|
ИСТИНА |
Войти в систему Регистрация |
Интеллектуальная Система Тематического Исследования НАукометрических данных |
||
Python Fuzzing for Trustworthy Machine Learning Frameworksстатья
- Авторы: Yegorov Ilya, Kobrin Eli, Parygina Darya, Vishnyakov Alexey, Fedotov Andrey
- Журнал: Записки научных семинаров Санкт-Петербургского отделения математического института им. В.А. Стеклова РАН
- Том: 530
- Год издания: 2023
- Издательство: Учреждение Российской академии наук Санкт-Петербургское отделение Математического института им. В.А. Стеклова РАН
- Местоположение издательства: Санкт-Петербург
- Первая страница: 38
- Последняя страница: 50
- Номер статьи: 3
- Аннотация: Ensuring the security and reliability of machine learning frameworks is crucial for building trustworthy AI-based systems.Fuzzing, a popular technique in the secure software developmentlifecycle (SSDLC), can be used to develop secure and robust software. Popular machine learning frameworks such as PyTorch andTensorFlow are complex and written in multiple programming languages including C/C++ and Python. We propose a dynamic analysis pipeline for Python projects using the Sydr-Fuzz toolset. Ourpipeline includes fuzzing, corpus minimization, crash triaging, andcoverage collection. Crash triaging and severity estimation are important steps to ensure that the most critical vulnerabilities are addressed promptly. Furthermore, the proposed pipeline is integratedin GitLab CI. To identify the most vulnerable parts of the machinelearning frameworks, we analyze their potential attack surfaces anddevelop fuzz targets for PyTorch, TensorFlow, and related projectssuch as h5py. Applying our dynamic analysis pipeline to these targets, we were able to discover 3 new bugs and propose fixes forthem.
- Добавил в систему: Парыгина Дарья Алексеевна