Model correlation knowledge base content detection method and device, electronic equipment and storage medium

By constructing a dual-base mechanism of test knowledge base and scenario application knowledge base, and combining target prompt information and test data, risk content is accurately labeled, solving the problem of scenario-based dynamic detection of large model-related knowledge bases, and improving risk identification rate and detection coverage.

CN122286818APending Publication Date: 2026-06-26CHINA CONSTR BANK CO LTD GUANGDONG BRANCH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
CHINA CONSTR BANK CO LTD GUANGDONG BRANCH
Filing Date
2026-03-19
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

The lack of scenario-based dynamic detection and accurate risk labeling in large-scale model-related knowledge bases results in low risk identification rates and makes it difficult to cover hidden risks in vertical fields.

Method used

A dual-database mechanism is constructed, including a test knowledge base and a scenario application knowledge base. Candidate risk content is identified through target prompt information, test data is generated, and the target-related knowledge base is calibrated based on the test results to achieve accurate risk detection and closed-loop governance.

Benefits of technology

It enhances the security detection capabilities and generalization of large models, enables precise risk mining across industry scenarios and dynamic optimization of knowledge base content, and significantly improves the targeting and coverage of detection.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122286818A_ABST
    Figure CN122286818A_ABST
Patent Text Reader

Abstract

This invention discloses a method, apparatus, electronic device, and storage medium for content detection of a model-associated knowledge base. The method includes: responding to a content detection request for the associated knowledge base of a target model, acquiring a target associated knowledge base for the target model, wherein the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, the test knowledge base storing preset security detection knowledge, and the scenario application knowledge base storing industry security content; determining candidate risk content in the target associated knowledge base based on target prompt information and the target model, and generating test data based on the candidate risk content; testing the target associated knowledge base based on the test data, candidate risk content, and the target model, and calibrating the corresponding target risk content in the target associated knowledge base based on the test results, thereby achieving accurate risk mining across industry scenarios and dynamic optimization of knowledge base content, significantly improving the security detection capability and generalization of the target model.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of artificial intelligence technology, and in particular to a method, apparatus, electronic device, and storage medium for content detection of a model-associated knowledge base. Background Technology

[0002] With the deep application of large-scale models in key areas such as finance and government affairs, their associated knowledge base has become the core for improving professionalism. However, harmful information hidden in the knowledge base can easily lead to the model outputting illegal content, posing a serious security and compliance challenge.

[0003] In related technologies, static keyword filtering or general security datasets are often used to uniformly evaluate models, lacking a mechanism for building differentiated knowledge bases for specific industry scenarios and testing environments. This "one-size-fits-all" detection method is difficult to cover hidden risks in vertical fields and cannot dynamically generate targeted test data according to specific application scenarios, resulting in low risk identification rates. Summary of the Invention

[0004] This invention provides a method, apparatus, electronic device, and storage medium for content detection of a model-related knowledge base, in order to solve the problem of lack of scenario-based dynamic detection and accurate risk labeling in large model-related knowledge bases in related technologies.

[0005] According to one aspect of the present invention, a content detection method for a model-related knowledge base is provided, comprising: In response to a content detection request for the associated knowledge base of the target model, the target associated knowledge base of the target model is obtained, wherein the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, the test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge; Based on the target prompt information and the target model, candidate risk content is determined in the target-related knowledge base, and test data is generated based on the candidate risk content. The target-related knowledge base is tested based on the test data, candidate risk content, and target model. Based on the test results, the corresponding target risk content in the target-related knowledge base is labeled.

[0006] According to another aspect of the present invention, a content detection device for a model-related knowledge base is provided, comprising: The knowledge base acquisition module is used to acquire the target associated knowledge base of the target model in response to the content detection request of the associated knowledge base of the target model. The target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base. The test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge. The test data determination module is used to determine candidate risk content in the target-related knowledge base based on the target prompt information and the target model, and generate test data based on the candidate risk content. The test calibration module is used to test the target-related knowledge base based on the test data, candidate risk content, and the target model, and to calibrate the corresponding target risk content in the target-related knowledge base based on the test results.

[0007] According to another aspect of the present invention, an electronic device is provided, the electronic device comprising: At least one processor; and A memory communicatively connected to the at least one processor; wherein, The memory stores a computer program that can be executed by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the content detection method of the model association knowledge base according to any embodiment of the present invention.

[0008] According to another aspect of the present invention, a computer-readable storage medium is provided, the computer-readable storage medium storing computer instructions, the computer instructions being configured to cause a processor to execute and implement the content detection method of the model association knowledge base according to any embodiment of the present invention.

[0009] According to another aspect of the present invention, embodiments of this disclosure also provide a computer program product, including a computer program that, when executed by a processor, implements the content detection method for a model-associated knowledge base as described in any of the embodiments of this disclosure.

