Biblio

Industrial networks are the cornerstone of modern industrial control systems. Performing security checks of industrial communication processes helps detect unknown risks and vulnerabilities. Fuzz testing is a widely used method for performing security checks that takes advantage of automation. However, there is a big challenge to carry out security checks on industrial network due to the increasing variety and complexity of industrial communication protocols. In this case, existing approaches usually take a long time to model the protocol for generating test cases, which is labor-intensive and time-consuming. This becomes even worse when the target protocol is stateful. To help in addressing this problem, we employed a deep learning model to learn the structures of protocol frames and deal with the temporal features of stateful protocols. We propose a fuzzing framework named SeqFuzzer which automatically learns the protocol frame structures from communication traffic and generates fake but plausible messages as test cases. For proving the usability of our approach, we applied SeqFuzzer to widely-used Ethernet for Control Automation Technology (EtherCAT) devices and successfully detected several security vulnerabilities.

The paper dwells on the design of a diagnostic system and expert assessment of the significance of threats to the security of industrial networks. The proposed system is based on a new cyber-attacks classification and presupposes the existence of two structural blocks: the industrial network virtual model based on the scan selected nodal points and the generator of cyber-attacks sets. The diagnostic and expert assessment quality is improved by the use of the Markov chains or the Monte Carlo numerical method. The numerical algorithm of generating cyber-attacks sets is based on the LP$\tau$-sequence.