5/13 ML-guided JavaScript Engine Fuzzing and Bug Classification (손수엘 교수/카이스트 전산학부)

작성자
kaistsoftware
작성일
2021-05-06 13:16
조회
12132
  • 강사 : 손수엘 교수 (카이스트 전산학부)
  • 일시 : 2021. 5. 13 (목) 17:00~18:30
JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs). In this work, we present Montage, the first NNLM guided fuzzer for finding JS engine vulnerabilities. The key aspect of our technique is to transform a JS abstract syntax tree (AST) into a sequence of AST subtrees that can directly train prevailing NNLMs. We demonstrate that Montage is capable of generating valid JS tests, and show that it outperforms previous studies in terms of finding vulnerabilities. Montage found 37 real-world bugs, including three CVEs, in the latest JS engines, demonstrating its efficacy in finding JS engine bugs.
We also investigated the feasibility of applying various machine learning classifiers to determine whether an observed JS engine crash triggers a security bug. We designed and implemented CRScope, which classifies security and non-security bugs from given crash-dump files. Our experimental results on 766 crash instances demonstrate that CRScope achieved 0.85, 0.89, and 0.93 Area Under Curve (AUC) for Chakra, V8, and SpiderMonkey crashes, respectively. CRScope also achieved 0.84, 0.89, and 0.95 precision for Chakra, V8, and SpiderMonkey crashes, respectively. This outperforms the previous study and existing tools including Exploitable and AddressSanitizer. CRScope is capable of learning domain-specific expertise from the past verdicts on reported bugs and automatically classifying JS engine security bugs, which helps improve the scalable classification of security bugs.
전체 143
번호 제목 작성자 작성일 추천 조회
공지사항
2025년 봄학기 콜로퀴엄 일정 안내
kaistsoftware | 2025.02.27 | 추천 0 | 조회 11259
kaistsoftware 2025.02.27 0 11259
142
6/2 Intelligent Techniques for Graphics, Vision, and Robotics (윤성의 교수/KAIST 전산학부)
kaistsoftware | 2025.06.02 | 추천 0 | 조회 633
kaistsoftware 2025.06.02 0 633
141
5/26 Denoising Diffusion for 3D Human and Object Pose Estimation Under Interactions (김태균 교수/KAIST 전산학부)
kaistsoftware | 2025.05.23 | 추천 0 | 조회 762
kaistsoftware 2025.05.23 0 762
140
5/19 이미지/비디오 생성 기술의 현재와 미래 (성민혁 교수/KAIST 전산학부)
kaistsoftware | 2025.05.16 | 추천 0 | 조회 976
kaistsoftware 2025.05.16 0 976
139
5/12 Startup Funding (최원호 교수/KAIST 전산학부)
kaistsoftware | 2025.05.08 | 추천 0 | 조회 1611
kaistsoftware 2025.05.08 0 1611
138
4/21 반복되는 SW오류, 어떻게 막을것인가? (허기홍 교수/KAIST 전산학부)
kaistsoftware | 2025.04.07 | 추천 0 | 조회 3534
kaistsoftware 2025.04.07 0 3534
137
4/7 Hacking Unmanned Vehicles (김용대 교수/KAIST 전기및전자공학부)
kaistsoftware | 2025.04.04 | 추천 0 | 조회 2982
kaistsoftware 2025.04.04 0 2982
136
3/24 Mobile AI Agent (신인식 교수/KAIST 전산학부)
kaistsoftware | 2025.03.21 | 추천 0 | 조회 3858
kaistsoftware 2025.03.21 0 3858
135
3/17 Analyzing LLM Inference Chains (유신 교수/KAIST 전산학부)
kaistsoftware | 2025.03.10 | 추천 0 | 조회 4295
kaistsoftware 2025.03.10 0 4295
134
3/10 AI 의인화와 윤리적 문제: AI는 어떻게 사람처럼 보이도록 설계되었는가? (김진형 교수/KAIST 전산학부)
kaistsoftware | 2025.03.05 | 추천 0 | 조회 6583
kaistsoftware 2025.03.05 0 6583
133
11/25 Finding Security Vulnerabilities in Layer-1 and Layer-2 Blockchains (강민석 교수/KAIST 전산학부)
kaistsoftware | 2024.11.21 | 추천 0 | 조회 7731
kaistsoftware 2024.11.21 0 7731