An abnormal code detection method and system based on artificial intelligence
By employing artificial intelligence methods for multi-level feature analysis and code segmentation, combined with semantic association data and machine learning, the efficiency and accuracy issues of traditional code inspection methods in complex code have been resolved, achieving efficient and accurate code anomaly identification.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ANHUI ZHONGPIN NETWORK TECHNOLOGY CO LTD
- Filing Date
- 2025-10-17
- Publication Date
- 2026-06-23
AI Technical Summary
Traditional code inspection methods struggle to adapt to large and complex code volumes, fail to identify potential anomalies in complex code, and suffer from low processing efficiency and an inability to dynamically adjust anomaly identification rules, leading to inaccurate detection and performance bottlenecks.
By employing artificial intelligence-based methods, multi-level feature analysis is conducted, combining basic and complex grammatical features. Semantic association data and machine learning algorithms are used to generate feature anomaly recognition rules, dynamically adjust anomaly judgment criteria, perform code segmentation and structure graph construction, and identify potential abnormal segments.
It improves the accuracy and efficiency of code detection, can flexibly respond to different types of code anomalies, dynamically adjust detection standards, efficiently process large-scale code libraries, avoid redundant calculations, and improve the applicability and accuracy of detection.
Smart Images

Figure CN121349835B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of code detection technology, specifically to an abnormal code detection method and system based on artificial intelligence. Background Technology
[0002] As programming languages, development frameworks, and tools continue to evolve, the complexity of programs is increasing exponentially. Decades ago, small applications and simple algorithms written by developers were sufficient to find and fix anomalies through manual debugging or basic tools. However, today's application systems are becoming increasingly large and involve increasingly complex technology stacks, making it difficult for traditional code inspection methods to adapt to such a large amount of code and complexity.
[0003] Currently, traditional methods rely heavily on basic syntax analysis, which can typically only detect simple exceptions. They lack a deep understanding of complex code structures and potential problems, easily overlooking some hidden errors or potential performance issues. Furthermore, based on fixed exception recognition rules and thresholds, they cannot be dynamically adjusted according to the characteristics of different code. Therefore, they cannot adapt to different types of code or complex exception patterns, resulting in an inability to provide accurate detection when facing diverse programming environments.
[0004] Furthermore, traditional methods are often inefficient for handling large-scale codebases, especially when dealing with massive code files, where they are prone to performance bottlenecks and difficulty in quickly locating and analyzing abnormal code segments. They often rely on full scans, making it impossible to specifically optimize the code inspection process. Moreover, they typically do not perform intelligent analysis based on the modular structure of the code, but instead directly inspect the code as a whole or in parts. This lack of structured analysis may cause them to miss anomalies in the internal structure of the code and make it difficult to effectively identify potential risks in complex code. Summary of the Invention
[0005] To achieve the above objectives, the present invention provides the following technical solution: an artificial intelligence-based method for detecting abnormal codes, comprising:
[0006] Obtain the code set to be analyzed. The code set to be analyzed includes at least one code segment to be detected. The code set to be analyzed is obtained by segmenting the original code file. The core functional segments in the original code file become at least one code segment to be detected in the code set to be analyzed after segmentation.
[0007] When the syntactic features of at least one code segment to be detected are extended from basic syntactic features to complex syntactic features, the syntactic element sequence and semantic association data obtained at multiple feature levels between basic syntactic features and complex syntactic features are determined; wherein, the semantic association data is generated by code semantic analysis tools, and the syntactic element sequence refers to the set of syntactic units arranged in the order of statements in at least one code segment to be detected.
[0008] Based on the syntactic element sequences and semantic association data obtained under multiple feature levels, determine the feature vector sets corresponding to each of the multiple feature levels;
[0009] Based on multiple feature levels and their corresponding feature vector sets, establish a correlation graph between feature levels and feature vectors;
[0010] Identify the deviation nodes in the correlation graph where feature deviations occur in the feature vector set, and use the feature levels corresponding to the deviation nodes as key feature levels;
[0011] Based on the key feature level, identify at least one potential abnormal segment in the code segment to be detected, wherein the potential abnormal segment matches the feature abnormal range corresponding to the key feature level; based on the potential abnormal segment, determine whether there is code abnormality in the code set to be analyzed.
[0012] Preferably, determining at least one potential anomalous segment in the code segment to be detected based on key feature levels includes:
[0013] Based on the key feature hierarchy, determine the rules for identifying feature anomalies;
[0014] Based on the feature anomaly identification rules, at least one code segment to be detected is screened to obtain potential abnormal segments.
[0015] Preferably, based on the key feature hierarchy, the feature anomaly identification rules are determined, including:
[0016] Based on the preset correspondence between feature levels and anomaly recognition rules, feature anomaly recognition rules corresponding to key feature levels are determined; wherein, the feature anomaly recognition rules are generated based on machine learning algorithms when performing feature learning on historical anomaly code samples; wherein, the preset correspondence indicates a positive correlation between the complexity of feature levels and the precision of feature anomaly recognition rules.
