Skip to main content

Advertisement

SpringerLink
Log in

Smart seed selection-based effective black box fuzzing for IIoT protocol

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Connections of cyber-physical system (CPS) components are gradually increasing owing to the introduction of the Industrial Internet of Things (IIoT). IIoT vulnerability analysis has become a major issue because complex skillful cyber-attacks on CPS systems exploit their zero-day vulnerabilities. However, current white box techniques for vulnerability analysis are difficult to use in real heterogeneous environments, where devices supplied by various manufacturers and diverse firmware versions are used. Therefore, we herein propose a novel protocol fuzzing test technique that can be applied in a heterogeneous environment. As seed configuration can significantly influence the test result in a black box test, we update the seed pool using test cases that travel different program paths compared to the seed. The input, output, and Delta times are used to determine if a new program area has been searched in the black box environment. We experimentally verified the effectiveness of the proposed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Anton Cherepanov, WIN32/INDUSTROYER A new threat for industrial Control Systems, ESET, 2017.06

  2. Dragos INC, Crashoverride Analsysis of the Threat to Electric Grid Operations, 2017.06

  3. Dragos INC, Trisis malware analysis of safety system targeted malware, 2017.12

  4. Kaspersky Lab ICS Cert, Threat Landscape for Industrial Automation Systems in the second half of 2016, Kaspersky Lab (2016)

  5. Tahbildar H, Bichitra K (2011) Automated software test data generation: direction of research. Int J Comput Sci Eng Surv 2(1):99–120. https://doi.org/10.5121/ijcses.2011.2108

    Article  Google Scholar 

  6. Peng H, Shoshitaishvili Y, Payer M (2018) T-Fuzz: fuzzing by program transformation. In: 2018 IEEE Symposium on Security and Privacy (SP). IEEE, San Francisco, CA, USA, pp 697–710. https://doi.org/10.1109/SP.2018.00056

    Chapter  Google Scholar 

  7. Saheed YK, Babatunde AO (2014) Genetic algorithm technique in program path coverage for improving software testing. Afr J Comp ICT 7(5):151–158

    Google Scholar 

  8. American fuzzy lop. http://lcamtuf.coredump.cx/afl/. Accessed 13 Mar 2020

  9. libfuzzer. https://llvm.org/docs/LibFuzzer.html. Accessed 13 Mar 2020

  10. Tsankov P, Dashti MT, Basin D (2013) Semi-valid input coverage for fuzz testing. In: Proceedings of the 2013 International Symposium on Software Testing and Analysis. ACM. pp 56-66. https://doi.org/10.1145/2483760.2483787

  11. Cha SK, Woo M, Brumley D (2015) Program-adaptive mutational fuzzing. In: Proceedings of the 2015 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, pp 725–741. https://doi.org/10.1109/SP.2015.50

    Chapter  Google Scholar 

  12. Böhme M, Pham V-T, Roychoudhury A (2017) Coverage-based greybox fuzzing as markov chain. IEEE Trans Softw Eng 45(5):489–506. https://doi.org/10.1109/TSE.2017.2785841

    Article  Google Scholar 

  13. Wang J et al (2017) Skyfire: data-driven seed generation for fuzzing. In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE, San Jose, CA, USA, pp 579–594. https://doi.org/10.1109/SP.2017.23

    Chapter  Google Scholar 

  14. Yao F et al (2017) Statsym: vulnerable path discovery through statistics-guided symbolic execution. In: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE, Denver, CO, USA, pp 109–120. https://doi.org/10.1109/DSN.2017.57

    Chapter  Google Scholar 

  15. Godefroid P, Levin MY, Molnar D (2012) SAGE: whitebox fuzzing for security testing. Queue 10(1):1–8. https://doi.org/10.1145/2090147.2094081

    Article  Google Scholar 

  16. Shapiro R, Bratus S, Rogers E, Smith S (2011) Identifying vulnerabilities in SCADA systems via fuzz-testing. In: International Conference on Critical Infrastructure Protection, pp 57–72. https://doi.org/10.1007/978-3-642-24864-1_5

