A vulnerability sample generation method, device, equipment and storage medium

By combining a general editing template and a location model, the problem of insufficient authenticity and location accuracy of vulnerability samples in existing technologies is solved, enabling more precise vulnerability injection.

CN122333482APending Publication Date: 2026-07-03HANGZHOU NETEASE CLOUD MUSIC TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HANGZHOU NETEASE CLOUD MUSIC TECH CO LTD
Filing Date
2026-04-03
Publication Date
2026-07-03

Smart Images

  • Figure CN122333482A_ABST
    Figure CN122333482A_ABST
Patent Text Reader

Abstract

This application provides a method, apparatus, device, and storage medium for generating vulnerability samples. The generation method can determine the editing pattern for injecting security vulnerabilities into normal code samples based on a general editing template summarized from real vulnerability patching history, and determine the location of the security vulnerabilities injected into normal code samples based on a pre-trained localization model. Thus, by working together with the general editing template and the localization model, the authenticity of vulnerability injection and the accuracy of vulnerability injection location are effectively improved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of software security technology, and more specifically, to a method, apparatus, device, and storage medium for generating vulnerability samples. Background Technology

[0002] The continued development of the software security field relies heavily on a deep understanding of vulnerabilities and efficient detection tools. In order to train detection tools to accurately identify code statements injected with security vulnerabilities, it is necessary to pre-generate vulnerability samples containing security vulnerabilities as training data for the aforementioned detection tools.

[0003] Currently, existing vulnerability sample generation methods mainly simulate the process of injecting security vulnerabilities into normal code through random mutation, simple rule replacement, or errors based on fuzzing, thereby obtaining normal code with injected vulnerabilities as the currently automatically generated vulnerability samples. However, on the one hand, since the security vulnerabilities generated by the above-mentioned existing technologies are often just simple errors at the syntax or structural level, the generated vulnerability samples suffer from insufficient realism. On the other hand, since the injection location of the security vulnerabilities generated by the above-mentioned existing technologies in normal code is randomly determined, the existing technologies cannot accurately simulate the risk distribution characteristics that real vulnerabilities tend to appear in specific logical contexts (such as resource management, boundary checks, etc.). Summary of the Invention

[0004] In view of this, this application provides a method, apparatus, device, and storage medium for generating vulnerability samples. It can determine the editing pattern for injecting security vulnerabilities into normal code samples based on a general editing template summarized from real vulnerability patching history, and determine the location of the security vulnerabilities injected into normal code samples based on a pre-trained localization model. Thus, by working together with the general editing template and the localization model, the authenticity of vulnerability injection and the accuracy of vulnerability injection location are effectively improved.

[0005] To make the above-mentioned objectives, features and advantages of this application more apparent and understandable, preferred embodiments are described below in detail with reference to the accompanying drawings.

[0006] In a first aspect, embodiments of this application provide a method for generating vulnerability samples, the method comprising: From multiple sets of target code pairs, multiple editing operation instructions corresponding to multiple vulnerability introduction operations are extracted, and a general editing template corresponding to the multiple editing operation instructions is generated; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; Normal code samples are input into a pre-trained localization model. The localization model predicts the probability of modification of each code statement in the normal code samples and outputs the target code statement. The normal code samples are code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted probability of modification satisfies a first preset condition. According to the general editing template, the target code statement in the normal code sample is edited to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

[0007] Secondly, embodiments of this application provide a vulnerability sample generation apparatus, the generation apparatus comprising: The template generation module is used to extract multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, and generate a general editing template corresponding to the multiple editing operation instructions; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; The location determination module is used to input normal code samples into a pre-trained location model, predict the modification probability of each code statement in the normal code sample through the location model, and output the target code statement; wherein, the normal code sample is code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted modification probability is greater than or equal to a preset threshold. The pattern determination module is used to edit the target code statement in the normal code sample according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

[0008] Thirdly, embodiments of this application provide an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the steps of the above-described vulnerability sample generation method.

[0009] Fourthly, embodiments of this application provide a computer-readable storage medium storing a computer program, which, when executed by a processor, performs the steps of the above-described method for generating vulnerability samples.

[0010] The technical solutions provided by the embodiments of this application may include the following beneficial effects: The present application provides a method, apparatus, device, and storage medium for generating vulnerability samples. Based on a general editing template summarized from real vulnerability remediation history, it can determine the editing mode for injecting security vulnerabilities into normal code samples and determine the location of the injected security vulnerabilities in normal code samples based on a pre-trained localization model. Thus, by working in conjunction with the general editing template and the localization model, it effectively improves the authenticity of vulnerability injection and the accuracy of vulnerability injection location. Attached Figure Description

[0011] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0012] Figure 1 A flowchart illustrating a method for generating a vulnerability sample according to an embodiment of this application is shown. Figure 2 A flowchart illustrating a method for editing target code statements according to an embodiment of this application is shown; Figure 3 A schematic diagram of a vulnerability sample generation apparatus provided in an embodiment of this application is shown. Figure 4 This is a schematic diagram of the structure of an electronic device 400 provided in an embodiment of this application. Detailed Implementation

[0013] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. It should be understood that the accompanying drawings in this application are for illustrative and descriptive purposes only and are not intended to limit the scope of protection of this application. Furthermore, it should be understood that the schematic drawings are not drawn to scale. The flowcharts used in this application illustrate operations implemented according to some embodiments of this application. It should be understood that the operations in the flowcharts may not be implemented in sequence, and steps without logical contextual relationships may be reversed or implemented simultaneously. In addition, those skilled in the art, guided by the content of this application, may add one or more other operations to the flowcharts, or remove one or more operations from the flowcharts.