[0017] Preferably, the method further includes:
[0018] Based on the preset correspondence between feature levels and anomaly judgment thresholds, the anomaly judgment thresholds corresponding to each of the multiple feature levels are determined to obtain multiple candidate thresholds.
[0019] Based on the matching relationship between the anomaly detection threshold and the degree of feature deviation, the feature deviation judgment criteria corresponding to each of the multiple candidate thresholds are determined;
[0020] Based on the feature deviation judgment criteria corresponding to each of the multiple candidate thresholds, the target threshold is determined when the feature deviation exceeds the corresponding standard, and the feature anomaly recognition rule is adjusted using the target threshold.
[0021] Preferably, based on potential anomalous fragments, it is determined whether the code set to be analyzed contains code anomalies, including:
[0022] If the number of potentially abnormal segments does not exceed a preset threshold, it is determined that the code set to be analyzed does not contain any code anomalies.
[0023] When the number of potentially abnormal segments exceeds a preset threshold, it is determined that the code set to be analyzed contains code anomalies.
[0024] Preferably, the code set to be analyzed is obtained, including:
[0025] The segmentation parameters of the original code file are determined according to the code size of the original code file, the preset code segment length, and the maximum number of segments.
[0026] The original code file is segmented according to the segmentation parameters to obtain the code set to be analyzed.
[0027] Preferably, the code size of the original code file includes the number of lines of code and the number of functions;
[0028] The step of determining the segmentation parameters of the original code file according to the code size of the original code file, the preset code segment length, and the maximum number of segments includes:
[0029] Obtain the first ratio between the preset code segment length and the number of lines of code, and the second ratio between the preset code segment length and the number of functions;
[0030] Choose one from the first ratio, the second ratio, and the maximum number of segments as the segmentation parameter for the original code file.
[0031] Preferably, the method further includes:
[0032] The original code file is processed using a code structure parsing network to obtain a structural map of the original code file about its code modules;
[0033] Module nodes are extracted from the structure graph to obtain the position of at least one code segment to be detected in the structure graph;
[0034] Based on the position of at least one code segment to be detected in the structure graph, determine the position of at least one code segment to be detected in the original code file.
[0035] Preferably, after determining the location of at least one code segment to be detected in the original code file based on its location in the structure graph, the method further includes:
[0036] Based on the location of at least one code segment to be detected in the original code file and the segmentation parameters, determine the location of at least one code segment to be detected in the code set to be analyzed.
[0037] In response to the presence of a bias node in the association graph where the feature vector set shows a feature deviation, the mapping position of at least one code segment to be detected in the association graph is determined based on the feature association relationship between the bias node and at least one code segment to be detected.
[0038] An artificial intelligence-based anomaly code detection system, applicable to the aforementioned artificial intelligence-based anomaly code detection method, includes:
[0039] The code segmentation unit is used to obtain the code set to be analyzed. The code set to be analyzed includes at least one code segment to be detected. The code set to be analyzed is obtained by segmenting the original code file. The core functional segments in the original code file become at least one code segment to be detected in the code set to be analyzed after segmentation.
[0040] A semantic association unit is used to determine the sequence of grammatical elements and semantic association data obtained at multiple feature levels between basic and complex grammatical features when the grammatical features of at least one code segment to be detected are expanded from basic grammatical features to complex grammatical features; wherein, the semantic association data is generated by code semantic analysis tools, and the sequence of grammatical elements refers to the set of grammatical units arranged in the order of statements in at least one code segment to be detected.
[0041] The feature encoding unit is used to determine the feature vector set corresponding to each of the multiple feature levels based on the sequence of syntactic elements and semantic association data obtained under multiple feature levels.
[0042] The code segmentation unit is used to establish a correlation graph between feature levels and feature vectors based on multiple feature levels and their corresponding feature vector sets.
[0043] The feature filtering unit is used to identify the deviation nodes in the association graph when feature deviations occur in the feature vector set, and to take the feature level corresponding to the deviation node as the key feature level.
[0044] The code detection unit is used to determine at least one potential abnormal segment in the code segment to be detected based on the key feature level, wherein the potential abnormal segment matches the feature abnormal range corresponding to the key feature level; and to determine whether there is code abnormality in the code set to be analyzed based on the potential abnormal segment.
[0045] Compared with the prior art, the beneficial effects of the present invention are:
[0046] This invention, through multi-level feature analysis of code, combined with basic and complex syntactic features, can capture potential anomalies more meticulously. This hierarchical feature vector set and semantic association data enable the system to identify more complex code anomalies, thereby improving detection accuracy. By learning from historical abnormal code samples and combining machine learning algorithms to generate feature anomaly recognition rules, the method can automatically adapt to different types of code anomalies and adjust the anomaly judgment criteria according to different feature levels and thresholds, further optimizing detection performance.
