Research On Private Protocol Vulnerability Mining Technology Of Typical Industrial Control System

Vulnerability mining plays an important role in the security protection of industrial control systems.Today's industrial control systems are increasingly connected to each other through network technology and face new network threats.This type of system was originally in a closed and isolated environment.At the beginning of the design,the communication protocol did not take into account the security issues that may be encountered after the system is opened.In addition,there are a large number of private protocols of manufacturers with non-open standards and non-uniform specifications in industrial control systems.Therefore,it is an important step to develop a secure industrial control system by strengthening the research on the communication protocol of industrial control system,especially the vulnerability mining of its private protocol.Fuzz testing is a technique for discovering system vulnerabilities and it is widely used in IT system security testing.Fuzz testing finds errors in test objects by providing unexpected inputs and monitoring abnormalities,and is highly automated.At present,the research work on the vulnerability mining technology of industrial control systems often needs to be combined with fuzzy testing technology,but many of the existing methods have the problems of not matching the characteristics of industrial control systems and the low efficiency of vulnerability mining.Based on an in-depth study of the characteristics of industrial control systems and their private protocols,this paper analyzes the difficulties in applying fuzzing technology to the mining of private control system vulnerabilities in industrial control systems.Based on the Peach framework,the design and implementation meet the requirements of their vulnerability mining ICS-Fuzz Framework.In terms of frame data generation,a data generation method based on industrial control protocol function code types was proposed,and targeted test cases were designed to mine common types of vulnerabilities in industrial control systems,such as authentication vulnerabilities,denial of service vulnerabilities,and arbitrary code execution.Vulnerabilities,etc.,greatly improve the efficiency of fuzzing.In order to solve the problem that it is difficult to use conventional exception monitoring methods when exploiting vulnerability in industrial control systems,this paper combines the characteristics of the protocol packets of the industrial control system and applies a customized industrial control system private protocol monitor in the ICS-Fuzz Framework.Monitor cyclic clock errors,CPU shutdown,I/O bus errors,etc.in industrial control systems.Finally,using the vulnerability mining framework designed in this paper,this paper selects a typical industrial control system private protocol,and conducts a vulnerability mining experiment on the industrial control system vulnerability mining test bed.Through experiments,5 original 0day vulnerabilities were found,including 1 arbitrary code execution vulnerability,3 buffer overflow vulnerabilities,and 1 verification bypass vulnerability.The Cybersecurity and Infrastructure Security Agency(CISA)issued ICSA-20-063-03 and ICSA-19-346-02 bulletins for some of these vulnerabilities.The report indicates that three of the vulnerabilities found in this article are high-risk vulnerabilities.