Research On Technology Of ICS Protocol Fuzz Testing

Industrial Control System(ICS)is the general term for control systems used in industrial production.ICSs are widely used in power,water,oil,natural gas,manufacturing and other industries.Therefore,the safety of ICS is related to the safety of key national infrastructure and people's livelihood.In recent years,although the continuous integration of ICSs and the Internet has promoted the development of industrial production,it also brings a lot of security risks to the ICSs at the same time.The operating environment of the traditional ICS is closed,therefore the software,hardware and communication protocols of ICS do not take any security problems in the Internet into consideration in design.The traditional enterprise network is the same as industrial control network,the security protection function is very weak.A large number of general communication protocols,hardware and software technologies are applied to the ICS,which makes the ICS integrate with the enterprise management network,and also introduces the security issues of the traditional information system.How to improve the security of ICS has become an urgent task,which is also the research focus of this paperThis paper focuses on the technologies of ICS protocol vulnerability mining.Firstly,we analyze the threat of ICS,and determine ICS protocol to be the target of vulnerbility mining.The protocol description and security issues of the ICS protocol Modbus are analyzed in detail.After that,we analyze the difficulty of ICS protocol fuzzing.And according to the limitation of the existing ICS protocol fuzzer,we propose a method combining machine learning with fuzzing.When the target of the fuzzing test is proprietary protocol,whose implementation code and the specification of the protocol are both unavailable,build a model of historical traffic using seq2seq model and recurrent neural network.After training,the model is able to generate new protocol messages.The new protocol messages mutated by our improved genetic algorithm can be used as test cases,which is capable of improving code coverage.We can use these test cases to conduct black-box fuzzing of ICS protocols Finally,we demonstrate the effectiveness and efficiency of our method through experiments and comparative experiments.