[0047] This invention can intelligently segment code based on the code size, number of functions, and preset segmentation parameters of the original code file. This not only improves analysis efficiency but also facilitates the processing of large and complex code files. Through segmentation, it is easier to locate and analyze potential abnormal segments. By constructing a structural map of the original code file and combining it with module node extraction, the structural relationship of code modules can be presented intuitively. This method helps to analyze the overall architecture of the code and makes it easier to identify potential abnormal code segments.
[0048] This invention achieves adaptive detection by dynamically adjusting anomaly identification rules and judgment criteria through a preset correspondence between feature levels and anomaly judgment thresholds. This allows for flexible handling of different types of code and anomaly situations, further improving the applicability and accuracy of detection. Furthermore, by segmenting the code according to specific parameters and analyzing the characteristics of each code segment, it can not only efficiently process large-scale code libraries, but also effectively avoid redundancy or unnecessary calculations that may occur in traditional methods during the analysis process. Attached Figure Description
[0049] Figure 1 This is a schematic flowchart of the overall method in one embodiment of the present invention;
[0050] Figure 2 This is a schematic diagram of the overall system architecture in one embodiment of the present invention.
[0051] In the diagram: 1. Code segmentation unit; 2. Semantic association unit; 3. Feature encoding unit; 4. Graph modeling unit; 5. Feature selection unit; 6. Code detection unit. Detailed Implementation
[0052] The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.
[0053] Example 1, please refer to Figure 1 This invention provides a technical solution: an artificial intelligence-based method for detecting abnormal codes, comprising:
[0054] S1. Obtain the code set to be analyzed. The code set to be analyzed includes at least one code segment to be detected. The code set to be analyzed is obtained by segmenting the original code file. The core functional segments in the original code file become at least one code segment to be detected in the code set to be analyzed after segmentation.
[0055] S1. When the grammatical features of at least one code segment to be detected are extended from basic grammatical features to complex grammatical features, determine the grammatical element sequence and semantic association data obtained under multiple feature levels between basic grammatical features and complex grammatical features; wherein, the semantic association data is generated by code semantic analysis tools, and the grammatical element sequence refers to the set of grammatical units arranged in the order of statements in at least one code segment to be detected.
[0056] S3. Based on the syntactic element sequences and semantic association data obtained under multiple feature levels, determine the feature vector sets corresponding to each of the multiple feature levels;
[0057] S4. Based on multiple feature levels and the feature vector sets corresponding to each feature level, establish a correlation graph between feature levels and feature vectors;
[0058] S5. Identify the deviation nodes in the correlation graph where feature deviations occur in the feature vector set, and take the feature level corresponding to the deviation node as the key feature level.
[0059] S6. Identify at least one potential abnormal segment in the code segment to be detected based on the key feature level, wherein the potential abnormal segment matches the feature abnormal range corresponding to the key feature level; determine whether there is code abnormality in the code set to be analyzed based on the potential abnormal segment.
[0060] It should be noted that the code set to be analyzed is obtained by segmenting the original code file, with each segment called the code segment to be detected. These code segments typically represent certain functional fragments in the original code, or parts that need to be focused on during code analysis. When analyzing the code segments to be detected, the analyst will gradually expand these features from basic syntax features to complex syntax features. Basic syntax features may include keywords, operators, and control flow structures (such as if, for loops, etc.). Complex syntax features may involve higher-level language structures, such as functions, classes, exception handling, etc. Between these levels, the analysis tool will extract sequences of syntax elements, that is, syntax units arranged in sequence in the code (such as identifiers, operators, keywords, etc.), and obtain semantic association data through semantic analysis tools, that is, analyze the semantic relationships between various code units.
[0061] By analyzing the syntactic element sequences and semantic association data of each feature level, the tool generates corresponding feature vector sets. Each feature vector represents a specific syntactic and semantic feature at a certain level, helping to further understand the behavior and structure of the code. The relationship between all feature levels and their corresponding feature vector sets is represented by an association graph. This graph helps track the connections between different feature levels and understand how which syntactic and semantic features are related to each other. During the analysis of the feature vector sets, the system looks for feature deviations, i.e., significant differences between feature values and expected values at certain feature levels. These deviations may indicate potential code problems or anomalies. When certain nodes (representing feature vectors) in the association graph show deviations, the feature levels corresponding to these nodes are considered critical feature levels. These levels may contain hints of anomalies or errors.
[0062] Based on the key feature hierarchy, the system identifies potential abnormal segments. These abnormal segments match the feature abnormal range of the key feature hierarchy and may be potential errors or abnormal logic in the code. Finally, the system determines whether there are code abnormalities in the code set to be analyzed based on these potential abnormal segments. If a potential abnormal segment is found to match a known abnormal pattern, the system will warn of the possible code abnormality and prompt the developer to make corrections.
[0063] In an optional embodiment, determining at least one potential anomalous segment in the code segment to be detected based on a key feature hierarchy includes:
[0064] Based on the key feature hierarchy, determine the rules for identifying feature anomalies;
[0065] Based on the feature anomaly identification rules, at least one code segment to be detected is screened to obtain potential abnormal segments.
