A fine-grained code vulnerability detection ranking method and system based on contrast learning

By constructing a ternary code sample set and using contrastive learning to train a feature extraction network, the problem of insufficient fine-grainedness in existing vulnerability detection models is solved. This enables the quantitative ranking of the security level of code generated by large models, improving the accuracy and practicality of secure code generation.

CN122153922APending Publication Date: 2026-06-05SHANDONG NORMAL UNIV +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
SHANDONG NORMAL UNIV
Filing Date
2026-05-09
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing vulnerability detection models lack the ability to detect some patched vulnerabilities with fine granularity, cannot effectively capture subtle features in the vulnerability patching process, and lack the advantage of comparative learning feature extraction. As a result, the granularity of vulnerability identification and the practical application needs of secure code generation are not met.

Method used

By constructing a ternary code sample set, including vulnerable code, fully patched vulnerability-free code, and partially patched intermediate patched code, a feature extraction network is trained using contrastive learning. The similarity between the code under test and the code in different states is calculated to achieve quantitative scoring and ranking of security level.

Benefits of technology

It improves the model's generalization ability in different code scenarios, and can accurately and securely sort multiple sets of test code generated by large models, meeting the practical application needs of secure code generation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122153922A_ABST
    Figure CN122153922A_ABST
Patent Text Reader

Abstract

This invention discloses a fine-grained code vulnerability detection and ranking method and system based on contrastive learning, relating to the field of network security technology. The method includes: acquiring a domain-specific sample set containing vulnerable code and corresponding fully patched, vulnerability-free code; generating intermediate patched code in a partially patched state to construct a ternary code sample set; training a feature extraction network through contrastive learning based on the ternary code sample set; extracting vulnerability features from the code under test using the feature extraction network, calculating the similarity of vulnerability features between the code under test and both vulnerable and vulnerability-free code, and using this similarity to score the security level; and ranking the security level scores of the code under test to obtain a ranked code list. By performing domain partitioning and contrastive learning on paired code samples, combined with intermediate vulnerability patching code to enhance fine-grained vulnerability feature extraction, the method achieves quantitative ranking of the security level of multiple sets of code under test, improving the accuracy and practicality of secure code generation.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of network security technology, and in particular to a fine-grained code vulnerability detection and ranking method and system based on contrastive learning. Background Technology

[0002] Secure code generation is a core research direction combining cybersecurity and software engineering. Relying on large-scale code generation capabilities has become the mainstream approach. However, code generated from large models often contains vulnerabilities of varying degrees, and the multiple sets of generated test code lack an effective security level ranking mechanism, failing to directly provide developers with a high-security code selection option. Furthermore, fine-grained code vulnerability detection is crucial for achieving secure code ranking, but current vulnerability detection technologies still suffer from the following problems.

[0003] Existing vulnerability detection models mostly perform binary classification detection on complete vulnerable code or non-vulnerable code, lacking the ability to detect fine-grained intermediate code that partially fixes vulnerabilities. They cannot capture subtle features in the vulnerability remediation process, resulting in insufficient granularity for vulnerability identification in code generated by large models.

[0004] The training data for vulnerability detection is mostly single-labeled code samples, which do not make full use of the comparative information of vulnerable-non-vulnerable code pairs, and lack effective division of code domains. This results in poor generalization ability of the model in different types of code scenarios, and the feature extraction advantages of contrastive learning have not been fully utilized in the field of vulnerability detection.

[0005] Large-scale models typically generate dozens or even hundreds of code snippets for testing. Existing vulnerability detection models can only output a judgment on whether a vulnerability exists, and cannot quantify and rank the security levels of multiple generated code snippets, making it difficult to meet the practical application needs of secure code generation. Summary of the Invention

[0006] To address the aforementioned issues, this invention proposes a fine-grained code vulnerability detection and ranking method and system based on contrastive learning. By performing domain division and contrastive learning on paired code samples, and combining intermediate vulnerability repair code to enhance fine-grained vulnerability feature extraction, the method ultimately achieves quantitative ranking of the security levels of multiple sets of generated test code, thereby improving the accuracy and practicality of secure code generation.

