Research And Implementation Of Vulnerability Mining Methods For Automotive ECU Based On Fuzz Testing

With the rapid development of automotive manufacturing technology and network communication technology,automotive functions have become more intelligent and connected.While smart connected cars bring convenience to people,they also bring hidden dangers to the more closed car network.Vehicle ECUs are the constituent nodes of the in-vehicle network and the important execution units of vehicle functions.However,the degree of interconnection of the automobile network is getting higher and higher,resulting in more and more ECUs being exposed to the Internet.Once these ECUs are attacked by hackers,it will have a significant impact on the lives and property of car owners.Therefore,research on vehicle ECU vulnerability mining technology is of great significance.Because the vehicle ECU operating environment is relatively closed,the currently common vehicle ECU vulnerability mining technology mainly performs fuzzy testing through the CAN bus network in the vehicle.Most of the existing CAN bus fuzzy test technologies have problems such as low testing efficiency and low practicability.In view of the above,this paper proposes a vehicle ECU vulnerability mining scheme based on fuzzy testing,and designs and implements a corresponding vulnerability mining system.In this paper,through in-depth research on fuzz testing technology and ECU communication related protocols,the vehicle ECU communication data is divided into CAN-based application data and UDS-based diagnostic data.At the same time,based on the data characteristics of common application data,a CAN bus fuzzy test scheme based on multi-strategy mutation is proposed,and effective test examples are quickly generated based on the data characteristics.Analyze the field characteristics and state model in the UDS diagnostic protocol,and propose a fuzzy test scheme based on field weighting and state guidance for the diagnostic data..By making the effective fields obtain more mutation times,improve the test efficiency;configure the state model to avoid test samples Cases cannot be executed due to state interaction,reducing the rate of invalid test cases.Finally,based on the above scheme,this paper designs and implements a fuzzy test-based vehicle ECU vulnerability mining system.Compared with the existing technology,the system in this paper has the advantages of wider testing coverage and higher testing efficiency.The feasibility and effectiveness of the vulnerability mining system in this paper have been verified through multiple experiments.Three vulnerabilities in real vehicle ECUs have been successfully discovered.