[0066] It's important to note that in code analysis, key feature levels refer to those layers that play a crucial role in the structure, logic, or behavior of the code. These feature levels help us divide the code into different parts, thereby more efficiently identifying potential errors or problems. Typically, these levels include: Syntax level: involving the basic structure of the language, such as keywords, operators, and function calls; Semantic level: involving the actual logic and business rules of the code, such as whether variables are correctly initialized before use and whether functions return results as expected; Performance level: focusing on the execution efficiency of the code, such as algorithm complexity and resource usage; Security level: involving whether the code is vulnerable to attacks or abuse, such as SQL injection and buffer overflows.
[0067] After determining the key feature levels, the next step is to define feature anomaly identification rules for each level. These rules help us determine whether a code segment violates certain specifications or whether certain features exhibit abnormal behavior. Rules can be based on experience, programming language standards, or specific business logic requirements. For example: syntax-level rules detect syntax errors, such as whether variables are defined or parentheses are matched; semantic-level rules detect whether variables are used correctly, whether function calls are expected, and whether there are potential division-by-zero errors; performance-level rules detect, for example, whether there are redundant calculations or unnecessary complex operations within loops; and security-level rules detect whether unvalidated user input is directly passed to SQL queries. Once the feature anomaly identification rules are defined, the next task is to filter the code segments to be inspected. That is, the system will check the code according to the rules and mark those parts that may violate the rules; these marked parts are potential anomaly segments.
[0068] In an optional embodiment, determining feature anomaly identification rules based on key feature levels includes:
[0069] Based on the preset correspondence between feature levels and anomaly recognition rules, feature anomaly recognition rules corresponding to key feature levels are determined; wherein, the feature anomaly recognition rules are generated based on machine learning algorithms when performing feature learning on historical anomaly code samples; wherein, the preset correspondence indicates a positive correlation between the complexity of feature levels and the precision of feature anomaly recognition rules.
[0070] It's important to note that in code analysis, feature levels represent different dimensions or depths of code analysis standards. For example, feature levels can be defined from multiple dimensions such as syntax, semantics, performance, and security. These levels help us understand the quality, logic, performance, and security of code from different perspectives. Feature anomaly identification rules are specifications that refine and specify these feature levels. Their role is to help developers and automation tools identify potential problems in the code. For example, at the syntax level, an anomaly rule might be "detecting missing parentheses"; at the semantic level, an anomaly rule might be "variables not initialized before use"; and at the security level, an anomaly rule might be "user input not sanitized."
[0071] These anomaly identification rules are not manually written, but derived through analysis and learning from a large number of historical code samples. Machine learning algorithms are used in the following steps: Data collection: First, a large number of historical anomaly code samples need to be collected, including known errors, potential vulnerabilities, performance issues, etc.; Feature extraction: Then, various features are extracted from these code samples, such as code structure, variable usage, function call order, input and output, etc.; Model learning: Based on these features, machine learning algorithms (such as classification models, clustering models, etc.) can automatically identify which features are closely related to anomalies in the code, thereby generating rules; these rules may include "if a certain condition is met, there may be a potential problem"; Model optimization: As new anomaly samples are added, the model will be continuously adjusted and optimized, gradually improving the accuracy and generalization ability of the rules.
[0072] Here, the pre-defined correspondence refers to the relationship between the complexity of the feature level and the granularity of the anomaly recognition rules. Specifically, the more complex the feature level, the more granular the anomaly recognition rules. The complexity of the feature level is the depth of the code problem; for example, a simple syntax error may only involve some basic structural issues, while complex security vulnerabilities or performance bottlenecks may require multi-level and multi-dimensional analysis of the code. The granularity of the anomaly recognition rules refers to the degree of granularity of the anomaly rules themselves; granular rules can accurately pinpoint the anomaly and provide more specific remediation suggestions; while imprecise rules may only provide general warnings.
[0073] In this correspondence, if we analyze the syntax level of the code, the complexity of this level is relatively low, and the relevant exception recognition rules are usually relatively simple; for example, it may only require checking basic issues such as bracket matching and syntax errors. However, if we analyze the security level or performance level, the code logic involved in these levels is more complex, so the corresponding exception recognition rules will be more refined and able to detect more complex situations, such as SQL injection, resource leaks, and performance bottlenecks of complex algorithms.
[0074] In an optional embodiment, the method further includes:
[0075] Based on the preset correspondence between feature levels and anomaly judgment thresholds, the anomaly judgment thresholds corresponding to each of the multiple feature levels are determined to obtain multiple candidate thresholds.
[0076] Based on the matching relationship between the anomaly detection threshold and the degree of feature deviation, the feature deviation judgment criteria corresponding to each of the multiple candidate thresholds are determined;
[0077] Based on the feature deviation judgment criteria corresponding to each of the multiple candidate thresholds, the target threshold is determined when the feature deviation exceeds the corresponding standard, and the feature anomaly recognition rule is adjusted using the target threshold.