[0010] The technical solution of this invention firstly obtains the target associated knowledge base of the target model in response to a content detection request for the associated knowledge base of the target model. Since the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, with the test knowledge base storing preset security detection knowledge and the scenario application knowledge base storing industry security content knowledge, a dual-base mechanism is constructed to achieve accurate risk detection for both general security and industry scenarios. Next, candidate risk content is determined in the target associated knowledge base based on the target prompt information and the target model. Test data is generated based on the candidate risk content, allowing for dynamic generation of test data based on candidate risks, improving detection targeting and coverage. Finally, the target associated knowledge base is tested based on the test data, candidate risk content, and the target model. The corresponding target risk content in the target associated knowledge base is labeled based on the test results. Accurate labeling of risk content through test feedback achieves closed-loop governance of knowledge base security, solving the problem of lack of scenario-based dynamic detection and accurate risk labeling in large model associated knowledge bases in related technologies. This enables accurate risk mining across industry scenarios and dynamic optimization of knowledge base content, significantly improving the security detection capability and generalization of the target model.

[0011] It should be understood that the description in this section is not intended to identify key or essential features of the embodiments of the present invention, nor is it intended to limit the scope of the invention. Other features of the invention will become readily apparent from the following description. Attached Figure Description

[0012] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0013] Figure 1 This is a flowchart of a content detection method for a model-associative knowledge base provided in Embodiment 1 of the present invention; Figure 2 This is a flowchart of a content detection method for a model-associative knowledge base provided in Embodiment 2 of the present invention; Figure 3 This is a flowchart of a content detection method for a model-associative knowledge base provided in Embodiment 3 of the present invention; Figure 4 This is a schematic diagram of the structure of a content detection device for a model-associative knowledge base according to Embodiment 4 of the present invention; Figure 5 This is a schematic diagram of the structure of an electronic device that implements the content detection method of the model association knowledge base in this embodiment of the invention. Detailed Implementation

[0014] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.

[0015] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0016] It should be noted that the terms "a" and "a plurality of" used in this disclosure are illustrative rather than restrictive, and those skilled in the art should understand that, unless otherwise expressly indicated in the context, they should be understood as "one or more".

[0017] The names of messages or information exchanged between multiple devices in the embodiments of this disclosure are for illustrative purposes only and are not intended to limit the scope of such messages or information.

[0018] It is understood that before using the technical solutions disclosed in the various embodiments of this disclosure, users should be informed of the types, scope of use, and usage scenarios of the personal information involved in this disclosure in an appropriate manner in accordance with relevant laws and regulations, and user authorization should be obtained.

[0019] For example, upon receiving a user's active request, a prompt message is sent to the user to explicitly inform them that the requested operation will require the acquisition and use of the user's personal information. This allows the user to independently choose whether to provide personal information to the software or hardware, such as the electronic device, application, server, or storage medium performing the operations of this disclosed technical solution, based on the prompt message.

[0020] As an optional but non-limiting implementation, in response to a user's active request, sending a prompt message to the user can be done via a pop-up window, where the prompt message can be presented in text format. Furthermore, the pop-up window can also include a selection control allowing the user to choose "agree" or "disagree" to provide personal information to the electronic device.

[0021] It is understood that the above notification and user authorization process are merely illustrative and do not constitute a limitation on the implementation of this disclosure. Other methods that comply with relevant laws and regulations may also be applied to the implementation of this disclosure.

[0022] It is understood that the data involved in this technical solution (including but not limited to the data itself, the acquisition or use of the data) shall comply with the requirements of relevant laws, regulations and related provisions.

[0023] Example 1 Figure 1 The flowchart of the content detection method for a model-associated knowledge base provided in Embodiment 1 of the present invention is applicable to the dynamic risk detection and closed-loop governance of large model knowledge bases in general security and industry scenarios. The method can be executed by a content detection device for a model-associated knowledge base, which can be implemented in hardware and / or software, or optionally through an electronic device, such as a mobile terminal, PC, or server.

[0024] like Figure 1 As shown, the method may specifically include: S110. In response to a content detection request for the associated knowledge base of the target model, obtain the target associated knowledge base of the target model, wherein the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, the test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge.

[0025] The target model can be understood as an AI model (such as a large language model or a multimodal model) whose security (e.g., content generation compliance, risk avoidance capabilities) needs to be tested and evaluated. As the test object, its core function is to receive input and generate output content. The goal is to verify its performance in the face of potential risks (e.g., whether it will generate illegal content) and optimize its risk control capabilities through testing with an associated knowledge base. The associated knowledge base can be understood as an external data repository connected to the target model, allowing it to retrieve and reference data during inference, providing knowledge sources for the target model. The target model needs to select the object for this content detection from multiple knowledge bases. The content detection request can be understood as the initial instruction or signal that triggers the entire security detection process. It can be user-initiated, system-triggered periodically, or a task request automatically generated by security policies. As the starting signal for the entire process, it defines the test object (the associated knowledge base of the target model) and the purpose (content detection), serving as the trigger for all subsequent operations. The target-related knowledge base can be understood as a uniquely bound knowledge base to the target model, specifically linked to the current content detection request. This clarifies the testing scope, avoids confusion between knowledge bases of different models, ensures testing resources are accurately applied to the knowledge base corresponding to the target model, and improves testing efficiency. The target-related knowledge base includes at least a test knowledge base and a scenario application knowledge base. The test knowledge base can be understood as a sub-base within the target-related knowledge base that stores pre-defined security detection knowledge. Its content may include security risk rules (such as criteria for judging violent / pornographic / discriminatory content, malicious instruction interception logic, sensitive word databases, etc.), serving as a basic security benchmark to identify general risks in the target model's output that are not dependent on specific industries (such as "generating violent descriptions" or "spreading false information"), providing a general basis for test data generation and verification of the model's basic security capabilities. The security detection knowledge can be understood as a pre-entered, verified set of general security rules and risk characteristics in the test knowledge base, serving as the "gold standard" for general risk judgment. This ensures that test data covers the most basic violation scenarios and verifies whether the target model possesses "bottom-line security capabilities." The scenario application knowledge base can be understood as a sub-base within the target-related knowledge base that stores industry-specific security content knowledge. This content includes compliance requirements and risk cases specific to certain industries (such as "prohibition of disclosing user account information" in the financial sector, and "prohibition of disseminating unproven treatment methods" in the medical field). This serves as an industry-customized benchmark to identify the unique risks of the target model in vertical scenarios, ensuring that testing aligns with the model's actual application scenarios (such as financial customer service models and medical consultation models), and avoiding vulnerabilities where "general security is qualified but industry-specific violations exist." The industry-specific security content knowledge can be understood as compliance standards, risk point lists, and response rules developed for a specific industry. This provides a basis for industry-specific risk testing, ensuring that the target model's output in vertical scenarios meets industry regulatory requirements, and is the core support for "scenario-based security."