[0007] To achieve the above objectives, the present invention adopts the following technical solution: In a first aspect, the present invention provides a fine-grained code vulnerability detection and ranking method based on contrastive learning, comprising: Obtain a domain-specific sample set containing both the vulnerable code and the corresponding fully patched, vulnerability-free code; Based on the vulnerable code and the corresponding vulnerability-free code, intermediate patch code in a partially patched state is generated to construct a ternary code sample set. The constructed feature extraction network is trained through comparative learning based on the ternary code sample set; The trained feature extraction network is used to extract vulnerability features from the code under test. The similarity between the vulnerability features of the code under test and the vulnerability features of the code with and without vulnerabilities is calculated, and the security level is scored accordingly. The security scores of each piece of code to be tested are sorted to obtain a sorted list of codes.

[0008] As an alternative implementation method, the domain-specific sample set is obtained by: filtering code segments with and without vulnerabilities from the code samples to form a basic paired sample set; Based on the application domain, programming language, and vulnerability type of the code, the basic pairing sample set is divided into domains to obtain a domain-specific sample set.

[0009] As an alternative implementation method, the training objective of contrastive learning is: within the same domain, to keep the similarity of vulnerability features between vulnerable code and intermediate patch code at a preset high value, to keep the similarity of vulnerability features between vulnerable code and non-vulnerable code at a preset low value, and to keep the similarity of vulnerability features between intermediate patch code and non-vulnerable code between the two.

[0010] As an alternative implementation, cosine similarity is used to calculate the similarity between vulnerability features: ; in, For cosine similarity, , The vulnerability characteristics of the two sets of code are as follows. It is an L2 norm; and , , , , This is a preset similarity threshold.

[0011] As an alternative implementation method, the training loss function for contrastive learning is: ; ; in, These are the loss weighting coefficients; Cross-entropy loss; For the ternary contrast loss function, Temperature coefficient; The similarity of vulnerability features between the vulnerable code and the intermediate patch code; The similarity of vulnerability features between intermediate patch code and vulnerability-free code.

[0012] As an alternative implementation method, the safety level score is calculated as follows: ; ; in, Score the initial level of security; Temperature coefficient; The similarity of vulnerability features between the code under test and the code without vulnerabilities; The similarity of vulnerability features between the code under test and the vulnerable code; The final safety rating after calibration. For reference benchmark scoring, For smooth calibration coefficients.

[0013] Secondly, the present invention provides a fine-grained code vulnerability detection and ranking system based on contrastive learning, comprising: The data acquisition module is configured to acquire a domain sample set containing vulnerable code and the corresponding fully patched, vulnerability-free code. The sample set construction module is configured to generate intermediate patch code in a partially patched state based on vulnerable code and corresponding non-vulnerable code, thereby constructing a ternary code sample set; The training module is configured to perform comparative learning training on the constructed feature extraction network based on a set of ternary code samples. The scoring module is configured to use a trained feature extraction network to extract vulnerability features from the code under test, calculate the similarity between the vulnerability features of the code under test and the vulnerability features of the code with and without vulnerabilities, and score the security level accordingly. The sorting module is configured to sort the security scores of each piece of code to be tested, resulting in a sorted list of codes.

[0014] Thirdly, the present invention provides an electronic device including a memory and a processor, and computer instructions stored in the memory and running on the processor, wherein the computer instructions, when executed by the processor, perform the method described in the first aspect.

[0015] Fourthly, the present invention provides a computer-readable storage medium for storing computer instructions, which, when executed by a processor, perform the method described in the first aspect.

[0016] Fifthly, the present invention provides a computer program product, including a computer program that, when executed by a processor, implements the method described in the first aspect.

[0017] Compared with the prior art, the beneficial effects of the present invention are as follows: This invention provides a fine-grained code vulnerability detection and ranking method based on contrastive learning. It constructs a ternary code sample set (v0-v1-v2) based on the BigVul dataset, which includes vulnerable, intermediate patched, and vulnerability-free code. For the first time, it introduces partially patched intermediate code into the vulnerability detection task, enabling fine-grained vulnerability feature extraction. This method can capture subtle features in the vulnerability patching process and solves the problem of insufficient granularity in vulnerability identification of traditional models.