[0078] It's important to note that each feature level may have different anomaly thresholds. These thresholds help the system determine whether an anomaly exists. For example, at the syntax level, the threshold might be set as "only when a certain percentage of incorrect characters or symbols are considered an anomaly"; at the performance level, the threshold might be set as "program response time exceeding a certain number of milliseconds is considered a performance anomaly." This pre-defined correspondence means that different feature levels will have different threshold standards. Generally, the more complex the level, the stricter the threshold setting may be, requiring a higher degree of deviation to be considered an anomaly. For example, suppose you are testing the performance and security levels of code: the performance level's criterion might be "response time exceeding 200ms is an anomaly," a relatively simple and lenient threshold; while the security level might require "an encryption failure rate exceeding 0.1% in data transmission," a more stringent threshold. Based on these standards, you can determine different candidate thresholds for each feature level, such as 200ms and 0.1% as candidate values.
[0079] When the system detects a deviation in a feature, it needs to determine whether this deviation is severe enough to reach a threshold for anomaly assessment. At this point, the relationship between the feature deviation degree and the threshold becomes crucial. The feature deviation degree refers to the difference between the actual detected feature and the expected standard or normal range. For example, if the response time of a performance level exceeds a preset threshold (e.g., 200ms), the deviation degree is the excess portion (e.g., a deviation of 100ms from 200ms in 300ms). If an encryption failure occurs at the security level, the deviation degree might be the percentage of encryption failure. Based on the deviation degree, the system determines whether the current anomaly assessment threshold has been triggered. If the deviation degree exceeds the threshold, the feature is considered anomaly.
[0080] Different candidate thresholds (such as 200ms and 0.1%) correspond to different feature deviation judgment criteria. These criteria define how the target threshold should be adjusted when the feature deviation exceeds a certain level. The target threshold refers to the threshold ultimately used to adjust the feature anomaly identification rules when an anomaly occurs. When the deviation of a feature exceeds a certain feature deviation judgment criterion, the system will automatically adjust the target threshold to handle anomalies more accurately. For example, suppose the response time threshold is 200ms at the performance level. If the detected response time is 350ms, the deviation is 150ms. If the feature deviation judgment criterion stipulates that adjustment is required when the deviation exceeds 100ms, the system will consider it a performance anomaly and trigger the adjustment mechanism. Based on this judgment, the system can adjust the target threshold from 200ms to 150ms, making subsequent detection more stringent.
[0081] In an optional embodiment, determining whether the code set to be analyzed contains code anomalies based on potential anomalous fragments includes:
[0082] If the number of potentially abnormal segments does not exceed a preset threshold, it is determined that the code set to be analyzed does not contain any code anomalies.
[0083] When the number of potentially abnormal segments exceeds a preset threshold, it is determined that the code set to be analyzed contains code anomalies.
[0084] It's important to clarify that potential anomaly segments refer to parts of code that may contain problems, defects, or potential errors. These may not necessarily cause program crashes or obvious errors, but they pose a risk of triggering problems. Typically, potential anomaly segments include: suspicious code segments (such as duplicate code, logically potentially flawed areas); code that may cause performance issues (such as inefficient algorithms, deeply nested loops); and code style non-compliance (such as unclear variable naming, difficult-to-maintain code structures). These segments are considered potential anomalies that may cause problems in future execution, but are not yet manifesting. A preset threshold is a pre-defined standard used to determine if a code set contains anomalies. This threshold is usually determined through historical experience or team best practices. The threshold helps the system decide when a code set's potential anomaly segments reach a warning level, indicating that it is no longer considered a "normal" code set. For example, a team might set the following: if there are more than 10 potential anomaly segments in the code, the code is considered anomaly; if the number of potential anomaly segments is less than 10, the code is considered to have no obvious anomalies.
[0085] When the number of potential exception fragments does not exceed a preset threshold, the code set is generally considered to be without problems. This means that although these potential exception fragments exist, their number is not large enough to affect the overall quality of the code or cause major problems. At this time, the code is still considered "normal" or "acceptable". When the number of potential exception fragments exceeds the preset threshold, the code set is considered to have anomalies. This is because a large number of potential exception fragments indicates that the quality of the code set may have been affected and there is a certain risk. Even if these exception fragments do not currently cause obvious errors, their number is large enough and may cause problems in future use, so they are considered "abnormal".
[0086] In an optional embodiment, obtaining the code set to be analyzed includes:
[0087] The segmentation parameters of the original code file are determined according to the code size of the original code file, the preset code segment length, and the maximum number of segments.
[0088] The original code file is segmented according to the segmentation parameters to obtain the code set to be analyzed.
[0089] It's important to note that code size typically refers to the number of lines of code, the number of functions, and the complexity of the code structure. Larger code files may contain many lines of code, multiple modules, or complex logic. Without proper splitting, analyzing the entire file directly can be extremely difficult due to the increased complexity, performance issues, and poor maintainability caused by its size. Code segment length is a pre-defined parameter that determines how many lines of code each segment should contain. This length is determined based on the code structure and the complexity of the analysis. Typically, this length is not too long to ensure each code segment can be analyzed independently, while also avoiding excessive segmentation during each analysis, which increases processing complexity. For example, assuming a segment length of 100 lines of code, this means each segment can contain a maximum of 100 lines of code; any segment exceeding 100 lines will be split into another segment.