[0026] S120. Based on the target prompt information and the target model, determine candidate risk content in the target association knowledge base, and generate test data based on the candidate risk content.

[0027] The target prompt information can be understood as an initial query instruction, keyword, or intent description used to guide the model to search or filter in the target-related knowledge base. By analyzing the semantics of the target prompt information, it assists in matching corresponding risk rules from the related knowledge base, thereby determining candidate risk content. The candidate risk content can be understood as potential risk points that may cause the target model to output non-compliant content, initially identified based on the target prompt information and the target-related knowledge base (test + scenario knowledge base). This transforms the abstract risk probability into a specific object to be verified, guiding the generation of subsequent test data (designing test cases for candidate risks) and avoiding blind testing. The test data can be understood as specific input test cases designed based on the candidate risk content to trigger the target model's output and verify its security. In this embodiment, by inputting test data into the target model and observing whether its output conforms to security specifications, the core carrier connecting "risk identification" and "result verification" is directly verified whether "candidate risk content will actually cause the model to violate regulations."

[0028] In one optional implementation, the target prompt information includes a sensitive prompt word library and test prompt words, which can consist of multiple keywords. The target prompt information can be in various combination modes such as single characters, words, sentences, images, voice, and video. The keyword data mainly comes from batch initialization, periodic synchronization, and manual entry, and is mainly used for target-related knowledge base slice content retrieval.

[0029] In this embodiment, target prompt information can be pre-set, which includes target keywords for multiple query scenarios. During a preset time period, knowledge slices from the target-related knowledge base are retrieved according to the set target keywords at a predetermined frequency.

[0030] Based on the above scheme, optionally, the target-related knowledge base includes multiple knowledge fragments; the step of determining candidate risk content in the target-related knowledge base according to the target prompt information and the target model includes: determining a first fragment from the multiple knowledge fragments in the target-related knowledge base according to the target prompt information, a preset number of recall entries, and the target model; determining a second fragment according to the first fragment and the number of floating fragments respectively; determining the target fragment content according to the second fragment; and determining candidate risk content according to the target fragment content.

[0031] The knowledge fragment can be understood as the smallest knowledge unit in the target-related knowledge base, corresponding to an independent security rule, risk case, or industry compliance requirement. It can be obtained by slicing the target-related knowledge base, serving as the basic carrier of knowledge. This breaks down complex security knowledge into searchable and combinable units, facilitating precise location of risk rules related to the current prompt information through "fragment-level" operations, thus improving the efficiency of risk identification. The number of recalled entries can be understood as the maximum number of fragments pre-set when filtering fragments related to the target prompt information from multiple knowledge fragments in the target-related knowledge base. This serves as a retrieval scope controller, preventing the return of too many irrelevant or redundant knowledge fragments. The first fragment can be understood as the Top N knowledge fragments most relevant to the target prompt information, initially selected from multiple knowledge fragments in the target-related knowledge base based on the target prompt information and the "pre-set number of recalled entries." These serve as the initial anchor point for risk identification. Through the constraint of the prompt information and the number of recalled entries, the knowledge scope is quickly narrowed, locating a potentially relevant candidate set from a massive number of knowledge fragments, providing a foundation for subsequent floating expansion. The floating fragment number can be understood as the number of knowledge fragments that can be extended forward, backward, or to the surrounding areas based on the first fragment, or the number of additional fragments retrieved from related content slices. These fragments do not need to be adjacent to the first slice (e.g., a floating fragment number of 2 means extending two adjacent fragments from the position of the first fragment into the order / association of the knowledge base). This addresses potential association risks that the first fragment might miss due to exact matching, ensuring the completeness of risk identification. The second fragment can be understood as a set of knowledge fragments expanded based on the position of the first fragment and the floating fragment number. This expands the knowledge outside the boundaries of the first fragment, covering potential association risks not included in the first fragment, and avoiding missed detection of implicit risks caused by scattered rules. The target fragment content can be understood as a structured set of risk rules strongly related to the current target prompt information, formed after content extraction, deduplication, merging, or semantic integration of the knowledge fragments in the second fragment. This set integrates the scattered second fragment content into target content that can be directly used for risk assessment, eliminating redundancy, strengthening relevance, and providing a clear rule basis for determining subsequent candidate risk content.

