Vulnerability Mining Of Industrial Control Protocol Based On Fuzzing

With the extensive applications of industrial control system,the efficiency of industry has been significantly improved.However,industrial control protocols as the bridge of different parts of industrial control systems are vulnerable to be attacked due to their vulnerabilities.Therefore,it is important for the security of national and public facilities to find out potential vulnerabilities in industrial control protocols with the use of efficient vulnerabilities mining methods.Fuzzing is a common method of vulnerabilities mining.However,in order to apply the traditional fuzzing methods to mine the vulnerability of the protocol in the industrial control system,and there are still existing the following problems:(1)Most of the available studies use traditional fuzzing methods,and some studies combined with deep learning methods are rarely realized without effective metrics to guide the models,which cause low passing rate and code coverage after the test cases are inputed into the system;(2)Random mutation strategies in fuzzing are blindness,which lack effective and are diversified mutation strategy support;(3)The fuzzing of industry control protocols has high requirements for testers,and lacks a vulnerability mining framework with high automation to improve fuzzing efficiency.According to the above problems,the following studies are carried out in this thesis:(1)Aiming at the problem of low passing rate and code coverage in fuzzing industrial control protocol,a generative adversarial network test cases generation method based on coverage guidance is proposed.This method applies sequence generation adversarial network to generate high passing rate test cases.The redundancy of test cases is reduced by using diversity filter algorithm based on the similarity of test cases.Random mutation strategy is introduced to mutate test cases to improve the diversity of test cases and the probability of finding out vulnerabilities.The experiments show that this method can effectively improve the code coverage and passing rate of test cases.(2)After analyzing the defects of the existing mutation strategy,we proposed a mutation strategy for f uzzing of industrial control protocol based on Multi-Arm Bandit.By modeling the process of test cases mutation as Multi-Arm Bandit problem,the mutation strategy can be guided to select the mutation operation with high reward,so as to reduce its blindness.The diversity of test cases can be improved by assembling each mutation operation.Through experimental analysis,this strategy can improve the efficiency of test cases mutation in fuzzing DNP3 and Modbus,respectively.(3)Based on the proposed method,we design a fuzzing framework for industrial control protocol,and its prototype system is designed,which includes data collection module,test case generation module,system log recording module,vulnerabilities analysis module and so on.T hrough the prototype system,the requirements of industrial control protocol fuzzing for testers are reduced and the efficiency of vulnerabilities mining is improved.