Research On Fuzzing Testing Technology Of Industrial Control Protocol Based On Protocol State Model

As industrial control systems become more intelligent and networked,they are faced with increasingly serious network threats.As an important way to achieve automation control between devices,industrial control protocols currently focus on functional diversity and stability,ignoring network security issues and lacking necessary security protection.The integration of industrial control systems with the Internet makes it easier for attackers to carry out attacks,so discovering security risks in protocols is crucial for system security protection.Protocol fuzzing testing is an important method for discovering security vulnerabilities by describing the functional transition logic through the protocol state model and using seed scheduling techniques to select the functional branches for testing.However,there are many kinds of industrial control protocols and private protocols,and it is costly and poorly generalized to build protocol-specific state models.When using the generic protocol state model,the code coverage is low and it is difficult to build the protocol state model.In addition,the existing seed scheduling techniques cannot effectively extend the protocol state model because of the complex functional logic of industrial control protocols,and there are problems that are not suitable for protocol state model exploration.Therefore,to address the above problems,this thesis proposes a fuzzing testing technique for industrial control protocols based on the protocol state model,and the method mainly includes the following three research contents.Firstly,to address the problem of difficulty in constructing the protocol state machine model of industrial control protocols,by studying the life cycle of memory data of industrial control systems,the extraction method of key memory data is designed and transformed into the characteristic state code.At the same time,we design and propose an algorithm to construct the protocol state model by the characteristic state code,and realize the automatic construction of the protocol state model for industrial control system.Second,to address the problem that seed scheduling techniques are not applicable to protocol state model exploration,the evaluation index is studied to quantify the seed value and the seed energy evaluation mechanism is proposed.The seed energy-based test sequence selection algorithm is designed to guide the selection of expanded protocol seeds by protocol fuzzing testing tools,accelerate the construction of protocol state models,and improve the coverage of protocol state and test target codes.Based on the above research,this thesis designs and implements an industrial control protocol fuzzing testing system based on the protocol state model.Through these methods,the system is able to complete the exploration of the industrial control protocol state model and complete the high coverage of the functional logic branches of the industrial control system,thus being able to discover the loopholes in the complex logic.Through the designed experimental comparison,the research methods in this thesis are able to achieve a high exploration of the state model of the test target protocols and possess a high code coverage.By designing test cases,it is verified that the developed fuzzing test system has the ability to discover test target vulnerabilities and also possesses the ability to discover deep logic vulnerabilities.