[0014] Furthermore, the described embodiments are merely some, not all, of the embodiments of this application. The components of the embodiments of this application described and illustrated herein can typically be arranged and designed in various different configurations. Therefore, the following detailed description of the embodiments of this application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely to illustrate selected embodiments of the application. All other embodiments obtained by those skilled in the art based on the embodiments of this application without inventive effort are within the scope of protection of this application.

[0015] It should be noted that the term "comprising" will be used in the embodiments of this application to indicate the presence of the features declared thereafter, but does not exclude the addition of other features.

[0016] In one embodiment of this application, a method for generating a vulnerability sample can run on a terminal device or a server. The terminal device can be a local terminal device. When the vulnerability sample generation method runs on a server, it can be implemented and executed based on a cloud interaction system, which includes a server and client devices (i.e., terminal devices).

[0017] To facilitate understanding of the embodiments of this application, a method, apparatus, device, and storage medium for generating vulnerability samples provided in the embodiments of this application will be described in detail below.

[0018] Reference Figure 1 As shown, Figure 1 The diagram illustrates a flowchart of a vulnerability sample generation method provided in an embodiment of this application, wherein the generation method includes steps S101-S103; specifically: S101, extract multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, and generate a general editing template corresponding to the multiple editing operation instructions.

[0019] Here, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; wherein, in this embodiment of the application, the historical code before patching (i.e., historical code containing security vulnerabilities) and the patching result of the historical code (i.e., the repair code obtained after patching the vulnerabilities in the historical code) can be obtained from the real vulnerability patching history as a set of target code pairs.

[0020] Here, the vulnerability introduction operation is determined based on the security vulnerabilities contained in the aforementioned historical code; that is, the vulnerability introduction operation refers to a series of code editing operations (such as maliciously modifying a certain code statement in normal code) to inject security vulnerabilities into a piece of normal code (i.e., code that does not contain security vulnerabilities), and the aforementioned editing operation instructions are the operation instructions corresponding to the aforementioned code editing operations.

[0021] Specifically, as an optional embodiment, when performing step S101 above, the editing operation instructions corresponding to each vulnerability introduction operation can be extracted from each group of target code pairs according to the method shown in steps a1-a2 below: Step a1: For each pair of target code, based on the historical code and the repair code in the pair of target code, determine the repair operation instruction corresponding to the security vulnerability contained in the historical code.

[0022] Here, for each pair of target code, the historical code and the repair code in that pair can be converted into an AST (Abstract Syntax Tree) to obtain the first abstract syntax tree corresponding to the historical code (e.g., it can be denoted as...). ) and the second abstract syntax tree corresponding to the repair code (e.g., it can be denoted as ) ); where AST is a skeleton representation of code that can eliminate interference factors such as formatting and comments. After being converted into AST, it is beneficial to focus on highlighting the differences in logic and structure between the historical code and the code being fixed.

[0023] Specifically, after obtaining the first abstract syntax tree mentioned above... With the second abstract syntax tree Then, the first abstract syntax tree can be processed using the AST differentiation algorithm (also known as the abstract syntax tree differentiation algorithm). With the second abstract syntax tree Perform differentiation analysis to output the target editing script; wherein, the target editing script includes the above-mentioned first abstract syntax tree. Transform into the second abstract syntax tree mentioned above The required series of minimal operation primitives (i.e., multiple minimal operation primitives) are used, and the operation instructions corresponding to each minimal operation primitive are the repair operation instructions mentioned above.

[0024] It should be noted that the aforementioned minimal operation primitive refers to a code structure (i.e., the aforementioned first abstract syntax tree). Transform it into another code structure (i.e., the second abstract syntax tree mentioned above). The minimum atomic operations required for the operation, wherein the aforementioned minimum operation primitives may include, but are not limited to: Update, Delete, Insert, and Move operations; in this embodiment of the application, the aforementioned minimum operation primitives are also equivalent to the aforementioned historical code containing security vulnerabilities (corresponding to the first abstract syntax tree). Convert the modified code mentioned above, which does not contain security vulnerabilities (corresponding to the second abstract syntax tree), into the modified code mentioned above. The necessary repair operations need to be performed.

[0025] Step a2: Perform a reverse transformation on the repair operation command to obtain the editing operation command corresponding to the target vulnerability introduction operation.

[0026] Here, the target vulnerability introduction operation is determined according to the repair operation indicated by the repair operation instruction. For example, if the repair operation instruction is "delete the call to function x", then the target vulnerability introduction operation corresponding to the repair operation instruction is "introduce the call to function x", and the editing operation instruction corresponding to the target vulnerability introduction operation is the operation instruction "insert the call to function x".

[0027] Specifically, after obtaining the target editing script, the inverse transformation result can be obtained as the editing operation instruction by performing an inverse transformation on the minimal operation primitives contained in the target editing script.

