Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries
The application of machine learning (ML) libraries has tremendously increased in many domains, including autonomous driving systems, medical, and critical industries. Vulnerabilities of such libraries could result in irreparable consequences. However, the characteristics of software security vulnerabilities have not been well studied. In this paper, to bridge this gap, we take the first step towards characterizing and understanding the security vulnerabilities of seven well- known ML libraries, including TensorFlow, PyTorch, Scikit-learn, Mlpack, Pandas, Numpy, and Scipy. To do so, we collected 683 security vulnerabilities to explore four major factors: 1) vulnerability types, 2) root causes, 3) symptoms, and 4) fixing patterns of security vulnerabilities in ML libraries. The findings of this study can help developers and researchers understand the characteristics of security vulnerabilities across different ML libraries.
Mon 15 MayDisplayed time zone: Hobart change
11:00 - 11:45 | SE for MLData and Tool Showcase Track / Technical Papers at Meeting Room 110 Chair(s): Sarah Nadi University of Alberta | ||
11:00 12mTalk | AutoML from Software Engineering Perspective: Landscapes and ChallengesDistinguished Paper Award Technical Papers Chao Wang Peking University, Zhenpeng Chen University College London, UK, Minghui Zhou Peking University Pre-print | ||
11:12 12mTalk | Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries Technical Papers Nima Shiri Harzevili York University, Jiho Shin York University, Junjie Wang Institute of Software at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Song Wang York University, Nachiappan Nagappan Facebook | ||
11:24 6mTalk | DeepScenario: An Open Driving Scenario Dataset for Autonomous Driving System Testing Data and Tool Showcase Track Chengjie Lu Simula Research Laboratory and University of Oslo, Tao Yue Simula Research Laboratory, Shaukat Ali Simula Research Laboratory Pre-print | ||
11:30 6mTalk | NICHE: A Curated Dataset of Engineered Machine Learning Projects in Python Data and Tool Showcase Track Ratnadira Widyasari Singapore Management University, Singapore, Zhou Yang Singapore Management University, Ferdian Thung Singapore Management University, Sheng Qin Sim Singapore Management University, Singapore, Fiona Wee Singapore Management University, Singapore, Camellia Lok Singapore Management University, Singapore, Jack Phan Singapore Management University, Singapore, Haodi Qi Singapore Management University, Singapore, Constance Tan Singapore Management University, Singapore, Qijin Tay Singapore Management University, Singapore, David Lo Singapore Management University | ||
11:36 6mTalk | PTMTorrent: A Dataset for Mining Open-source Pre-trained Model Packages Data and Tool Showcase Track Wenxin Jiang Purdue University, Nicholas Synovic Loyola University Chicago, Purvish Jajal Purdue University, Taylor R. Schorlemmer Purdue University, Arav Tewari Purdue University, Bhavesh Pareek Purdue University, George K. Thiruvathukal Loyola University Chicago and Argonne National Laboratory, James C. Davis Purdue University Pre-print | ||