Design And Implementation Of Vulnerability Mining Technology Of Artificial Intelligence Binary Program Based On Mixed Executionesign And Implementation

With the continuous development of artificial intelligence,artificial intelligence is also accompanied by the wide application of mobile phones,cars,sweeping robots and other intelligent devices,and has begun to enter thousands of households.While people enjoy the great convenience brought by artificial intelligence,they will also be threatened by the risks brought by artificial intelligence itself.Buffer overflow and other vulnerabilities caused by code implementation will carry all kinds of vehicles Artificial intelligence devices pose a huge threat.Therefore,it is of great practical significance and research value to research on vulnerability mining of artificial intelligence binary program.Traditional vulnerability mining technology often generates a large number of invalid test cases,which is lack of pertinence,blindness and weak vulnerability triggering ability.In order to solve these problems,researchers put forward a variety of technologies,among which hybrid execution technology has the advantages of low false alarm rate and high coverage,and has been widely used.Based on the above background,this paper focuses on how to apply hybrid execution technology to the vulnerability mining of artificial intelligence binary programs.The work of this paper can be summarized as follows:1.Study and complete the security risk analysis of AI algorithm,and analyze the different types of vulnerabilities that may exist in different functional modules of AI algorithm.At the same time,the paper analyzes the technical problems faced when the traditional vulnerability mining technology is applied to the artificial intelligence binary program to mine such vulnerabilities:?.The traditional test case generation method is inefficient,?.The path coverage feedback and path selection algorithm effect are not obvious,?.The unique vulnerabilities in the artificial intelligence program cannot be dug.2.In this paper,we propose an artificial intelligence binary vulnerability mining scheme based on mixed execution.Aiming at the low efficiency of traditional test case generation method,the scheme adopts the format analysis method of input set based on dynamic symbol execution technology,extracts the field information of program input set through dynamic symbol execution technology,guides test case generation,and reduces the generation of invalid input set.Aiming at the problem that the path coverage feedback and path selection algorithm have no obvious improvement effect,this scheme uses the custom mutation strategy to replace the part of path constraint collection and path selection algorithm in the traditional mixed execution process,so as to improve the efficiency and vulnerability triggering ability.3.In view of the traditional vulnerability mining technology can not solve the problem of the unique vulnerability in artificial intelligence program,this paper proposes the image rendering anomaly vulnerability mining scheme based on image similarity algorithm and the precision anomaly vulnerability mining scheme based on regular expression.Based on the image similarity algorithm,the image rendering anomaly vulnerability mining scheme uses the image rendering program under various platforms to render the image,uses the screenshot tool to screenshot,and then uses the image similarity algorithm to determine whether there is an exception in the rendering,and solves the problem of the abnormal hole mining in the image rendering.In the case of no source code,the binary program is disassembled to get clear reverse pseudocode,and then regular expression is used to extract the code that may have precision exception vulnerability,which is used for further analysis by technicians to solve the problem of precision exception vulnerability mining.4.Aiming at the above-mentioned vulnerability mining scheme,this paper designs and implements a web-based artificial intelligence vulnerability mining prototype system based on springboot.The system mainly includes three subsystems and 10 modules.Finally,build the test environment,test and analyze the whole system.In the test phase,the paper has tested the self-designed artificial intelligence program and the cross platform computer vision library opencv4.1.0.Three CVE vulnerabilities in opencv were successfully detected,including cve-2019-5064,cve-2019-5063 and cve-2019-15939.In the test of OpenCV's image rendering module,we found the abnormal vulnerability of image rendering in OpenCV.The test results show that the artificial intelligence binary vulnerability mining proposed in this paper has a certain value in practical application.