[0090] The maximum number of segments limits the total number of code segments. If the original code file is very large, without a segment limit, it may be split into too many small segments, leading to decreased analysis efficiency. Therefore, setting a maximum segment limit can prevent excessive segmentation and maintain the effectiveness of the analysis. For example, suppose the maximum segment limit is set to 20 segments. If the number of segments generated after splitting according to the preset segment length exceeds 20, the segment length needs to be adjusted to ensure that the number of segments does not exceed 20. To determine how to segment, the following factors need to be considered: the total size of the code file (i.e., the total number of lines in the file), the preset segment length (the maximum number of lines per segment), and the maximum segment limit (the upper limit on the number of segments). With this information, the specific parameters of each code segment can be determined, and the segmentation method can be calculated. If the number of segments exceeds the limit, the number of lines in each segment can be adjusted until the maximum segment limit is met.
[0091] Once the appropriate segmentation parameters are determined, the original code file can be segmented according to these parameters. The specific steps are to split the original code into several smaller segments based on the segment length and segment number limits, and each segment will be analyzed separately. For example, suppose there is a code file containing 500 lines of code: the default segment length is 100 lines; the maximum number of segments is limited to 5 segments; based on the segment length, if there are no other restrictions, the code should be divided into 5 segments, each with 100 lines; but if there is no limit on the maximum number of segments, this code file will fully meet the requirements; if the maximum number of segments is set to 5, and the file has more lines (such as 700 lines), the number of lines in each segment needs to be reduced (for example, to 140 lines per segment) to ensure that the number of segments after splitting does not exceed 5.
[0092] In an optional embodiment, the code size of the original code file includes the number of lines of code and the number of functions;
[0093] The step of determining the segmentation parameters of the original code file according to the code size of the original code file, the preset code segment length, and the maximum number of segments includes:
[0094] Obtain the first ratio between the preset code segment length and the number of lines of code, and the second ratio between the preset code segment length and the number of functions;
[0095] Choose one from the first ratio, the second ratio, and the maximum number of segments as the segmentation parameter for the original code file.
[0096] It's important to note that the first ratio reflects the proportion of the number of lines in the code file relative to the preset segment length; it indicates how many parts the original code file can be divided into based on the preset segment length. The second ratio reflects the proportion of the number of functions in the file relative to the preset segment length; this ratio helps assess whether the code structure of each segment is balanced (i.e., whether a segment contains an appropriate number of functions). For code with many functions, a smaller segment length might be chosen to maintain the clarity of each segment's structure. After calculating the above two ratios, we next need to select the most suitable segmentation parameter from these three: the first ratio: calculated based on the number of lines of code, determines how many lines each segment should contain; the second ratio: evaluated based on the number of functions, ensures that the number of functions in each segment is neither too many nor too few; if the number of segments split by the number of lines or functions exceeds this upper limit, the segment length needs to be adjusted; finally, a value is selected as the segmentation parameter to determine how the code should be split.
[0097] In an optional embodiment, the method further includes:
[0098] The original code file is processed using a code structure parsing network to obtain a structural map of the original code file about its code modules;
[0099] Module nodes are extracted from the structure graph to obtain the position of at least one code segment to be detected in the structure graph;
[0100] Based on the position of at least one code segment to be detected in the structure graph, determine the position of at least one code segment to be detected in the original code file.
[0101] It's important to note that the original code file needs to be processed through a code structure parsing network. This step involves applying machine learning or graph neural network models to analyze the code structure and convert it into a graph. A structure graph is an abstract representation of the original code modules. It treats modules (such as functions, classes, and methods) as nodes in a graph, connected by edges that represent dependencies or calls between modules. Once the structure graph is constructed, we can extract module nodes. Here, "module" typically refers to a functional unit (such as a function, class, or method), and each node represents a module. The extraction process involves identifying specific nodes in the graph and understanding the relationships between them.
[0102] Suppose we have a code segment to be tested, such as a function call or function body. We will determine the module to which the code segment belongs and its relationship with other modules based on its position in the structure graph. Finally, based on the position of the module node where the code segment is located in the structure graph, we can deduce its actual position in the original code file. This position can help developers locate problems, such as checking code quality, finding potential bugs, or performing other static analyses.
[0103] In an optional embodiment, after determining the location of at least one code segment to be detected in the original code file based on its location in the structural graph, the method further includes:
[0104] Based on the location of at least one code segment to be detected in the original code file and the segmentation parameters, determine the location of at least one code segment to be detected in the code set to be analyzed.
[0105] In response to the presence of a bias node in the association graph where the feature vector set shows a feature deviation, the mapping position of at least one code segment to be detected in the association graph is determined based on the feature association relationship between the bias node and at least one code segment to be detected.
