报告标题: 智能化漏洞检测与Skill的恶意行为分析
报告人: 陈恺
报告时间: 2020年9月8日(周二) 10 : 00
报告地点: 线上,腾讯会议ID:533 544 371
报告摘要:
Recently, AI techniques have shown great potential to strengthen the capability of traditional software analysis approaches. This talk will show how deep learning facilitates software testing and how NLP helps to analyze voice apps (skills). Firstly, we talk about fuzzing. Recently, directed grey-box fuzzing (DGF) becomes popular in the field of software testing. We propose a deep-learning-based approach to predict the reachability of inputs (i.e., miss the target or not) before executing the target program, helping DGF filtering out the unreachable ones to boost the performance of fuzzing. Evaluations on 45 real vulnerabilities show that FuzzGuard boosts the fuzzing efficiency of the vanilla AFLGo up to 17.1×. Secondly, we talk about skills. Smart speakers have been popularly used worldwide, mainly due to the convenience brought from the virtual personal assistant (VPA) which offers interactive actions through the convenient voice commands from users. However, to the best of our knowledge, there is no prior research that systematically explores the interaction behaviors of skills, mainly due to the challenges in handling skills' inputs/outputs in natural languages. We propose a systematic study on behaviors of skills and finds thousands of suspicious skills.
报告人简介:
陈恺,男,博士。中国科学院信息工程研究所,研究员、博士生导师,中国科学院大学教授。信息安全国家重点实验室副主任,《信息安全学报》编辑部主任。中国计算机学会系统软件专委会常委。主要研究领域包括软件与系统安全、人工智能安全。在S&P、USENIX Security、CCS等高水平会议期刊发表论文100余篇;曾主持国家自然科学基金重点项目等40余项。入选国家“万人计划”青年拔尖人才、北京市“杰青”、北京市智源青年科学家等。
|