Vulnerability Mining of Deep Learning Framework for Model Generation Guided by Reinforcement Learning

被引：0

作者：

Pan L. ^{[1
]}

Liu L. ^{[1
]}

Luo S. ^{[1
]}

Zhang Z. ^{[1
]}

机构：

[1] School of Information and Electronics, Beijing Institute of Technology, Beijing

来源：

Beijing Ligong Daxue Xuebao/Transaction of Beijing Institute of Technology | 2024年 / 44卷 / 05期

关键词：

deep learning framework; generative model; reinforcement learning; vulnerability mining;

D O I：

10.15918/j.tbit1001-0645.2023.137

中图分类号：

学科分类号：

摘要：

In the existing methods, the vulnerability mining is randomly generating the structural information of the model according to application model, generating easily a large number of low-quality test cases, and seriously affecting the efficiency and effect of vulnerability mining. To solve this problem, a vulnerability mining method of deep learning framework was proposed based on a guiding model generation method with reinforcement learning. Firstly, frame state information during model running was extracted, including Softmax distance and program execution results, etc. Then the extracted frame running state information was taken as a reward variable to guide the generation of model structure and hyper-parameters, so as to improve the quality and efficiency of test case generation. Experimental results show that this method can find more vulnerability of deep learning frameworks under the same number of generated test cases, possessing high practical value. © 2024 Beijing Institute of Technology. All rights reserved.

引用

页码：521 / 529

页数：8

共 19 条

[1] JIA L, ZHONG H, WANG X, Et al., The symptoms, causes, and repairs of bugs inside a deep learning library, Journal of Systems and Software, 177, (2021)
[2] SHEN Q, MA H, CHEN J, Et al., A comprehensive study of deep learning compiler bugs, Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 968-980, (2021)
[3] LI Y, JI S, LYU C, Et al., V-fuzz: Vulnerability prediction-assisted evolutionary fuzzing for binary programs[J], IEEE Transactions on Cybernetics, 52, 5, pp. 3745-3756, (2020)
[4] WEI Shengjun, HE Tao, HU Changzhen, Et al., Predicting software security vulnerabilities with component dependency graphs, Transactions of Beijing Institute of Technology, 38, 5, pp. 525-530, (2018)
[5] SHAO Shuai, WANG Meilin, CHEN Dongqing, Et al., Analysis of android application component exposure vulnerability based on machine learning, Transactions of Beijing Institute of Technology, 39, 9, pp. 974-977, (2019)
[6] WANG Jiajie, LIU Jianxin, MA Yufei, Et al., An automated detection and verification method for webview component vulnerabilities, Transactions of Beijing Institute of Technology, 40, 2, pp. 169-174, (2020)
[7] GU J, LUO X, ZHOU Y, Et al., Muffin: Testing deep learning libraries via neural architecture fuzzing, Proceedings of the 44th International Conference on Software Engineering, pp. 1418-1430, (2022)
[8] ABADI M, BARHAM P, CHEN J, Et al., Tensorflow: a system for large-scale machine learning, 12th USENIX Symposium on Operating Systems Design and Implementation, pp. 265-283, (2016)
[9] PASZKE A, GROSS S, MASSA F, Et al., Pytorch: an imperative style, high-performance deep learning library[J], Advances in Neural Information Processing Systems, 32, pp. 234-246, (2019)
[10] SEIDE F, AGARWAL A., CNTK: Microsoft's open-source deep-learning toolkit, Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, (2016)

← 1 2 →