Research On UAV System Security Vulnerability Discovering Based On Fuzzing

With the development of mobile Internet,more and more intelligent Io T devices are being used.As a star intelligent hardware in recent years,drone has brought convenience to people's daily life.At the same time,drone has played an increasingly important role in professional fields such as agricultural plant protection,meteorological detection,logistics delivery,resource exploration,etc.Both consumer drones and industrial drones have begun to take shape and will grow rapidly in the future.In recent years,attacks on drones have gradually come into the public horizon,but their security status is worrying and is becoming a blind spot in the field of information security.Because the hardware resources of the UAV equipment are limited,the traditional security defense methods cannot be implemented on it all.This puts higher requirements on the system security of the UAV equipment itself.However,with the increase in functionality,the complexity and the amount of code are increasing,it is impossible to completely eliminate the vulnerability.Denial of service is a common vulnerability,usually caused by memory out of bound,null pointer,infinite loop,buffer overflow,integer overflow,etc.If a vulnerability is triggered,the program does not provide services.The black box fuzzy test for vulnerability mining is a low-cost and high-efficiency method for the software security risks faced by UAV equipment and the closed source of UAV system code.However,the current fuzzy test framework has the disadvantages that the test case construction strategy is single and the dimension is single,leading to low validity of the test case,and missing or weak remote monitoring algorithm can not cover the abnormal scenes of the drone.In response to these problems,this thesis has done the following work:1.Study the drone hardware and software system.Reverse and unpack the drone firmware to extract file system,than analyzing system architecture and software functions.Grab the interactive logic sequence between packet and packet,analyze the data structure of the UAV private communication protocol by comprehensive reverse and protocol analysis methods,and use network scanning to collect on-board service information.This step we study the system to be tested and providing prior knowledge for subsequent work.2.Design a multidimensional test case construction algorithm.Analyze the private binary communication protocol of the drone,model the communication protocol and divide the instruction data block,and establish the data block association dependency between the packets.Comprehensive boundary value,multi-dimensional generation mutation strategy for semi-valid test case construction.The algorithm ensures that a high proportion of content in the use case conforms to the protocol specification,and is easily verified by the data check layer to improve the probability of the malformed data reaching the tested program.3.Design multi-level multi-dimensional monitoring algorithm.Analyze the importance of each service in the UAV system and classify it accordingly.Analyze the relationship between services,design a multi-dimensional monitoring method for passive network probing and proactive service sparing,proactive system status reporting,proactive process probing,and enrich the exception handling strategy.The algorithm uses active and passive,network and system monitoring methods to solve the problem of lack of monitoring or weak monitoring,and can quickly modify the monitoring strategy through configuration files,which can improve system flexibility and automation.This thesis designs and implements the drone denial of service vulnerability mining system FFuzzer.The whole system includes scheduling module,construction module,sending module and monitoring module.Use the FFuzzer system to perform fuzzy tests for denial of service vulnerabilities in File Transfer Program and flight control programs,found three attack payloads known to the File Transfer Program Denial of Service Vulnerability and an unknown attack payload were discovered,and found an unknown denial of service vulnerability in the flight control program.Than write specific code to implement denial of service attacks for verification,indicating that FFuzzer can conduct effective denial of service vulnerability mining.