[0106] It's important to note that during the analysis, we determine the location of the code segment to be analyzed within the code set based on two key factors: 1) Location in the original code file: This is the specific location of the code segment within the original code file, usually identified by line numbers or functions; 2) Segmentation parameters: This refers to the code splitting method, which may involve dividing the code file into multiple segments (e.g., by function, class, module, etc.). Segmentation parameters help us more accurately locate the code segment within the code set. Next, let's assume we use a relational graph during the analysis, which represents the relationships and characteristics between different modules of the code. Each node in the graph represents a code module, and the node's features (e.g., feature vectors) represent various attributes of that module, such as function complexity, call count, and performance metrics.
[0107] Feature deviation refers to the abnormality or inconsistency of a node's features under certain circumstances; for example, an abnormally high call frequency of a function, or a module's code complexity far exceeding that of other modules, would be considered deviation. Deviation nodes are nodes in the graph that exhibit feature deviations. We focus on these deviation nodes because they may affect code analysis or contain potential errors or performance issues. After identifying deviation nodes, we further analyze the feature associations between the code segment to be detected and the deviation nodes. This means we want to find some kind of association between the code segment to be detected and the module exhibiting feature deviations (such as whether they call each other, or whether they share certain resources or execution paths, etc.). Based on this association, we can infer the mapping position of the code segment to be detected in the association graph; this mapping position refers to the node position corresponding to the code segment to be detected in the graph.
[0108] Example 2, please refer to Figure 2 This invention provides a technical solution: an artificial intelligence-based abnormal code detection system, applicable to the aforementioned artificial intelligence-based abnormal code detection method, comprising:
[0109] Code segmentation unit 1 is used to obtain the code set to be analyzed. The code set to be analyzed includes at least one code segment to be detected. The code set to be analyzed is obtained by segmenting the original code file. The core functional segments in the original code file become at least one code segment to be detected in the code set to be analyzed after segmentation.
[0110] Semantic association unit 2 is used to determine the sequence of grammatical elements and semantic association data obtained at multiple feature levels between basic grammatical features and complex grammatical features when the grammatical features of at least one code segment to be detected are expanded from basic grammatical features to complex grammatical features; wherein, the semantic association data is generated by code semantic analysis tools, and the sequence of grammatical elements refers to the set of grammatical units arranged in the order of statements in at least one code segment to be detected.
[0111] Feature encoding unit 3 is used to determine the feature vector set corresponding to each of the multiple feature levels based on the syntactic element sequence and semantic association data obtained under multiple feature levels;
[0112] Code segmentation unit 4 is used to establish a correlation graph between feature levels and feature vectors based on multiple feature levels and the feature vector sets corresponding to each feature level.
[0113] Feature filtering unit 5 is used to determine the deviation nodes in the association graph when feature deviation occurs in the feature vector set, and to take the feature level corresponding to the deviation node as the key feature level.
[0114] The code detection unit 6 is used to determine at least one potential abnormal segment in the code segment to be detected based on the key feature level, wherein the potential abnormal segment matches the feature abnormal range corresponding to the key feature level; and to determine whether there is code abnormality in the code set to be analyzed based on the potential abnormal segment.
[0115] The embodiments of the present invention have been described in detail above with reference to the accompanying drawings. However, the present invention is not limited thereto. Various changes can be made within the scope of knowledge possessed by those skilled in the art without departing from the spirit of the present invention.
Claims
1. An artificial intelligence-based method for detecting abnormal codes, characterized in that, include: Obtain the code set to be analyzed. The code set to be analyzed includes at least one code segment to be detected. The code set to be analyzed is obtained by segmenting the original code file. The core functional segments in the original code file become at least one code segment to be detected in the code set to be analyzed after segmentation. When the syntactic features of at least one code segment to be detected are extended from basic syntactic features to complex syntactic features, the syntactic element sequence and semantic association data obtained under multiple feature levels between the basic syntactic features and complex syntactic features are determined; wherein, the semantic association data is generated by code semantic analysis tools, and the syntactic element sequence refers to the set of syntactic units arranged in the order of statements in at least one code segment to be detected; wherein, the feature levels include the syntactic level, the semantic level, the performance level, and the security level. Based on the syntactic element sequences and semantic association data obtained under multiple feature levels, determine the feature vector sets corresponding to each of the multiple feature levels; Based on multiple feature levels and their corresponding feature vector sets, establish a correlation graph between feature levels and feature vectors; Identify the deviation nodes in the correlation graph where feature deviations occur in the feature vector set, and use the feature levels corresponding to the deviation nodes as key feature levels; Based on the key feature level, identify at least one potential abnormal segment in the code segment to be detected, wherein the potential abnormal segment matches the feature abnormal range corresponding to the key feature level; based on the potential abnormal segment, determine whether there is code abnormality in the code set to be analyzed.
2. The artificial intelligence-based abnormal code detection method according to claim 1, characterized in that, Identify at least one potential anomalous segment in the code segment to be detected based on key feature levels, including: Based on the key feature hierarchy, determine the rules for identifying feature anomalies; Based on the feature anomaly identification rules, at least one code segment to be detected is screened to obtain potential abnormal segments.
