An artificial intelligence-based network vulnerability closed-loop management system and method

By analyzing historical reproduction and remediation records of network vulnerabilities, the matching degree between remediation personnel and vulnerabilities is calculated, enabling intelligent allocation of vulnerability remediation tasks. This solves the problem of low vulnerability remediation efficiency and reduces vulnerability risks.

CN122372237APending Publication Date: 2026-07-10GUANGDONG POWER GRID CO LTD +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUANGDONG POWER GRID CO LTD
Filing Date
2026-03-13
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

In existing technologies, the allocation of network vulnerability work orders is unreasonable, resulting in low efficiency in vulnerability remediation, prolonged vulnerability exposure window, and amplified risks.

Method used

By retrieving historical reproduction records of network vulnerabilities, analyzing operators, operational processes, and results, obtaining historical remediation records of remediation personnel, calculating the matching degree between remediation personnel and vulnerabilities to be remediated, and realizing intelligent allocation of vulnerability tasks.

Benefits of technology

It improved the efficiency of vulnerability remediation and reduced vulnerability risks. By optimizing the allocation of vulnerability work orders through matching, it improved the matching degree between remediation personnel and vulnerabilities, ensuring reasonable task allocation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122372237A_ABST
    Figure CN122372237A_ABST
Patent Text Reader

Abstract

The application discloses a network vulnerability closed-loop management system and method based on artificial intelligence, and relates to the technical field of artificial intelligence, and comprises the following steps: calling historical reproduction records of network vulnerabilities, obtaining reliable values of the reproduction records, and extracting target vulnerabilities; obtaining various basic indexes of the target vulnerabilities and a to-be-repaired vulnerability, calling repair records of repair personnel, and obtaining a first matching degree between the repair personnel and the to-be-repaired vulnerability; calling code submission records of the repair personnel, and obtaining a second matching degree according to the number of implanted files or modified code lines involved in the reproduction process of the to-be-repaired vulnerability; calculating a total matching degree between the repair personnel and the to-be-repaired vulnerability, determining target personnel of the to-be-repaired vulnerability, and realizing intelligent allocation of a to-be-repaired vulnerability task. The application comprehensively considers the actual matching degree between the repair personnel and the vulnerability through the reproduction records, the repair records and the code submission records, obtains suitable target personnel, and is helpful to improving vulnerability repair efficiency and reducing vulnerability risks.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of artificial intelligence technology, specifically to a closed-loop management system and method for network vulnerabilities based on artificial intelligence. Background Technology

[0002] Network vulnerabilities are various weaknesses and defects in information systems. They can stem from oversights in software and hardware design or coding, or from unreasonable design of business interactions and logical processes. These problems are easily exploited maliciously, leading to consequences such as system attack and control, data leakage and tampering, and becoming a springboard for network intrusion, adversely affecting the security of organizational assets and the normal operation of systems. Currently, after a vulnerability is discovered, vulnerability work orders are usually assigned randomly by testers. However, due to the differences in the processing capabilities and areas of expertise of technical personnel, the actual matching degree with the vulnerability is not considered, which easily leads to unreasonable work order assignments. This results in low vulnerability remediation efficiency, a significantly prolonged vulnerability exposure window, and even the amplification of vulnerability risks. Summary of the Invention

[0003] The purpose of this invention is to provide a closed-loop management system and method for network vulnerabilities based on artificial intelligence, so as to solve the problems raised in the prior art.

