Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy

ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai

doi:10.11896/jsjkx.230600013

Jisuanji kexue (Sep 2023)

Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy

ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai

Affiliations

ZHUANG Yuan, CAO Wenfang, SUN Guokai, SUN Jianguo, SHEN Linshan, YOU Yang, WANG Xiaopeng, ZHANG Yunhai: 1 College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China;2 Hangzhou Institute of Technology,Xidian University,Hangzhou 311231,China;3 NSFOCUS Technologies Group Co.,Ltd.,Beijing 100089,China

DOI: https://doi.org/10.11896/jsjkx.230600013
Journal volume & issue: Vol. 50, no. 9
pp. 44 – 51

Abstract

Read online

With the deep integration of informatization and industrialization,the security issues of industrial Internet of things(IIoT) network protocols are becoming increasingly prominent.Existing network protocol vulnerability mining techniques mainly relyon feature variation and fuzzy testing,which have the limitations of depending on expert experience and cannot overcome the challenges posed by unknown protocols.To address the vulnerability mining challenges in IIoT protocols,this paper conducts research on the automation analysis and generation of vulnerability detection rules and proposes a network protocol vulnerability mining method based on a combination of generative adversarial networks(GANs) and mutation strategies.Firstly,a network protocol analysis model based on GANs is employed to conduct deep information mining on message sequences,extract message formats,and related features,enabling the recognition of network protocol structures.Then,by combining a guided iterative mutation strategy with a mutation operator library,directed test case generation rules are constructed to reduce the time for vulnerabi-lity discovery.Ultimately,an automated vulnerability mining method for unknown industrial control network protocols is deve-loped to meet the demand for protocol automated vulnerability mining in the existing industrial control application domain.Based on the above-mentioned approach,we conduct tests on two industrial control protocols(Modbus-TCP and S7) and evaluate them in terms of test coverage,vulnerability detection capability,test case generation time,and diversity.Experimental results show that the proposed method achieves a remarkable 89.4％ on the TA index.The AD index,which measures the ability to detect vu-lnerabilities in the simulated ModbusSlave system,reaches 6.87％.Additionally,the proposed method significantly reduces the time required for generating effective test cases,thereby enhancing the efficiency of industrial control protocol vulnerability discovery.

generative adversarial network|mutation strategy|fuzzing test|vulnerability mining|network protocol

Published in Jisuanji kexue

ISSN: 1002-137X (Print)
Publisher: Editorial office of Computer Science
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science: Computer software; Technology: Technology (General)
Website: http://www.jsjkx.com/CN/1002-137X/home.shtml

About the journal

Abstract

Keywords