SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective

Hui Zhao; Zhihui Li; Hansheng Wei; Jianqi Shi; Yanhong Huang

doi:10.1109/ICST.2019.00016

SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective

Hui Zhao
, Zhihui Li
, Hansheng Wei
, Jianqi Shi^*
, Yanhong Huang

^*Corresponding author for this work

Software Engineering Institute

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

69 Scopus citations

Abstract

Industrial networks are the cornerstone of modern industrial control systems. Performing security checks of industrial communication processes helps detect unknown risks and vulnerabilities. Fuzz testing is a widely used method for performing security checks that takes advantage of automation. However, there is a big challenge to carry out security checks on industrial network due to the increasing variety and complexity of industrial communication protocols. In this case, existing approaches usually take a long time to model the protocol for generating test cases, which is labor-intensive and time-consuming. This becomes even worse when the target protocol is stateful. To help in addressing this problem, we employed a deep learning model to learn the structures of protocol frames and deal with the temporal features of stateful protocols. We propose a fuzzing framework named SeqFuzzer which automatically learns the protocol frame structures from communication traffic and generates fake but plausible messages as test cases. For proving the usability of our approach, we applied SeqFuzzer to widely-used Ethernet for Control Automation Technology (EtherCAT) devices and successfully detected several security vulnerabilities.

Original language	English
Title of host publication	Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	59-67
Number of pages	9
ISBN (Electronic)	9781728117355
DOIs	https://doi.org/10.1109/ICST.2019.00016
State	Published - Apr 2019
Event	12th IEEE International Conference on Software Testing, Verification and Validation, ICST 2019 - Xi'an, China Duration: 22 Apr 2019 → 27 Apr 2019

Publication series

Name	Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019

Conference

Conference	12th IEEE International Conference on Software Testing, Verification and Validation, ICST 2019
Country/Territory	China
City	Xi'an
Period	22/04/19 → 27/04/19

Keywords

Deep learning
EtherCAT
Fuzzing
Industrial safety
Self learning
Vulnerability mining

Access to Document

10.1109/ICST.2019.00016

Cite this

Zhao, H., Li, Z., Wei, H., Shi, J., & Huang, Y. (2019). SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective. In Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019 (pp. 59-67). Article 8730177 (Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICST.2019.00016

Zhao, Hui ; Li, Zhihui ; Wei, Hansheng et al. / SeqFuzzer : An industrial protocol fuzzing framework from a deep learning perspective. Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 59-67 (Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019).

@inproceedings{f4ac0167f7b346148e522009ab0b4900,

title = "SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective",

abstract = "Industrial networks are the cornerstone of modern industrial control systems. Performing security checks of industrial communication processes helps detect unknown risks and vulnerabilities. Fuzz testing is a widely used method for performing security checks that takes advantage of automation. However, there is a big challenge to carry out security checks on industrial network due to the increasing variety and complexity of industrial communication protocols. In this case, existing approaches usually take a long time to model the protocol for generating test cases, which is labor-intensive and time-consuming. This becomes even worse when the target protocol is stateful. To help in addressing this problem, we employed a deep learning model to learn the structures of protocol frames and deal with the temporal features of stateful protocols. We propose a fuzzing framework named SeqFuzzer which automatically learns the protocol frame structures from communication traffic and generates fake but plausible messages as test cases. For proving the usability of our approach, we applied SeqFuzzer to widely-used Ethernet for Control Automation Technology (EtherCAT) devices and successfully detected several security vulnerabilities.",

keywords = "Deep learning, EtherCAT, Fuzzing, Industrial safety, Self learning, Vulnerability mining",

author = "Hui Zhao and Zhihui Li and Hansheng Wei and Jianqi Shi and Yanhong Huang",

note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 12th IEEE International Conference on Software Testing, Verification and Validation, ICST 2019 ; Conference date: 22-04-2019 Through 27-04-2019",

year = "2019",

month = apr,

doi = "10.1109/ICST.2019.00016",

language = "英语",

series = "Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "59--67",

booktitle = "Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019",

address = "美国",

}

Zhao, H, Li, Z, Wei, H, Shi, J & Huang, Y 2019, SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective. in Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019., 8730177, Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019, Institute of Electrical and Electronics Engineers Inc., pp. 59-67, 12th IEEE International Conference on Software Testing, Verification and Validation, ICST 2019, Xi'an, China, 22/04/19. https://doi.org/10.1109/ICST.2019.00016

SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective. / Zhao, Hui; Li, Zhihui; Wei, Hansheng et al.
Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 59-67 8730177 (Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SeqFuzzer

T2 - 12th IEEE International Conference on Software Testing, Verification and Validation, ICST 2019

AU - Zhao, Hui

AU - Li, Zhihui

AU - Wei, Hansheng

AU - Shi, Jianqi

AU - Huang, Yanhong

PY - 2019/4

Y1 - 2019/4

N2 - Industrial networks are the cornerstone of modern industrial control systems. Performing security checks of industrial communication processes helps detect unknown risks and vulnerabilities. Fuzz testing is a widely used method for performing security checks that takes advantage of automation. However, there is a big challenge to carry out security checks on industrial network due to the increasing variety and complexity of industrial communication protocols. In this case, existing approaches usually take a long time to model the protocol for generating test cases, which is labor-intensive and time-consuming. This becomes even worse when the target protocol is stateful. To help in addressing this problem, we employed a deep learning model to learn the structures of protocol frames and deal with the temporal features of stateful protocols. We propose a fuzzing framework named SeqFuzzer which automatically learns the protocol frame structures from communication traffic and generates fake but plausible messages as test cases. For proving the usability of our approach, we applied SeqFuzzer to widely-used Ethernet for Control Automation Technology (EtherCAT) devices and successfully detected several security vulnerabilities.

AB - Industrial networks are the cornerstone of modern industrial control systems. Performing security checks of industrial communication processes helps detect unknown risks and vulnerabilities. Fuzz testing is a widely used method for performing security checks that takes advantage of automation. However, there is a big challenge to carry out security checks on industrial network due to the increasing variety and complexity of industrial communication protocols. In this case, existing approaches usually take a long time to model the protocol for generating test cases, which is labor-intensive and time-consuming. This becomes even worse when the target protocol is stateful. To help in addressing this problem, we employed a deep learning model to learn the structures of protocol frames and deal with the temporal features of stateful protocols. We propose a fuzzing framework named SeqFuzzer which automatically learns the protocol frame structures from communication traffic and generates fake but plausible messages as test cases. For proving the usability of our approach, we applied SeqFuzzer to widely-used Ethernet for Control Automation Technology (EtherCAT) devices and successfully detected several security vulnerabilities.

KW - Deep learning

KW - EtherCAT

KW - Fuzzing

KW - Industrial safety

KW - Self learning

KW - Vulnerability mining

UR - https://www.scopus.com/pages/publications/85068005290

U2 - 10.1109/ICST.2019.00016

DO - 10.1109/ICST.2019.00016

M3 - 会议稿件

AN - SCOPUS:85068005290

T3 - Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019

SP - 59

EP - 67

BT - Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 22 April 2019 through 27 April 2019

ER -

Zhao H, Li Z, Wei H, Shi J , Huang Y. SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective. In Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 59-67. 8730177. (Proceedings - 2019 IEEE 12th International Conference on Software Testing, Verification and Validation, ICST 2019). doi: 10.1109/ICST.2019.00016

SeqFuzzer: An industrial protocol fuzzing framework from a deep learning perspective

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this