[0018] This invention provides a fine-grained code vulnerability detection and ranking method based on contrastive learning. After dividing the paired code in the BigVul dataset into domains, contrastive learning is carried out. This fully utilizes the contrast information of vulnerable-non-vulnerable code pairs, improves the model's generalization ability in different code scenarios, and gives full play to the advantages of contrastive learning in feature extraction.

[0019] This invention provides a fine-grained code vulnerability detection and ranking method based on contrastive learning. It designs a vulnerability security level quantification scoring module and ranking network, upgrading the vulnerability detection results from traditional binary classification to security level quantification scoring and ranking. It can accurately rank hundreds of code samples generated by large models, directly providing developers with high-security code selection and meeting the practical application needs of secure code generation.

[0020] Advantages of additional aspects of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Attached Figure Description

[0021] To more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the provided drawings without creative effort.

[0022] Figure 1 This is a schematic diagram of the fine-grained code vulnerability detection and ranking method based on contrastive learning provided in Embodiment 1 of the present invention. Detailed Implementation

[0023] The present invention will be further described below with reference to the accompanying drawings and embodiments.

[0024] It should be noted that the following detailed descriptions are exemplary and intended to provide further illustration of the invention. Unless otherwise specified, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.

[0025] It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of exemplary embodiments according to the invention. As used herein, unless the context clearly indicates otherwise, the singular form is intended to include the plural form as well. Furthermore, it should be understood that the terms “comprising” and “including”, and any variations thereof, are intended to cover non-exclusive inclusion, for example, a process, method, system, product, or apparatus that includes a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0026] Where there is no conflict, the embodiments and features in the embodiments of the present invention can be combined with each other.

[0027] Example 1 like Figure 1 As shown, this embodiment provides a fine-grained code vulnerability detection and ranking method based on contrastive learning, including: S101: Obtain a domain sample set containing the vulnerable code and the corresponding fully patched, vulnerability-free code; S102: Based on the vulnerable code and the corresponding non-vulnerable code, generate intermediate repair code that is in a partially repaired state, thereby constructing a ternary code sample set; S103: The constructed feature extraction network is trained through comparative learning based on the ternary code sample set; S104: The trained feature extraction network is used to extract vulnerability features from the code under test. The similarity between the vulnerability features of the code under test and the vulnerability features of the code with and without vulnerabilities is calculated, and the security level is scored accordingly. S105: Sort the security scores of each piece of code to be tested to obtain a sorted list of codes.

[0028] In this embodiment, in step S101, the BigVul vulnerability code dataset is used to label and divide the vulnerable code (v0 version) and the corresponding fully patched vulnerability-free code (v2 version) that can be paired in the dataset, and construct a domain-specific sample set.

[0029] Specifically: (1) Filter the code samples in the BigVul vulnerability code dataset, select the code segments that can form a vulnerable-no-vulnerability pairing, mark the vulnerable code as version v0, and mark the corresponding fully patched no-vulnerability code as version v2, to form a basic pairing sample set. .

[0030] ; Where n is the number of paired samples; For the first Each paired sample contains vulnerable code (v0 version) and a corresponding fully patched, vulnerability-free code (v2 version).

[0031] (2) Based on the application domain, programming language, and vulnerability type of the code, the basic pairing sample set is divided into domains to obtain the domain-specific sample set. .

[0032] ; Where k is the number of domains, and each domain The code within the code exhibits similar or identical domain, language, and vulnerability characteristics. Application domains include server-side code, client-side code, and embedded code. Programming languages ​​include Python, Java, C / C++, etc. Vulnerability types include buffer overflows, SQL injection, cross-site scripting, and null pointer dereferences.

[0033] (3) The code in each domain sample set is preprocessed, including code standardization, code segmentation, removal of invalid comments, and uniform code format (such as symbol normalization and indentation uniformity). The code is then converted into a vector form that the model can recognize through a word embedding model. This prepares for subsequent comparative learning and model training.

