Computer Science

Computer Science ›› 2022, Vol. 49 ›› Issue (10): 310-318.doi: 10.11896/jsjkx.210700248

• Information Security • Previous Articles     Next Articles

PGNFuzz:Pointer Generation Network Based Fuzzing Framework for Industry Control Protocols

WANG Tian-yuan, WU Shu-hong, LI Zhao-ji, XIN Hao-guang, LI Xuan, CHEN Yong-le   

  1. College of Information and Computer Science,Taiyuan University of Technology,Jinzhong,Shanxi 030600,China
  • Received:2021-07-26 Revised:2021-12-06 Online:2022-10-15 Published:2022-10-13
  • About author:WANG Tian-yuan,born in 1997,postgraduate,is a student member of China Computer Federation.His main research interests include vulnerability mining,information security and machine learning.
    WU Shu-hong,born in 1969,Ph.D,associate professor,master supervisor.Her main research interests include embedded systems,intelligent information processing,brain informatics and information security.
  • Supported by:
    Provincial Key Research and Development Program of Shanxi(201903D121121).

PDF (PC)

668

Abstract: Industrial security issues have always been an important and urgent issue globally.Industrial control protocols are widely used in the communication between industrial control system(ICS) components.Their security is related to the safe and stable operation of the entire system,and there is an urgent need to ensure the security of all industrial control protocols.The network protocol fuzzing plays an important role in ensuring the security and reliability of ICS.Traditional fuzzing methods can improve the security testing of industrial control protocols,and many of which have practical applications.However,most traditional fuzzing methods rely heavily on specifications of industrial control protocols,making the test process costly,time-consuming,cumbersome and boring.If the norm does not exist,the task is difficult to carry out.This paper proposes an intelligent and automatic protocol fuzzing method based on pointer-generation networks(PGN),and gives a series of performance indicators.On the basis of this method,an intelligent and automatic fuzzing framework based on PGNFuzz for application is designed,which can be used for various industrial control protocols.Several typical industrial control protocols such as Modbus and EtherCAT are used to test the validity and efficiency of our framework.Experiment results show that our method is superior to other general purpose fuzzers(GPF) and other deep learning based fuzzing methods in terms of convenience,effectiveness and efficiency.

Key words: Automatic vulnerability mining, Fuzzing, Industrial control protocols, Industrial security, Deep learning, Pointer-gene-ration networks

CLC Number: 