[0004] To solve the above-mentioned technical problems, the present invention provides the following technical solution: A closed-loop management method for network vulnerabilities based on artificial intelligence includes the following steps: Retrieve historical reproduction records of network vulnerabilities, extract and analyze the corresponding operators, operation times, operation processes and operation results, obtain the reliability value of the reproduction records, and use the reliability value to judge and extract target vulnerabilities in the network vulnerabilities; It should be noted that network vulnerabilities have the characteristics of reproducibility and traceability. Only vulnerabilities with the above characteristics can be considered reliable vulnerabilities. In order to extract reliable vulnerabilities, that is, target vulnerabilities, this solution uses vulnerability reproduction records for judgment and extraction, as shown below. Network vulnerabilities include several basic indicators. The network vulnerabilities currently pending are identified as those to be patched, and the basic indicators of the vulnerabilities to be patched and each target vulnerability are obtained. Retrieve all the remediation records of the target vulnerabilities that the remediation personnel have remediated in the past. Based on the remediation records and basic indicators, obtain the first match between the remediation personnel and the vulnerabilities to be remediated. To obtain the matching degree between the repair personnel and the vulnerabilities to be repaired, this solution analyzes the repair personnel's historical repair records to obtain the first matching factor. Based on the repair personnel's historical code commit records, it analyzes the tasks in the actual work process of the repair personnel to obtain the second matching factor. This can make the extraction of target personnel more reasonable. Retrieve the code commit history of the fixers to obtain the corresponding modified files and lines of code. Based on the implanted files or modified lines of code involved in the reproduction of the vulnerability to be fixed, obtain the second matching degree between the fixers and the vulnerability to be fixed. Based on the first and second matching degrees, the total matching degree between the repair personnel and the vulnerability to be repaired is obtained. Based on the total matching degree, the target personnel for the vulnerability to be repaired are determined, thereby realizing intelligent allocation of the vulnerability repair task.

[0005] Preferably, the second matching degree between the remediation personnel and the vulnerability to be remediated includes: If the vulnerability to be patched only involves the implantation of files during the reproduction process, the file matching rate between the patcher and the vulnerability to be patched is obtained based on the directory where the implanted files are located, and this rate is used as the second matching degree between the patcher and the vulnerability to be patched. If the vulnerability to be patched only involves code modification during the reproduction process, the code matching rate between the patcher and the vulnerability to be patched is obtained based on the line number of the modified code, which serves as the second matching degree between the patcher and the vulnerability to be patched; If both file implantation and code modification are involved, the file matching rate and code matching rate between the patcher and the vulnerability to be patched are obtained based on the directory where the implanted file is located and the line number of the modified code. The average value is then used as the second matching degree between the patcher and the vulnerability to be patched.

[0006] Preferably, the file matching rate between the remediation personnel and the vulnerability to be remediated includes: Obtain the directory containing the injected files involved in the vulnerability to be patched, as well as the directory containing the files modified by the patching personnel. The number of files at each directory level is calculated by collecting the modified files, including H1 (files at the same directory level as the implanted file), H2 (files at the directory level above the implanted file), H3 (files at the directory level above the implanted file), and so on. The weight of each directory level is set according to the rule that the closer to the root directory of the implanted file, the lower the weight; the target file value of each repairer is obtained based on the number of files and the weight of each directory level; and the file matching rate is obtained by normalizing the target file value of each repairer.

[0007] Preferably, the code match rate between the remediation personnel and the vulnerability to be remediated includes: Extract the fields corresponding to the modified code involved in the vulnerability to be fixed, obtain the line number of the field, and the line number of the associated object that references or is referenced by the field, and use all the line numbers as the marker line number; The initial target value for the repair team is set to 0. The code commit record is used to retrieve the number of lines of code modified for each corresponding line. If a line of code belongs to a marked line, the target value is incremented by 1; otherwise, the target value is incremented by e based on the line value G of the nearest marked line. -G ; Obtain the final target value for each repairer; normalize the code matching rate based on the final target value for each repairer.

[0008] Preferably, the first match between the remediation personnel and the vulnerability to be remediated includes: The basic metrics include vulnerability type, risk level, and process description. The process description is a description of the process by which the operator implements the vulnerability based on the operation performed by the operator who reproduced the vulnerability. Obtain the vulnerability type, risk level, and process description of the vulnerability to be repaired; retrieve all target vulnerabilities that the repair personnel have repaired in the past; obtain the number i of target vulnerabilities with the same vulnerability type as the vulnerability to be repaired, and the number j of target vulnerabilities with the same risk level as the vulnerability to be repaired. Extract all entities and relationships in the process description, build a knowledge graph of the process description, and extract triples; obtain the entities and relationships in any two triples, and obtain the similarity between the two triples based on the similarity between the corresponding entities and the corresponding relationships; Extract the triple Z from the process description of the vulnerability to be repaired. Extract the maximum similarity between the triple Z and the triple Z among all triples corresponding to the target vulnerability, and use it as the feature value of triple Z. Calculate the feature value of each triple in the process description of the vulnerability to be repaired, and obtain the average feature value T. The first match between the remediator and the vulnerability to be remediated is obtained: T(1-e -i )(1-e -j ).

