Ensuring the security and reliability of machine learning frameworks is crucial for building trustworthy AI-based systems. Fuzzing, a popular technique in secure software development lifecycle (SSDLC), can be used to develop secure and robust software. Popular machine learning frameworks such as PyTorch and TensorFlow are complex and written in multiple programming languages including C/C++ and Python. We propose a dynamic analysis pipeline for Python projects using the Sydr-Fuzz toolset. Our pipeline includes fuzzing, corpus minimization, crash triaging, and coverage collection. Crash triaging and severity estimation are important steps to ensure that the most critical vulnerabilities are addressed promptly. Furthermore, the proposed pipeline is integrated in GitLab CI. To identify the most vulnerable parts of the machine learning frameworks, we analyze their potential attack surfaces and develop fuzz targets for PyTorch, TensorFlow, and related projects such as h5py. Applying our dynamic analysis pipeline to these targets, we were able to discover 3 new bugs and propose fixes for them.

翻译：确保机器学习框架的安全性和可靠性对于构建可信赖的AI系统至关重要。模糊测试作为安全软件开发生命周期中的一项流行技术，可用于开发安全稳健的软件。诸如PyTorch和TensorFlow等主流机器学习框架结构复杂，且采用包括C/C++和Python在内的多种编程语言编写。我们提出了一种基于Sydr-Fuzz工具集的Python项目动态分析流水线，该流水线涵盖模糊测试、语料库精简、崩溃分类及覆盖率收集。其中，崩溃分类与严重性评估是确保关键漏洞得到及时处理的重要步骤。此外，该流水线已集成至GitLab CI中。为识别机器学习框架中最易受攻击的部分，我们分析了其潜在攻击面，并为PyTorch、TensorFlow及相关项目（如h5py）开发了模糊测试目标。通过将动态分析流水线应用于这些目标，我们成功发现了3个新漏洞并提出了修复方案。