Biblio
Industrial networks are the cornerstone of modern industrial control systems. Performing security checks of industrial communication processes helps detect unknown risks and vulnerabilities. Fuzz testing is a widely used method for performing security checks that takes advantage of automation. However, there is a big challenge to carry out security checks on industrial network due to the increasing variety and complexity of industrial communication protocols. In this case, existing approaches usually take a long time to model the protocol for generating test cases, which is labor-intensive and time-consuming. This becomes even worse when the target protocol is stateful. To help in addressing this problem, we employed a deep learning model to learn the structures of protocol frames and deal with the temporal features of stateful protocols. We propose a fuzzing framework named SeqFuzzer which automatically learns the protocol frame structures from communication traffic and generates fake but plausible messages as test cases. For proving the usability of our approach, we applied SeqFuzzer to widely-used Ethernet for Control Automation Technology (EtherCAT) devices and successfully detected several security vulnerabilities.
The normal operation of key measurement and control equipment in power grid (KMCEPG) is of great significance for safe and stable operation of power grid. Firstly, this paper gives a systematic overview of KMCEPG. Secondly, the cyber security risks of KMCEPG on the main station / sub-station side, channel side and terminal side are analyzed and the related vulnerabilities are discovered. Thirdly, according to the risk analysis results, the attack process construction technology of KMCEPG is proposed, which provides the test process and attack ideas for the subsequent KMCEPG-related attack penetration. Fourthly, the simulation penetration test environment is built, and a series of attack tests are carried out on the terminal key control equipment by using the attack flow construction technology proposed in this paper. The correctness of the risk analysis and the effectiveness of the attack process construction technology are verified. Finally, the attack test results are analyzed, and the attack test cases of terminal critical control devices are constructed, which provide the basis for the subsequent attack test. The attack flow construction technology and attack test cases proposed in this paper improve the network security defense capability of key equipment of power grid, ensure the safe and stable operation of power grid, and have strong engineering application value.
Aiming at the problem that there is little research on firmware vulnerability mining and the traditional method of vulnerability mining based on fuzzing test is inefficient, this paper proposed a new method of mining vulnerabilities in industrial control system firmware. Based on taint analysis technology, this method can construct test cases specifically for the variables that may trigger vulnerabilities, thus reducing the number of invalid test cases and improving the test efficiency. Experiment result shows that this method can reduce about 23 % of test cases and can effectively improve test efficiency.