|国家科技期刊平台
| 注册
首页|期刊导航|计算机技术与发展|一种基于大型语言模型的软件漏洞自动修复方法

一种基于大型语言模型的软件漏洞自动修复方法

陈霄萍 李涛 李琳 郭佳雄 伍章驰 代雪晴 李家攀 覃阳青 何柳

计算机技术与发展2025,Vol.35Issue(7):63-70,8.
计算机技术与发展2025,Vol.35Issue(7):63-70,8.DOI:10.20165/j.cnki.ISSN1673-629X.2025.0057

一种基于大型语言模型的软件漏洞自动修复方法

A Software Automatic Vulnerability Repair Method Based on Large Language Models

陈霄萍 1李涛 2李琳 2郭佳雄 1伍章驰 1代雪晴 1李家攀 3覃阳青 3何柳4

作者信息

  • 1. 武汉科技大学计算机科学与技术学院,湖北 武汉 430065
  • 2. 武汉科技大学计算机科学与技术学院,湖北 武汉 430065||智能信息处理与实时工业系统湖北省重点实验室,湖北 武汉 430065
  • 3. 国投证券股份有限公司,广东 深圳 518000
  • 4. 武汉智园智慧电梯科技有限公司,湖北 武汉 430065
  • 折叠

摘要

Abstract

With the increasing diversity and complexity of software,the number of software vulnerabilities has also shown explosive growth,and fixing software vulnerabilities has become increasingly difficult.The automatic vulnerability repair method has recently received widespread attention,and the Large Language Models(LLMs)provides new ideas for automatic vulnerability repair.The current research on LLM for code vulnerability repair only classifies vulnerability repair as a general text generation task and defines the repair generated by vulnerability automatic repair tools as effective only when they are completely consistent with the standard answer.However,a vulnerability code may correspond to multiple different repairs,and the current judge method is too strict.Moreover,code generation tasks are different from general text generation tasks;when generating code,not only the functional correctness of the code needs to be considered,but also the security factors of the code need to be considered.Due to the lack of security labels in the code corpus used by LLM during pre-training,and the Top-K sorting algorithm is used to generate patches based on probability without con-sidering the security factors of the code.Therefore,even if the generated repairs have fixed the current vulnerability,they may still introduce new vulnerability.For this,we propose an automatic software vulnerability repair method based on large models,including prompt engineering,model fine-tuning technology and the reordering algorithm SecRerank focuses on the security of generated code,to improve the vulnerability repair performance from three stages:the model input,the model itself and the model output.It is showed that the vulnerability repair effect of the proposed method is superior to that of the baseline method.

关键词

软件漏洞/漏洞自动修复/大型语言模型/提示工程/微调

Key words

software vulnerabilities/automatic vulnerability repair/large language model/prompt engineering/fine tuning

分类

信息技术与安全科学

引用本文复制引用

陈霄萍,李涛,李琳,郭佳雄,伍章驰,代雪晴,李家攀,覃阳青,何柳..一种基于大型语言模型的软件漏洞自动修复方法[J].计算机技术与发展,2025,35(7):63-70,8.

基金项目

武汉市重点研发计划(2022012202015070) (2022012202015070)

武汉东湖新技术开发区"揭榜挂帅"项目(2022KJB126) (2022KJB126)

计算机技术与发展

1673-629X

访问量0
|
下载量0
段落导航相关论文