[0032] An optional implementation method for target-related knowledge base retrieval includes, but is not limited to: 1) retrieving variables from the vector knowledge base based on the content of the target prompt information, including multiple combination modes such as single characters, words, sentences, images, audio, and video; 2) maximum number of recalled entries: the maximum number of entries recalled by the target-related knowledge base; 3) filtering threshold: the knowledge base will only recall results with scores higher than a preset threshold; 4) number of floating segments: after a segment is hit, several segments are simultaneously expanded upwards and merged, and the number of segments expanded downwards: after a segment is hit, several segments are simultaneously expanded downwards and merged to ensure the integrity of the knowledge base.

[0033] This technical solution employs a phased segment selection and dynamic quantity adjustment mechanism. First, a first segment is initially recalled based on a preset number of recall items. Then, a second segment is flexibly obtained by combining the floating number of segments. This approach can improve the completeness and accuracy of knowledge segment matching while ensuring retrieval efficiency, avoiding missed detections or redundancy. This allows for precise location of candidate risky content and enhances the reliability and scenario adaptability of the model's security detection.

[0034] S130. Test the target-related knowledge base based on the test data, candidate risk content and the target model, and label the corresponding target risk content in the target-related knowledge base based on the test results.

[0035] The test results can be understood as the risk assessment and verification results obtained after testing the target-related knowledge base. These results determine whether a certain knowledge fragment is ultimately identified as a risk, serving as a labeling basis to confirm target risk content and guide labeling operations. The target risk content can be understood as the knowledge content that, after verification by test data and ultimately confirmed based on the test results, will indeed cause the model to produce harmful, illegal, or erroneous outputs. It is a subset of candidate risk content. Only candidate risks labeled as target risk content will be included in the enhanced management of the knowledge base, ensuring that the knowledge base focuses on factors affecting the security of the target model. Labeling can be understood as the operation of marking, annotating, and defining attributes of target risk content based on the test results, to complete the marking and updating of risk content in the target-related knowledge base, thereby achieving knowledge base security governance.

[0036] Based on the above scheme, optionally, after labeling the target risk content in the target-related knowledge base according to the test results, the method further includes: classifying the target risk content to obtain the risk level and risk behavior type of the target risk content.

[0037] The classification can be understood as the process of categorizing and classifying the identified target risk content according to preset standards (such as risk severity and risk manifestation), refining the risk attributes of the target risk content, and systematizing and organizing the scattered target risk content to facilitate subsequent targeted risk management and improve the efficiency of knowledge base security governance. The risk level can be understood as a comprehensive assessment result of the degree of harm, probability of occurrence, and scope of impact of the target risk content. The risk behavior type can be understood as a classification label for the illegal nature or behavioral pattern of the target risk content, reflecting the specific manifestation of the risk. Through behavior type identification, the risk "lesions" of the target model can be quickly located, providing precise direction for subsequent optimization of model training data and supplementation of knowledge base rules. For example, the risk level may include, but is not limited to, high / medium / low, and the risk behavior type may include, but is not limited to, malicious guidance / sensitive information leakage / false advertising, etc.

[0038] By adopting this technical solution, risk management can be refined by classifying the target risk content into risk levels and risk behavior types, which facilitates subsequent graded handling and precise interception, and improves the efficiency of knowledge base governance and the effectiveness of model security control.

[0039] Based on the above scheme, optionally, after labeling the target risk content in the target-related knowledge base according to the test results, the method further includes: isolating the target risk content in the target-related knowledge base.

[0040] Specifically, firstly, based on the calibration results, the unique index of the target risk content in the target associated knowledge base and its corresponding knowledge fragment ID are obtained; then, in the retrieval index or routing table of the target associated knowledge base, these IDs are marked as "isolated" or "disabled," so that in subsequent inference services, even if the target model initiates a retrieval request, the retrieval of these fragments will be automatically blocked by a pre-set filtering interceptor; at the same time, the isolated fragments are physically migrated to the "isolation zone" database or backup table, and their mapping relationship with the main index is removed, thereby achieving dual isolation of risk content at both the logical and physical levels, ensuring that the model can no longer access the calibrated risk knowledge.

[0041] By adopting this technical solution, risky content that is identified and isolated in real time can be blocked from accessing the model at both the logical and physical levels, thus preventing the spread of illegal information from the source and significantly improving the security and controllability of the system.

[0042] The technical solution of this invention firstly obtains the target associated knowledge base of the target model in response to a content detection request for the associated knowledge base of the target model. Since the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, with the test knowledge base storing preset security detection knowledge and the scenario application knowledge base storing industry security content knowledge, a dual-base mechanism is constructed to achieve accurate risk detection for both general security and industry scenarios. Next, candidate risk content is determined in the target associated knowledge base based on the target prompt information and the target model. Test data is generated based on the candidate risk content, allowing for dynamic generation of test data based on candidate risks, improving detection targeting and coverage. Finally, the target associated knowledge base is tested based on the test data, candidate risk content, and the target model. The corresponding target risk content in the target associated knowledge base is labeled based on the test results. Accurate labeling of risk content through test feedback achieves closed-loop governance of knowledge base security, solving the problem of lack of scenario-based dynamic detection and accurate risk labeling in large model associated knowledge bases in related technologies. This enables accurate risk mining across industry scenarios and dynamic optimization of knowledge base content, significantly improving the security detection capability and generalization of the target model.