[0028] It should be noted that, in solving the technical problem of "generating vulnerability samples containing security vulnerabilities", since it is necessary to determine the specific editing operation instructions that can introduce security vulnerabilities into normal code (e.g., the editing operation instructions corresponding to the above-mentioned target vulnerability introduction operation), in this embodiment of the application, we can first determine the repair operation instructions corresponding to each security vulnerability that has been truly introduced in the past based on the real vulnerability repair history (i.e., multiple sets of target code pairs), and then obtain the specific editing operation instructions that can introduce security vulnerabilities into normal code by performing a reverse transformation (which is also equivalent to performing a reversal operation).

[0029] Here, after obtaining the above-mentioned multiple editing operation instructions, as an optional embodiment, when performing the above-mentioned step S101, the above-mentioned general editing template can be generated according to the method shown in steps b1-b3 below, specifically: Step b1: Based on the code functions indicated by the multiple editing operation instructions, group the multiple editing operation instructions to obtain multiple sets of editing operation instructions.

[0030] Here, the code functions indicated by different editing operation instructions may be the same (e.g., editing operation instruction a and editing operation instruction b are both deletion operation instructions corresponding to the deletion function), or they may be different (e.g., editing operation instruction a indicates the deletion function, while editing operation instruction b indicates the insertion function).

[0031] Specifically, based on the code functions indicated by multiple editing operation instructions, editing operation instructions with similar indicated code functions can be grouped into the same group to obtain a set of editing operation instructions with similar indicated code functions.

[0032] It should be noted that clustering can be used to automatically group together editing operation instructions with similar code functions to form the aforementioned combination of editing operation instructions; alternatively, similarity calculation (i.e., calculating the similarity between the code functions indicated by any two editing operation instructions) can be used to group together editing operation instructions whose similarity between code functions is higher than a preset similarity threshold to form the aforementioned combination of editing operation instructions.

[0033] Step b2: For each set of editing operation instructions, determine the code editing mode corresponding to the set of editing operation instructions based on the common characteristics among the different editing operation instructions in the set.

[0034] Here, common features are equivalent to recurring common elements in the same set of editing operation instructions.

[0035] Specifically, for multiple editing operation instructions in this set of editing operation instructions, the editing operation instruction corresponding to the common feature can be determined based on the common features among the multiple editing operation instructions. Then, the variable elements in the editing operation instruction can be identified, and the identified variable elements can be replaced with placeholders. The replacement result is then used as the code editing mode corresponding to this set of editing operation instructions.

[0036] For example, if multiple editing operation instructions in the same set of editing operation instructions contain the operation instruction "delete the free(a) call of pointer A" (i.e., the pointer A to be deleted and the argument a in the function may be different in different editing operation instructions), then it can be determined that the editing operation instruction corresponding to the above common feature is "delete the free(x) call of pointer xx". The variable elements in this editing operation instruction are pointer A and the argument a in the function. Therefore, after replacing it with placeholder h0, it can be obtained that the code editing mode corresponding to this set of editing operation instructions is "delete free(h0)".

[0037] Step b3: Summarize the multiple code editing modes corresponding to the multiple sets of editing operation instructions to obtain the general editing template composed of the multiple code editing modes.

[0038] Here, each code editing mode can represent a general editing mode corresponding to the editing operation instruction of a vulnerability introduction operation. Therefore, by summarizing the above multiple code editing modes, a general editing template with high universality can be obtained from the real vulnerability repair history (i.e., multiple sets of target code pairs). At this time, the general editing template can be used to determine the editing mode for injecting security vulnerabilities into normal code samples.

[0039] It should be noted that a set of editing operation instructions may correspond to one code editing mode or multiple code editing modes, and this application embodiment does not make any limitation.

[0040] S102, Input the normal code sample into the pre-trained localization model, predict the modification probability of each code statement in the normal code sample through the localization model, and output the target code statement.

[0041] Here, normal code samples are code that does not contain security vulnerabilities. The localization model can predict the probability of modification for each code statement in the input normal code sample. The higher the probability of modification predicted by the localization model, the higher the likelihood that the code statement is the location where a security vulnerability is injected in the normal code sample. Therefore, the pre-trained localization model can be used to determine the location where a security vulnerability is injected in the normal code sample.

[0042] Specifically, the aforementioned target code statement represents the code statement whose predicted modification probability satisfies the first preset condition; wherein, the first preset condition may be that the predicted modification probability is greater than or equal to the first preset threshold (equivalent to modifying multiple code statements in a normal code sample when generating a vulnerability sample), or it may be that the predicted modification probability is the highest (equivalent to modifying one code statement in a normal code sample when generating a vulnerability sample).

[0043] Here, as an optional embodiment, the above localization model can be trained using the method shown in steps c1-c3: Step c1: Extract multiple sets of training samples from the corpus.

[0044] Here, the corpus contains a large number of normal code units (such as functions, code statements, code snippets, etc.); similar to the target code pairs mentioned above, the normal code units in the corpus can also come from real vulnerability patching history (such as the patching code in the target code pairs mentioned above).

[0045] Specifically, each training sample includes normal code units and first code statements. Normal code units are code that does not contain security vulnerabilities. For example, code snippets or code functions containing the above-mentioned repair operation instructions can be obtained from the aforementioned repair code as normal code units.

