计算机科学

计算机科学 ›› 2023, Vol. 50 ›› Issue (9): 44-51.doi: 10.11896/jsjkx.230600013

• 数据安全 • 上一篇    下一篇

基于生成对抗网络与变异策略结合的网络协议漏洞挖掘方法

庄园1, 曹文芳1, 孙国凯1, 孙建国2, 申林山1, 尤扬3, 王晓鹏3, 张云海3   

  1. 1 哈尔滨工程大学计算机科学与技术学院 哈尔滨 150001
    2 西安电子科技大学杭州研究院 杭州 311231
    3 绿盟科技集团股份有限公司 北京 100089
  • 收稿日期:2023-05-31 修回日期:2023-07-22 出版日期:2023-09-15 发布日期:2023-09-01
  • 通讯作者: 申林山(shenlinshan@hrbeu.edu.cn)
  • 作者简介:(zhuangyuan@hrbeu.edu.cn)
  • 基金资助:
    CCF-绿盟科技“鲲鹏”基金(CCF-NSFOCUS 2021014);2022年工业互联网创新发展工程——工业互联网数据安全检测响应与溯源项目(TC220H055);中央高校基本科研业务费专项资金(3072022TS0604);西安电子科技大学杭州研究院概念验证基金项目(XJ2023230024)

Network Protocol Vulnerability Mining Method Based on the Combination of Generative AdversarialNetwork and Mutation Strategy

ZHUANG Yuan1, CAO Wenfang1, SUN Guokai1, SUN Jianguo2, SHEN Linshan1, YOU Yang3, WANG Xiaopeng3, ZHANG Yunhai3   

  1. 1 College of Computer Science and Technology,Harbin Engineering University,Harbin 150001,China
    2 Hangzhou Institute of Technology,Xidian University,Hangzhou 311231,China
    3 NSFOCUS Technologies Group Co.,Ltd.,Beijing 100089,China
  • Received:2023-05-31 Revised:2023-07-22 Online:2023-09-15 Published:2023-09-01
  • About author:ZHUANG Yuan,born in 1988,Ph.D,lecturer,associate professor,master's supervisor.Her main research interests include blockchain security,machine learning,big data processing and distributed computing.
    SHENLinshan,born in 1978,master,associate professor,master's supervisor.His main research interests include industrial information security,machine learning and intelligent information processing.
  • Supported by:
    CCF-NSFOCUS(2021014),2022 Industrial Internet Innovation and Development Project--Industrial Internet Data Security Detection Response and Traceability Project(TC220H055), Fundamental Research Funds for the Central Universities(3072022TS0604) and Concept Foundation of Hangzhou Institute of Technology,Xidian University(XJ2023230024).

PDF (PC)

2383

摘要: 随着信息化和工业化的深度融合,工业物联网网络协议安全问题日益突出。现有网络协议漏洞挖掘技术以特征变异和模糊测试为主,存在依赖专家经验和无法突破未知协议的局限。针对工业物联网协议的漏洞挖掘挑战,文中从漏洞检测规则的自动化分析与生成展开研究,提出基于生成对抗网络与变异策略结合的网络协议漏洞挖掘方法。首先,采用一种基于生成对抗网络的网络协议分析模型,通过对报文序列进行深层信息挖掘,提取报文格式及相关特征,实现对网络协议结构的识别。然后,结合基于变异算子库指导的迭代变异策略,构建有导向性的测试用例生成规则,缩短漏洞发现的时间;最终,形成面向未知工控网络协议的自动化漏洞挖掘方法,满足现有工控应用领域对协议自动化漏洞挖掘的需求。基于上述方法,对两种工控协议(Modbus-TCP和S7)进行测试,并对生成用例的测试接收率、漏洞检测能力、用例生成时间及其多样性方面进行了评估。实验结果表明,所提方法在TA指标上高达89.4%,本方法检测模拟系统ModbusSlave的AD指标为6.87%,缩短了有效用例的生成时间,提升了工控协议漏洞挖掘的效率。

关键词: 生成对抗网络, 变异策略, 模糊测试, 漏洞挖掘, 网络协议

Abstract: With the deep integration of informatization and industrialization,the security issues of industrial Internet of things(IIoT) network protocols are becoming increasingly prominent.Existing network protocol vulnerability mining techniques mainly relyon feature variation and fuzzy testing,which have the limitations of depending on expert experience and cannot overcome the challenges posed by unknown protocols.To address the vulnerability mining challenges in IIoT protocols,this paper conducts research on the automation analysis and generation of vulnerability detection rules and proposes a network protocol vulnerability mining method based on a combination of generative adversarial networks(GANs) and mutation strategies.Firstly,a network protocol analysis model based on GANs is employed to conduct deep information mining on message sequences,extract message formats,and related features,enabling the recognition of network protocol structures.Then,by combining a guided iterative mutation strategy with a mutation operator library,directed test case generation rules are constructed to reduce the time for vulnerabi-lity discovery.Ultimately,an automated vulnerability mining method for unknown industrial control network protocols is deve-loped to meet the demand for protocol automated vulnerability mining in the existing industrial control application domain.Based on the above-mentioned approach,we conduct tests on two industrial control protocols(Modbus-TCP and S7) and evaluate them in terms of test coverage,vulnerability detection capability,test case generation time,and diversity.Experimental results show that the proposed method achieves a remarkable 89.4% on the TA index.The AD index,which measures the ability to detect vu-lnerabilities in the simulated ModbusSlave system,reaches 6.87%.Additionally,the proposed method significantly reduces the time required for generating effective test cases,thereby enhancing the efficiency of industrial control protocol vulnerability discovery.