[0043] Example 2 Figure 2 This is a flowchart of a content detection method for a model-associated knowledge base provided in Embodiment 2 of the present invention. This embodiment is a further refinement of the testing of the target associated knowledge base based on the test data, candidate risk content, and the target model, building upon the previous embodiments. Optionally, testing the target associated knowledge base based on the test data, candidate risk content, and the target model includes: determining target test prompt information based on the test data and the candidate risk content, and testing the target associated knowledge base based on the target test prompt information and the target model. For detailed implementation, please refer to the description of this embodiment. Technical features that are the same as or similar to those in the foregoing embodiments will not be repeated here.

[0044] like Figure 2 As shown, the method may specifically include: S210. In response to a content detection request for the associated knowledge base of the target model, obtain the target associated knowledge base of the target model, wherein the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, the test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge.

[0045] S220. Based on the target prompt information and the target model, determine candidate risk content in the target association knowledge base, and generate test data based on the candidate risk content.

[0046] S230. Determine target test prompt information based on the test data and the candidate risk content; test the target-related knowledge base based on the target test prompt information and the target model; and label the corresponding target risk content in the target-related knowledge base based on the test results.

[0047] The target test prompt information can be understood as a prompt text or instruction used to guide the target model to conduct security testing on the target-related knowledge base, based on a logical combination and formatted encapsulation of test data and candidate risk content. In other words, it verifies whether "bad knowledge" truly leads to "bad output." The target test prompt information is the core trigger instruction for the test, clarifying the direction and content of the test.

[0048] Based on the above scheme, optionally, the step of determining the target test prompt information according to the test data and the candidate risk content includes: determining the first test prompt information according to the test data, generating the second test prompt information according to the candidate risk content, and determining the target test prompt information according to the first test prompt information and the second test prompt information.

[0049] The first test prompt information can be understood as initial test prompt information generated solely based on test data, containing core test tasks or scenarios. It serves as the skeleton of the target test prompt information, defining the core direction of the test and ensuring that the test does not deviate from the preset test data scenario. However, due to the lack of contextual details, it may not fully trigger the target model's response to specific risk content. The second test prompt information can be understood as being generated based on candidate risk content, used to supplement the contextual information of the first test prompt information, filling in the detailed gaps in the first test prompt information, and making the test prompt information closer to the risk triggering conditions in real-world scenarios. For example, the target test prompt information can be determined directly by summarizing the candidate risk content and combining it with the first test prompt information.

[0050] By adopting this technical solution, test prompts are split into basic prompts and supplementary prompts, which not only ensures the standardization and stability of the test by relying on test data, but also enhances the targeting and contextual completeness by combining candidate risk content. This makes the target test prompts more comprehensive and reasonable, effectively improving the accuracy and coverage of the test.

[0051] The technical solution of this invention constructs target prompt information by integrating test data and candidate risk content, simulates complex interactions in real retrieval enhancement generation scenarios, accurately triggers potential risks of the model in specific knowledge contexts, ensures the depth of test coverage and the authenticity of risk reproduction, and improves the reliability of evaluation results.

[0052] Example 3 Figure 3This is a flowchart of a content detection method for a model-associated knowledge base provided in Embodiment 3 of the present invention. This embodiment further supplements the above embodiments by labeling the target risk content corresponding to the target associated knowledge base based on test results. Optionally, after labeling the target risk content corresponding to the target associated knowledge base based on test results, the method further includes: determining a structured test dataset based on the test results, the test data, the target prompt information, and the target risk content. For detailed implementation, please refer to the description of this embodiment. Technical features that are the same as or similar to those in the foregoing embodiments will not be repeated here.

[0053] like Figure 3 As shown, the method may specifically include: S310. In response to a content detection request for the associated knowledge base of the target model, obtain the target associated knowledge base of the target model, wherein the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, the test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge.

[0054] S320. Based on the target prompt information and the target model, determine candidate risk content in the target association knowledge base, and generate test data based on the candidate risk content.

[0055] S330. Test the target-related knowledge base based on the test data, candidate risk content and the target model, and label the corresponding target risk content in the target-related knowledge base based on the test results.

[0056] S340. Determine a structured test dataset based on the test results, the test data, the target prompt information, and the target risk content.

[0057] The test dataset can be understood as a collection formed by standardizing, mapping, and formatting the above four elements (test results, test data, target prompt information, and target risk content) according to a predefined schema. It is no longer a scattered test log, but has clear fields.

[0058] Based on the above scheme, optionally, the target-related knowledge base includes multiple knowledge fragments; the step of determining a structured test dataset based on the test results, the test data, the target prompt information, and the candidate risk content includes: when the test results indicate an anomaly, determining the target anomaly fragment identified from the multiple knowledge fragments in the target-related knowledge base based on the test results; obtaining a first identifier of the target anomaly fragment, a second identifier of the target prompt information corresponding to the target anomaly fragment, and a third identifier of the test data corresponding to the target anomaly fragment; filling the first identifier, the second identifier, the test data, the third identifier, and the test results into a preset data information template to obtain a structured test dataset.

