Research And Implementation Of Fuzz Testing Method For WIA-PA Protocol Based On EFSM

WIA-PA protocol is one of the most important industrial wireless network protocols.It is of great significance to study the vulnerability detection method of WIA-PA protocol for the safe and stable operation of industrial control system.Fuzz testing technology is an effective vulnerability detection technology.The existing fuzz testing methods have the problems of redundant test data and low vulnerability detection efficiency when testing WIAPA protocol.Therefore,this thesis studies the fuzz testing method for WIA-PA protocol.The main research contents of this thesis are as follows:Firstly,aiming at the problems of redundant test data and low efficiency of vulnerability detection in the existing fuzz testing methods,this thesis proposes a fuzz testing method of WIA-PA protocol based on EFSM.First of all,the EFSM model is established for the communication behaviors of WIA-PA network access,operation and off network,and then a state segmentation method based on variable value domain is designed to obtain the equivalent and simplest FSM model.The UIO method is used to generate the test sequence,the test sequence is used as the seed to generate fuzzy data,and specific fuzzy data is generated according to the mutation strategy of the association relationship of protocol fields to detect possible loopholes in the protocol.Secondly,according to the above method,a fuzz testing software for WIA-PA protocol is implemented.The test software include protocol script processing module,test sequence generation module,fuzzy data generation module,fuzzy test execution module,exception monitoring module and logging module.The script processing module parses the WIA-PA protocol script file input by the user and generates the EFSM model;The test sequence generation module generates the test sequence as the input of the data generation module;The test execution module sends the fuzzy data generated by the data generation module to the tested object,and controls the entire test execution process;The exception monitoring module monitors the operation of the object under test;The data generated in the whole testing process is recorded by the logging module,which is convenient for users to carry out vulnerability analysis work in the future.Finally,a real WIA-PA protocol test environment is built,and the function verification and performance analysis of the fuzz testing software designed in this thesis are carried out.The test results show that the fuzz testing software designed in this thesis can reduce the redundancy of fuzz testing data,improve the efficiency of vulnerability detection,and has certain vulnerability detection capabilities.