{"title":"A vulnerability detecting method for Modbus-TCP based on smart fuzzing mechanism","authors":"Qi Xiong, Hui Liu, Yuan Xu, Huayi Rao, Shengwei Yi, Baofeng Zhang, Wei Jia, Hui Deng","doi":"10.1109/EIT.2015.7293376","DOIUrl":null,"url":null,"abstract":"As one of the most popular industrial network protocol used in the energy distribution field, the security, especially vulnerability of Modbus-TCP protocol has attracted great attentions from both academic and industrial field. Due to the Particularity of Modbus-TCP, traditional fuzzing framework for vulnerability detecting cannot work efficiently. To overcome this drawback, a special smart fuzzing technology for Modbus-TCP is proposed, the architecture is described in detail, an adaptive algorithm for test case generating and the workflow of the testing process are presented, which can smartly generate test case according to the feedback from target. The result of the simulation experiment show that the mechanism described can satisfy the requirement of the vulnerability detecting for Modbus-TCP well. What's more, compared with traditional fuzzing framework, the quality of the test case and the efficiency of the process are apparently improved without losing the coverage.","PeriodicalId":415614,"journal":{"name":"2015 IEEE International Conference on Electro/Information Technology (EIT)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Electro/Information Technology (EIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EIT.2015.7293376","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15
Abstract
As one of the most popular industrial network protocol used in the energy distribution field, the security, especially vulnerability of Modbus-TCP protocol has attracted great attentions from both academic and industrial field. Due to the Particularity of Modbus-TCP, traditional fuzzing framework for vulnerability detecting cannot work efficiently. To overcome this drawback, a special smart fuzzing technology for Modbus-TCP is proposed, the architecture is described in detail, an adaptive algorithm for test case generating and the workflow of the testing process are presented, which can smartly generate test case according to the feedback from target. The result of the simulation experiment show that the mechanism described can satisfy the requirement of the vulnerability detecting for Modbus-TCP well. What's more, compared with traditional fuzzing framework, the quality of the test case and the efficiency of the process are apparently improved without losing the coverage.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