[0009] Formula y=1-e -x When x>0, y is a function of 0 to 1, and y increases as x increases. Since the larger the number of target vulnerabilities i, j and the average feature value T, the greater the first match between the remediation personnel and the vulnerabilities to be remediated, this formula design is reasonable and reliable in this scheme.

[0010] Preferably, the method for identifying and extracting target vulnerabilities from network vulnerabilities includes: Retrieve historical reproduction records of network vulnerabilities. Reproduction records are operation records formed by operators following the network vulnerability reproduction process and performing operations such as injecting files or modifying data against the vulnerability carrier. Extract the operator, operation time, operation process and operation result corresponding to the reproduction record. Extract the reproduction record before the vulnerability is successfully patched as the first record and the reproduction record after the vulnerability is successfully patched as the second record. If the operator corresponding to the first record has the authority to reproduce the vulnerability, set the first reliability of the first record to 1; if they do not have the authority to reproduce the vulnerability, set the first reliability to 0. If the operator of the first record does not have the authority to reproduce the vulnerability, then the first record is unreliable in terms of the operation process. If the operation result corresponding to the first record successfully reproduces the vulnerability, set the second reliability of the first record to 1; if the vulnerability is not reproduced, set the second reliability to 0. Since the first record is the reproduction record before the vulnerability is successfully fixed, under normal circumstances, the operation result of the first record should successfully reproduce the vulnerability. When the vulnerability is not reproduced, it means that the first record is not reliable in terms of operation result. The operation process includes several operation steps. Based on the order and time of each operation step in the first and second records, the third reliability of the first record is obtained. Multiply the first reliability, second reliability, and third reliability to obtain the reliability value of the first record; if the number of first records with a reliability value greater than a preset reliability threshold in the network vulnerability is greater than a preset number threshold, the network vulnerability is designated as the target vulnerability.

[0011] Preferably, obtaining the third reliability of the first record includes: If there is no second record with the same operation process as the first record, set the third reliability of the first record to 0; If a second record with the same operation process exists, the second record is used as a marker record. The operation time corresponding to each operation step in the first record and the marker record is extracted to obtain the third reliability of the first record: Where N is the number of operation steps, e is the natural constant, k is the numerical scaling factor, and P n Let Q be the operation time of the nth operation step corresponding to the first record. n The operation time for the corresponding nth operation step is marked.

[0012] Preferably, the intelligent allocation of vulnerability repair tasks includes: based on the total matching degree between each repair personnel and the vulnerability to be repaired, selecting the target personnel for the vulnerability to be repaired in descending order of total matching degree, and assigning the vulnerability repair tasks to the target personnel.

[0013] An AI-based closed-loop network vulnerability management system includes a memory and a processor, as well as a computer program stored in the memory and running on the processor. The processor is coupled to the memory, and the processor implements the aforementioned AI-based closed-loop network vulnerability management method when executing the computer program.

[0014] Compared with existing technologies, the beneficial effects of this invention are as follows: This invention provides a closed-loop management system and method for network vulnerabilities based on artificial intelligence, including: retrieving historical reproduction records of network vulnerabilities, obtaining reliable values ​​of the reproduction records, and extracting target vulnerabilities; acquiring basic indicators of the vulnerabilities to be repaired and each target vulnerability, retrieving the repair records of repair personnel, and obtaining a first matching degree between the repair personnel and the vulnerabilities to be repaired; retrieving the code commit records of the repair personnel, and obtaining a second matching degree based on the number of implanted files or modified code lines involved in the reproduction process of the vulnerabilities to be repaired; calculating the total matching degree between the repair personnel and the vulnerabilities to be repaired, determining the target personnel for the vulnerabilities to be repaired, and realizing intelligent allocation of tasks for the vulnerabilities to be repaired. This invention, by combining reproduction records, repair records, and code commit records, and comprehensively considering the actual matching degree between the repair personnel and the vulnerabilities, obtains suitable target personnel, which helps to improve the efficiency of vulnerability repair and reduce vulnerability risks. Attached Figure Description

[0015] To more clearly illustrate the technical solutions and advantages in the embodiments of the present invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0016] Figure 1 This is a flowchart illustrating a closed-loop management method for network vulnerabilities based on artificial intelligence, as described in this invention. Detailed Implementation

[0017] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this disclosure. Rather, they are merely examples of apparatuses and methods consistent with some aspects of this disclosure as detailed in the appended claims.