  17. Netzob. https://github.com/netzob/netzob. Accessed 13 Mar 2020

  18. Peng S, Cui B, Jia R, Liang S, Zhang Y (2013) A novel vulnerability detection method for ZigBee MAC layer. Int J Grid Util Comput 4(2–3):134–143. https://doi.org/10.1504/IJGUC.2013.056249

    Article  Google Scholar 

  19. Kim SJ, Shon T (2018) Field classification-based novel fuzzing case generation for ICS protocols. J Supercomput 74:4434–4450. https://doi.org/10.1007/s11227-017-1980-3

    Article  Google Scholar 

  20. Klees G et al (2018) Evaluating fuzz testing. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM. Toronto, Canada, pp 2123–2138. https://doi.org/10.1145/3243734.3243804

    Chapter  Google Scholar 

  21. Kargén U, Shahmehri N (2015) Turning programs against each other: high coverage fuzz-testing using binary-code mutation and dynamic slicing. In: Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015). pp 782–792

  22. Chen P, Chen H (2018) Angora: efficient fuzzing by principled search. arXiv preprint arXiv:1803.01307

  23. Li Y et al (2017) Steelix: program-state based binary fuzzing. In: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering. ACM, pp 627–637. https://doi.org/10.1145/3106237.3106295

  24. Henderson A et al (2017) VDF: targeted evolutionary fuzz testing of virtual devices. In: International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, pp 3–25. https://doi.org/10.1007/978-3-319-66332-6_1

    Chapter  Google Scholar 

  25. Stephens N et al (2016) Driller: augmenting fuzzing through selective symbolic execution. Proc. Symp. Netw. Distrib. Syst. Secur. pp 1–16

  26. Duchene F et al (2012) XSS Vulnerability detection using model inference assisted evolutionary fuzzing. In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation (ICST). IEEE, pp 815–817

  27. libmodbus. http://libmodbus.org/. Accessed 13 Mar 2020

  28. Qassim Q et al (2017) A survey of SCADA testbed implementation approaches. Indian J Sci Technol 10(26):1–8. https://doi.org/10.17485/ijst/2017/v10i26/116775

    Article  Google Scholar 

  29. Sematech NIST (2013) Nist/sematech e-handbook of statistical methods. NIST SEMATECH. https://www.itl.nist.gov/div898/handbook/. Accessed 13 Mar 2020

  30. Gov. https://gcc.gnu.org/onlinedocs/gcc/Gcov.html#Gcov. Accessed 13 Mar 2020

  31. Choi Seung-Seok, Cha Sung-Hyuk, Tappert Charles C (2010) A survey of binary similarity and distance measures. J Syst Cybern Inf 8(1):43–48

    Google Scholar 

Download references

Acknowledgements

This research was supported, in part, by the Basic Science Research Program (Grant No. 2018R1D1A1B07043349) and, in part, by the Energy Cloud R&D Program (Grant No. 2019M3F2A1073386), both through the National Research Foundation of Korea (NRF), funded by the Ministry of Science, ICT and Future Planning.

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Ajou University, Suwon, Korea

    SungJin Kim

  2. Security Division, IBM MEA, Dubai, United Arab Emirates

    Jaeik Cho

  3. Department of Computer Science and Engineering, Seoul National University of Science and Technology, Seoul, Korea

    Changhoon Lee

  4. Department of Cyber Security, Ajou University, Suwon, Korea

    Taeshik Shon

Authors
  1. SungJin Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaeik Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changhoon Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Taeshik Shon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Taeshik Shon.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kim, S., Cho, J., Lee, C. et al. Smart seed selection-based effective black box fuzzing for IIoT protocol. J Supercomput 76, 10140–10154 (2020). https://doi.org/10.1007/s11227-020-03245-7

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-020-03245-7

Keywords

Search

Navigation