| The chemical and new materials industry has been widely recognized as one of the most important and fastest-growing high-tech industries in the world.It plays a crucial role in driving national economic development and promoting technological innovation,particularly in modern industrial applications.Industrial control systems are extensively utilized in the field of chemical and new materials.In the past,industrial control systems primarily focused on physical safety and operational reliability.However,with the increasing connectivity of control systems to enterprise networks and the widespread use of the Internet,these systems have become targets for network attacks.The use of fuzz testing enables the early discovery of potential vulnerabilities in industrial control protocols,facilitating timely risk mitigation measures and reducing the probability of security incidents in industrial control systems.Test case generation is a critical component of fuzz testing and directly impacts its efficiency.High-quality test cases can detect more potential vulnerabilities in a shorter timeframe.This paper focuses on both public and private industrial control protocols,and the specific research objectives are as follows:1.For public industrial control protocols,this study addresses the limitations of traditional fuzz testing,such as insufficient targeting and low coverage,which no longer meet the security requirements of industrial control systems.To overcome these limitations,the paper incorporates genetic algorithms into the fuzz testing process to guide test case generation.Improvements are made to the existing genetic algorithm to enhance the efficiency of fuzz testing.Firstly,a novel dynamic fitness function is proposed,introducing concepts such as spatial points,risk points,and average test case coverage to reduce the randomness of test case generation.Secondly,an adaptive crossover and mutation operator design method is employed to prevent premature convergence of the genetic algorithm during execution.Finally,an experimental environment is established,and the results demonstrate that the proposed method dynamically adjusts the generated test cases,resulting in enhanced targeting.After testing with four function codes,the test case pass rate is found to be 30.44% higher on average compared to the Peach fuzz testing framework.Additionally,two vulnerabilities are successfully discovered2.For private industrial control protocols,this study addresses the challenge of constructing Fuzzing test cases for private protocols due to their closed-source nature.A fuzz testing method based on private industrial control protocols is proposed to overcome this challenge.The method employs a deep learning model for generating fuzzy test cases specific to private protocols.A deep learning GRU network is used as the encoder and decoder in a seq2 seq framework to generate fuzzy test cases.This approach extracts features from the S7 protocol and generates test cases that conform to the protocol structure,effectively addressing the issue of low-quality test case generation in traditional fuzz testing.Experimental results demonstrate that the proposed method significantly reduces test case redundancy and improves the test case acceptance rate and generation speed for industrial control protocols.Furthermore,the abnormal response rate is increased by 10.34% compared to the Peach fuzz testing framework. |
PDF Full Text Request