[0046] Specifically, the first code statement mentioned above refers to the code statement in the normal code unit that has been injected with a security vulnerability; for example, the first code statement may be the code statement corresponding to the above repair operation instruction.

[0047] Step c2: For each set of training samples, input the set of training samples into the original model, predict the probability that the first code statement will be injected with a security vulnerability in the normal code unit through the original model, and output the target prediction result.

[0048] Here, the original model refers to the localization model that has not yet been trained; the original model can be a pre-trained programming language model CodeT5, or other models with a Transformer architecture. The specific model structure of the original model is not limited in this embodiment.

[0049] Specifically, after inputting the training samples into the original model, the original model can predict the probability of modification (i.e., the probability of a security vulnerability being injected into the normal code unit) of each code statement in the above-mentioned normal code unit, thereby obtaining the prediction result of the probability of modification corresponding to the first code statement (i.e., the target prediction result). Step c3: Using maximizing the target prediction result as the optimization objective, adjust the model parameters of the original model until the original model converges, and obtain the converged original model as the localization model.

[0050] Here, taking the i-th training sample as an example, the normal code unit in the i-th training sample can be denoted as Let the first code statement in the i-th training sample be denoted as First code statement The corresponding target prediction result is denoted as At this point, it can be done according to normal code units. First code statement and target prediction results The model loss function L( ) of the original model is constructed according to the method shown in Formula 1 below. ): Formula 1; in, This represents the first code statement in the i-th training sample group; This represents a normal code unit in the i-th training sample group; Indicates the first code statement The corresponding target prediction results; The value of i ranges from 1 to N, where N represents the total number of input training samples; This indicates the model parameters that can be adjusted.

[0051] Specifically, referring to the model loss function shown in Formula 1 above, substitute the normal code unit ni and the first code statement si into the model loss function L( In ), by adjusting the model parameters This allows the model to predict the probability that "si is a statement in normal code unit ni that has been injected with a vulnerability". Move closer to 1 (i.e., take maximizing the target prediction result as the optimization objective) until the calculated model loss reaches a minimum. At this point, it can be determined that the original model has converged, and the converged original model is taken as the trained localization model.

[0052] S103, according to the general editing template, edit the target code statement in the normal code sample to obtain the vulnerability sample corresponding to the normal code sample.

[0053] Here, the vulnerability sample refers to code containing security vulnerabilities; that is, through the above-mentioned positioning model, the location where security vulnerabilities need to be injected can be determined from normal code samples as the "target code statement". Through the above-mentioned general editing template, the editing mode for injecting security vulnerabilities into normal code samples can be determined. Therefore, by working together with the above-mentioned general editing template and the above-mentioned positioning model, the embodiments of this application can convert normal code samples that do not contain security vulnerabilities into vulnerability samples that contain security vulnerabilities, effectively improving the authenticity of vulnerability injection and the accuracy of vulnerability injection location.

[0054] Specifically, as an optional embodiment, a general code editing mode can be determined from the general editing template as the code editing mode for actually editing the target code statements, according to the method shown in steps d1-d4 below: Step d1: For each code editing mode contained in the general editing template, determine the target code unit from the code units contained in the corpus that can successfully apply the code editing mode for vulnerability injection.

[0055] Here, the specific form of the corpus can be found in the relevant description in step c1 above, and the repeated parts will not be repeated here.

[0056] Specifically, the proportion of "target code units that can successfully apply this code editing mode for vulnerability injection" in all code units included in the training set (i.e., code units included in the corpus) can be used as a quantitative measure of the likelihood that this code editing mode introduces vulnerabilities in the training set (i.e., code units included in the corpus).

[0057] Step d2: Determine the generality of the code editing mode based on the proportion of the target code unit in the code units contained in the corpus.

[0058] Specifically, as an optional embodiment, the code editing mode is denoted as E, and the versatility corresponding to the code editing mode E can be calculated according to the following formula 2. : Formula 2; Where D represents the total number of code units contained in the corpus; n represents the number of target code units in the corpus that can be successfully injected using code editing mode E; This indicates the code editing mode. This indicates the versatility of code editing mode E.

[0059] Step d3: From the multiple code editing modes that make up the general editing template, determine the code editing mode whose universality meets the second preset condition as the target code editing mode; Here, the second preset condition can be that the calculated generality is greater than or equal to the second preset threshold (equivalent to being able to choose a relatively common code editing mode when generating vulnerability samples).

[0060] Step d4: Edit the target code statements according to the target code editing mode to obtain the vulnerability sample.

[0061] For example, if the target code editing mode is "delete free(h0)", then the free function call for pointer h0 can be deleted from the target code statement, where pointer h0 represents the actual pointer contained in the target code statement.

[0062] Specifically, as another optional embodiment, a code editing mode that matches the target code statement to be modified can be determined from the general editing template according to the method shown in steps e1-e3 below, as the code editing mode for actually editing the target code statement: Step e1: For each code editing mode contained in the general editing template, determine the degree of matching between the code editing mode and the target code statement.

[0063] Here, as an optional embodiment, the code editing mode is denoted as E, and the target code statement is denoted as... The code editing mode E and the target code statement can be calculated using the following formula 3. Matching degree between : Formula 3; in, Represents target code statements The corresponding normal code sample ; E indicates the code editing mode; Represents the target code statement; This indicates the code editing mode E and the target code statement. The degree of matching between them.