[0034] In this embodiment, in step S102, the large model is invoked, and based on the v0 version code and v2 version code in the domain sample set, intermediate repair code (v1 version) in a partially repaired state is generated, and a ternary code sample set (v0-v1-v2) for fine-grained vulnerability detection is constructed.

[0035] Specifically: (1) Input the domain sample set (v0-v2) obtained in step S101 into the large model, and input the instruction to the large model through the prompt project: Based on the given vulnerable code v0 and the corresponding fully repaired vulnerability-free code v2, generate intermediate repair code v1 that only repairs some vulnerabilities and still has remaining vulnerabilities. The vulnerability repair level of v1 is required to be between v0 and v2, and to retain fine-grained vulnerability features.

[0036] (2) Manually screen and verify the intermediate repair code of version v1 generated by the large model, and remove intermediate repair code that is fully repaired, not repaired or has repaired logical errors, to ensure that the code of version v1 is in a state of effective partial repair.

[0037] (3) Integrate the v0-v1-v2 triples by domain and output the triple code sample set.

[0038] In this embodiment, in step S103, the ternary code sample set is trained based on the contrastive learning algorithm. Through the ternary contrastive loss function and the hybrid training loss function, fine-grained vulnerability features of code at different repair stages are extracted, and a feature extraction network for fine-grained vulnerability detection is constructed.

[0039] Specifically: (1) Construct a feature extraction network F( based on contrastive learning) The network framework adopts a Transformer encoder-decoder structure. The encoder is used to extract semantic and structural features of the code, and the decoder is used to focus on the critical vulnerability areas in the code. After the code passes through the feature extraction network, it outputs fine-grained vulnerability features f=F(x), f∈R. d d is the feature dimension.

[0040] (2) Input the ternary code sample set (v0-v1-v2) into the feature extraction network and set the contrastive learning training objective: within the same domain, keep the vulnerability feature similarity between v0 and v1 at a preset high value, keep the vulnerability feature similarity between v0 and v2 at a preset low value, and keep the vulnerability feature similarity between v1 and v2 between the two.

[0041] This step forces the model to cluster vulnerable code (v0 version) and intermediate patch code (v1 version) in the "danger zone," while completely pushing vulnerability-free code (v2 version) into the "safe zone," and establishing an isolation boundary between easily confused true and false patches. The purpose of this setup is to train the model using only the vulnerable v0 version and the vulnerability-free v2 version, resulting in only two possible outcomes: all correct and all incorrect. Therefore, this embodiment aims for fine-grained vulnerability detection. The goal is to address the multiple patch codes generated by the large model based on the prompt; that is, the detector needs to be able to distinguish between vulnerable and safe code among multiple highly similar generated code snippets.

[0042] Then, cosine similarity is used to calculate the similarity between features, with the following formula: ; in, For cosine similarity, , The vulnerability characteristics of the two sets of code are as follows. It is an L2 norm.

[0043] In this embodiment, it is required that , , , , Set a preset similarity threshold. (This condition is set as follows) The core objective is to establish a strict safety buffer in the vector space, forcing the model not only to separate positive and negative samples, but also to correct semantically consistent real samples (the similarity must reach an extremely high level). (Standard) and erroneous pseudo-fixes that deviate from the trajectory (must be excluded from the safety line) The standard) creates a significant physical distance to prevent feature collapse and improve the model's robustness in intercepting deceptive code.

[0044] The biggest difference between the comparative learning and training objectives and those mentioned earlier is: , The introduction of a threshold upgrades relative comparison to absolute spatial partitioning, essentially setting a mandatory quantification threshold for the model's discrimination boundary. This ensures that the selected difficult negative samples are not only directionally biased but also absolutely and clearly isolated in the semantic space. In other words, the contrastive learning described earlier only trained the model to understand the general syntax and basic semantics of the code, coarsely aligning the code with and without vulnerabilities. Here, however, the model is forced to identify and narrow down or separate extremely subtle code differences.

