5/13 ML-guided JavaScript Engine Fuzzing and Bug Classification (손수엘 교수/카이스트 전산학부)

작성자
kaistsoftware
작성일
2021-05-06 13:16
조회
12050
  • 강사 : 손수엘 교수 (카이스트 전산학부)
  • 일시 : 2021. 5. 13 (목) 17:00~18:30
JavaScript (JS) engine vulnerabilities pose significant security threats affecting billions of web browsers. While fuzzing is a prevalent technique for finding such vulnerabilities, there have been few studies that leverage the recent advances in neural network language models (NNLMs). In this work, we present Montage, the first NNLM guided fuzzer for finding JS engine vulnerabilities. The key aspect of our technique is to transform a JS abstract syntax tree (AST) into a sequence of AST subtrees that can directly train prevailing NNLMs. We demonstrate that Montage is capable of generating valid JS tests, and show that it outperforms previous studies in terms of finding vulnerabilities. Montage found 37 real-world bugs, including three CVEs, in the latest JS engines, demonstrating its efficacy in finding JS engine bugs.
We also investigated the feasibility of applying various machine learning classifiers to determine whether an observed JS engine crash triggers a security bug. We designed and implemented CRScope, which classifies security and non-security bugs from given crash-dump files. Our experimental results on 766 crash instances demonstrate that CRScope achieved 0.85, 0.89, and 0.93 Area Under Curve (AUC) for Chakra, V8, and SpiderMonkey crashes, respectively. CRScope also achieved 0.84, 0.89, and 0.95 precision for Chakra, V8, and SpiderMonkey crashes, respectively. This outperforms the previous study and existing tools including Exploitable and AddressSanitizer. CRScope is capable of learning domain-specific expertise from the past verdicts on reported bugs and automatically classifying JS engine security bugs, which helps improve the scalable classification of security bugs.
전체 143
번호 제목 작성자 작성일 추천 조회
공지사항
2025년 봄학기 콜로퀴엄 일정 안내
kaistsoftware | 2025.02.27 | 추천 0 | 조회 10865
kaistsoftware 2025.02.27 0 10865
142
6/2 Intelligent Techniques for Graphics, Vision, and Robotics (윤성의 교수/KAIST 전산학부)
kaistsoftware | 2025.06.02 | 추천 0 | 조회 504
kaistsoftware 2025.06.02 0 504
141
5/26 Denoising Diffusion for 3D Human and Object Pose Estimation Under Interactions (김태균 교수/KAIST 전산학부)
kaistsoftware | 2025.05.23 | 추천 0 | 조회 636
kaistsoftware 2025.05.23 0 636
140
5/19 이미지/비디오 생성 기술의 현재와 미래 (성민혁 교수/KAIST 전산학부)
kaistsoftware | 2025.05.16 | 추천 0 | 조회 857
kaistsoftware 2025.05.16 0 857
139
5/12 Startup Funding (최원호 교수/KAIST 전산학부)
kaistsoftware | 2025.05.08 | 추천 0 | 조회 1509
kaistsoftware 2025.05.08 0 1509
138
4/21 반복되는 SW오류, 어떻게 막을것인가? (허기홍 교수/KAIST 전산학부)
kaistsoftware | 2025.04.07 | 추천 0 | 조회 3422
kaistsoftware 2025.04.07 0 3422
137
4/7 Hacking Unmanned Vehicles (김용대 교수/KAIST 전기및전자공학부)
kaistsoftware | 2025.04.04 | 추천 0 | 조회 2889
kaistsoftware 2025.04.04 0 2889
136
3/24 Mobile AI Agent (신인식 교수/KAIST 전산학부)
kaistsoftware | 2025.03.21 | 추천 0 | 조회 3742
kaistsoftware 2025.03.21 0 3742
135
3/17 Analyzing LLM Inference Chains (유신 교수/KAIST 전산학부)
kaistsoftware | 2025.03.10 | 추천 0 | 조회 4133
kaistsoftware 2025.03.10 0 4133
134
3/10 AI 의인화와 윤리적 문제: AI는 어떻게 사람처럼 보이도록 설계되었는가? (김진형 교수/KAIST 전산학부)
kaistsoftware | 2025.03.05 | 추천 0 | 조회 6344
kaistsoftware 2025.03.05 0 6344
133
11/25 Finding Security Vulnerabilities in Layer-1 and Layer-2 Blockchains (강민석 교수/KAIST 전산학부)
kaistsoftware | 2024.11.21 | 추천 0 | 조회 7485
kaistsoftware 2024.11.21 0 7485