Technology peripherals
AI
One step closer to 'fully automatic' vulnerability mining! Tencent Security Big Data Laboratory paper selected for ACM CCS 2023
One step closer to 'fully automatic' vulnerability mining! Tencent Security Big Data Laboratory paper selected for ACM CCS 2023
ACM CCS 2023, the international authoritative academic conference in the field of computer science, opened on November 26 in Copenhagen, Denmark. The paper "Hopper: Interpretative Fuzzing for Libraries" by the Tencent Security Big Data Laboratory team was included in the conference. Yesterday, laboratory researcher Xie Yuxuan was invited to attend the conference to share the theme.
This research proposes an interpretive fuzz testing method, showing how to use dynamic feedback to learn constraints inside and outside the API to achieve automated code generation. Through this method, without any external expert knowledge, it is possible to generate valid and usable code calling methods and exploit these codes to exploit vulnerabilities. The goal of this research method is to solve the problem that fuzz testing requires manual construction of entrances, thereby greatly improving the efficiency and application scope of automated vulnerability mining
In the past few years, fuzzing technology (Fuzzing) has proven to be an A very effective vulnerability mining method. The main principle of this technology is to test the processing capabilities of software by generating a large number of random inputs, thereby helping developers automatically discover defects in software. At present, fuzz testing technology has been widely used in open source software and commercial software. However, fuzz testing relies on developers to manually build test entrances (fuzz drivers) to test target objects. Writing test entries with correct logic and high coverage requires developers to have a deep understanding of the library under test and requires a lot of work. Due to the high threshold, there are still many codes (including projects, APIs, etc.) that have not been covered by fuzz testing, resulting in a limitation in the degree of "automation" of vulnerability mining.
Tencent Security Big Data Laboratory proposed a A new testing method called interpretive fuzz testing. This testing method does not require developers to write test entrances, enables Fuzzer to directly generate programs to be executed, and enables fully automated learning and testing of any library API. It completely opens up the fully automated process of fuzz testing and greatly improves the efficiency of automated vulnerability mining
Based on this method, Tencent Security Big Data Laboratory implemented the automated vulnerability mining tool Hopper, and used it in 11 open source libraries The effect of Hopper is evaluated in the paper. The results show that Hopper has a significant advantage in coverage performance in three of the libraries, and can achieve results comparable to manually constructed entrances in other libraries.
Hopper has shown an extremely high level of API coverage, reaching 93.52%. In comparison, manually written fuzz test entries can only cover about 15%-30% of the API
In addition, the intra-API constraints inferred by Hopper can reach 96.51% The accuracy rate greatly improves the success rate and efficiency of generating code
Finally, in the experiment, Hopper directly used the dynamic feedback of execution to generate code that can test the API. While greatly improving API test coverage, it also successfully identified a series of real software defects and submitted them to relevant platforms and developers for repair.
The researchers published the above research results in the form of a paper, which was included in ACM CCS 2023. ACM CCS, together with IEEE S&P, USENIX Security, and NDSS, is known as the four top conferences in the field of computer security. It has a history of nearly 30 years and has had a significant and far-reaching impact on the field of computer security. The conference enjoys a high reputation in the field of computer security and is also recognized as a Class A international academic conference on network and information security by the China Computer Federation (CCF).
Tencent Security Big Data Laboratory believes that the internal and external technologies facing network security are constantly developing, but the essence of network security is vulnerabilities and attack and defense. Therefore, how to find system vulnerabilities before attackers is not Changing theme. In the era of large models, Tencent Security will also continue to explore how to empower new technologies such as AI in vulnerability mining and improve efficiency.
The above is the detailed content of One step closer to 'fully automatic' vulnerability mining! Tencent Security Big Data Laboratory paper selected for ACM CCS 2023. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1386
52
DeepMind robot plays table tennis, and its forehand and backhand slip into the air, completely defeating human beginners
Aug 09, 2024 pm 04:01 PM
But maybe he can’t defeat the old man in the park? The Paris Olympic Games are in full swing, and table tennis has attracted much attention. At the same time, robots have also made new breakthroughs in playing table tennis. Just now, DeepMind proposed the first learning robot agent that can reach the level of human amateur players in competitive table tennis. Paper address: https://arxiv.org/pdf/2408.03906 How good is the DeepMind robot at playing table tennis? Probably on par with human amateur players: both forehand and backhand: the opponent uses a variety of playing styles, and the robot can also withstand: receiving serves with different spins: However, the intensity of the game does not seem to be as intense as the old man in the park. For robots, table tennis
The first mechanical claw! Yuanluobao appeared at the 2024 World Robot Conference and released the first chess robot that can enter the home
Aug 21, 2024 pm 07:33 PM
On August 21, the 2024 World Robot Conference was grandly held in Beijing. SenseTime's home robot brand "Yuanluobot SenseRobot" has unveiled its entire family of products, and recently released the Yuanluobot AI chess-playing robot - Chess Professional Edition (hereinafter referred to as "Yuanluobot SenseRobot"), becoming the world's first A chess robot for the home. As the third chess-playing robot product of Yuanluobo, the new Guoxiang robot has undergone a large number of special technical upgrades and innovations in AI and engineering machinery. For the first time, it has realized the ability to pick up three-dimensional chess pieces through mechanical claws on a home robot, and perform human-machine Functions such as chess playing, everyone playing chess, notation review, etc.
