版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1
AI-PoweredBugHunting-Evolutionand
benchmarking
AlfredoOrtega-ortegaalfredo@X:@ortegaalfredo
Neuroengine.aiJune27,2024
WhileAIholdspromiseforassistingwithbughunting,itsactualimpactre-mainsunclear.ThispresentationaddressesthisdoubtbyintroducingCrash-Benchmark,astandardizedevaluationframeworkforAI-drivenstaticanaly-sistools.We’llshareresultsfromasimplebug-huntingAIagent,AutoKaker,anddiscusstheimplicationsforoptimizingAI-basedbughuntinginC/C++codebases.
1Introduction
Opiniononautomaticbugfindingiscontroversial.Atthedateofthisarticle’spubli-cation,thereisnoconsensusaboutwhetherthisispossibleornot,ortowhatextent.ThisispartlyduetotherapidadvancementofLLMmodels;upuntilmonthsago,open-sourcemodelswerenotadvancedenoughtobeeffectiveatbugfinding.ThereexistsathresholdinthecomplexityofLLMsbeyondwhichbugfindingbecomespossible,andinthisarticlewebenchmarkvariousmodelsandfoundthatthisthresholdhasbeenreachedforsomevulnerabilities.
2CrashBench
Crashbench
[1]isasimpleautomatictest-casebasedbenchmarktool
.ItconnectstoserveralLLMservicesofferingopensourceandprivateAImodels,sendatestcaseandthenmeasureresults.IftheLLMfoundthebuginthecorrectline,thenscoreisincreasedbyone.
2.1Design
Mostofthetestcasesforthev1versionarebasedonGera’sInsecureProgrammingexercises
[2],plus3realvulnerabilityexamples
.TheLLMisassignedascorebased
2
onthenumberofvulnerabilitiesthatwerereported,withrealvulnerabilitieshaving10timesthescore.
TheconfigurationofCrashbenchisasingle.inifilecontainingtheprompt,testcasefilesandexpectedlineswherethebugisfound.
[SETTINGS]
SystemPrompt="Youareanexpertsecurityresearcher,programmerandbugfinder."
Prompt="Checkthiscodeforanyout-of-boundsor
integer-overflowvulnerability,explainitandpointatthelinewiththeproblem,
andnothingmore,inthisway:\n’Bugline=X’whereXisthelinenumberofthebug,
andthenprintthatlinenumber.
Ifthecodehasnobugs,thenprint’Bugline=0’."
[Basic]
file1=stack1.c,6file2=stack2.c,6file3=stack3.c,6file4=stack4.c,6file5=stack5.c,6
[ABOs]
file1=abo1.c,4
...
Inthisway,thetestnotonlytestsbugfindingcapabilities,butalsoaccuracyinreporting.Manymodelsaregoodatfindingvulnerabilities,buttheyfailataccuratelypointingexactlywherethebugislocatedinthecode.Tocreatenegativetests(testswherenovulnerabilityshouldbedetected),justsettheexpectedvulnlinenumbertozero.
2.2Parameters
Softwareusedwasvllmv0.5.0.post1[3]forAWQquantizationandaphrodite-engine
v0.5.3
[4]forEXL2quantization
.Parametersusedforinferenceusingvllmwere:
•temperature:1.2
•topp=1.0
•frequencypenalty=0.6
•presencepenalty=0.8
3
2.3Results
Thebenchmarkranagainst16LLMs,mostofthembeingthelatestversions,butalso
someoldermodelsbasedonLlama-2tocomparethem.Additionally,severalquanti-zationsofthesamemodelweretestedtomeasuretheeffectofquantizationonLLMbug-reportingaccuracy.
Figure1:Crashbenchscore
AsshowninFigure
1,Oldermodelsarenotcompetitiveatcodeunderstandingand
bugfinding,withnewermodelsbeingsignificantlybetter.EvenclosedmodelslikeChatGPTaresurpassedbythesenewermodelsintermsofperformance.Additionally,therelativelysmalleffectofquantizationonresultsisevident,asastrongquantizationofLlama-3-70B(2.25bpw)didnothaveasignificantimpactonthemodel’sscore.
2.4Quantizationeffects
AtFigure
2,wenowfocusontheeffectsofquantizationonthescore
.Quantizationisatechniquethatcompressesmodelsbyrepresentingweightsusingfewerbits,losingsomequalitybutreducingtheamountofmemoryneeded.Thisresultsinincreasedspeedandefficiency.SincecurrentGPUsaremostlylimitedbymemorybandwidth,theefficiencyofinferencedecreasesnearlylinearlywithsize.