[0045] (3) Design a ternary contrastive loss function to enhance the feature extraction network's ability to extract fine-grained vulnerability features. Ternary contrastive loss function for: ; in, This is a temperature coefficient used to adjust the discriminative power of similarity. The similarity of vulnerability features between version v0 and version v1; The similarity of vulnerability features between version 1 and version 2.

[0046] (4) For the ternary code sample sets of different domains, the feature extraction network is trained by domain training and joint fine-tuning.

[0047] First, the ternary code sample sets for each domain are trained independently, enabling the feature extraction network to adapt to code features of different domains, languages, and vulnerability types.

[0048] Then, the ternary code sample sets from all domains are mixed for joint fine-tuning, introducing cross-entropy loss. Implement auxiliary classification of vulnerability types.

[0049] The final hybrid training loss function is: ; in, This is the loss weighting coefficient, used to balance the proportion of contrast loss and cross-entropy loss.

[0050] (5) During training, the network parameters are continuously updated through backpropagation, and the total loss is minimized using stochastic gradient descent (SGD) or adaptive moment estimation (Adam) optimizer. The process continues until the model converges, resulting in the trained fine-grained vulnerability detection feature extraction network F. ( ).

[0051] In this embodiment, a supervised contrastive learning task is constructed. This task uses code security status as a strong supervisory signal, assigning different category labels to vulnerable code (v0 version) and its corresponding fully patched, vulnerability-free code (v2 version). During the alignment process in the latent feature space, codes with the same security label within the same training batch are considered positive sample pairs, while codes with different security labels are considered negative sample pairs. By introducing a temperature-coefficient scaled ternary contrastive loss function, the model is constrained to bring code vectors with the same security status closer together in the feature space, while simultaneously pushing vulnerable code and vulnerability-free code further apart. The aim is to guide the model to learn robust global security representations, enabling it to establish clear decision boundaries between vulnerabilities and security in the macroscopic space, laying the foundation for subsequent fine-grained triplet training.

[0052] In this embodiment, in step S104, a security level quantification score is designed, and the fine-grained vulnerability features output by the feature extraction network are quantified and converted to obtain the security level quantification score of the code.

[0053] Specifically: (1) Feature Latent Space Projection and Similarity Resolution: The code to be tested (e.g., candidate repair code) is input into a feature extraction network with frozen weights to obtain its high-dimensional, fine-grained vulnerability feature vector. In the metric space, the cosine similarity between the feature vector of the code to be tested and the feature vectors of the security baseline anchor (i.e., the vulnerability-free code v2) and the vulnerability baseline anchor (i.e., the vulnerability-containing code v0) is calculated, and denoted as follows: and These two metrics represent the relative degree to which the code under test approaches a secure cluster in terms of semantic features and the risk of residual vulnerabilities, respectively.

[0054] (2) Construction of Relative Safety Margin: Discrete static vulnerability metrics are abandoned, and relative distances in the feature space are used as the core basis for security assessment. The offset of the code under test towards the safe space (i.e., vulnerability-free code v2) is set as a positive gain, and the offset towards the vulnerability space (i.e., vulnerability-containing code v0) is set as a negative penalty. A temperature coefficient is introduced. To adjust the model's sensitivity to similarity differences, the scoring system maintains high resolution even with extremely fine-grained code variations (such as minor changes in pseudo-fixes of large models).

[0055] (3) Design of security level quantification scoring formula: Based on the above spatial distance relationship, the feature matching degree is mapped to the original security level score of 0-100 using the normalized exponential function (Softmax mechanism).

[0056] ; in, A higher score indicates that the code being tested is closer to the absolutely safe region in the feature space. Ideally, the score of version v0 code approaches 0, the score of version v2 code approaches 100, and the score of version v1 code will be strictly between the two due to the deviation of its fix trajectory.

[0057] (4) Prior label-based rating confidence calibration: To eliminate the scaling bias between the model's latent space distance and human experts' subjective safety perception, a small-sample validation set is introduced to calibrate the confidence of the quantitative rating. The calibration formula is as follows: ; in, The final safety rating after calibration. The reference benchmark score set for manual review To smooth the calibration coefficients, this calibration mechanism ensures that the relative score of the calculated output closely matches the absolute safety red line in real-world industrial scenarios.

