Jisuanji kexue (Oct 2022)
PGNFuzz:Pointer Generation Network Based Fuzzing Framework for Industry Control Protocols
Abstract
Industrial security issues have always been an important and urgent issue globally.Industrial control protocols are widely used in the communication between industrial control system(ICS) components.Their security is related to the safe and stable operation of the entire system,and there is an urgent need to ensure the security of all industrial control protocols.The network protocol fuzzing plays an important role in ensuring the security and reliability of ICS.Traditional fuzzing methods can improve the security testing of industrial control protocols,and many of which have practical applications.However,most traditional fuzzing methods rely heavily on specifications of industrial control protocols,making the test process costly,time-consuming,cumbersome and boring.If the norm does not exist,the task is difficult to carry out.This paper proposes an intelligent and automatic protocol fuzzing method based on pointer-generation networks(PGN),and gives a series of performance indicators.On the basis of this method,an intelligent and automatic fuzzing framework based on PGNFuzz for application is designed,which can be used for various industrial control protocols.Several typical industrial control protocols such as Modbus and EtherCAT are used to test the validity and efficiency of our framework.Experiment results show that our method is superior to other general purpose fuzzers(GPF) and other deep learning based fuzzing methods in terms of convenience,effectiveness and efficiency.
Keywords