基于生成对抗网络的工控协议模糊测试研究

Research on fuzzing of industrial control protocol based on generative adversarial network

传统模糊测试依赖专家经验和协议规范,基于神经网络的方法受限于训练数据质量和模型结构,面对不同的ICPs(Industrial Control Protocols)有效性差,缺乏通用有效的模糊测试方法。针对上述问题,提出一种基于WGAN-GP(Wasserstein Generative Adversarial Network with Gradient Penalty)的ICP模糊测试方法,结合统计语言模型N-gram修正训练结果,并构建了面向多种ICPs的通用模糊测试框架GPFuzz。在油气集输全流程工业攻防靶场中对3种常见工控协议(Modbus/TCP,Ethernet/IP,S7comm)进行实验,结果表明该框架生成的测试用例具有多样性,在接受率和异常触发指标上优于其他模糊测试方法,为ICS提供一种高效、通用的安全性评估方法,提升系统整体的安全性。

Traditional fuzzing relies on expert knowledge and protocol specifications,while neural network-based methods are constrained by the quality of training data and model structure.These methods exhibit poor effectiveness across different Industrial Control Protocols(ICPs)and lack a universal and efficient fuzzing approach.To address these issues,this paper proposes an ICP fuzzing method based on Wasserstein Generative Adversarial Network with Gradient Penalty(WGAN-GP),incorporating statistical language model N-gram to refine the training results.This paper developed a universal fuzzing framework,GPFuzz,tailored for various ICPs.Experiments conducted in laboratory′s oil and gas collection and transmission full-process industrial attack-defense range on three common ICPs(Modbus/TCP,Ethernet/IP,S7comm)demonstrate that the framework generates diverse test cases.These cases outperform other fuzzing methods in terms of acceptance rate and anomaly triggering indicators,providing an efficient and general security assessment method for ICS and enhancing the overall system security.