TY - GEN
T1 - GANFuzz
T2 - 15th ACM International Conference on Computing Frontiers, CF 2018
AU - Hu, Zhicheng
AU - Shi, Jianqi
AU - Huang, Yanhong
AU - Xiong, Jiawen
AU - Bu, Xiangxing
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/5/8
Y1 - 2018/5/8
N2 - In this paper, we attempt to improve industrial safety from the perspective of communication security. We leverage the protocol fuzzing technology to reveal errors and vulnerabilities inside implementations of industrial network protocols(INPs). Traditionally, to effectively conduct protocol fuzzing, the test data has to be generated under the guidance of protocol grammar, which is built either by interpreting the protocol specifications or reverse engineering from network traces. In this study, we propose an automated test case generation method, in which the protocol grammar is learned by deep learning. Generative adversarial network(GAN) is employed to train a generative model over real-world protocol messages to enable us to learn the protocol grammar. Then we can use the trained generative model to produce fake but plausible messages, which are promising test cases. Based on this approach, we present an automatical and intelligent fuzzing framework(GANFuzz) for testing implementations of INPs. Compared to prior work, GANFuzz offers a new way for this problem. Moreover, GANFuzz does not rely on protocol specification, so that it can be applied to both public and proprietary protocols, which outperforms many previous frameworks. We use GANFuzz to test several simulators of the Modbus-TCP protocol and find some errors and vulnerabilities.
AB - In this paper, we attempt to improve industrial safety from the perspective of communication security. We leverage the protocol fuzzing technology to reveal errors and vulnerabilities inside implementations of industrial network protocols(INPs). Traditionally, to effectively conduct protocol fuzzing, the test data has to be generated under the guidance of protocol grammar, which is built either by interpreting the protocol specifications or reverse engineering from network traces. In this study, we propose an automated test case generation method, in which the protocol grammar is learned by deep learning. Generative adversarial network(GAN) is employed to train a generative model over real-world protocol messages to enable us to learn the protocol grammar. Then we can use the trained generative model to produce fake but plausible messages, which are promising test cases. Based on this approach, we present an automatical and intelligent fuzzing framework(GANFuzz) for testing implementations of INPs. Compared to prior work, GANFuzz offers a new way for this problem. Moreover, GANFuzz does not rely on protocol specification, so that it can be applied to both public and proprietary protocols, which outperforms many previous frameworks. We use GANFuzz to test several simulators of the Modbus-TCP protocol and find some errors and vulnerabilities.
KW - Fuzzing
KW - Generative adversarial network
KW - Generative model
KW - Implementations
KW - Industrial network protocols
KW - Industrial safety
KW - Protocol grammar
UR - https://www.scopus.com/pages/publications/85052226729
U2 - 10.1145/3203217.3203241
DO - 10.1145/3203217.3203241
M3 - 会议稿件
AN - SCOPUS:85052226729
SN - 9781450357616
T3 - 2018 ACM International Conference on Computing Frontiers, CF 2018 - Proceedings
SP - 138
EP - 145
BT - 2018 ACM International Conference on Computing Frontiers, CF 2018 - Proceedings
PB - Association for Computing Machinery, Inc
Y2 - 8 May 2018 through 10 May 2018
ER -