanning fails.
In this embodiment, for any one to-be-selected detection result file, a target detection result corresponding to the to-be-selected detection result file may be determined. The plurality of target detection results may include a target detection result corresponding to each candidate detection result file.
It should be noted that, according to each candidate detection result file, the method for determining the target detection result corresponding to the candidate detection result file is the same. In the following, a method for determining a target detection result corresponding to a detection result file to be selected according to the detection result file to be selected will be described by taking any detection result file to be selected as an example.
Aiming at any one detection result file to be selected, the training system of the detection result judging model can identify a plurality of field values corresponding to static scanning result fields in the detection result file to be selected, wherein the field values are scanning passing or scanning failing; determining at least one target field value in the plurality of field values, wherein the target field value is that the scanning fails; determining each target field value and the detection item identifier of the detection item corresponding to the target field value as a target detection result; the method comprises the steps of determining a plurality of target detection results to comprise at least one target detection result corresponding to each detection result file to be selected.
Specifically, the training system of the detection result judgment model may screen the to-be-selected detection result file for a field value that fails in scanning, and may determine that any one of the scan results is a field value that fails in scanning and a detection identifier of a corresponding detection item as a target detection result.
For example, assume that a candidate test result file is shown in table 1:
TABLE 1
Detection item Scan results
Test item 1 Scanning through
Detection item 2 Failure to pass by
Detection item 3 Failure to pass by
Detection item 4 Failure to pass by
Detection item 5 Scanning through
As shown in table 1, the candidate detection result file includes the scanning result of the detection item 1, the scanning result of the detection item 2, the scanning result of the detection item 3, the scanning result of the detection item 4, and the scanning result of the detection item 5. The scanning result of the detection item 1 is scanning passing, the scanning result of the detection item 2 is scanning failing, the scanning result of the detection item 3 is scanning failing, the scanning result of the detection item 4 is scanning failing, and the scanning result of the detection item 5 is scanning passing. The training system of the detection result determination model may determine that the detection result file to be selected corresponds to 3 target detection results, where the first target detection result may include a detection item 2 and a failed scan, the second target detection result may include a detection item 3 and a failed scan, and the third target detection result may include a detection item 4 and a failed scan.
S305, determining a plurality of sample data according to a plurality of target detection results and the judgment file of each candidate detection result file.
The sample data comprises a target detection result, an application identifier corresponding to the target detection result and a judgment result corresponding to the detection item, wherein the judgment result corresponding to the detection item is used for indicating whether the detection item is a false judgment item or not.
In this embodiment, the plurality of sample data includes sample data corresponding to each target detection result. The method for determining the sample data corresponding to each target detection result is the same, and a method for determining the sample data will be described below by taking the sample data corresponding to any one target detection result as an example.
Determining a target application identifier and a target detection item identifier corresponding to the target detection result aiming at any target detection result; determining a target judgment file corresponding to the target detection result according to the target application identifier, wherein the application identifier contained in the target judgment file is the same as the target application identifier, and the target judgment file contains a plurality of judgment results and detection item identifiers corresponding to each judgment result; determining a judging result corresponding to the target detection result in the target judging file according to the target detection item identification; determining that sample data corresponding to the target detection result comprises the target detection result, an application identifier corresponding to the target detection result and a judging result corresponding to the target detection result; the plurality of sample data comprise sample data corresponding to each target detection result.
S306, performing machine learning processing on the plurality of sample data to generate a detection result judging model.
In this embodiment, the training system of the detection result determination model may take the target detection result in the sample data and the application identifier corresponding to the target detection result as inputs, and may take the determination result corresponding to the detection item in the sample data as output, and perform machine learning processing on the sample data to generate the detection result determination model.
The training method of the detection result judgment model provided by the embodiment can acquire a plurality of detection result files; a plurality of detection result files to be selected can be determined in the plurality of detection result files; a judging file of each detection result file to be selected can be obtained; a plurality of target detection results can be determined according to a plurality of to-be-selected detection result files; the method comprises the steps that a plurality of sample data can be determined according to a plurality of target detection results and a judging file of each detection result file to be selected; and performing machine learning processing on the plurality of sample data to generate a detection result judging model. The detection result judgment model generated by the method can carry out secondary processing on the detection result file and judge whether the detection items which are not passed by the scanning in the detection result file are erroneous judgment items, so that the accuracy of the detection result can be improved.
Based on any one of the above embodiments, the training method for a detection result determination model provided in the embodiment of the present application may further verify the detection result determination model to improve the accuracy of the detection result determination model. Next, a training method of the detection result determination model provided in the embodiment of the present application will be further described with reference to fig. 4.