[0058] In this embodiment, in step S105, multiple sets of code to be tested generated by the large model are input into the trained feature extraction network and security scoring module. The security scores of the code to be tested are sorted in descending order of security level to obtain the sorting result of the generated security code.

[0059] Specifically: (1) The M test codes generated by the target large model (M=100 in this embodiment) are denoted as The code is preprocessed in the same way as the code preprocessing in step S1, and then converted into vector form before being input into the trained feature extraction network to obtain fine-grained vulnerability features for each piece of code to be tested. , .

[0060] (2) Based on the vulnerability characteristics, a security level quantification scoring formula is used to obtain a security level score of 0-100 for each piece of code to be tested. .

[0061] (3) Using the quicksort algorithm, the security scores of the M code samples to be tested are sorted in descending order. The sorting rule is: if Then the code to be tested Code in the test list Previously, the code with the highest security score was selected as the most secure code. The output is a sorted list of codes. It also labels the security level score and core vulnerability warnings for each piece of code under test, providing a reference for developers.

[0062] The core vulnerability hints are extracted through the Transformer self-attention mechanism, identifying lines of code or variable names that cause the current code under test to be biased towards dangerous areas in the feature space. This embodiment abandons the traditional, cumbersome explicit graph structure extraction and relies on the multi-head self-attention mechanism within the pre-trained language model to achieve implicit alignment and source localization of fine-grained features.

[0063] The specific implementation process is as follows: (1) Fine-grained implicit feature alignment based on attention mechanism: The code to be tested is converted into a token sequence by lexical parsing and then input into the feature extraction network. In the deep Transformer layer, the self-attention mechanism dynamically calculates the semantic association weight between any two tokens. This mechanism not only captures the contextual dependency of variable references at the token level, but also implicitly learns the control flow logic and syntactic nesting structure of the code (such as if-else branches and loop closures) through the receptive field of the deep network. In this process, the code to be tested is similar to the safety anchors in the latent space, so that the key sensitive tokens that deviate from the safety logic (such as out-of-bounds array indices and uninitialized pointers) are significantly amplified in feature representation.

[0064] (2) Anomaly assessment based on distance metric: Instead of using a hard-class discriminator for prediction, the network inputs the depth-aligned global aggregated features (such as the [CLS] vector) into the aforementioned security scoring module. By calculating the cosine distance between the feature and the cluster center of the security / vulnerability features, a continuous security score is output to determine whether the code has any vulnerabilities or anomalies.

[0065] (3) Local vulnerability localization based on attention weight heatmap: After confirming the existence of a vulnerability in the code (i.e., the security score is lower than the set threshold), a source tracing and localization mechanism is triggered to accurately locate the specific location of the vulnerability. By extracting the attention weight matrix of the feature encoder at the last layer, the attention allocation score of the global aggregation node ([CLS]) for each token in the code sequence is calculated. The top K key tokens or consecutive token spans with the highest scores are mapped back to the corresponding line numbers of the original code to generate a heatmap of the distribution of vulnerability-sensitive areas, thereby achieving accurate and interpretable localization of abnormal segments.

[0066] This embodiment primarily targets programming languages ​​such as Python, Java, and C / C++, covering common vulnerability types including buffer overflows, SQL injection, and cross-site scripting. Furthermore, the model can be expanded to adapt to more programming languages ​​and vulnerability types in security code generation and ranking scenarios by extending the domain-specific sample set. This method performs standardized preprocessing on the code, constructs a contrastive learning task to learn robust code representations, and utilizes a fine-grained feature alignment mechanism to achieve multi-level feature matching and vulnerability localization. Through joint training of the feature encoding layer, contrastive learning layer, and fine-grained discriminant layer, the model significantly improves its accuracy in identifying hidden and subtle vulnerabilities. It can improve detection performance while reducing annotation dependence, making it suitable for automated vulnerability detection, code auditing, and security testing of complex programs, demonstrating strong practicality and generalization capabilities.

