| 引用本文: |
-
张宇航,苏赫,李丰,胡一凡,胡文泊,李页霆,朴爱花,霍玮.QLAuto:基于漏洞模式智能提炼的静态应用安全测试方法[J].信息安全学报,已采用 [点击复制]
- Zhang Yuhang,Su He,Li Feng,Hu Yifan,Hu Wenbo,Li Yeting,Piao Aihua,Huo Wei.QLAuto: A Static Application Security Testing Approach Based on Intelligent Extraction of Vulnerability Patterns[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 静态应用程序安全测试(Static Application Security Testing, SAST)是漏洞挖掘领域常用的技术手段。高质量的漏洞模式库是影响SAST工具漏洞挖掘效能的关键因素。本文针对传统SAST工具的漏洞模式库依赖人工维护,现有基于大语言模型生成的查询规则在分析效率与精度方面的问题,提出一种历史漏洞模式的智能提炼方法,通过多智能体协作机制,深入理解并提取历史漏洞的传播特征,将其泛化至相似的编程模式中,同时结合对反射、回调等动态特性的分析对规则进行优化,达到自动生成具备目标针对性的高质量CodeQL查询规则的目的。基于该方法实现的原型系统QLAuto支持对使用Java、Python、C/C++多种编程语言的目标软件的历史漏洞模式提炼与查询规则生成。实验表明,QLAuto在包含百万行级的大规模真实软件测试集上的漏洞挖掘准确率较前沿工具IRIS提升约10%,并在Github开源项目中发现了3个未被披露的真实漏洞,有效提升了漏洞挖掘的精度与效率。 |
| 关键词: 漏洞模式 大语言模型 静态应用安全测试 |
| DOI: |
| 投稿时间:2026-02-02修订日期:2026-03-23 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| QLAuto: A Static Application Security Testing Approach Based on Intelligent Extraction of Vulnerability Patterns |
|
Zhang Yuhang, Su He, Li Feng, Hu Yifan, Hu Wenbo, Li Yeting, Piao Aihua, Huo Wei
|
| (Institute of Information Engineering, Chinese Academy of Sciences) |
| Abstract: |
| Static Application Security Testing (SAST) is a widely used technique in the field of vulnerability detection, where high-quality vulnerability pattern libraries are a critical factor influencing the effectiveness of SAST tools. Addressing the heavy reliance on manual maintenance for traditional SAST pattern libraries, as well as the issues regarding analysis effi-ciency and precision in existing query rules generated by Large Language Models (LLMs), this paper proposes a method for the intelligent extraction of historical vulnerability patterns. Utilizing a multi-agent collaboration mechanism, the proposed method deeply understands and extracts the propagation characteristics of historical vulnerabilities, generalizes them to similar vulnerability patterns, and optimizes the rules by incorporating the analysis of dynamic features such as reflection and callbacks. This achieves the goal of automatically generating target-specific, high-quality CodeQL query rules. Based on this method, we implemented a prototype system, QLAuto, which supports the extraction of historical vulnerability patterns and the generation of query rules for target software written in multiple programming languages, including Java, Python, and C/C++. Experimental results demonstrate that QLAuto improves vulnerability detection accuracy by approximately 10% compared to the state-of-the-art tool IRIS on a large-scale real-world software dataset containing millions of lines of code. Furthermore, QLAuto successfully identified three previously undisclosed vulnerabilities in GitHub open-source projects, effectively enhancing both the precision and efficiency of vulnerability detection. |
| Key words: vulnerability pattern large language model (LLM) static application security testing |