Fig. 4 is a flowchart of a training method of a detection result determination model according to another embodiment of the present application. The execution subject of the method may be a training system of the detection result determination model, or may be a training device of the detection result determination model provided in the training system of the detection result determination model. The training device of the detection result judging model can be realized by software or by the combination of software and hardware. Referring to fig. 4, the method may include:
s401, acquiring a plurality of verification sample data.
The verification sample data comprises a first application identifier, a detection item identifier of a first detection item and a static scanning result of the first detection item, wherein the static scanning result of the first detection item is that scanning fails.
In this embodiment, a plurality of verification sample data may be stored in the storage device, and the training system of the detection result determination model may acquire the plurality of verification sample data from the storage device. The storage device may be, for example, a memory, a hard disk, a computer, a server, or the like.
And S402, verifying the detection result judging model according to the verification sample data and judging results corresponding to the verification sample data to obtain verification results, wherein the verification results are verification correctness or verification errors.
If the verification result is that the verification is correct, executing S403;
if the verification result is a verification error, correcting the detection result judgment model according to the verification result, and continuing to execute S402 after the correction is finished.
In this embodiment, according to the verification sample data and the determination result corresponding to the verification sample data, when the detection result determination model is verified and the verification result is obtained, the verification sample data may be input to the detection result determination model, and output data is obtained, where the output data is a misjudgment item or a non-misjudgment item; and determining a verification result according to the output data and the judgment result corresponding to the verification sample data.
The determination result corresponding to the verification sample data may be a determination result marked by a technician on the verification sample data.
In this embodiment, if the output data is consistent with the determination result corresponding to the verification sample data, it is determined that the verification result is correct; if the output data is inconsistent with the judging result corresponding to the verification sample data, determining that the verification result is a verification error.
For example, assuming that the determination result corresponding to the sample data 1 is a non-misjudgment item, and the output data of the detection result determination model is a non-misjudgment item, the verification result is verification correct. Assuming that the judgment result corresponding to the sample data 2 is a misjudgment item, and the output data of the detection result judgment model is a non-misjudgment item, the verification result is a verification error.
S403, judging that the accuracy of the detection result judgment model is larger than or equal to a preset threshold.
If yes, finishing verification;
if not, continuing to execute S402 to verify the detection result judging model through the next verification sample data.
The preset threshold value can be set according to actual needs, and the specific size of the preset threshold value is not limited in this embodiment. For example, the preset threshold may be 70%, 80%, or 90%, etc.
The training method of the detection result judgment model provided by the embodiment can acquire a plurality of verification sample data; the detection result judgment model can be verified according to the verification sample data and the judgment result corresponding to the verification sample data, and a verification result is obtained; if the verification result is that the verification is correct, and the accuracy of the detection result judgment model is greater than or equal to a preset threshold value, the verification can be ended; if the verification result is a verification error, the detection result judgment model can be corrected according to the verification result. By the method, the accuracy of the detection result judging model can be improved, and the accuracy of the detection result can be improved.
Fig. 5 is a schematic structural diagram of a training device for a detection result determination model according to an embodiment of the present application. Referring to fig. 5, the training apparatus 10 of the detection result determination model includes: an acquisition module 11, a determination module 12 and a generation module 13, wherein,
the acquiring module 11 is configured to acquire a plurality of detection result files, where each detection result file includes a static scanning result of each detection item in an application installation package corresponding to the detection result file, and the static scanning result is a scanning pass or a scanning fail;
the determining module 12 is configured to determine a plurality of to-be-selected detection result files from the plurality of detection result files, where an application installation package corresponding to the to-be-selected detection result file includes the detection item that fails to pass the scanning;
the obtaining module 11 is further configured to obtain a determination file of each detection result file to be selected, where the determination file is used to indicate whether the detection item that is not passed by the scanning in the detection result file to be selected is a misjudgment item;
the generating module 13 is configured to perform machine learning processing on the plurality of candidate detection result files and the determination file of each candidate detection result file, and generate the detection result determination model, where the detection result determination model is configured to output whether a detection item that is not passed by a scan in the detection result file to be determined is a misdetermination item.
The training device for the detection result judgment model provided in the embodiment may be used to execute the training method for the detection result judgment model in the above method embodiment, and its implementation principle and technical effects are similar, and are not described here again.
In a possible implementation, the generating module 13 is specifically configured to,
determining a plurality of target detection results according to the plurality of to-be-selected detection result files, wherein a static scanning result corresponding to the target detection results is that scanning fails;
determining a plurality of sample data according to the plurality of target detection results and the judging file of each to-be-selected detection result file, wherein the sample data comprises an application identifier corresponding to the target detection result, a detection item identifier corresponding to the target detection result and a judging result corresponding to the detection item, and the judging result corresponding to the detection item is used for indicating whether the detection item is a misjudging item or not;
and performing machine learning processing on the plurality of sample data to generate the detection result judging model.
In a possible implementation, the generating module 13 is specifically configured to,