  • TP273
[1]KIM S K,KOPPEN M ,BASHIR A K,et al.Advanced ICT andIOT Technologies for the fourth Industrial Revolution [J].Intelligent Automation & Soft Computing,2020,26(1):83-85.
[2]WAN M,LI J,LIU Y,et al.Characteristic insights on industrial cyber security and popular defense mechanisms [J].China Communications,2021,18(1):130-150.
[3]MILLER B P,FREDRIKSEN L,SO B,et al.An empirical study of the reliability of UNIX utilities[J].Communications of the ACM,1990,33(12):32-44.
[4]RAULI K,MARKO L,ARI T.Software security assessmentthrough specification mutations and fault injection [C]//Communications and Multimedia Security Issues of the New Century.New York:Springer,2001:173-183.
[5]GREG B,MARCO C,VIKTORIA F.Snooze:toward a stateful network protocol fuzzer [C]//International Conference on Information Security.New York:ACM,2006:343-358.
[6]DEVARAJAN G.Unraveling SCADA protocols:using sulleyfuzzer,presented at the DefCon 15 Hacking conference [EB/OL].http://www.defcon.org/html/defcon-15/de-15-speakers.html.
[7]VOVIATZIS A G,KATSIGIANNIS K,KOUBIAS S.A Mod-bus/TCP Fuzzer for testing internetworked industrial systems[C]//2015 IEEE 20th Conference on Emerging Technologies & Factory Automation(ETFA).IEEE,2015.
[8]HU Z C,SHI J Q,HUANG Y H,et al.GANFuzz:A Gan-basedindustrial network protocol fuzzing framework [C]//The 15th ACM International Conference,Computing.Frontiers.New York:ACM,2018:138-145.
[9]LI Z H,ZHAO H,SHI J Q,et al.An Intelligent Fuzzing Data Generation Method Based on Deep Adversarial Learning [J].IEEE Access,2019,7:49327-49340.
[10]ZHAO H,LI Z H,WEI H S,et al.SeqFuzzer:An IndustrialProtocol Fuzzing Framework from a Deep Learning Perspective [C]//2019 12th IEEE Conference on Software Testing,Validation and Verification.Xi'an,China:ICST,2019:59-67.
[11]TU Z P,LU Z D,LIU Y,et al.Modeling coverage for neural machine translation [C]//Proceedings of the 54th Annual Mee-ting of the Association for Computational Linguistics.Berlin:ACL,2016:76-85.
[12]GODEFROID P,PELEG H,SINGH R.Learn&fuzz:Machinelearning for input fuzzing [C]//Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering.Urbana:IEEE Press,2017:50-59.
[13]RAJPAL M,BLUM W,SINGH R.Not all bytes are equal:Neural byte sieve for fuzzing [EB/OL].https://arxiv.org/abs/1711.04596.
[14]NICHOLS N,RAUGAS M,JASPER R,et al.Faster fuzzing:Reinitialization with deep neural models [EB/OL].https://ar-xiv.org/abs/1711.02807.
[15]FAN R,CHANG Y.Machine learning for black- box fuzzing of network protocols [C]//International Conference on Information and Communications Security.Beijing:ICICS,2017:621-632.
[16]JUSTIN S,JUAN P B.Deep convolutional neural networks and data augmentation for environmental sound classification [J].IEEE Signal Process Letters,2017,44(3):279-283.
[17]LEVY O,GOLDBERG Y.Neural word embedding as implicit matrix factorization [C]//Proceedings of the 28th International Conference on Neural Information Processing Systems.Mon-treal:NIPS,2014:2177-2185.
[18]DZMITRY B,KYUNGHYUN C,YOSHUA B.Neural Machine Translation by Jointly Learning to Align and Translate [C]//3rd International Conference on Learning Representations.San Diego:ICLR,2017.
[19]ORIOL V,MEIRE F,NAVDEEP J.Pointer networks [C]//Proceedings of the 29th International Conference on Neural Information Processing Systems.Montreal:NIPS,2015.
[20]DAI A M,LE Q V.Semi-supervised sequence learning [C]//Proceedings of the 28th International Conference on Neural Information Processing Systems.Montreal:NIPS,2014:3079-3087.
[21]KINGMA D,BA J.ADAM:A method for stochastic optimization [C]//the 3rd International Conference for Learning Representations.San Diego:ICLR,2015.
[22]DODDINGTON G.Automatic evaluation of machine translation quality using n-gram co-occurrence statistics [C]//Proceedings of the Second International Conference on Human Language Technology Research.San Francisco:HLT,2002:138-145.
[23]ROBERTS JR JD,IHNAT J,SMITH JR W.Microprogrammed control unit(MCU) programming reference manual [C]//ACM Sigmicro Newsletter.1972:18-57.
[24]FENG Z L,YU J X.Design and implementation of rs485 bus communication protocol [J].Computer Engineering,2012,38(20):215-218.
[1] XU Yong-xin, ZHAO Jun-feng, WANG Ya-sha, XIE Bing, YANG Kai. Temporal Knowledge Graph Representation Learning [J]. Computer Science, 2022, 49(9): 162-171.
[2] RAO Zhi-shuang, JIA Zhen, ZHANG Fan, LI Tian-rui. Key-Value Relational Memory Networks for Question Answering over Knowledge Graph [J]. Computer Science, 2022, 49(9): 202-207.
[3] TANG Ling-tao, WANG Di, ZHANG Lu-fei, LIU Sheng-yun. Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy [J]. Computer Science, 2022, 49(9): 297-305.
[4] WANG Jian, PENG Yu-qi, ZHAO Yu-fei, YANG Jian. Survey of Social Network Public Opinion Information Extraction Based on Deep Learning [J]. Computer Science, 2022, 49(8): 279-293.
[5] HUANG Song, DU Jin-hu, WANG Xing-ya, SUN Jin-lei. Survey of Ethereum Smart Contract Fuzzing Technology Research [J]. Computer Science, 2022, 49(8): 294-305.
[6] HAO Zhi-rong, CHEN Long, HUANG Jia-cheng. Class Discriminative Universal Adversarial Attack for Text Classification [J]. Computer Science, 2022, 49(8): 323-329.
[7] JIANG Meng-han, LI Shao-mei, ZHENG Hong-hao, ZHANG Jian-peng. Rumor Detection Model Based on Improved Position Embedding [J]. Computer Science, 2022, 49(8): 330-335.
[8] SUN Qi, JI Gen-lin, ZHANG Jie. Non-local Attention Based Generative Adversarial Network for Video Abnormal Event Detection [J]. Computer Science, 2022, 49(8): 172-177.
[9] HU Yan-yu, ZHAO Long, DONG Xiang-jun. Two-stage Deep Feature Selection Extraction Algorithm for Cancer Classification [J]. Computer Science, 2022, 49(7): 73-78.
[10] CHENG Cheng, JIANG Ai-lian. Real-time Semantic Segmentation Method Based on Multi-path Feature Extraction [J]. Computer Science, 2022, 49(7): 120-126.
[11] HOU Yu-tao, ABULIZI Abudukelimu, ABUDUKELIMU Halidanmu. Advances in Chinese Pre-training Models [J]. Computer Science, 2022, 49(7): 148-163.
[12] ZHOU Hui, SHI Hao-chen, TU Yao-feng, HUANG Sheng-jun. Robust Deep Neural Network Learning Based on Active Sampling [J]. Computer Science, 2022, 49(7): 164-169.
[13] SU Dan-ning, CAO Gui-tao, WANG Yan-nan, WANG Hong, REN He. Survey of Deep Learning for Radar Emitter Identification Based on Small Sample [J]. Computer Science, 2022, 49(7): 226-235.
[14] WANG Jun-feng, LIU Fan, YANG Sai, LYU Tan-yue, CHEN Zhi-yu, XU Feng. Dam Crack Detection Based on Multi-source Transfer Learning [J]. Computer Science, 2022, 49(6A): 319-324.
[15] CHU Yu-chun, GONG Hang, Wang Xue-fang, LIU Pei-shun. Study on Knowledge Distillation of Target Detection Algorithm Based on YOLOv4 [J]. Computer Science, 2022, 49(6A): 337-344.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.