Wesetthey-axisto0sothatitcanbemoreeasilyseenhowlowaneffectquantizationhadonthescores.Wecanalsoseetherapidincreaseinsizewiththeincreaseofbitsperword,withoutanycorrespondingincreaseinscore.
4
Figure2:Quantizationeffectsonscore.Model:Meta-LLama-3-70B-Instruct.
WecanplotasecondgraphatFig.
3,showingefficiencyofthedifferentmodels,
meaningthescorepersizeinGigabytes.Withdecreasedsize,speedandpowerrequiredforinferencealsodecreaseslinearly,increasingefficiencyofoperation.
WecanseehowthecurrentmostefficientmodelsarehighlyquantizedversionsofLlama-370B.Ataround25GB,thosemodelsarestilloutofreachformostpersonalhomecomputers.ThebestnextoptionwouldbetouseahighlyquantizedversionofMistral-8x7B,whichcanrunonCPUonmostmoderncomputersatanacceptablespeed.
2.5CrashbenchvsLMSysELO
TheLMsysleaderboard
[5]hasbecometheindustrystandardformodelbenchmarking
.Wecancomparehowourbug-findingbenchmarkcorrelateswiththeoverallmodelscore.
IntuitivelywewouldassumethatoverallELOandcrashbenchscoresshouldbesome-whatrelated.Butin
4
wecanseesomeinconsistencies,especiallywithmodernOpenAImodels.ThesemodelshavemuchbetterELOscoresthanCrashbenchscores.Thismeansthatthesemodelsaremuchbetterasgenericassistantsandcodegenerationthanatbugfinding.Wesuspectthatsuper-alignmentmightcausethesemodelstorefusetoshowbugs,asananalysisofgpt-4andgpt-4oshowsthattheydonotshowmanywrongbugsorlinesonthetest-cases;instead,theirlowscoresaremostlyduetodenyingthatthereisabugatall.Lowscoresmightalsoindicateproblemsonthebenchmark,aswediscussinthefollowingsection.
5
Figure3:Totalmodelefficiency.ThisgraphicshowshowmanypointsthemodelhaveforeveryGBinsize.
2.6Problems
Problemsthatmayaffectthisbenchmarkaccuracyare:
Incorrectparametersand/orpromptformat:Instructmodelshaveaspecificformat
thatmustbeusedonthepromptstomaximizetheirunderstandingoftherequests.ManyLLMsarequiteflexibleonthisformat,whilesomearenot.It’simportanttorespectthepromptformatofeachLLMtomaximizetheircode-understandingcapacity.
Modeltrainedonthesolutionsofthebenchmark:Asmostmodelsaretrainedonter-abytesoftokens,itisverylikelythatthetestcases,bothartificialandreal,werepartoftheirtraining,alongwiththesolutions.Thismightintroduceabiaswheremodelsareverygoodatpassingthebenchmark,butnotsogoodinreal-worldapplications.ThesolutiontothisproblemistocreatemoreunpublishedtestcasesthattheLLMdidn’tseeduringtraining.However,thisisashort-livedsolutionasit’sverylikelythatnewerversionsoftheLLMswillcontainthesenewtestcases,sotheymustbediscardedineverynewversionofthebenchmark.
Bugsoninferencesoftware/quantizationquality:Inferencesoftwareisevolvingrapidly,anditcontainsbugsthataffectqualityandreasoning.Asolutiontothisproblemforbenchmarkingistoalwaysusethesameinferencesoftware.Inourcase,weuseeithervLLMorAphroditeengine,whichinternallyusesvLLM.
6
Figure4:CrashbenchscorevsOverallmodelELOscore.Wecanseeageneralcorrelationexceptonclosedmodels.
Refusalsduetoalignmnet:Somemodelsrefusetodiscoverbugsbecausetheyreasonthattheycanbeusedformaliciouspurposes.Thiscanbebypassedwithseveraltechniquessuchaspromptjailbreakingorabliteration,butbothtechniquesmightaffectthecode-understandingcapacityofthemodel.However,theabliteratedversionofLlama-3-70Bwascomparedagainsttheoriginalversionandshowedaminimaleffectontheresults.