[0067] Example 2 This embodiment provides a fine-grained code vulnerability detection and ranking system based on contrastive learning, including: The data acquisition module is configured to acquire a domain sample set containing vulnerable code and the corresponding fully patched, vulnerability-free code. The sample set construction module is configured to generate intermediate patch code in a partially patched state based on vulnerable code and corresponding non-vulnerable code, thereby constructing a ternary code sample set; The training module is configured to perform comparative learning training on the constructed feature extraction network based on a set of ternary code samples. The scoring module is configured to use a trained feature extraction network to extract vulnerability features from the code under test, calculate the similarity between the vulnerability features of the code under test and the vulnerability features of the code with and without vulnerabilities, and score the security level accordingly. The sorting module is configured to sort the security scores of each piece of code to be tested, resulting in a sorted list of codes.

[0068] It should be noted that the above modules correspond to the steps described in Embodiment 1, and the examples and application scenarios implemented by the above modules and the corresponding steps are the same, but are not limited to the content disclosed in Embodiment 1. It should also be noted that the above modules, as part of the system, can be executed in a computer system such as a set of computer-executable instructions.

[0069] In further embodiments, the following is also provided: An electronic device includes a memory and a processor, as well as computer instructions stored in the memory and running on the processor, wherein the computer instructions, when executed by the processor, perform the method described in Embodiment 1. For brevity, further details are omitted here.

[0070] It should be understood that in this embodiment, the processor can be a central processing unit (CPU), or it can be other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. The general-purpose processor can be a microprocessor or any conventional processor, etc.

[0071] Memory may include read-only memory and random access memory, and provides instructions and data to the processor. A portion of memory may also include non-volatile random access memory. For example, memory may also store information about the device type.

[0072] A computer-readable storage medium for storing computer instructions, which, when executed by a processor, perform the method described in Embodiment 1.

[0073] The method in Example 1 can be directly implemented by a hardware processor, or implemented by a combination of hardware and software modules within the processor. The software modules can reside in readily available storage media in the field, such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, or registers. This storage medium is located in memory, and the processor reads information from the memory and, in conjunction with its hardware, completes the steps of the above method. To avoid repetition, a detailed description is not provided here.

[0074] A computer program product includes a computer program that, when executed by a processor, implements the method described in Embodiment 1.

[0075] The present invention also provides at least one computer program product tangibly stored on a non-transitory computer-readable storage medium. The computer program product includes computer-executable instructions, such as instructions included in program modules, which execute in a device on a target real or virtual processor to perform the processes / methods described above. Typically, program modules include routines, programs, libraries, objects, classes, components, data structures, etc., that perform specific tasks or implement specific abstract data types. In various embodiments, the functionality of program modules can be combined or divided among program modules as needed. The machine-executable instructions for the program modules can execute within a local or distributed device. In a distributed device, the program modules can reside in both local and remote storage media.

[0076] The computer program code used to implement the methods of the present invention may be written in one or more programming languages. This computer program code may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, such that when executed by the computer or other programmable data processing device, the program code causes the functions / operations specified in the flowcharts and / or block diagrams to be implemented. The program code may be executed entirely on a computer, partially on a computer, as a stand-alone software package, partially on a computer and partially on a remote computer, or entirely on a remote computer or server.

[0077] In the context of this invention, computer program code or related data may be carried by any suitable carrier to enable a device, apparatus, or processor to perform the various processes and operations described above. Examples of carriers include signals, computer-readable media, and the like. Examples of signals may include electrical, optical, radio, sound, or other forms of propagation signals, such as carrier waves, infrared signals, etc.

[0078] Those skilled in the art will recognize that the units and algorithm steps described in connection with the various examples of this embodiment can be implemented in electronic hardware or a combination of computer software and electronic hardware. Whether these functions are implemented in hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this invention.

[0079] While the specific embodiments of the present invention have been described above in conjunction with the accompanying drawings, this is not intended to limit the scope of protection of the present invention. Those skilled in the art should understand that various modifications or variations that can be made by those skilled in the art without creative effort based on the technical solutions of the present invention are still within the scope of protection of the present invention.