3. The artificial intelligence-based abnormal code detection method according to claim 2, characterized in that, Based on the key feature hierarchy, Define the rules for identifying feature anomalies, including: Based on the preset correspondence between feature levels and anomaly recognition rules, feature anomaly recognition rules corresponding to key feature levels are determined; wherein, the feature anomaly recognition rules are generated based on machine learning algorithms when performing feature learning on historical anomaly code samples; wherein, the preset correspondence indicates a positive correlation between the complexity of feature levels and the precision of feature anomaly recognition rules.
4. The artificial intelligence-based abnormal code detection method according to claim 3, characterized in that, The method further includes: Based on the preset correspondence between feature levels and anomaly judgment thresholds, the anomaly judgment thresholds corresponding to each of the multiple feature levels are determined to obtain multiple candidate thresholds. Based on the matching relationship between the anomaly detection threshold and the degree of feature deviation, the feature deviation judgment criteria corresponding to each of the multiple candidate thresholds are determined; Based on the feature deviation judgment criteria corresponding to each of the multiple candidate thresholds, the target threshold is determined when the feature deviation exceeds the corresponding standard, and the feature anomaly recognition rule is adjusted using the target threshold.
5. The artificial intelligence-based abnormal code detection method according to claim 4, characterized in that, Based on potential anomaly fragments, determine whether the code set to be analyzed contains code anomalies, including: If the number of potentially abnormal segments does not exceed a preset threshold, it is determined that the code set to be analyzed does not contain any code anomalies. When the number of potentially abnormal segments exceeds a preset threshold, it is determined that the code set to be analyzed contains code anomalies.
6. The artificial intelligence-based abnormal code detection method according to claim 5, characterized in that, Obtain the code set to be analyzed, including: The segmentation parameters of the original code file are determined according to the code size of the original code file, the preset code segment length, and the maximum number of segments. The original code file is segmented according to the segmentation parameters to obtain the code set to be analyzed.
7. The artificial intelligence-based abnormal code detection method according to claim 6, characterized in that, The size of the original code file includes the number of lines of code and the number of functions; The step of determining the segmentation parameters of the original code file according to the code size of the original code file, the preset code segment length, and the maximum number of segments includes: Obtain the first ratio between the preset code segment length and the number of lines of code, and the second ratio between the preset code segment length and the number of functions; Choose one from the first ratio, the second ratio, and the maximum number of segments as the segmentation parameter for the original code file.
8. The artificial intelligence-based abnormal code detection method according to claim 7, characterized in that, The method further includes: The original code file is processed using a code structure parsing network to obtain a structural map of the original code file about its code modules; Module nodes are extracted from the structure graph to obtain the position of at least one code segment to be detected in the structure graph; Based on the position of at least one code segment to be detected in the structure graph, determine the position of at least one code segment to be detected in the original code file.
9. The artificial intelligence-based abnormal code detection method according to claim 8, characterized in that, After determining the location of at least one code segment to be detected in the original code file based on its position in the structure graph, the method further includes: Based on the location of at least one code segment to be detected in the original code file and the segmentation parameters, determine the location of at least one code segment to be detected in the code set to be analyzed. In response to the presence of a bias node in the association graph where the feature vector set shows a feature deviation, the mapping position of at least one code segment to be detected in the association graph is determined based on the feature association relationship between the bias node and at least one code segment to be detected.
10. An artificial intelligence-based anomaly code detection system, applicable to the artificial intelligence-based anomaly code detection method according to any one of claims 1-9, characterized in that, include: The code segmentation unit is used to obtain the code set to be analyzed. The code set to be analyzed includes at least one code segment to be detected. The code set to be analyzed is obtained by segmenting the original code file. The core functional segments in the original code file become at least one code segment to be detected in the code set to be analyzed after segmentation. A semantic association unit is used to determine the sequence of grammatical elements and semantic association data obtained at multiple feature levels between basic and complex grammatical features when the grammatical features of at least one code segment to be detected are expanded from basic grammatical features to complex grammatical features. The semantic association data is generated by code semantic analysis tools, and the sequence of grammatical elements refers to the set of grammatical units arranged in the order of statements in at least one code segment to be detected. The feature levels include the grammatical level, the semantic level, the performance level, and the security level. The feature encoding unit is used to determine the feature vector set corresponding to each of the multiple feature levels based on the sequence of syntactic elements and semantic association data obtained under multiple feature levels. The graph modeling unit is used to establish a graph of association between feature levels and feature vectors based on multiple feature levels and the feature vector sets corresponding to each feature level. The feature filtering unit is used to identify the deviation nodes in the association graph when feature deviations occur in the feature vector set, and to take the feature level corresponding to the deviation node as the key feature level. The code detection unit is used to determine at least one potential abnormal segment in the code segment to be detected based on the key feature level, wherein the potential abnormal segment matches the feature abnormal range corresponding to the key feature level; and to determine whether there is code abnormality in the code set to be analyzed based on the potential abnormal segment.