Claude has become lazy too! Netizen: Learn to give yourself a holiday
Sep 02, 2024 pm 01:56 PM
The start of school is about to begin, and it’s not just the students who are about to start the new semester who should take care of themselves, but also the large AI models. Some time ago, Reddit was filled with netizens complaining that Claude was getting lazy. "Its level has dropped a lot, it often pauses, and even the output becomes very short. In the first week of release, it could translate a full 4-page document at once, but now it can't even output half a page!" https:// www.reddit.com/r/ClaudeAI/comments/1by8rw8/something_just_feels_wrong_with_claude_in_the/ in a post titled "Totally disappointed with Claude", full of
At the World Robot Conference, this domestic robot carrying 'the hope of future elderly care' was surrounded
Aug 22, 2024 pm 10:35 PM
At the World Robot Conference being held in Beijing, the display of humanoid robots has become the absolute focus of the scene. At the Stardust Intelligent booth, the AI robot assistant S1 performed three major performances of dulcimer, martial arts, and calligraphy in one exhibition area, capable of both literary and martial arts. , attracted a large number of professional audiences and media. The elegant playing on the elastic strings allows the S1 to demonstrate fine operation and absolute control with speed, strength and precision. CCTV News conducted a special report on the imitation learning and intelligent control behind "Calligraphy". Company founder Lai Jie explained that behind the silky movements, the hardware side pursues the best force control and the most human-like body indicators (speed, load) etc.), but on the AI side, the real movement data of people is collected, allowing the robot to become stronger when it encounters a strong situation and learn to evolve quickly. And agile
ACL 2024 Awards Announced: One of the Best Papers on Oracle Deciphering by HuaTech, GloVe Time Test Award
Aug 15, 2024 pm 04:37 PM
At this ACL conference, contributors have gained a lot. The six-day ACL2024 is being held in Bangkok, Thailand. ACL is the top international conference in the field of computational linguistics and natural language processing. It is organized by the International Association for Computational Linguistics and is held annually. ACL has always ranked first in academic influence in the field of NLP, and it is also a CCF-A recommended conference. This year's ACL conference is the 62nd and has received more than 400 cutting-edge works in the field of NLP. Yesterday afternoon, the conference announced the best paper and other awards. This time, there are 7 Best Paper Awards (two unpublished), 1 Best Theme Paper Award, and 35 Outstanding Paper Awards. The conference also awarded 3 Resource Paper Awards (ResourceAward) and Social Impact Award (
Hongmeng Smart Travel S9 and full-scenario new product launch conference, a number of blockbuster new products were released together
Aug 08, 2024 am 07:02 AM
This afternoon, Hongmeng Zhixing officially welcomed new brands and new cars. On August 6, Huawei held the Hongmeng Smart Xingxing S9 and Huawei full-scenario new product launch conference, bringing the panoramic smart flagship sedan Xiangjie S9, the new M7Pro and Huawei novaFlip, MatePad Pro 12.2 inches, the new MatePad Air, Huawei Bisheng With many new all-scenario smart products including the laser printer X1 series, FreeBuds6i, WATCHFIT3 and smart screen S5Pro, from smart travel, smart office to smart wear, Huawei continues to build a full-scenario smart ecosystem to bring consumers a smart experience of the Internet of Everything. Hongmeng Zhixing: In-depth empowerment to promote the upgrading of the smart car industry Huawei joins hands with Chinese automotive industry partners to provide
Li Feifei's team proposed ReKep to give robots spatial intelligence and integrate GPT-4o
Sep 03, 2024 pm 05:18 PM
Deep integration of vision and robot learning. When two robot hands work together smoothly to fold clothes, pour tea, and pack shoes, coupled with the 1X humanoid robot NEO that has been making headlines recently, you may have a feeling: we seem to be entering the age of robots. In fact, these silky movements are the product of advanced robotic technology + exquisite frame design + multi-modal large models. We know that useful robots often require complex and exquisite interactions with the environment, and the environment can be represented as constraints in the spatial and temporal domains. For example, if you want a robot to pour tea, the robot first needs to grasp the handle of the teapot and keep it upright without spilling the tea, then move it smoothly until the mouth of the pot is aligned with the mouth of the cup, and then tilt the teapot at a certain angle. . this
Distributed Artificial Intelligence Conference DAI 2024 Call for Papers: Agent Day, Richard Sutton, the father of reinforcement learning, will attend! Yan Shuicheng, Sergey Levine and DeepMind scientists will give keynote speeches
Aug 22, 2024 pm 08:02 PM
Conference Introduction With the rapid development of science and technology, artificial intelligence has become an important force in promoting social progress. In this era, we are fortunate to witness and participate in the innovation and application of Distributed Artificial Intelligence (DAI). Distributed artificial intelligence is an important branch of the field of artificial intelligence, which has attracted more and more attention in recent years. Agents based on large language models (LLM) have suddenly emerged. By combining the powerful language understanding and generation capabilities of large models, they have shown great potential in natural language interaction, knowledge reasoning, task planning, etc. AIAgent is taking over the big language model and has become a hot topic in the current AI circle. Au
