We present IvySyn: the first fully-automated framework for vulnerability discovery in Deep Learning (DL) frameworks. IvySyn leverages the statically-typed nature of native APIs in order to automatically perform type-aware mutation-based fuzzing on low-level kernel APIs. Given a set of offending inputs that trigger memory safety and fatal runtime errors in low-level, native DL (C/C++) code, IvySyn automatically synthesizes code snippets in high-level languages (e.g., in Python), which propagate offending inputs via high(er)-level APIs. Such code snippets essentially act as Proof of Vulnerability, as they demonstrate the existence of bugs in native code that attackers can target through various high-level APIs. Our experimental evaluation shows that IvySyn significantly outperforms past approaches, both in terms of efficiency and effectiveness, in finding real vulnerabilities in popular DL frameworks. Specifically, we used IvySyn to test TensorFlow and PyTorch: although still an early research prototype, IvySyn has already helped the corresponding TensorFlow and PyTorch framework developers to identify and fix 58 previously-unknown security vulnerabilities, and assign 36 unique CVEs.
翻译:我们介绍IvySyn: 深海学习(DL)框架中脆弱性发现的第一个完全自动化框架。 IvySyn 利用本地API的静态类型性质,对低层内核API自动进行自觉突变的模糊。 鉴于一系列违规输入在低层、本地DL(C/C++)代码中触发记忆安全和致命运行时间错误, IvySyn 自动合成高层次语言(例如Python)的代码片段(例如,Python),通过高(er)级API传播违规输入。 此类代码片段基本上可以作为脆弱性的证明, 因为这些代码显示在本地代码中存在错误, 攻击者可以通过各种高级APIs瞄准。 我们的实验评估显示, IvySyn 在发现广受欢迎的 DL框架中找到真实的脆弱性方面, 大大超过过去的方法( ) 。 具体地说, 我们使用 IvySyn 测试TensorFlow 和 PyTyTorch:虽然仍然有一个独特的研究模型, 并且已经确定一个早期的、 和具有历史意义的CvySySynSvySvyn 和SvyF 。