Key words: Generative adversarial network, Mutation strategy, Fuzzing test, Vulnerability mining, Network protocol

中图分类号: 

  • TP393
[1]LI D.Analysis of the Earthquake Network Virus Event and Enlightenment on Improving Industrial Control Security Protection Capability [J].Network Security Technology and Application,2019,217(1):9-10,24.
[2]RUI X.2020 China Network Security Report [J].Research on Information Security,2021,7(2):102-109.
[3]WHITEHEAD D E,OWENS K,GAMMEL D,et al.Ukraine cyber-induced power outage:Analysis and practical mitigation strategies[C]//2017 70th Annual Conference for Protective Relay Engineers(CPRE).IEEE,2017:1-8.
[4]KURDS J F,WROSS K.Computer Networking A Top-Down Approach Seventh Edition[M].China Machine Press,2021.
[5]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Ge-nerative Adversarial Nets[C]//Neural Information Processing Systems.MIT Press,2014.
[6]WANG Z L,ZHANG B W.Overview of Research on Generative Adversarial Networks [J].Journal of Network and Information Security,2021,7(4):68-85.
[7]GURUMURTHY S,SARVADEVABHATLA R K,RADHAK-RISHNAN V B.DeLiGAN:Generative Adversarial Networks for Diverse and Limited Data[C]//2017 IEEE Conference on Computer Vision and Pattern Recognition(CVPR).2017.
[8]GHOSH A,KULHARIA V,NAMBOODIRI V,et al.Multi-Agent Diverse Generative Adversarial Networks[J].arXiv:1706.02906,2017.
[9]PORTER B W,BAREISS E R.PROTOS:An Experiment inKnowledge Acquisition for Heuristic Classification Tasks[M].University of Texas at Austin,1986.
[10]AITEL D.MSRPC Fuzzing with SPIKE 2006[J/OL].http://www.immunitysec/spike.html.
[11]KIM M,PARK S,YOON J,et al.File Analysis Data Auto-Creation Model For Peach Fuzzing[J].Journal of the Korea Institute of Information Security and Cryptology,2014,24(2):327-333.
[12]JI T,WANG Z,TIAN Z,et al.AFLPro:Direction sensitive fuz-zing[J].Journal of Information Security and Applications,2020,54:102497.
[13]ZALEWSKI M.Americanfuzzylop.[EB/OL].http://lcamtuf.c.cx/aflfl/.
[14]LAI Y X,YANG K X,LIU J,et al.Mining Method for Indus-trial Control Network Protocol Vulnerability Based on Fuzzy Testing [J].Computer Integrated Manufacturing System,2019,25(9):2265-2279.
[15]LV C,JI S,LI Y,et al.SmartSeed:Smart Seed Generation for Efficient Fuzzing[J].arXiv:1807.02606,2018.
[16]BOTTINGER K,GODEFROID P,SINGH R.Deep Reinforce-ment Fuzzing[C]//2018 IEEE Security and Privacy Workshops(SPW).IEEE,2018.
[17]GODEFROID P,SINGH R,PELEG H.Machine Learning for Input Fuzzing:US patent,20180285186A1[P].2018.
[18]ZHAO H,LI Z,WEI H,et al.SeqFuzzer:An Industrial ProtocolFuzzing Framework from a Deep Learning Perspective[C]//IEEE Conference on Software Testing,Validation and Verification.East China Normal University,2019.
[19]LIN P Y,TIEN C W,HUANG T C,et al.ICPFuzzer:proprietary communication protocol fuzzing by using machine learning and feedback strategies[J].Cybersecurity,2021,4(1):1-15.
[20]SONG C X,YU B,ZHOU X,et al.SPFuzz:A HierarchicalScheduling Framework For Stateful Network Protocol Fuzzing[J].IEEE Access,2019,7:18490-18499.
[21]LI Z,ZHAO H,SHI J,et al.An Intelligent Fuzzing Data Gene-ration Method Based on Deep Adversarial Learning[J].IEEE Access,2019,7:49327-49340.
[22]PANT M,ALI M,ABRAHAM A.Mixed mutation strategy embedded differential evolution[C]//2009 IEEE Congress on Evolutionary Computation.IEEE,2009:1240-1246.
[23]LI W M,ZHANG A F,LIU J C,et al.Automated Fuzzy Testing Vulnerability Mining Method for Network Protocol [J].Chinese Journal of Computer,2011,34(2):242-255.
[24]DENG J,ZHU X,XIAO X,et al.Fuzzing With Optimized Grammar-Aware Mutation Strategies[J].IEEE Access,2021,9:95061-95071.
[25]LAI Y,GAO H,LIU J.Vulnerability Mining Method for the Modbus TCP Using an Anti-Sample Fuzzer[J].Sensors,2020,20(7):2040.
[26]SASI A,HARIPRASAD K V,CHERIAN S,et al.R0fuzz:A Collaborative Fuzzer for ICS Protocols[C]//2021 12th International Conference on Computing Communication and Networking Technologies(ICCCNT).2021.
[27]XU Y,YI Y,LI T,et al.Review on cyber vulnerabilities of communication protocols in industrial control systems[C]//2017 IEEE Conference on Energy Internet and Energy System Integration(EI2).IEEE,2017.
[28]HU Z,SHI J,HUANG Y H,et al.GANFuzz:a GAN-based industrial network protocol fuzzing framework[C]//the 15th ACM International Conference.ACM,2018.
[29]LEMAY A,FERNANDEZ J M.Providing {SCADA} Network Data Sets for Intrusion Detection Research [C]//9th Workshop on Cyber Security Experimentation and Test({CSET} 16).2016.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发