3AutoKaker:Automaticvulnerabilitydiscovery
Usingthesametechniqueofthebenchmarkwecaneasilyconstructatool[6]thatprocess
sourcecodeandannotateseveryvulnerabilityfound.Thealgoritmdescribedinfig
5
issimple:
1.Separatesourcecodeintoindividualchunksthatcontainoneormorefunctions
2.AssembleapromptaskingtheLLMtoanalyzethecode
3.Annotatetheresults
Thistool(seefig
6)canbelaunchedoncompletecodebasesandwillannotateevery
functionwithpossiblevulnerabilities,readyfortriageandexploitationbyahumanoperator.Unlikeotherapproaches,thistooldoesnotattempttoverifyorexploitthe
7
Figure5:Autokakermainloop
vulnerabilitiesfound,asthisisamuchmorecomplextask.Weproposeinthenextsectionthatitisunnecessary.ThetoolcurrentlysupportsonlyCcode,butthisisalimitationofthecurrentcodeparserduetoitsinabilitytoseparatefunctions.ThetoolcanrunonC++/Rustcodewithamodifiedcodeparser.
3.1ProblemswithautomatedAIexploitation
Wecanseeasimplifieddiagramofthestagesofvulnerabilitydiscoveryat
7.
Oncewefoundapossiblevulnerability,wehavetwopaths:Eitherconfirmitviaexploitation,orfixitviaapatch.Wecandotwoimportantobservations:
•Isnotnecessarytoconfirmapossiblevulnerabilitytopatchit.Thisfollowthephilosophyofdefensiveprogramming.
•Patchingavulnerabilityrequiresmuchlessskillsthanexploitingit,orevenfindingit.
Similartools/benchmarkssuchasMeta’sCybersecEval2[7]andGoogleProjectZero
Naptime
[8]aimtofindandverifyvulnerabilities,andduetothehigh-skillandhigh
-complexitynatureofthistask,currentAIsystemsperformpoorlyatthis.Theycanonlysucceedinbasicexampleswithoutanysoftwareprotectionsorexploitcountermeasures. WhileoffensiveAIwilleventuallybecomeadvancedenoughtosucceedatthistask,duetotheobservationthatit’softeneasiertofixavulnerabilitythantocreatean
8
Figure6:AutoKakerGUI
exploitforit,wecanassumethattheasymmetrybetweendefenseandattackwillcauseoffensiveAI-generatedexploitstoalmostneversucceed.ThisisbecauselesscomplexdefensiveAIwilldiscoverandpatchthemfirst.
AnotherconclusionisthatsincecurrentLLMsareadvancedenoughtodiscoversomevulnerabilities,theyalsohavethecapacitytoautomaticallypatchthem,asshowninthenextsection
4Auto-patching
Vulnerabilitydiscovery/annotationandvulnerabilitypatchinghavesimilarworkflow,butinsteadofaddingacommentdescribingthevulnerability,weasktheLLMtogenerateandaddcodethatfixesit.Theautokakertoolcanalreadyperformthistaskbyusingthe–patchcommand-lineargument,displayingasimpleGUI(seefig
8)
.
4.1Iterativepatching
MostSOTALLMslikeLlama-3,Mistral-Large,GPT4,GeminiorClaudearealreadycapableofgeneratingpatchesbuttheydonothavea100%rateofsuccess.Meaningthatthegeneratedfixeswillsometimeseithernotcompileorcreateadditionalbugs.
Wesolvethisproblemusingaclosed-loopapproach(seefig
9),inwhichafterevery
patchgeneration,theautokakeragentchecksifthecodecompilesandpassesalltests.IftheLLMcodefailstopassthesetests,wecantrymultipletimesuntilthegeneratedcodepassesalltests.Notably,mostSOTALLMsgeneratecorrectpatchesonthefirsttry.
9
Figure7:Simplifiedvulndiscoverystages
4.2Example:zlib-hardcored
Zlib
[9]isacompressionlibrarythatissmall,andincludeexampleutilitiesthatcom
-press/decompressbinarydata,thatcanbeusedasatestforthecorrectworkingsoftheseveralalgorithmsimplemented.Theautopatcherutilitywasrunonthiscodeusingthiscommandline:
cdzlib;pythonautok.py--patch--make"make&&example64".
Thiswillruntheautopatchrecursivelyonall.cfilesandrunthecommand’make&&example64’aftereachmodificationtocheckforthecorrectnessandvalidityofeverypatch.
Thisgeneratedacompatiblerefactoroftheoriginalzliblibrarywithover200ap-pliedsecuritypatches.
Thehardenedzlibcodecanbedownloadedat[10]
.Notably,themodificationofthisprojecttoaddadditionalcheckswasdone100%automatically
10
Figure8:AutopatcherGUI
withnohumanintervention.Whilenotallpatchesfixexploitablevulnerabilities,theyadddefensiveprogrammingthatprotectsthezlibfunctionfrommanyfutureunknownvulnerabilities,withtheaddedbenefitofrandomizingtheimplementationitself,makingROPattacksmuchharder.