[0059] The anomaly can be understood as a state in the test results indicating that the target associated knowledge base has security risks or has failed the security test. This means the test verifies that the knowledge base content contains violations, sensitivities, or other non-compliance with security requirements, thus clarifying the focus of the structured test dataset (only focusing on the anomaly scenario) and ensuring the dataset accurately covers the knowledge base's risk vulnerabilities. The target anomaly fragment can be understood as a knowledge fragment directly related to the anomaly (i.e., the specific rule / case that caused the target model to output a violation) located from multiple knowledge fragments in the target associated knowledge base when an anomaly exists. By locating the target anomaly fragment, it is clear which rule is invalid / not covered or which knowledge in the target associated knowledge base has problems, leading to the output of risky content. The first identifier can be understood as a unique identifier (such as ID, index number, hash value, etc.) for the target anomaly fragment in the target associated knowledge base, used to uniquely identify the knowledge fragment for quick location of the corresponding content in the target associated knowledge base. The second identifier can be understood as a unique identifier for the target prompt information corresponding to the target anomaly fragment. It is used to uniquely identify the target prompt information and associate it with the "anomaly rule" and "test scenario" in the structured dataset, clarifying "which scenario's test triggered the anomaly corresponding to the rule." The third identifier can be understood as a unique identifier for the test data corresponding to the target anomaly fragment. It is used to uniquely identify the test data and associate it with the "anomaly rule" and "test input" in the structured dataset, clarifying "which test data triggered the anomaly corresponding to the rule." The data information template can be understood as a predefined fixed format framework (such as table column names, JSON keys, database table structure, etc.) used to organize the structured test dataset. It specifies the fields that need to be filled in (such as the first identifier, second identifier, test data, third identifier, test result), serving as the "structural specification" of the dataset. This ensures that the information of different test cases is organized in a unified format, enabling machine-readable, analyzable, and callable data, and avoiding the chaos of unstructured data.

[0060] By adopting this technical solution, the target knowledge fragments that cause anomalies are accurately located and structurally associated with test data, prompts, and results, a test dataset with full-link traceability is constructed. This not only clearly attributes the root cause of the model's anomalies to the knowledge base, but also provides high-quality, quantifiable data support for subsequent precise iteration of the knowledge base and model optimization.

[0061] The technical solution of this invention integrates test results, test data, target prompt information and target risk content to construct a structured test dataset with full-link association. This not only enables traceability from input scenario to abnormal result, but also provides standardized and reusable data support for subsequent precise iteration of knowledge base and safe optimization of model.

[0062] Example 4 Figure 4 This is a schematic diagram of the structure of a content detection device for a model-associative knowledge base provided in Embodiment 4 of the present invention. Figure 4 As shown, the device includes: a knowledge base acquisition module 410, a test data determination module 420, and a test calibration module 430. Among them, The knowledge base acquisition module 410 is used to acquire the target associated knowledge base of the target model in response to a content detection request for the associated knowledge base of the target model. The target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base. The test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge. The test data determination module 420 is used to determine candidate risk content in the target associated knowledge base based on the target prompt information and the target model, and generate test data based on the candidate risk content. The test calibration module 430 is used to test the target associated knowledge base based on the test data, the candidate risk content, and the target model, and calibrate the corresponding target risk content in the target associated knowledge base based on the test results.

[0063] The technical solution of this invention firstly involves a knowledge base acquisition module responding to a content detection request for the associated knowledge base of the target model, thereby acquiring the target associated knowledge base of the target model. Since the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, with the test knowledge base storing preset security detection knowledge and the scenario application knowledge base storing industry-specific security knowledge, a dual-base mechanism is constructed to achieve accurate risk detection for both general security and industry-specific scenarios. Next, a test data determination module determines candidate risk content in the target associated knowledge base based on the target prompt information and the target model, and generates test data based on the candidate risk content. The data can dynamically generate test data based on candidate risks, improving the targeting and coverage of detection. Finally, the test calibration module tests the target-related knowledge base based on the test data, candidate risk content, and the target model. Based on the test results, the corresponding target risk content in the target-related knowledge base is calibrated. Through test feedback, the risk content is accurately calibrated, realizing closed-loop governance of knowledge base security. This solves the problem of lack of scenario-based dynamic detection and accurate risk calibration in large model-related knowledge bases in related technologies. It realizes accurate risk mining and dynamic optimization of knowledge base content across industry scenarios, significantly improving the security detection capability and generalization of the target model.

[0064] Optionally, the test calibration module includes a test submodule. The test submodule is used to determine target test prompt information based on the test data and the candidate risk content, and to test the target-related knowledge base based on the target test prompt information and the target model.

[0065] Optionally, the testing submodule includes a test prompt information determination unit. This unit is configured to determine first test prompt information based on the test data, generate second test prompt information based on the candidate risk content, and determine target test prompt information based on the first and second test prompt information; wherein the second test prompt information is used to supplement the context information of the first test prompt information.

[0066] Optionally, the content detection device for the model-associated knowledge base includes a test dataset determination module. This test dataset determination module is used to determine a structured test dataset based on the test results, the test data, the target prompt information, and the target risk content, after the target risk content in the target-associated knowledge base has been labeled according to the test results.