[0018] Example: Figure 1 As shown, this invention provides a technical solution for a closed-loop management method for network vulnerabilities based on artificial intelligence, comprising the following steps: Retrieve historical reproduction records of network vulnerabilities. These records are operation logs created by operators following the network vulnerability reproduction process and performing file implantation or data modification operations on the vulnerability vector. For example, if there is a vulnerability that allows modification of product prices, attackers can implant files or modify data to change the product price, allowing them to purchase the product at a lower price and causing losses to the merchant.

[0019] Extract the operator, operation time, operation process, and operation result corresponding to the reproduction record; extract the reproduction record before the vulnerability is successfully patched as the first record, and the reproduction record after the vulnerability is successfully patched as the second record; If the operator corresponding to the first record has the authority to reproduce the vulnerability, set the first reliability of the first record to 1; otherwise, set the first reliability to 0. If the operation result corresponding to the first record successfully reproduces the vulnerability, set the second reliability of the first record to 1; otherwise, set the second reliability to 0. The operation process includes several operational steps. Based on the order and timing of each operational step in the first and second records, the third reliability of the first record is obtained, as follows: If there is no second record with the same operation process as the first record, set the third reliability of the first record to 0; If a second record with the same operation process exists, the second record is used as a marker record. The operation time corresponding to each operation step in the first record and the marker record is extracted to obtain the third reliability of the first record: Where N is the number of operation steps, e is the natural constant, k is the numerical scaling factor, and P n Let Q be the operation time of the nth operation step corresponding to the first record. n The operation time for the corresponding nth operation step is marked and recorded; In normal circumstances, during vulnerability remediation, the same reproducible operation process should be executed before and after the remediation. This is a standard principle for verifying whether the vulnerability has been completely patched. For example, when modifying data, the execution logic that previously changed the product price should still be executed after the vulnerability is patched, except that the product price will not change after the vulnerability is patched. If there is no second record with the same operation process as the first record, that is, there is no record for comparison, it means that the first record is unreliable. The operation time corresponding to each operation step usually does not change much, so the reliability of the first record can also be judged based on the operation time corresponding to each operation step.

[0020] Multiply the first reliability, second reliability, and third reliability to obtain the reliability value of the first record: W = W1 × W2 × W3, where W1, W2, W3, and W all range from 0 to 1. Here, W is the reliability value of the first record, and W1, W2, and W3 are the first reliability, second reliability, and third reliability, respectively. Since the first reliability, second reliability, and third reliability all follow the rule that the larger the value of the first reliability, the more reliable the first record, the larger the reliability value W is, the more reliable the first record is. If the number of first records with a reliability value greater than a preset reliability threshold in a network vulnerability exceeds a preset number threshold, the network vulnerability is designated as a target vulnerability; thereby enabling the identification and extraction of all target vulnerabilities in the network vulnerability.

[0021] Network vulnerabilities include several basic indicators, including vulnerability type, risk level, and process description. The process description is a description of the process of implementing the vulnerability filled in by the operator who reproduces the vulnerability. The network vulnerability to be processed is regarded as the vulnerability to be repaired, and the basic indicators of the vulnerability to be repaired and each target vulnerability are obtained. In this embodiment, the vulnerability types include web application vulnerabilities, operating system and host vulnerabilities, network device and protocol vulnerabilities, business logic vulnerabilities, etc., and the risk levels include extremely high risk, high risk, medium risk, and low risk. The vulnerability types and risk levels here are automatically identified by the system or judged by testers based on practical experience, and will not be elaborated further here.

[0022] Retrieve all the remediation records of the target vulnerabilities that the remediation personnel have remediated in the past, obtain the vulnerability type, risk level and process description of the vulnerability to be remediated, retrieve all the target vulnerabilities that the remediation personnel have remediated in the past, and obtain the number i of the target vulnerabilities with the same vulnerability type as the vulnerability to be remediated, and the number j of the target vulnerabilities with the same risk level as the vulnerability to be remediated. Extract all entities and relationships in the process description, establish a knowledge graph of the process description, and extract triples. In this embodiment, a triple is a combination of entity-relationship-entity. Since the specific knowledge graph establishment and triple extraction steps are existing technologies, they will not be described in detail here.