4.3Example:OpenBSD-hardcored
SecondexampleistheOpenBSDkernel.
OpenBSD[12]isanoperatingsystemknown
foritssecurityandcorrectness.However,theAutokakertooldiscoveredmanyvulnera-bilities,makingitacandidateforautopatching.
Atthistime,autopatcherwasrunonthecompletenetinet/netinet6systemusing
GPT4asamodel,generatingaround2000securitychecks[11]
.Notethatmostpatcheswillresultinunusedcode,andmostchecksarenotreallyneeded,followingthesamephilosophyasdefensiveprogramming.
AsOpenBSDdoesnothaveteststhatcheckthecorrectnessoftheIPv4/IPv6stack,patchingwas’blind’inthesensethattheymaygenerateerrors.Therefore,thepatcheshadtobereviewedmanually.However,outofthousandsofmodifications,only2patchesneededmanualcorrection.
Itisnotrecommendedtousethis’hardened’codeinproductionasitstillmightcontainbugsintroducedbytheautopatcherandnotyetdetected.Also,aswediscusslater,thepatchescanbeeasilyregeneratedwithanewer,morepowerfulLLM.
4.4cost
Currently,thecompleterefactorofthenetinet/netinet6subsystemofOpenBSD7.5isthebiggestprojectthathasbeenautopatched.Wecancitesomenumbersoftheassociated
cost:
11
Figure9:Autopatcherdesign
SubsystemAPIreqContextTok.GeneratedTok.TotalTok.Cost(GPT-4o)
netinet3011752411249133001542.75$netinet65652609051876434585484.27$
Inthistest-run,costwasunder10usdforthecompletenetinet/netinet6processing,usingoneofthemostexpensivemodelsavailable(GPT-4o).Thiscostisverysmallcomparedtothecostofadeveloper,butmostofthecostofhardeningsoftwarewillbethecostofpatchreview.Performanceofdifferentmodelsregardingautopatchingwasnotmeasuredinthisarticle.Totaltimespentpatchingthenetinet/netinet6subsystemwasabout12hs.
4.5Recommendedusage
Theautopatchercangeneratecodewithadditionalchecksthatmaypreventmanyun-knownbugsfrombeingexploited.However,aswecanassumethatLLMswillcontinue
12
Figure10:OpenBSD7.5withAI-hardenedIPstackpatchesbooting.
toimproveatafastrate,itisnotrecommendedtocommitthegeneratedcheckstothecodepermanently,astheycanbeeasilyregeneratedwhenneededwithmoread-vancedLLMs,generatingbetterchecks.Inthisway,wecanseetheautopatcherasapre-compilationstageformostprojects.
5Conclusion
Thisarticleshowsthatcurrentstate-of-the-artLLMscandiscoversomeclassesofvulner-abilitiesonrealC/C++projects,specificallymemorycorruptionbugs.Andwhiletheyarenotadvancedenoughtoverify/exploitthem,theAIcaneasilygenerateandintegratepatchesthatpreventthem.Wearguethattheriskofauto-exploitationof
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 大二学生学习计划范文(7篇)
- 2025年春初中化学九年级下册(科粤版)上课课件 第七单元 溶液 本章复习
- 四川省宜宾市第二中学校2024-2025学年七年级上学期期中历史试题(无答案)
- 安徽省淮北市二中联考2024-2025学年九年级上学期12月月考数学试题(含答案)
- 高一 人教版 化学 上册 必修第二册 第五章《第二节 氮及其化合物 第三课时 硝酸及酸雨 》课件
- 安徽省合肥市蜀山区2023-2024学年三年级上学期语文期末试卷
- 《乌贼鱿鱼粉的》课件
- 钱学峰国际贸易学课件
- 《组织领导艺术》课件
- 美容行业企业认知(西安海棠职业学院)知到智慧树答案
- FZ/T 14019-2020棉提花印染布
- 网络营销案例分析范文精选5篇
- 精细解读事业单位人事管理回避规定模板课件
- 江苏开放大学汉语作为第二语言教学概论期末复习题
- 员工技能认证工作思路与可行性方案课件
- 《现代信息技术与学科课程有效融合的实践探索》开题报告
- 工程制图某大学山大专升本练习题模拟题参考答案课件
- 国家开放大学《管理学基础》形考任务1-4参考答案
- 压裂优化设计理论及案例
- 大象版五年级科学上册 《火山喷发》教育教学课件
- 急性胰腺炎完整版课件
评论
0/150
提交评论