IvySyn: Automated Vulnerability Discovery for Deep Learning Frameworks

We present IvySyn: the first fully-automated framework for vulnerability discovery in Deep Learning (DL) frameworks. IvySyn leverages the statically-typed nature of native APIs in order to automatically perform type-aware mutation-based fuzzing on low-level kernel APIs. Given a set of offending inputs that trigger memory safety and fatal runtime errors in low-level, native DL (C/C++) code, IvySyn automatically synthesizes code snippets in high-level languages (e.g., in Python), which propagate offending inputs via high(er)-level APIs. Such code snippets essentially act as Proof of Vulnerability, as they demonstrate the existence of bugs in native code that attackers can target through various high-level APIs. Our experimental evaluation shows that IvySyn significantly outperforms past approaches, both in terms of efficiency and effectiveness, in finding real vulnerabilities in popular DL frameworks. Specifically, we used IvySyn to test TensorFlow and PyTorch: although still an early research prototype, IvySyn has already helped the corresponding TensorFlow and PyTorch framework developers to identify and fix 58 previously-unknown security vulnerabilities, and assign 36 unique CVEs.