摘要
随着深度学习技术在多个领域的广泛应用,其框架的安全性和稳定性也变得尤为重要.文章从用户角度出发,分析了不同用户群体可能遇到的漏洞类型及相应的模糊测试方法.首先介绍了深度学习框架的发展背景及其重要性;然后详细讨论了针对模型库、深度学习框架及编译器的模糊测试研究现状,梳理了如模型变异、权重生成、样例构造和模型测试等关键技术,并以PyTorch和MLIR的漏洞为例分析了漏洞形成的原因;最后展望了未来的研究方向,包括错误定位与自动修复技术、大语言模型增强的模糊测试.
Abstract
With the widespread application of deep learning technology in various fields,ensuring the security and stability of its frameworks has become crucial.This paper starts from the user's perspective to analyze the types of vulnerabilities that different user groups may encounter and the corresponding fuzzing test methods.The article first introduced the development background and importance of deep learning frameworks,then discussed in detail the current state of testing research for model libraries,deep learning frameworks,and compilers,and reviewed key techniques such as model mutation,weight generation,sample construction,and model testing.Then the article analyzed the root cause of bug in PyTorch and MLIR.Finally,the article looked forward to future research directions,including error localization and automatic repair techniques,as well as fuzzing test enhanced by large language models.
维普
万方数据