[0064] Step e2: From the multiple code editing modes that make up the general editing template, determine the code editing mode whose matching degree meets the third preset condition as the target code editing mode.

[0065] Here, the third preset condition can be that the calculated matching degree is greater than or equal to the third preset threshold (equivalent to being able to select a code editing mode that is more compatible with the target code statement to be modified when generating a vulnerability sample).

[0066] Step e3: Edit the target code statements according to the target code editing mode to obtain the vulnerability sample.

[0067] Here, the specific implementation of step e3 is the same as that of step d4 mentioned above, and the repetitions will not be repeated here.

[0068] Here, as another optional embodiment, Figure 2 This illustration shows a flowchart of a method for editing target code statements according to an embodiment of this application. Figure 2 As shown, when performing step S103, the method further includes steps S201-S206, specifically: S201, for each code editing mode contained in the general editing template, determine the target code unit from the code units contained in the corpus that can successfully apply the code editing mode for vulnerability injection.

[0069] Here, the specific implementation of step S201 is the same as that of step d1 described above, and the repeated parts will not be repeated here.

[0070] S202, determine the universality of the code editing mode based on the proportion of the target code unit in the code units contained in the corpus.

[0071] Here, the specific implementation of step S202 is the same as that of step d2 mentioned above, and the repeated parts will not be described again.

[0072] S203, determine the degree of matching between the code editing mode and the target code statement based on the target code statement.

[0073] Here, the specific implementation of step S203 is the same as that of step e1 described above, and the repeated parts will not be repeated here.

[0074] S204, Based on the generality and the matching degree, determine the comprehensive evaluation result corresponding to the code editing mode.

[0075] Here, in order to select the most suitable code editing mode for vulnerability injection, we can also determine the comprehensive evaluation result corresponding to each code editing mode by comprehensively considering the above-mentioned generality and matching degree, so as to avoid the code editing mode that is too general or too specific (i.e., the degree of matching between it and the target code statement is too precise) being selected first.

[0076] Specifically, the above comprehensive evaluation result can be the product of the generality and the matching degree, or it can be a weighted summation result obtained by weighted summation based on the weight coefficients corresponding to the generality and matching degree respectively. This application embodiment does not impose any mandatory limitation on the specific calculation method of the above comprehensive evaluation result.

[0077] S205, from the plurality of code editing modes that make up the general editing template, determine the code editing mode whose comprehensive evaluation result meets the fourth preset condition as the target code editing mode.

[0078] Here, the fourth preset condition can be that the calculated comprehensive evaluation result is greater than or equal to the fourth preset threshold, or it can be that the calculated comprehensive evaluation result is the highest.

[0079] S206, Edit the target code statements according to the target code editing mode to obtain the vulnerability sample.

[0080] Here, the specific implementation of step S206 is the same as that of step d4 mentioned above, and the repeated parts will not be described again.

[0081] Based on the vulnerability sample generation method provided in the embodiments of this application, it is possible to determine the editing mode for injecting security vulnerabilities into normal code samples based on a general editing template summarized from real vulnerability repair history, and to determine the location of injecting security vulnerabilities into normal code samples based on a pre-trained localization model. Thus, by working together with the general editing template and the localization model, the authenticity of vulnerability injection and the accuracy of vulnerability injection location are effectively improved.

[0082] Based on the same inventive concept, this application also provides a vulnerability sample generation apparatus corresponding to the above-mentioned vulnerability sample generation method. Since the vulnerability sample generation apparatus in this application solves the problem in a similar way to the above-mentioned vulnerability sample generation method in this application, the implementation of the vulnerability sample generation apparatus can refer to the implementation of the above-mentioned vulnerability sample generation method, and the repeated parts will not be described again.

[0083] Reference Figure 3 As shown, Figure 3 A schematic diagram of a vulnerability sample generation apparatus provided in an embodiment of this application is shown, wherein the generation apparatus includes: The template generation module 301 is used to extract multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, and generate a general editing template corresponding to the multiple editing operation instructions; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; The location determination module 302 is used to input normal code samples into a pre-trained location model, predict the modification probability of each code statement in the normal code sample through the location model, and output the target code statement; wherein, the normal code sample is code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted modification probability is greater than or equal to a preset threshold. The pattern determination module 303 is used to edit the target code statement in the normal code sample according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

[0084] In an optional implementation, when extracting multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, the template generation module 301 is used to: For each pair of target code, based on the historical code and the repair code in that pair of target code, determine the repair operation instruction corresponding to repairing the security vulnerability contained in the historical code; The repair operation instruction is reverse-transformed to obtain the editing operation instruction corresponding to the target vulnerability introduction operation; wherein the target vulnerability introduction operation is determined according to the repair operation indicated by the repair operation instruction.

[0085] In one optional implementation, when generating the general editing template corresponding to the plurality of editing operation instructions, the template generation module 301 is used to: Based on the code functions indicated by the multiple editing operation instructions, the multiple editing operation instructions are grouped to obtain multiple sets of editing operation instructions; For each set of editing operation instructions, the code editing mode corresponding to that set of editing operation instructions is determined based on the common characteristics among the different editing operation instructions in that set. The multiple code editing modes corresponding to the multiple sets of editing operation instructions are summarized to obtain the general editing template composed of the multiple code editing modes.

