Research And Implementation Of Fuzzing Test For Industrial Control Protocol

During the past few years,since information technology achieved great improvement and was to be widely applied,it has broken the isolation mechanism of industrial control system in the national critical infrastructure.At the same time,frequent occurance of various types of security incidents have drawn the industry's greater attentions to industrial control system security issues.Industrial control protocol is the communication medium for industrial control system to realize remote control and automation.Thus,it is can be an efficient way to exploit the potential abnormalities and vulnerabilities in the industrial control system by testing the protocol.However,objective to higher test efficiency,in this dissertation,we will do in-depth research on automatic testing for industrial control protocol.As an efficient automated testing technology,Fuzzing testing has been widely used and achieved good performance.By combing the theoretical basis of Fuzzing test,analysis of working principle and application characteristic of typical Fuzzing testing tool Sulley,we propose a Fuzzing test message generation algorithm for industrial control protocol,and realize its corresponding prototype.First of all,in order to improve the efficiency of Fuzzing testing,the ABNF protocol model is introduced to describe the industrial control protocol.In addition,by introducing the concept of parse-tree and sample-tree,we put forward a Fuzzing test message parsing generation algorithm based on protocol description model.With the protocol description model,this algorithm generates a parse-tree with attribute values and the range.After initialization,clipping,fine-grained devision and other operations,a two-way sample-tree is formed.Through modifying value of the sample-tree nodes,we can obtain a set of test cases that is used for Fuzzing testing.Hence,this algorithm can be divided into the parse-tree construction algorithm,the sample-tree construction algorithm,the message mutation algorithm,the test case generation algorithm.Subsequently,according to the proposed algorithm,we design and implement a prototype of hierarchical Fuzzing testing tool.In our design,the prototype consists of three layers: driver layer,call support layer and test case layer.Among them,the driver layer supports to write the corresponding files for different object and carrier protocol.The call support layer is mainly to provide functional support components for the other two layers.And the test case layer mainly generates mutant test cases,which will be passed the driver layer for Fuzzing testing.However,in our implementation of the prototype,there are data interactions and component calls between these three layers.In the end,aims to make a comparative analysis of our proposed Fuzzing testing for industrial control protocol,we seperately evaluate the prototype and Sulley tools on a PLC based on Modbus TCP protocol.Moreover,we also make quantitative analysis and qualitative analysis of these two tools for comparing their performance.Through the evaluation results,we can get a conclusion that our proposed prototype can effectively detect the abnormality of industrial control systems.In addition,compared against Sully,this prototype also achieves a certain degree of enhancement in many different aspects at a little cost of running speed,such as generative capacity for test case and generality,and adaptability.