Vulnerability mining method for industrial control network protocol based on fuzz testing

被引：0

作者：

Lai Y. ^{[1
]}

Yang K. ^{[1
]}

Liu J. ^{[1
]}

Liu Z. ^{[2
]}

机构：

[1] College of Computer Science, Faculty of Information Technology, Beijing University of Technology, Beijing

[2] Institute of Electromechanical Engineering, Beijing Polytechnic, Beijing

来源：

Jisuanji Jicheng Zhizao Xitong/Computer Integrated Manufacturing Systems, CIMS | 2019年 / 25卷 / 09期

关键词：

Fuzz testing; Industrial control network protocol; Industrial control private protocol; Industrial control system; Modbus TCP protocol; Protocol features learning; Vulnerability mining;

D O I：

10.13196/j.cims.2019.09.014

中图分类号：

学科分类号：

摘要：

To solve the difficulties that traditional vulnerability mining method can't be directly applied to Industrial Control System(ICS), a vulnerability mining method for industrial control network protocol based on fuzz testing was proposed. Protocol feature values were generated by testing cases variation factors for industrial control network protocol, each of which represented a type of ICS vulnerability features. Different test cases were generated by Modbus TCP protocol features and variation factors. Through bypass monitoring method and Modbus TCP protocol features relation between request and response, the difficult problem of determining the validity of testing cases was solved. Aiming at fuzzing industrial control private protocol, the industrial control private protocol tree was established, and the private protocol data set was classified. The private protocol features were learned by probability statistical method of variable byte values, length field learning method, Apriori and Needleman/Wunsch algorithm, which effectively improved the acceptance rate of testing cases for private protocol. Experimental analysis on real industrial control equipment proved that the proposed method could effectively detect vulnerabilities of industrial control public and private protocol. © 2019, Editorial Department of CIMS. All right reserved.

引用

页码：2265 / 2279

页数：14

共 22 条

[1] Stouffer K., Pillitteri V., Lightman S., Et al., NIST SP 800-82, Revision 2, guide to industrial control system(ICS)security
[2] Jiang H., Gao J., Chen F., Et al., Vulnerability analysis to distributed and complex electromechanical system based on network property, Computer Integrated Manufacturing Systems, 15, 4, pp. 791-796, (2009)
[3] Sun J., Shu H., Kang F., Et al., Research on software network communication process reverse analysis and visualization, Computer Engineering and Design, 33, 9, pp. 3593-3597, (2012)
[4] Yoo H., Shon T., Grammar-based adaptive fuzzing: evaluation on SCADA modbus protocol, Proceedings of IEEE International Conference on Smart Grid Communications, pp. 557-563, (2016)
[5] Bhasin H., Khanna E., Neural network based black box testing, Acm Sigsoft Software Engineering Notes, 39, 2, pp. 1-6, (2014)
[6] Voyiatzis A.G., Katsigiannis K., Koubias S., Et al., A Modbus/TCP Fuzzer for testing internetworked industrial systems, Proceedings of IEEE Conference on Emerging Technologies & Factory Automation, pp. 1-6, (2015)
[7] Xiang S., Zhao B., Ji X., Et al., Vulnerability detection framework of industrial control equipment based on improved fuzzing, Journal of Wuhan University: Natural Science Edition, 59, 5, pp. 411-415, (2013)
[8] Xiong Q., Peng Y., Yi S., Et al., Survey on the fuzzing technology in industrial network protocols, Journal of Chinese Computer Systems, 36, 3, pp. 497-502, (2015)
[9] MODBUS-IDA. Modbus messaging on TCP/IP implementation guide V1.0b
[10] Wang Y., Fan K., Lai Y., Et al., Intrusion detection of industrial control system based on modbus TCP protocol, Proceedings of IEEE International Symposium on Autonomous Decentralized System, pp. 156-162, (2017)

← 1 2 3 →