identifying a plurality of field values corresponding to static scanning result fields in any one to-be-selected detection result file, wherein the field values are scanning passing or scanning failing;
Determining at least one target field value among the plurality of field values, the target field value being that the scan fails;
determining each target field value and a detection item identifier of a detection item corresponding to the target field value as a target detection result;
and determining that the plurality of target detection results comprise at least one target detection result corresponding to each detection result file to be selected.
In a possible implementation, the generating module 13 is specifically configured to,
determining a target application identifier and a target detection item identifier corresponding to any target detection result;
determining a target judgment file corresponding to the target detection result according to the target application identifier, wherein the application identifier included in the target judgment file is the same as the target application identifier, and the target judgment file comprises a plurality of judgment results and detection item identifiers corresponding to each judgment result;
determining a judging result corresponding to the target detection result in the target judging file according to the target detection item identifier;
determining that the sample data corresponding to the target detection result comprises the target detection result, an application identifier corresponding to the target detection result and a judging result corresponding to the target detection result; the plurality of sample data comprise sample data corresponding to each target detection result.
In a possible implementation, the generating module 13 is specifically configured to,
acquiring a plurality of verification sample data, wherein the verification sample data comprises a first application identifier, a detection item identifier of a first detection item and a static scanning result of the first detection item, and the static scanning result of the first detection item is that scanning fails;
for any one verification sample data, verifying the detection result judgment model according to the verification sample data and the judgment result corresponding to the verification sample data to obtain a verification result, wherein the verification result is verification correct or verification error;
and if the verification result is a verification error, correcting the detection result judging model according to the verification result until the accuracy of the detection result judging model is greater than or equal to a preset threshold.
In a possible implementation, the generating module 13 is specifically configured to,
inputting the verification sample data to the detection result judging model, and obtaining output data, wherein the output data is a misjudgment item or a non-misjudgment item;
and determining a verification result according to the output data and the judgment result corresponding to the verification sample data.
In a possible implementation, the generating module 13 is specifically configured to,
if the output data is consistent with the judging result corresponding to the verification sample data, determining that the verification result is correct;
and if the output data is inconsistent with the judging result corresponding to the verification sample data, determining that the verification result is a verification error.
The training device for the detection result judgment model provided in the embodiment may be used to execute the training method for the detection result judgment model in the above method embodiment, and its implementation principle and technical effects are similar, and are not described here again.
Fig. 6 is a schematic hardware structure diagram of a training device of a detection result determination model according to an embodiment of the present application. Referring to fig. 6, the training apparatus 20 of the detection result determination model may include: a processor 21 and a memory 22, wherein the processor 21 and the memory 22 may communicate; illustratively, the processor 21 and the memory 22 are in communication via a communication bus 23, the memory 22 is configured to store computer-executable instructions, and the processor 21 is configured to invoke the computer-executable instructions in the memory to perform the training method of the detection result determination model shown in any of the above-described method embodiments.
Optionally, the training device 20 of the detection result determination model may further include a communication interface, which may include a transmitter and/or a receiver.
Alternatively, the processor may be a central processing unit (Central Processing Unit, CPU), but may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present application may be embodied directly in a hardware processor or in a combination of hardware and software modules within a processor.
The present application provides a computer-readable storage medium having stored thereon computer-executable instructions; the computer-executable instructions are configured to implement the training method of the detection result determination model according to any of the foregoing embodiments.
Embodiments of the present application provide a computer program product comprising a computer program which, when executed, causes a computer to perform the training method of the detection result determination model described above.
All or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a readable memory. The program, when executed, performs steps including the method embodiments described above; and the aforementioned memory (storage medium) includes: read-only memory (ROM), RAM, flash memory, hard disk, solid state disk, magnetic tape, floppy disk, optical disk, and any combination thereof.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processing unit of a general purpose computer, special purpose computer, embedded processor, or other programmable terminal device to produce a machine, such that the instructions, which execute via the processing unit of the computer or other programmable terminal device, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable terminal device to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable terminal device to cause a series of operational steps to be performed on the computer or other programmable device to produce a computer implemented process such that the instructions which execute on the computer or other programmable device provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various modifications and variations can be made to the embodiments of the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the embodiments of the present application fall within the scope of the claims and the equivalents thereof, the present application is intended to encompass such modifications and variations.
In the present application, the term "include" and variations thereof may refer to non-limiting inclusion; the term "or" and variations thereof may refer to "and/or". The terms "first," "second," and the like in this application are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. In the present application, "plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the disclosed invention. This application is intended to cover any variations, uses, or adaptations of the application following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the application pertains.