[0086] In an optional implementation, the generation device further includes a model training module, wherein the model training module is used to train the localization model using the following method: Multiple training samples are extracted from the corpus; each training sample includes a normal code unit and a first code statement. The normal code unit is code that does not contain security vulnerabilities, and the first code statement represents the code statement in the normal code unit that has been injected with security vulnerabilities. For each set of training samples, the set of training samples is input into the original model, and the original model is used to predict the probability that the first code statement is injected with a security vulnerability in the normal code unit, and the target prediction result is output. With maximizing the target prediction result as the optimization objective, the model parameters of the original model are adjusted until the original model converges, and the converged original model is used as the localization model.

[0087] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the pattern determination module 303 is used to: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. From the plurality of code editing modes that make up the general editing template, the code editing mode that satisfies the second preset condition in terms of generality is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0088] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the pattern determination module 303 is used to: For each code editing mode included in the general editing template, determine the degree of matching between the code editing mode and the target code statement; From the plurality of code editing modes that make up the general editing template, the code editing mode that meets the third preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0089] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the pattern determination module 303 is used to: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. Based on the target code statement, determine the degree of matching between the code editing mode and the target code statement; Based on the generality and the matching degree, determine the comprehensive evaluation result corresponding to the code editing mode; From the multiple code editing modes that make up the general editing template, the code editing mode whose comprehensive evaluation result meets the fourth preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0090] The vulnerability sample generation apparatus provided in this application embodiment can determine the editing mode for injecting security vulnerabilities into normal code samples based on a general editing template summarized from real vulnerability repair history, and determine the location of the security vulnerabilities injected into normal code samples based on a pre-trained localization model. Thus, by working in conjunction with the general editing template and the localization model, the realism of vulnerability injection and the accuracy of vulnerability injection location are effectively improved.

[0091] Based on the same inventive concept, this application also provides an electronic device corresponding to the above-mentioned vulnerability sample generation method. Since the principle of solving the problem by the electronic device in the embodiments of this application is similar to the above-mentioned vulnerability sample generation method in the embodiments of this application, the implementation of the electronic device can refer to the implementation of the above-mentioned vulnerability sample generation method, and the repeated parts will not be described again.

[0092] Figure 4 A schematic diagram of the structure of an electronic device 400 provided in this application embodiment includes: a processor 401, a memory 402, and a bus 403. The memory 402 stores machine-readable instructions executable by the processor 401. When the electronic device runs a vulnerability sample generation method as described in the embodiment, the processor 401 communicates with the memory 402 via the bus 403. The processor 401 executes the machine-readable instructions, wherein the processor 401 executes the machine-readable instructions to perform the following steps: From multiple sets of target code pairs, multiple editing operation instructions corresponding to multiple vulnerability introduction operations are extracted, and a general editing template corresponding to the multiple editing operation instructions is generated; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; Normal code samples are input into a pre-trained localization model. The localization model predicts the probability of modification of each code statement in the normal code sample and outputs the target code statement. The normal code sample is code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted probability of modification is greater than or equal to a preset threshold. According to the general editing template, the target code statement in the normal code sample is edited to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

[0093] In an optional implementation, when extracting multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, the processor 401 is configured to: For each pair of target code, based on the historical code and the repair code in that pair of target code, determine the repair operation instruction corresponding to repairing the security vulnerability contained in the historical code; The repair operation instruction is reverse-transformed to obtain the editing operation instruction corresponding to the target vulnerability introduction operation; wherein the target vulnerability introduction operation is determined according to the repair operation indicated by the repair operation instruction.

[0094] In one optional implementation, when generating the general editing template corresponding to the plurality of editing operation instructions, the processor 401 is configured to: Based on the code functions indicated by the multiple editing operation instructions, the multiple editing operation instructions are grouped to obtain multiple sets of editing operation instructions; For each set of editing operation instructions, the code editing mode corresponding to that set of editing operation instructions is determined based on the common characteristics among the different editing operation instructions in that set. The multiple code editing modes corresponding to the multiple sets of editing operation instructions are summarized to obtain the general editing template composed of the multiple code editing modes.

[0095] In one alternative implementation, the processor 401 is used to train the localization model using the following method: Multiple training samples are extracted from the corpus; each training sample includes a normal code unit and a first code statement. The normal code unit is code that does not contain security vulnerabilities, and the first code statement represents the code statement in the normal code unit that has been injected with security vulnerabilities. For each set of training samples, the set of training samples is input into the original model, and the original model is used to predict the probability that the first code statement is injected with a security vulnerability in the normal code unit, and the target prediction result is output. With maximizing the target prediction result as the optimization objective, the model parameters of the original model are adjusted until the original model converges, and the converged original model is used as the localization model.

