{"title":"MaskFuzzer: A MaskGAN-based Industrial Control Protocol Fuzz Testing Framework","authors":"Weifeng Sun, Bowei Zhang, Jianqiao Ding, Min Tang","doi":"10.1109/SmartIoT55134.2022.00018","DOIUrl":null,"url":null,"abstract":"Industrial control network security is undoubtedly important for an industrial control system. Fuzzy testing is an important method to detect network protocol program security vulnerabilities. In order to perform protocol fuzzing effectively, test data must be generated under the guidance of protocol forma, and the protocol needs to be analyzed before the fuzzy test to generate high-quality fuzzy test cases. In this article, we propose a fuzzy testing framework called MaskFuzzer to solve the problems. A generation adversarial network model is used to automatically learn the data structure of system communication, to generate false messages conforming to protocol specifications. In order to prove the availability of our method, we used MaskFuzzer to test the Modbus-Tcpemulator and successfully find some vulnerabilities. In addition, compared with the GAN-based test case generation method and Peach, our method is best.","PeriodicalId":422269,"journal":{"name":"2022 IEEE International Conference on Smart Internet of Things (SmartIoT)","volume":"68 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE International Conference on Smart Internet of Things (SmartIoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SmartIoT55134.2022.00018","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Industrial control network security is undoubtedly important for an industrial control system. Fuzzy testing is an important method to detect network protocol program security vulnerabilities. In order to perform protocol fuzzing effectively, test data must be generated under the guidance of protocol forma, and the protocol needs to be analyzed before the fuzzy test to generate high-quality fuzzy test cases. In this article, we propose a fuzzy testing framework called MaskFuzzer to solve the problems. A generation adversarial network model is used to automatically learn the data structure of system communication, to generate false messages conforming to protocol specifications. In order to prove the availability of our method, we used MaskFuzzer to test the Modbus-Tcpemulator and successfully find some vulnerabilities. In addition, compared with the GAN-based test case generation method and Peach, our method is best.