METHOD AND SYSTEM FOR IDENTIFYING EXPLOITED VULNERABILITIES IN THE PROGRAM CODE Russian patent published in 2023 - IPC G06F21/57 G06N20/00 

FIELD: computer technology.

SUBSTANCE: invention relates to the field of computer technology. The expected result is achieved by constructing a vulnerability attack vector; obtaining data containing the source code file and the type of vulnerability detected; converting the source code containing the vulnerability into an abstract syntax tree (AST), in which the internal vertices are mapped to programming language operators, and the leaves to the corresponding operands; searching for an element of the attack vector by coordinates and name among the vertices of the AST containing information about the type of vertex; forming a path in the AST between the found elements of the attack vector; forming an ordered sequence that represents the types of each element of the path; forming a vector representation of the formed sequence as the number of all possible types of AST nodes inside it; processing of the received data using a machine learning model (ML) trained on vector representations of vulnerability data, during which vulnerabilities are classified according to the degree of exploitation, and exploited vulnerabilities are identified in the program code based on the classification.

EFFECT: increase in the speed and accuracy of identifying exploited vulnerabilities in the program code.

3 cl, 14 dwg