[0067] Optionally, the target-related knowledge base includes multiple knowledge fragments; the test dataset determination module is specifically used to determine the target abnormal fragment identified from the multiple knowledge fragments in the target-related knowledge base based on the test result when the test result indicates an anomaly; obtain a first identifier of the target abnormal fragment, a second identifier of the target prompt information corresponding to the target abnormal fragment, and a third identifier of the test data corresponding to the target abnormal fragment; and fill the first identifier, the second identifier, the test data, the third identifier, and the test result into a preset data information template to obtain a structured test dataset.

[0068] Optionally, the target-related knowledge base includes multiple knowledge fragments; the test data determination module includes a candidate risk content determination submodule. The candidate risk content determination submodule is used to determine a first fragment from the multiple knowledge fragments in the target-related knowledge base based on target prompt information, a preset number of recall entries, and a target model; determine a second fragment based on the first fragment and the number of floating fragments; determine the target fragment content based on the second fragment; and determine candidate risk content based on the target fragment content.

[0069] Optionally, the content detection device for the model-associated knowledge base includes a classification module. Specifically, the classification module is used to classify the target risk content after the target risk content in the target-associated knowledge base is labeled according to the test results, thereby obtaining the risk level and risk behavior type of the target risk content.

[0070] The content detection device for the model-related knowledge base provided in this embodiment of the invention can execute the content detection method for the model-related knowledge base provided in any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the method.

[0071] Example 5 Figure 5 A schematic diagram of an electronic device 10, which can be used to implement embodiments of the present invention, is shown. The electronic device is intended to represent various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. The electronic device can also represent various forms of mobile devices, such as personal digital processors, cellular phones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions are merely illustrative and are not intended to limit the implementation of the invention described and / or claimed herein.

[0072] like Figure 5As shown, the electronic device 10 includes at least one processor 11 and a memory, such as a read-only memory (ROM) 12 or a random access memory (RAM) 13, communicatively connected to the at least one processor 11. The memory stores computer programs executable by the at least one processor. The processor 11 can perform various appropriate actions and processes based on the computer program stored in the ROM 12 or loaded from storage unit 18 into the RAM 13. The RAM 13 can also store various programs and data required for the operation of the electronic device 10. The processor 11, ROM 12, and RAM 13 are interconnected via a bus 14. An input / output (I / O) interface 15 is also connected to the bus 14.

[0073] Multiple components in electronic device 10 are connected to I / O interface 15, including: input unit 16, such as keyboard, mouse, etc.; output unit 17, such as various types of displays, speakers, etc.; storage unit 18, such as disk, optical disk, etc.; and communication unit 19, such as network card, modem, wireless transceiver, etc. Communication unit 19 allows electronic device 10 to exchange information / data with other devices through computer networks such as the Internet and / or various telecommunications networks.

[0074] Processor 11 can be a variety of general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of processor 11 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various special-purpose artificial intelligence (AI) computing chips, various processors running machine learning model algorithms, a digital signal processor (DSP), and any suitable processor, controller, microcontroller, etc. Processor 11 performs the various methods and processes described above, such as a content detection method for a model-associated knowledge base.

[0075] In particular, according to embodiments of the present invention, the processes described above with reference to the flowcharts can be implemented as computer software programs. For example, embodiments of the present invention include a computer program product comprising a computer program carried on a non-transitory computer-readable medium, the computer program containing program code for performing the methods shown in the flowcharts. In such embodiments, the computer program can be downloaded and installed from a network via communication unit 19, or installed from storage unit 18, or installed from ROM 12. When the computer program is executed by processor 11, it performs the functions defined in the methods of the embodiments of the present invention.

[0076] In some embodiments, a content detection method for a model-association knowledge base may be implemented as a computer program tangibly contained in a computer-readable storage medium, such as storage unit 18. In some embodiments, part or all of the computer program may be loaded and / or installed on electronic device 10 via ROM 12 and / or communication unit 19. When the computer program is loaded into RAM 13 and executed by processor 11, one or more steps of the content detection method for a model-association knowledge base described above may be performed. Alternatively, in other embodiments, processor 11 may be configured to perform a content detection method for a model-association knowledge base by any other suitable means (e.g., by means of firmware).

[0077] Various embodiments of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), systems-on-a-chip (SoCs), complex programmable logic devices (CPLDs), computer hardware, firmware, software, and / or combinations thereof. These various embodiments may include implementations in one or more computer programs that can be executed and / or interpreted on a programmable system including at least one programmable processor, which may be a dedicated or general-purpose programmable processor, capable of receiving data and instructions from a storage system, at least one input device, and at least one output device, and transmitting data and instructions to the storage system, the at least one input device, and the at least one output device.

[0078] Computer programs used to implement the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, such that when executed by the processor, the computer programs cause the functions / operations specified in the flowcharts and / or block diagrams to be performed. The computer programs may be executed entirely on a machine, partially on a machine, or as a standalone software package, partially on a machine and partially on a remote machine, or entirely on a remote machine or server.

[0079] In the context of this invention, a computer-readable storage medium can be a tangible medium that may contain or store a computer program for use by or in conjunction with an instruction execution system, apparatus, or device. A computer-readable storage medium may include, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination thereof. Alternatively, a computer-readable storage medium may be a machine-readable signal medium. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fibers, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof.

