Fuzzing Technology Based on Information Theory for Industrial Proprietary Protocol-Reference-Cited by-同舟云学术

Fuzzing Technology Based on Information Theory for Industrial Proprietary Protocol

Published:2023-07-11 Issue:14 Volume:12 Page:3041
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Che Xin¹,Geng Yangyang²^ORCID,Zhang Ge³,Wang Mufeng³

Affiliation:

1. College of Control Science and Engineering, Zhejiang University, Hangzhou 310027, China

2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China

3. China Industrial Control Systems Cyber Emergency Response Team, Beijing 100040, China

Abstract

With the rapid development of the Industrial Internet of Things (IIoT), programmable logic controllers (PLCs) are becoming increasingly intelligent, leading to improved productivity. However, this also brings about a growing number of security vulnerabilities. As a result, efficiently identifying potential security vulnerabilities in PLCs has become a crucial research topic for security researchers. This article proposes a method for fuzzing industrial proprietary protocols to effectively identify security vulnerabilities in PLCs’ proprietary protocols. The aim of this study is to develop a protocol fuzzing approach that can uncover security vulnerabilities in PLCs’ proprietary protocols. To achieve this, the article presents a protocol structure parsing algorithm specifically designed for PLC proprietary protocols, utilizing information theory. Additionally, a fuzzing case generation algorithm based on genetic algorithms is introduced to select test cases that adhere to the format specifications of the proprietary protocol while exhibiting a high degree of mutation. The research methodology consists of several steps. Firstly, the proposed protocol structure parsing algorithm is used to analyze two known industrial protocols, namely Modbus TCP and S7Comm. The parsing results obtained from the algorithm are then compared with the correct results to validate its effectiveness. Next, the protocol structure parsing algorithm is applied to analyze the proprietary protocol formats of two PLC models. Finally, based on the analysis results, the PLCs are subjected to fuzzing. Overall, the proposed protocol fuzzing approach, incorporating the protocol structure parsing algorithm and the fuzzing case generation algorithm, successfully identifies two denial-of-service vulnerabilities in the PLCs’ proprietary protocols. Notably, one of these vulnerabilities is a zero-day vulnerability, indicating that it was previously unknown and undisclosed.

Funder

National Nature Science Foundation of China

Fundamental Research Funds for the Central Universities

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/14/3041/pdf

Reference20 articles.

1. Cybersecurity for industrial control systems: A survey;Bhamare;Comput. Secur.,2020

2. Fuzzing the internet of things: A review on the techniques and challenges for efficient vulnerability discovery in embedded systems;Eceiza;IEEE Internet Things J.,2021

3. Aafer, Y., You, W., Sun, Y., Shi, Y., Zhang, X., and Yin, H. (2021, January 11–13). Android SmartTVs Vulnerability Discovery via Log-Guided Fuzzing. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Vancouver, BC, Canada.

4. Zhao, J., Lu, Y., Zhu, K., Chen, Z., and Huang, H. (2022). Cefuzz: An Directed Fuzzing Framework for PHP RCE Vulnerability. Electronics, 11.

5. Nadeem, S., Tumreen, M., Ishtiaq, B., and Abbas, N. (2022). Three-dimensional second-grade nanofluid flow with MHD effects through a slandering stretching sheet: A numerical solution. Waves Random Complex Media, 1–19.