[0023] To obtain the entities and relationships in any two triples, the similarity between the two triples is calculated based on the similarity between the corresponding entities and their relationships. For example, to calculate the similarity between two triples: Extract two triples A and B. Triple A has the first entity SA1, the relationship GA, and the second entity SA2. Triple B has the first entity SB1, the relationship GB, and the second entity SB2. The similarity between the corresponding entities and their relationships includes: the similarity SSim1 between SA1 and SB1, the similarity GSim between GA and GB, and the similarity SSim2 between SA2 and SB2. Based on SSim1, GSim, and SSim2, the similarity between triples A and B is (SSim1 + GSim + SSim2) / 3.

[0024] Extract the triple Z from the process description of the vulnerability to be repaired. Extract the maximum similarity between the triple Z and the triple Z among all triples corresponding to the target vulnerability, and use it as the feature value of triple Z. Calculate the feature value of each triple in the process description of the vulnerability to be repaired, and obtain the average feature value T. The first match between the remediator and the vulnerability to be remediated is obtained: T(1-e -i )(1-e -j ).

[0025] Retrieve the historical code commit records of the fixers to obtain the corresponding modified files and lines of code, and then determine the number of implanted files or modified lines of code involved in the reproduction of the vulnerability to be fixed. If the vulnerability to be patched only involves the implantation of files during the reproduction process, the file matching rate between the patcher and the vulnerability to be patched is obtained based on the directory where the implanted files are located, and this rate is used as the second matching degree between the patcher and the vulnerability to be patched. The file matching rate between the remediation personnel and the vulnerabilities to be patched includes: Obtain the directory containing the injected files involved in the vulnerability to be patched, as well as the directory containing the files modified by the patching personnel. The number of files at each directory level is calculated by collecting the modified files, including H1 (files at the same directory level as the implanted file), H2 (files at the directory level above the implanted file), H3 (files at the directory level above the implanted file), and so on. For example, the root directory of the program is R (folder). The root directory R includes project (folder) and log.txt (file). The project includes a.txt (file), b.txt (file), dir1 (folder), and dir2 (folder). dir1 includes a1.txt (file) and b1.txt (file), and dir2 includes a2.txt (file) and b2.txt (file). According to the code submission records of the repair personnel, the repair personnel modified a.txt, a1.txt, b1.txt, and a2.txt. If the directory where the implanted file main.exe is located is R / project / dir1 / , then the modified files that are at the same directory level as the implanted file main.exe (that is, both are in R / project / dir1 / ) are a1.txt and b1.txt, with a quantity of H1=2. The modified files that are at the directory level above the implanted file (that is, in R / project / ) are a.txt, with a quantity of H2=1. The modified files that are at the directory level above the implanted file (that is, in R / ) do not exist, with a quantity of H3=0.

[0026] The weight of each directory level is set according to the rule that the closer to the root directory of the implanted file, the lower the weight. In this embodiment, there are three directory levels: R / project / dir1 / , R / project / , and R / , with weights of 0.5, 0.3, and 0.2 respectively. Then, based on the quantities H1=2, H2=1, and H3=0, the target file value for each repairer is calculated as: 0.5×2+0.3×1+0.2×0=1.3. The target file value for each repairer is then normalized to obtain the file matching rate. Normalization is a technique that scales values ​​to between 0 and 1, similar to the sigmoid technique, which is existing technology and will not be elaborated upon here.

[0027] Based on the number and weight of files at each directory level, the target file values ​​for each restorer are obtained; based on the target file values ​​for each restorer, normalization is performed to obtain the file matching rate.

[0028] If the vulnerability to be patched only involves code modification during the reproduction process, the code matching rate between the patcher and the vulnerability to be patched is obtained based on the line number of the modified code, which serves as the second matching degree between the patcher and the vulnerability to be patched; The code match rate between the remediation personnel and the vulnerabilities to be patched includes: Extract the fields corresponding to the modified code involved in the vulnerability to be fixed, obtain the line number of the field, and the line number of the associated object that references or is referenced by the field, and use all the line numbers as the marker line number; The initial target value for the repair team is set to 0. The code commit record is used to retrieve the number of lines of code modified for each corresponding line. If a line of code belongs to a marked line, the target value is incremented by 1; otherwise, the target value is incremented by e based on the line value G of the nearest marked line. -G ; Obtain the final target value for each repairer; normalize the code matching rate based on the final target value for each repairer.