[0080] To provide interaction with a user, the systems and techniques described herein can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user; and a keyboard and pointing device (e.g., a mouse or trackball) through which the user provides input to the electronic device. Other types of devices can also be used to provide interaction with the user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form (including sound input, voice input, or tactile input).

[0081] The systems and technologies described herein can be implemented in computing systems that include backend components (e.g., as data servers), or middleware components (e.g., application servers), or frontend components (e.g., user computers with graphical user interfaces or web browsers through which users can interact with implementations of the systems and technologies described herein), or any combination of such backend, middleware, or frontend components. The components of the system can be interconnected via digital data communication of any form or medium (e.g., communication networks). Examples of communication networks include local area networks (LANs), wide area networks (WANs), blockchain networks, and the Internet.

[0082] A computing system can include clients and servers. Clients and servers are generally located far apart and typically interact through communication networks. The client-server relationship is created by computer programs running on the respective computers and having a client-server relationship with each other. The server can be a cloud server, also known as a cloud computing server or cloud host, which is a hosting product within the cloud computing service system to address the shortcomings of traditional physical hosts and VPS services, such as high management difficulty and weak business scalability.

[0083] It should be understood that the various forms of processes shown above can be used, with steps reordered, added, or deleted. For example, the steps described in this invention can be executed in parallel, sequentially, or in different orders, as long as the desired result of the technical solution of this invention can be achieved, and this is not limited herein.

[0084] The specific embodiments described above do not constitute a limitation on the scope of protection of this invention. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can be made according to design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this invention should be included within the scope of protection of this invention.

Claims

1. A content detection method for a model-associative knowledge base, characterized in that, include: In response to a content detection request for the associated knowledge base of the target model, the target associated knowledge base of the target model is obtained, wherein the target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base, the test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge; Based on the target prompt information and the target model, candidate risk content is determined in the target-related knowledge base, and test data is generated based on the candidate risk content. The target-related knowledge base is tested based on the test data, candidate risk content, and target model. Based on the test results, the corresponding target risk content in the target-related knowledge base is labeled.

2. The method according to claim 1, characterized in that, The step of testing the target-related knowledge base based on the test data, candidate risk content, and the target model includes: Based on the test data and the candidate risk content, target test prompt information is determined, and the target-related knowledge base is tested based on the target test prompt information and the target model.

3. The method according to claim 2, characterized in that, The step of determining the target test prompt information based on the test data and the candidate risk content includes: A first test prompt is determined based on the test data, a second test prompt is generated based on the candidate risk content, and a target test prompt is determined based on the first and second test prompts; wherein, the second test prompt is used to supplement the context information of the first test prompt.

4. The method according to claim 1, characterized in that, After labeling the corresponding target risk content in the target-related knowledge base based on the test results, the method further includes: A structured test dataset is determined based on the test results, the test data, the target prompt information, and the target risk content.

5. The method according to claim 4, characterized in that, The target-related knowledge base includes multiple knowledge fragments; the step of determining a structured test dataset based on the test results, the test data, the target prompt information, and the candidate risk content includes: If the test result indicates an anomaly, the abnormal target fragment is identified from among the multiple knowledge fragments in the target-related knowledge base based on the test result. Obtain the first identifier of the target abnormal segment, the second identifier of the target prompt information corresponding to the target abnormal segment, and the third identifier of the test data corresponding to the target abnormal segment; The first identifier, the second identifier, the test data, the third identifier, and the test results are filled into a preset data information template to obtain a structured test dataset.

6. The method according to claim 1, characterized in that, The target-related knowledge base includes multiple knowledge fragments; the step of determining candidate risk content in the target-related knowledge base based on target prompt information and the target model includes: Based on the target prompt information, the preset number of recall items, and the target model, the first fragment is determined from multiple knowledge fragments in the target-related knowledge base; The second segment is determined based on the number of the first segment and the number of floating segments, respectively; The target segment content is determined based on the second segment, and candidate risk content is determined based on the target segment content.

7. The method according to claim 1, characterized in that, After labeling the corresponding target risk content in the target-related knowledge base based on the test results, the method further includes: The target risk content is classified to obtain the risk level and risk behavior type of the target risk content.

8. A content detection device for a model-associative knowledge base, characterized in that, include: The knowledge base acquisition module is used to acquire the target associated knowledge base of the target model in response to the content detection request of the associated knowledge base of the target model. The target associated knowledge base includes at least a test knowledge base and a scenario application knowledge base. The test knowledge base stores preset security detection knowledge, and the scenario application knowledge base stores industry security content knowledge. The test data determination module is used to determine candidate risk content in the target-related knowledge base based on the target prompt information and the target model, and generate test data based on the candidate risk content. The test calibration module is used to test the target-related knowledge base based on the test data, candidate risk content, and the target model, and to calibrate the corresponding target risk content in the target-related knowledge base based on the test results.

9. An electronic device, characterized in that, The electronic device includes: At least one processor; and A memory communicatively connected to the at least one processor; wherein, The memory stores a computer program that can be executed by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the content detection method of the model association knowledge base according to any one of claims 1-7.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions that cause a processor to execute the content detection method for the model association knowledge base as described in any one of claims 1-7.