Proj CDeepFuzz Paper Reading: IvySyn: Automated Vulnerability Discovery in Deep Learning Frameworks
Abstract
本文:IvySyn
Task: discover memory error vulnerabilities in DL frameworks
BugType: memory safety errors, fatal runtime errors
Method:
- 利用native APIs中静态写明的类型信息在low-level kernel code上执行type-aware mutation-based fuzzing
- synthesize Proof of Vulnerabilities(native DL C/C++ code code snippets that can trigger memory errors), PoV synthesis
实验:
对象:TensorFlow, PyTorch
Competitors: Atheris++, DocTer
效果:61 bugs fixed, 39 CVEs
