检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:秦策
机构地区:[1]花瓣云科技有限公司南京分公司,南京210012
出 处:《科技创新与应用》2025年第12期37-40,共4页Technology Innovation and Application
摘 要:针对当前传统漏洞挖掘方法在大规模代码库和复杂逻辑方面难以应对的问题,该文结合大模型的自然语言处理能力和提示工程技术,研究设计一套静态分析元语,旨在通过引导模型关注关键代码特征,提升漏洞检测的精确度。实验结果显示,与传统方法相比,该技术能大幅减少人工分析成本,并有效提升漏洞发现的准确率。同时,该文在安卓系统上进行方法验证,成功验证其在降低误报率和提高漏洞识别效率方面的显著效果,并挖掘8个零日(0day)漏洞,获得6个CVE漏洞编号。Aiming at the problem that traditional vulnerability mining methods are difficult to cope with in terms of large-scale code bases and complex logic,this paper combines the natural language processing capabilities of large models and prompt engineering technology to research and design a set of static analysis meta language,aiming to guide models to pay attention to key code features and improve the accuracy of vulnerability detection.Experimental results show that compared with traditional methods,this technology can significantly reduce the cost of manual analysis and effectively improve the accuracy of vulnerability discovery.At the same time,this paper verified the method on Android and successfully verified its significant effect in reducing false alarm rates and improving vulnerability identification efficiency.It also mined 80day vulnerabilities and obtained 6 CVE vulnerability numbers.
关 键 词:静态分析 大语言模型 提示工程 自动化 挖掘技术
分 类 号:TP277[自动化与计算机技术—检测技术与自动化装置]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.7