[0096] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the processor 401 is used to: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. From the plurality of code editing modes that make up the general editing template, the code editing mode that satisfies the second preset condition in terms of generality is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0097] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the processor 401 is used to: For each code editing mode included in the general editing template, determine the degree of matching between the code editing mode and the target code statement; From the plurality of code editing modes that make up the general editing template, the code editing mode that meets the third preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0098] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the processor 401 is used to: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. Based on the target code statement, determine the degree of matching between the code editing mode and the target code statement; Based on the generality and the matching degree, determine the comprehensive evaluation result corresponding to the code editing mode; From the multiple code editing modes that make up the general editing template, the code editing mode whose comprehensive evaluation result meets the fourth preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0099] The electronic device provided in this application embodiment can determine the editing mode for injecting security vulnerabilities into normal code samples based on a general editing template summarized from real vulnerability repair history, and determine the location of the security vulnerabilities injected into normal code samples based on a pre-trained localization model. Thus, by working together with the general editing template and the localization model, the authenticity of vulnerability injection and the accuracy of vulnerability injection location are effectively improved.

[0100] Based on the same inventive concept, this application also provides a computer-readable storage medium storing a computer program, which is executed by a processor, wherein the processor performs the following steps: From multiple sets of target code pairs, multiple editing operation instructions corresponding to multiple vulnerability introduction operations are extracted, and a general editing template corresponding to the multiple editing operation instructions is generated; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; Normal code samples are input into a pre-trained localization model. The localization model predicts the probability of modification of each code statement in the normal code sample and outputs the target code statement. The normal code sample is code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted probability of modification is greater than or equal to a preset threshold. According to the general editing template, the target code statement in the normal code sample is edited to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

[0101] In one optional implementation, when extracting multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, the processor is configured to: For each pair of target code, based on the historical code and the repair code in that pair of target code, determine the repair operation instruction corresponding to repairing the security vulnerability contained in the historical code; The repair operation instruction is reverse-transformed to obtain the editing operation instruction corresponding to the target vulnerability introduction operation; wherein the target vulnerability introduction operation is determined according to the repair operation indicated by the repair operation instruction.

[0102] In one optional implementation, when generating the general editing template corresponding to the plurality of editing operation instructions, the processor is configured to: Based on the code functions indicated by the multiple editing operation instructions, the multiple editing operation instructions are grouped to obtain multiple sets of editing operation instructions; For each set of editing operation instructions, the code editing mode corresponding to that set of editing operation instructions is determined based on the common characteristics among the different editing operation instructions in that set. The multiple code editing modes corresponding to the multiple sets of editing operation instructions are summarized to obtain the general editing template composed of the multiple code editing modes.

[0103] In one optional implementation, the processor is used to train the localization model using the following method: Multiple training samples are extracted from the corpus; each training sample includes a normal code unit and a first code statement. The normal code unit is code that does not contain security vulnerabilities, and the first code statement represents the code statement in the normal code unit that has been injected with security vulnerabilities. For each set of training samples, the set of training samples is input into the original model, and the original model is used to predict the probability that the first code statement is injected with a security vulnerability in the normal code unit, and the target prediction result is output. With maximizing the target prediction result as the optimization objective, the model parameters of the original model are adjusted until the original model converges, and the converged original model is used as the localization model.

[0104] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the processor is used to: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. From the plurality of code editing modes that make up the general editing template, the code editing mode that satisfies the second preset condition in terms of generality is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0105] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the processor is used to: For each code editing mode included in the general editing template, determine the degree of matching between the code editing mode and the target code statement; From the plurality of code editing modes that make up the general editing template, the code editing mode that meets the third preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0106] In an optional implementation, when the target code statement in the normal code sample is edited according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample, the processor is used to: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. Based on the target code statement, determine the degree of matching between the code editing mode and the target code statement; Based on the generality and the matching degree, determine the comprehensive evaluation result corresponding to the code editing mode; From the multiple code editing modes that make up the general editing template, the code editing mode whose comprehensive evaluation result meets the fourth preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

[0107] The computer-readable storage medium provided in the embodiments of this application can determine the editing pattern for injecting security vulnerabilities into normal code samples based on a general editing template summarized from real vulnerability repair history, and determine the location of the injected security vulnerabilities in normal code samples based on a pre-trained localization model. Thus, by working together with the general editing template and the localization model, the authenticity of vulnerability injection and the accuracy of vulnerability injection location are effectively improved.

[0108] In this embodiment, the computer-readable storage medium can also execute other machine-readable instructions when the processor runs, to perform the vulnerability sample generation method as described in other embodiments. For the specific steps and principles of the vulnerability sample generation method, please refer to the description of the method-side embodiment, which will not be repeated here.

[0109] In the embodiments provided in this application, it should be understood that the disclosed systems and methods can be implemented in other ways. The system embodiments described above are merely illustrative. For example, the division of units is only a logical functional division, and there may be other division methods in actual implementation. Furthermore, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Additionally, the coupling or direct coupling or communication connection shown or discussed may be through some communication interface; the indirect coupling or communication connection between systems or units may be electrical, mechanical, or other forms.

[0110] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of this embodiment according to actual needs.

[0111] In addition, the functional units in the embodiments provided in this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit.

[0112] If the aforementioned functions are implemented as software functional units and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0113] It should be noted that similar labels and letters in the following figures indicate similar items. Therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. In addition, the terms "first", "second", "third", etc. are used only to distinguish descriptions and should not be construed as indicating or implying relative importance.