Claims (11)

1. The training method of the detection result judgment model is characterized by comprising the following steps of:
Acquiring a plurality of detection result files, wherein each detection result file comprises a static scanning result of each detection item in an application installation package corresponding to the detection result file, and the static scanning result is scanning passing or not scanning passing;
determining a plurality of detection result files to be selected from the plurality of detection result files, wherein an application installation package corresponding to the detection result files to be selected comprises the detection items which are not passed by scanning;
acquiring a judging file of each detection result file to be selected, wherein the judging file is used for indicating whether the detection item which is not passed by scanning in the detection result files to be selected is a false judging item or not;
and performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate the detection result judgment model, wherein the detection result judgment model is used for outputting whether detection items which are not passed by scanning in the to-be-judged detection result file are misjudgment items or not.
2. The method of claim 1, wherein performing machine learning processing on the plurality of candidate test result files and the determination file of each candidate test result file to generate the test result determination model comprises:
Determining a plurality of target detection results according to the plurality of to-be-selected detection result files, wherein a static scanning result corresponding to the target detection results is that scanning fails;
determining a plurality of sample data according to the plurality of target detection results and the judging file of each to-be-selected detection result file, wherein the sample data comprises an application identifier corresponding to the target detection result, a detection item identifier corresponding to the target detection result and a judging result corresponding to the detection item, and the judging result corresponding to the detection item is used for indicating whether the detection item is a misjudging item or not;
and performing machine learning processing on the plurality of sample data to generate the detection result judging model.
3. The method of claim 2, wherein determining a plurality of target test results from the plurality of candidate test result files comprises:
identifying a plurality of field values corresponding to static scanning result fields in any one to-be-selected detection result file, wherein the field values are scanning passing or scanning failing;
determining at least one target field value among the plurality of field values, the target field value being that the scan fails;
Determining each target field value and a detection item identifier of a detection item corresponding to the target field value as a target detection result;
and determining that the plurality of target detection results comprise at least one target detection result corresponding to each detection result file to be selected.
4. A method according to any one of claims 2 or 3, wherein determining a plurality of sample data from the plurality of target detection results and the decision file of each candidate detection result file comprises:
determining a target application identifier and a target detection item identifier corresponding to any target detection result;
determining a target judgment file corresponding to the target detection result according to the target application identifier, wherein the application identifier included in the target judgment file is the same as the target application identifier, and the target judgment file comprises a plurality of judgment results and detection item identifiers corresponding to each judgment result;
determining a judging result corresponding to the target detection result in the target judging file according to the target detection item identifier;
determining that the sample data corresponding to the target detection result comprises the target detection result, an application identifier corresponding to the target detection result and a judging result corresponding to the target detection result; the plurality of sample data comprise sample data corresponding to each target detection result.
5. The method according to any one of claims 1-4, wherein after generating the detection result determination model, the method further comprises:
acquiring a plurality of verification sample data, wherein the verification sample data comprises a first application identifier, a detection item identifier of a first detection item and a static scanning result of the first detection item, and the static scanning result of the first detection item is that scanning fails;
for any one verification sample data, verifying the detection result judgment model according to the verification sample data and the judgment result corresponding to the verification sample data to obtain a verification result, wherein the verification result is verification correct or verification error;
and if the verification result is a verification error, correcting the detection result judging model according to the verification result until the accuracy of the detection result judging model is greater than or equal to a preset threshold.
6. The method according to claim 5, wherein verifying the detection result determination model and obtaining a verification result according to the verification sample data and the determination result corresponding to the verification sample data, comprises:
inputting the verification sample data to the detection result judging model, and obtaining output data, wherein the output data is a misjudgment item or a non-misjudgment item;
And determining a verification result according to the output data and the judgment result corresponding to the verification sample data.
7. The method of claim 6, wherein determining a validation result based on the output data and a determination result corresponding to the validation sample data comprises:
if the output data is consistent with the judging result corresponding to the verification sample data, determining that the verification result is correct;
and if the output data is inconsistent with the judging result corresponding to the verification sample data, determining that the verification result is a verification error.
8. A training device of a detection result judging model is characterized by comprising an acquisition module, a determination module and a generation module, wherein,
the acquisition module is used for acquiring a plurality of detection result files, wherein each detection result file comprises a static scanning result of each detection item in an application installation package corresponding to the detection result file, and the static scanning result is scanning passing or not scanning passing;
the determining module is used for determining a plurality of to-be-selected detection result files from the plurality of detection result files, and an application installation package corresponding to the to-be-selected detection result files comprises the detection items which are not passed by scanning;
The acquisition module is further configured to acquire a judgment file of each detection result file to be selected, where the judgment file is used to indicate whether the detection item that is not passed by the scanning in the detection result file to be selected is a false judgment item;
the generating module is used for performing machine learning processing on the plurality of to-be-selected detection result files and the judgment file of each to-be-selected detection result file to generate the detection result judgment model, and the detection result judgment model is used for outputting whether the detection items which are not passed by scanning in the to-be-judged detection result files are erroneous judgment items or not.
9. A training apparatus for a detection result determination model, comprising: a processor, and a memory communicatively coupled to the processor;
the memory stores computer-executable instructions;
the processor executes computer-executable instructions stored in the memory to implement the method of any one of claims 1 to 7.
10. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any one of claims 1 to 7.
11. A computer program product comprising a computer program which, when executed by a processor, implements the method of any one of claims 1 to 7.
CN202311500532.7A 2023-11-10 2023-11-10 Training method, device and equipment for detection result judgment model Pending CN117540378A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311500532.7A CN117540378A (en) 2023-11-10 2023-11-10 Training method, device and equipment for detection result judgment model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311500532.7A CN117540378A (en) 2023-11-10 2023-11-10 Training method, device and equipment for detection result judgment model