Claims

1. A fine-grained code vulnerability detection and ranking method based on contrastive learning, characterized in that, include: Obtain a domain-specific sample set containing both the vulnerable code and the corresponding fully patched, vulnerability-free code; Based on the vulnerable code and the corresponding vulnerability-free code, intermediate patch code in a partially patched state is generated to construct a ternary code sample set. The constructed feature extraction network is trained through comparative learning based on the ternary code sample set; The trained feature extraction network is used to extract vulnerability features from the code under test. The similarity between the vulnerability features of the code under test and the vulnerability features of the code with and without vulnerabilities is calculated, and the security level is scored accordingly. The security scores of each piece of code to be tested are sorted to obtain a sorted list of codes.

2. The fine-grained code vulnerability detection and ranking method based on contrastive learning as described in claim 1, characterized in that, The process of obtaining the domain-specific sample set is as follows: Select code segments with vulnerabilities and without vulnerabilities from the code samples to form a basic paired sample set; Based on the application domain, programming language, and vulnerability type of the code, the basic pairing sample set is divided into domains, resulting in a domain-specific sample set.

3. The fine-grained code vulnerability detection and ranking method based on contrastive learning as described in claim 1, characterized in that, The training objective of contrastive learning is to maintain a high preset value for the similarity of vulnerability features between vulnerable code and intermediate patch code within the same domain, maintain a low preset value for the similarity of vulnerability features between vulnerable code and non-vulnerable code, and have the similarity of vulnerability features between intermediate patch code and non-vulnerable code fall between the two.

4. The fine-grained code vulnerability detection and ranking method based on contrastive learning as described in claim 1, characterized in that, The similarity between vulnerability features is calculated using cosine similarity: ; in, For cosine similarity, , The vulnerability characteristics of the two sets of code are as follows. It is an L2 norm; and , , , , This is a preset similarity threshold.

5. The fine-grained code vulnerability detection and ranking method based on contrastive learning as described in claim 1, characterized in that, The training loss function for contrastive learning is: ; ; in, These are the loss weighting coefficients; Cross-entropy loss; For the ternary contrast loss function, Temperature coefficient; The similarity of vulnerability features between the vulnerable code and the intermediate patch code; The similarity of vulnerability features between intermediate patch code and vulnerability-free code.

6. The fine-grained code vulnerability detection and ranking method based on contrastive learning as described in claim 1, characterized in that, The calculation process for the safety level score is as follows: ; ; in, Score the initial level of security; Temperature coefficient; The similarity of vulnerability features between the code under test and the code without vulnerabilities; The similarity of vulnerability features between the code under test and the vulnerable code; The final safety rating after calibration. For reference benchmark scoring, For smooth calibration coefficients.

7. A fine-grained code vulnerability detection and ranking system based on contrastive learning, characterized in that, include: The data acquisition module is configured to acquire a domain sample set containing vulnerable code and the corresponding fully patched, vulnerability-free code. The sample set construction module is configured to generate intermediate patch code in a partially patched state based on vulnerable code and corresponding vulnerability-free code, thereby constructing a ternary code sample set; The training module is configured to perform comparative learning training on the constructed feature extraction network based on a set of ternary code samples. The scoring module is configured to use a trained feature extraction network to extract vulnerability features from the code under test, calculate the similarity between the vulnerability features of the code under test and the vulnerability features of the code with and without vulnerabilities, and score the security level accordingly. The sorting module is configured to sort the security scores of each piece of code to be tested, resulting in a sorted list of codes.

8. An electronic device, characterized in that, It includes a memory and a processor, as well as computer instructions stored in the memory and running on the processor, which, when executed by the processor, perform the method according to any one of claims 1-6.

9. A computer-readable storage medium, characterized in that, Used to store computer instructions, which, when executed by a processor, perform the method described in any one of claims 1-6.

10. A computer program product, characterized in that, Includes a computer program, which, when executed by a processor, implements the method described in any one of claims 1-6.