[0029] The higher the file matching rate or code matching rate, the closer the historical coding work of the remediation personnel is to the vulnerability to be repaired, and the greater the second degree of matching between the remediation personnel and the vulnerability to be repaired.

[0030] If both file implantation and code modification are involved, the file matching rate and code matching rate between the patcher and the vulnerability to be patched are obtained based on the directory where the implanted file is located and the line number of the modified code. The average value is then used as the second matching degree between the patcher and the vulnerability to be patched. Based on the first and second matching degrees, the total matching degree between the repair personnel and the vulnerability to be repaired is obtained; Based on the total match between each repairer and the vulnerability to be repaired, the target personnel for the vulnerability to be repaired are selected in descending order of total match, and the vulnerability repair task is assigned to the target personnel.

[0031] This embodiment also provides an AI-based closed-loop network vulnerability management system, including a memory and a processor, and a computer program stored in the memory and running on the processor. The processor is coupled to the memory, and when the processor executes the computer program, it implements the aforementioned AI-based closed-loop network vulnerability management method. Since this AI-based closed-loop network vulnerability management method has already been described in detail above, it will not be repeated here.

[0032] It should be noted that the order of the above embodiments of the present invention is merely for descriptive purposes and does not represent the superiority or inferiority of the embodiments. Furthermore, specific embodiments have been described above. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps described in the claims can be performed in a different order than that shown in the embodiments and still achieve the desired result. Additionally, the processes depicted in the drawings do not necessarily require a specific or sequential order to achieve the desired result. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

[0033] The various embodiments in this specification are described in a progressive manner. The same or similar parts between the various embodiments can be referred to each other. Each embodiment focuses on describing the differences from other embodiments.

[0034] The above are merely preferred embodiments of the present invention and are not intended to limit the present invention. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of the present invention should be included within the protection scope of the present invention.

Claims

1. A closed-loop management method for network vulnerabilities based on artificial intelligence, characterized in that, Includes the following steps: Retrieve historical reproduction records of network vulnerabilities, extract and analyze the corresponding operators, operation times, operation processes and operation results, obtain the reliability value of the reproduction records, and use the reliability value to judge and extract target vulnerabilities in the network vulnerabilities; Network vulnerabilities include several basic indicators. The network vulnerabilities currently pending are identified as those to be patched, and the basic indicators of the vulnerabilities to be patched and each target vulnerability are obtained. Retrieve all the remediation records of the target vulnerabilities that the remediation personnel have remediated in the past. Based on the remediation records and basic indicators, obtain the first match between the remediation personnel and the vulnerabilities to be remediated. Retrieve the code commit history of the fixers to obtain the corresponding modified files and lines of code. Based on the implanted files or modified lines of code involved in the reproduction of the vulnerability to be fixed, obtain the second matching degree between the fixers and the vulnerability to be fixed. Based on the first and second matching degrees, the total matching degree between the repair personnel and the vulnerability to be repaired is obtained. Based on the total matching degree, the target personnel for the vulnerability to be repaired are determined, thereby realizing intelligent allocation of the vulnerability repair task.

2. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 1, characterized in that, The second match degree between the remediation personnel and the vulnerability to be remediated is obtained, including: If the vulnerability to be patched only involves the implantation of files during the reproduction process, the file matching rate between the patcher and the vulnerability to be patched is obtained based on the directory where the implanted files are located, and this rate is used as the second matching degree between the patcher and the vulnerability to be patched. If the vulnerability to be patched only involves code modification during the reproduction process, the code matching rate between the patcher and the vulnerability to be patched is obtained based on the line number of the modified code, which serves as the second matching degree between the patcher and the vulnerability to be patched; If both file implantation and code modification are involved, the file matching rate and code matching rate between the patcher and the vulnerability to be patched are obtained based on the directory where the implanted file is located and the line number of the modified code. The average value is then used as the second matching degree between the patcher and the vulnerability to be patched.

3. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 2, characterized in that, Obtain the file match rate between the remediation personnel and the vulnerability to be patched, including: Obtain the directory containing the injected files involved in the vulnerability to be patched, as well as the directory containing the files modified by the patching personnel. The number of files at each directory level is calculated by collecting the modified files, including H1 (files at the same directory level as the implanted file), H2 (files at the directory level above the implanted file), H3 (files at the directory level above the implanted file), and so on. The weight of each directory level is set according to the rule that the closer to the root directory of the implanted file, the lower the weight; the target file value of each repairer is obtained based on the number of files and the weight of each directory level; and the file matching rate is obtained by normalizing the target file value of each repairer.

4. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 2, characterized in that, Obtain the code match rate between the remediation personnel and the vulnerability to be patched, including: Extract the fields corresponding to the modified code involved in the vulnerability to be fixed, obtain the line number of the code for the field, and the line number of the code of the associated object that references or is referenced by the field, and use all the line numbers as the marker line number; The initial target value for the repair team is set to 0. The code commit record is used to retrieve the number of lines of code modified for each corresponding line. If a line of code belongs to a marked line, the target value is incremented by 1; otherwise, the target value is incremented by e based on the line value G of the nearest marked line. -G ; Obtain the final target value for each repairer; normalize the code matching rate based on the final target value for each repairer.

5. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 1, characterized in that, Obtain the initial match between the remediation personnel and the vulnerability to be remediated, including: The basic indicators include vulnerability type, risk level, and process description. The process description is a description of the process of implementing the vulnerability filled in by the reproduction operator based on the execution operation of the vulnerability. Obtain the vulnerability type, risk level, and process description of the vulnerability to be repaired; retrieve all target vulnerabilities that the repair personnel have repaired in the past; obtain the number i of target vulnerabilities with the same vulnerability type as the vulnerability to be repaired, and the number j of target vulnerabilities with the same risk level as the vulnerability to be repaired. Extract all entities and relationships in the process description, build a knowledge graph of the process description, and extract triples; obtain the entities and relationships in any two triples, and obtain the similarity between the two triples based on the similarity between the corresponding entities and the corresponding relationships; Extract the triple Z from the process description of the vulnerability to be repaired. Extract the maximum similarity between the triple Z and all triples corresponding to the target vulnerability, and use it as the feature value of the triple Z. Calculate the feature value of each triple in the process description of the vulnerability to be repaired, and obtain the average feature value T. The first matching degree between the repair personnel and the vulnerability to be repaired is obtained: T(1-e -i )(1-e -j ).

6. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 1, characterized in that, To identify and extract target vulnerabilities from network vulnerabilities, including: Retrieve historical reproduction records of network vulnerabilities. These reproduction records are operation records formed by operators following the network vulnerability reproduction process and performing file implantation or data modification operations on the vulnerability carrier. Extract the operator, operation time, operation process, and operation result corresponding to the reproduction records. Extract the reproduction records before the vulnerability is successfully patched as the first record and the reproduction records after the vulnerability is successfully patched as the second record. If the operator corresponding to the first record has the authority to reproduce the vulnerability, set the first reliability of the first record to 1; if the operator does not have the authority to reproduce the vulnerability, set the first reliability to 0. If the operation corresponding to the first record successfully reproduces the vulnerability, set the second reliability of the first record to 1; if the vulnerability is not reproduced, set the second reliability to 0. The operation process includes several operation steps. Based on the order and time of each operation step in the first and second records, the third reliability of the first record is obtained. Multiply the first reliability, second reliability, and third reliability to obtain the reliability value of the first record; if the number of first records with a reliability value greater than a preset reliability threshold in the network vulnerability is greater than a preset number threshold, the network vulnerability is designated as a target vulnerability.

7. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 6, characterized in that, The third reliability of the first record is obtained, including: If there is no second record with the same operation process as the first record, set the third reliability of the first record to 0; If a second record with the same operation process exists, the second record is used as a marker record. The operation time corresponding to each operation step in the first record and the marker record is extracted to obtain the third reliability of the first record: Where N is the number of operation steps, e is the natural constant, k is the numerical scaling factor, and P n Let Q be the operation time of the nth operation step corresponding to the first record. n The operation time for the corresponding nth operation step is marked.

8. The artificial intelligence-based closed-loop management method for network vulnerabilities according to claim 1, characterized in that, Intelligent allocation of vulnerability repair tasks includes: selecting target personnel for the vulnerability repair tasks in descending order of total matching degree based on the total matching degree of each repair personnel and the vulnerability to be repaired.

9. A closed-loop management system for network vulnerabilities based on artificial intelligence, characterized in that, It includes a memory and a processor, as well as a computer program stored in the memory and running on the processor. The processor is coupled to the memory, and when the processor executes the computer program, it implements an artificial intelligence-based closed-loop management method for network vulnerabilities as described in any one of claims 1-8.