Research On Vulnerability Mining Industrial Control Network Protocol Based On Fuzzing Test

With the deep integration of industrialization and informatization and the proposal of the Industry 4.0 and China Manufacturing 2025 concepts,the industrial control network has gradually moved from closed to open and from stand-alone to interconnect.This transformation greatly increases the productivity of industrial enterprises,and at the same time gradually introduces traditional information security risks into the industrial control network.The situation of information security in industrial control networks has been continuously aggravated.How to accurately and effectively mining industrial control network vulnerabilities has gradually become a research hotspot.Due to the conservative operating environment and the poor computing resource,it is inapplicable to use code audit and reverse engineering techniques to mine vulnerability in the situation without source code and debugger..As the most common black box testing technology,fuzzing test technology has a lot advantages,for example it does not rely on source code and debugger with a high degree of automation,low false positives and so on.Therefore it can be targeted at a variety of industrial network protocols to carry out vulnerability mining.At present,the vulnerability mining technology based on fuzzing test can effectively exploit in the public industrial control network environment.However,there is no good solution for the private protocols.There are problems such as difficulty in obtaining knowledge of the protocol and difficulty in modeling the protocol description.In order to solve the above problems,this paper designs and implements the industrial control protocol fuzzing test prototype system.The system is mainly composed of protocol analysis subsystem,use case generation subsystem,fuzzer subsystem,and monitoring agent subsystem.The scheme of each subsystem is as follows:(1)In the protocol analysis subsystem,aiming at the problem that the existing fuzzing test based vulnerability mining technology cannot automatically obtain the knowledge of the protocol,a pattern discovery method by combining the hidden Markov model and the statistical calculation method protocol structure analysis method based on the is proposed.The algorithm uses the Causal State Splitting Reconstruction algorithm to reconstruct the epsilon-machine model of the private protocol,and generates the basic structure description model of the protocol,which overcomes the blindness of the Fuzzing test.(2)In the use case generation subsystem and the fuzzer subsystem,combined with the protocol description model generated by the protocol analysis subsystem,a multi-field combination-associated fuzzy strategy and a sampling-based sample generation method are proposed.By reducing the number of test cases,increasing the sampling rate of abnormal field,our proposal can further reduce the input size and increase the vulnerability mining hit rate.(3)In the monitoring agent subsystem,in order to solve the problem that it is difficult to detect and locate the abnormality of the industrial control equipment during the process of vulnerability mining,the heartbeat detection based living detection and anomaly location scheme and the Simhash based consistency detection scheme are proposed.According to the above improvement scheme,this paper uses S7 Sim and other simulation tools to build the experimental simulation environment.The test results show that the fuzzing test based industrial network protocol vulnerability mining solution proposed in this paper has higher efficiency and hit rate than the traditional fuzzing test based vulnerability mining program based on Fuzzing test.