[0114] Finally, it should be noted that the above-described embodiments are merely specific implementations of this application, used to illustrate the technical solutions of this application, and not to limit them. The protection scope of this application is not limited thereto. Although this application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that any person skilled in the art can still modify or easily conceive of changes to the technical solutions described in the foregoing embodiments, or make equivalent substitutions for some of the technical features, within the scope of the technology disclosed in this application; and these modifications, changes, or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of this application. All should be covered within the protection scope of this application. Therefore, the protection scope of this application should be determined by the protection scope of the claims.

Claims

1. A method for generating a vulnerability sample, the method comprising: The generation method includes: From multiple sets of target code pairs, multiple editing operation instructions corresponding to multiple vulnerability introduction operations are extracted, and a general editing template corresponding to the multiple editing operation instructions is generated; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; Normal code samples are input into a pre-trained localization model. The localization model predicts the probability of modification of each code statement in the normal code samples and outputs the target code statement. The normal code samples are code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted probability of modification satisfies a first preset condition. According to the general editing template, the target code statement in the normal code sample is edited to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

2. The generation method of claim 1, wherein, The step of extracting multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs includes: For each pair of target code, based on the historical code and the repair code in that pair of target code, determine the repair operation instruction corresponding to repairing the security vulnerability contained in the historical code; The repair operation instruction is reverse-transformed to obtain the editing operation instruction corresponding to the target vulnerability introduction operation; wherein the target vulnerability introduction operation is determined according to the repair operation indicated by the repair operation instruction.

3. The generation method of claim 1, wherein, The generation of the general editing template corresponding to the plurality of editing operation instructions includes: Based on the code functions indicated by the multiple editing operation instructions, the multiple editing operation instructions are grouped to obtain multiple sets of editing operation instructions; For each set of editing operation instructions, the code editing mode corresponding to that set of editing operation instructions is determined based on the common characteristics among the different editing operation instructions in that set. The multiple code editing modes corresponding to the multiple sets of editing operation instructions are summarized to obtain the general editing template composed of the multiple code editing modes.

4. The generation method of claim 1, wherein, The localization model was trained using the following method: Multiple training samples are extracted from the corpus; each training sample includes a normal code unit and a first code statement. The normal code unit is code that does not contain security vulnerabilities, and the first code statement represents the code statement in the normal code unit that has been injected with security vulnerabilities. For each set of training samples, the set of training samples is input into the original model, and the original model is used to predict the probability that the first code statement is injected with a security vulnerability in the normal code unit, and the target prediction result is output. With maximizing the target prediction result as the optimization objective, the model parameters of the original model are adjusted until the original model converges, and the converged original model is used as the localization model.

5. The generation method according to claim 3, characterized in that, The step of editing the target code statements in the normal code sample according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample includes: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. From the plurality of code editing modes that make up the general editing template, the code editing mode that satisfies the second preset condition in terms of generality is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

6. The generation method according to claim 3, characterized in that, The step of editing the target code statements in the normal code sample according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample includes: For each code editing mode included in the general editing template, determine the degree of matching between the code editing mode and the target code statement; From the plurality of code editing modes that make up the general editing template, the code editing mode that meets the third preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

7. The generation method according to claim 3, characterized in that, The step of editing the target code statements in the normal code sample according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample includes: For each code editing mode contained in the general editing template, target code units that can be successfully applied to the code editing mode for vulnerability injection are determined from the code units contained in the corpus; The generality of the code editing mode is determined based on the proportion of the target code unit in the code units contained in the corpus. Based on the target code statement, determine the degree of matching between the code editing mode and the target code statement; Based on the generality and the matching degree, determine the comprehensive evaluation result corresponding to the code editing mode; From the multiple code editing modes that make up the general editing template, the code editing mode whose comprehensive evaluation result meets the fourth preset condition is determined as the target code editing mode; The target code statements are edited according to the target code editing mode to obtain the vulnerability sample.

8. A vulnerability sample generation apparatus, characterized in that, The generating apparatus includes: The template generation module is used to extract multiple editing operation instructions corresponding to multiple vulnerability introduction operations from multiple sets of target code pairs, and generate a general editing template corresponding to the multiple editing operation instructions; wherein, the target code pair includes: historical code containing security vulnerabilities and repair code obtained after patching the vulnerabilities in the historical code; the vulnerability introduction operation is determined according to the security vulnerabilities contained in the historical code; The location determination module is used to input normal code samples into a pre-trained location model, predict the modification probability of each code statement in the normal code sample through the location model, and output the target code statement; wherein, the normal code sample is code that does not contain security vulnerabilities, and the target code statement represents the code statement whose predicted modification probability is greater than or equal to a preset threshold. The pattern determination module is used to edit the target code statement in the normal code sample according to the general editing template to obtain the vulnerability sample corresponding to the normal code sample; wherein, the vulnerability sample belongs to code containing security vulnerabilities.

9. An electronic device, characterized in that, include: The device includes a processor, a memory, and a bus, wherein the memory stores machine-readable instructions executable by the processor, and when the electronic device is running, the processor communicates with the memory via the bus, and the machine-readable instructions, when executed by the processor, perform the steps of the vulnerability sample generation method as described in any one of claims 1 to 7.

10. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores a computer program that, when executed by a processor, performs the steps of the method for generating a vulnerability sample as described in any one of claims 1 to 7.