计算机技术与发展2025,Vol.35Issue(11):188-196,9.DOI:10.20165/j.cnki.ISSN1673-629X.2025.0131
基于微调大语言模型的智能化渗透测试方法
Intelligent Penetration Testing Method Based on Fine-tuning Large Language Models
摘要
Abstract
In response to the issues of reliance on experience,high costs,and low efficiency in traditional penetration testing,we propose a novel intelligent penetration testing method,LSS-PT(Large Language Model and Semantic Similarity Penetration Testing).This method integrates large language models into the penetration testing process,enabling the testing to autonomously analyze text and utilize target information,thereby making the penetration testing more intelligent.Additionally,the research employs ChatGLM3-6B as the foundational model and designs a novel multi-strategy fusion fine-tuning technique.This technique allows the model to infer vulnerability disclosures based on target information and then uses semantic similarity analysis to achieve vulnerability exploitation.Testing has shown that the proposed multi-strategy fusion fine-tuning technique increases the model's accuracy in vulnerability disclosure Q&A to86.94%,a significant improvement of over 85%compared to the original model.Furthermore,compared to other automated penetration testing methods,there has been a substantial enhancement in intelligence and human-computer interaction.The proposed method has been validated to correctly infer and exploit target vulnerabilities in practical application scenarios,significantly improving testing efficiency.关键词
大模型/微调/语义相似度/渗透测试/智能化Key words
large language model/fine tuning/semantic similarity/penetration testing/intelligent分类
计算机与自动化引用本文复制引用
张錋,王文辉,张道娟,武宏斌,韩龙玺,赵奇..基于微调大语言模型的智能化渗透测试方法[J].计算机技术与发展,2025,35(11):188-196,9.基金项目
国家重点研发计划项目(2022YFB3104100) (2022YFB3104100)
国家电网有限公司科技项目(5700-202358294A-1-1-ZN) (5700-202358294A-1-1-ZN)