Publications (1)

Publication Number Publication Date
CN117540378A true CN117540378A (en) 2024-02-09

Family

ID=89785409

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311500532.7A Pending CN117540378A (en) 2023-11-10 2023-11-10 Training method, device and equipment for detection result judgment model

Country Status (1)

Country Link
CN (1) CN117540378A (en)

Similar Documents

Publication Publication Date Title
CN109525556B (en) Lightweight method and system for determining protocol bugs in embedded system firmware
CN109101815B (en) Malicious software detection method and related equipment
CN111259399B (en) Method and system for dynamically detecting vulnerability attacks for web applications
CN113032792A (en) System service vulnerability detection method, system, equipment and storage medium
US10069855B1 (en) Automated security analysis of software libraries
CN109643271B (en) Identifying unstable testing
CN115952503B (en) Application safety test method and system fused with black and white ash safety detection technology
CN115391230A (en) Test script generation method, test script penetration method, test script generation device, test penetration device, test equipment and test medium
CN110990295B (en) Verification method and device for test cases and electronic equipment
CN110874475A (en) Vulnerability mining method, vulnerability mining platform and computer readable storage medium
CN113434385A (en) Method and system for automatically generating test case for software model inspection tool
US8365281B2 (en) Determining whether method of computer program is a validator
CN117540378A (en) Training method, device and equipment for detection result judgment model
CN115357894A (en) Application program bug detection method and system with custom verification function
CN108804308B (en) Defect detection method and device for new version program
US20140123113A1 (en) System and a method for analyzing a piece of code
CN115310087A (en) Website backdoor detection method and system based on abstract syntax tree
CN112347479B (en) False alarm correction method, device, equipment and storage medium for malicious software detection
CN115758389A (en) Vulnerability processing result checking method and device, electronic equipment and storage medium
RU168346U1 (en) VULNERABILITY IDENTIFICATION DEVICE
Amankwah et al. Fast bug detection algorithm for identifying potential vulnerabilities in juliet test cases
CN115373984A (en) Code coverage rate determining method and device
CN114064489A (en) Automatic testing method, device, equipment and readable storage medium
CN114077545A (en) Method, device and equipment for acquiring verification data and readable storage medium
CN110633204B (en) Program defect detection method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination