Abstract
Connections of cyber-physical system (CPS) components are gradually increasing owing to the introduction of the Industrial Internet of Things (IIoT). IIoT vulnerability analysis has become a major issue because complex skillful cyber-attacks on CPS systems exploit their zero-day vulnerabilities. However, current white box techniques for vulnerability analysis are difficult to use in real heterogeneous environments, where devices supplied by various manufacturers and diverse firmware versions are used. Therefore, we herein propose a novel protocol fuzzing test technique that can be applied in a heterogeneous environment. As seed configuration can significantly influence the test result in a black box test, we update the seed pool using test cases that travel different program paths compared to the seed. The input, output, and Delta times are used to determine if a new program area has been searched in the black box environment. We experimentally verified the effectiveness of the proposed.
Similar content being viewed by others
References
Anton Cherepanov, WIN32/INDUSTROYER A new threat for industrial Control Systems, ESET, 2017.06
Dragos INC, Crashoverride Analsysis of the Threat to Electric Grid Operations, 2017.06
Dragos INC, Trisis malware analysis of safety system targeted malware, 2017.12
Kaspersky Lab ICS Cert, Threat Landscape for Industrial Automation Systems in the second half of 2016, Kaspersky Lab (2016)
Tahbildar H, Bichitra K (2011) Automated software test data generation: direction of research. Int J Comput Sci Eng Surv 2(1):99–120. https://doi.org/10.5121/ijcses.2011.2108
Peng H, Shoshitaishvili Y, Payer M (2018) T-Fuzz: fuzzing by program transformation. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, pp 697–710. https://doi.org/10.1109/SP.2018.00056
Saheed YK, Babatunde AO (2014) Genetic algorithm technique in program path coverage for improving software testing. Afr J Comp ICT 7(5):151–158
American fuzzy lop. http://lcamtuf.coredump.cx/afl/. Accessed 13 Mar 2020
libfuzzer. https://llvm.org/docs/LibFuzzer.html. Accessed 13 Mar 2020
Tsankov P, Dashti MT, Basin D (2013) Semi-valid input coverage for fuzz testing. In: Proceedings of the 2013 International Symposium on Software Testing and Analysis. ACM. pp 56-66. https://doi.org/10.1145/2483760.2483787
Cha SK, Woo M, Brumley D (2015) Program-adaptive mutational fuzzing. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, pp 725–741. https://doi.org/10.1109/SP.2015.50
Böhme M, Pham V-T, Roychoudhury A (2017) Coverage-based greybox fuzzing as markov chain. IEEE Trans Softw Eng 45(5):489–506. https://doi.org/10.1109/TSE.2017.2785841
Wang J et al (2017) Skyfire: data-driven seed generation for fuzzing. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, pp 579–594. https://doi.org/10.1109/SP.2017.23
Yao F et al (2017) Statsym: vulnerable path discovery through statistics-guided symbolic execution. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Denver, CO, USA, pp 109–120. https://doi.org/10.1109/DSN.2017.57
Godefroid P, Levin MY, Molnar D (2012) SAGE: whitebox fuzzing for security testing. Queue 10(1):1–8. https://doi.org/10.1145/2090147.2094081
Shapiro R, Bratus S, Rogers E, Smith S (2011) Identifying vulnerabilities in SCADA systems via fuzz-testing. In: International Conference on Critical Infrastructure Protection, pp 57–72. https://doi.org/10.1007/978-3-642-24864-1_5
Netzob. https://github.com/netzob/netzob. Accessed 13 Mar 2020
Peng S, Cui B, Jia R, Liang S, Zhang Y (2013) A novel vulnerability detection method for ZigBee MAC layer. Int J Grid Util Comput 4(2–3):134–143. https://doi.org/10.1504/IJGUC.2013.056249
Kim SJ, Shon T (2018) Field classification-based novel fuzzing case generation for ICS protocols. J Supercomput 74:4434–4450. https://doi.org/10.1007/s11227-017-1980-3
Klees G et al (2018) Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. Toronto, Canada, pp 2123–2138. https://doi.org/10.1145/3243734.3243804
Kargén U, Shahmehri N (2015) Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015). pp 782–792
Chen P, Chen H (2018) Angora: efficient fuzzing by principled search. arXiv preprint arXiv:1803.01307
Li Y et al (2017) Steelix: program-state based binary fuzzing. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM, pp 627–637. https://doi.org/10.1145/3106237.3106295
Henderson A et al (2017) VDF: targeted evolutionary fuzz testing of virtual devices. In: International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, pp 3–25. https://doi.org/10.1007/978-3-319-66332-6_1
Stephens N et al (2016) Driller: augmenting fuzzing through selective symbolic execution. Proc. Symp. Netw. Distrib. Syst. Secur. pp 1–16
Duchene F et al (2012) XSS Vulnerability detection using model inference assisted evolutionary fuzzing. In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST). IEEE, pp 815–817
libmodbus. http://libmodbus.org/. Accessed 13 Mar 2020
Qassim Q et al (2017) A survey of SCADA testbed implementation approaches. Indian J Sci Technol 10(26):1–8. https://doi.org/10.17485/ijst/2017/v10i26/116775
Sematech NIST (2013) Nist/sematech e-handbook of statistical methods. NIST SEMATECH. https://www.itl.nist.gov/div898/handbook/. Accessed 13 Mar 2020
Gov. https://gcc.gnu.org/onlinedocs/gcc/Gcov.html#Gcov. Accessed 13 Mar 2020
Choi Seung-Seok, Cha Sung-Hyuk, Tappert Charles C (2010) A survey of binary similarity and distance measures. J Syst Cybern Inf 8(1):43–48
Acknowledgements
This research was supported, in part, by the Basic Science Research Program (Grant No. 2018R1D1A1B07043349) and, in part, by the Energy Cloud R&D Program (Grant No. 2019M3F2A1073386), both through the National Research Foundation of Korea (NRF), funded by the Ministry of Science, ICT and Future Planning.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kim, S., Cho, J., Lee, C. et al. Smart seed selection-based effective black box fuzzing for IIoT protocol. J Supercomput 76, 10140–10154 (2020). https://doi.org/10.1007/s11227-020-03245-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-020-03245-7