CN112055003B - Method for generating private protocol fuzzy test case based on byte length classification - Google Patents
Method for generating private protocol fuzzy test case based on byte length classification Download PDFInfo
- Publication number
- CN112055003B CN112055003B CN202010872171.9A CN202010872171A CN112055003B CN 112055003 B CN112055003 B CN 112055003B CN 202010872171 A CN202010872171 A CN 202010872171A CN 112055003 B CN112055003 B CN 112055003B
- Authority
- CN
- China
- Prior art keywords
- byte
- length
- protocol
- private protocol
- test case
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method for generating a private protocol fuzzy test case based on byte length classification, which comprises the steps of utilizing MSA data stream to compare and analyze the characteristics of a private protocol to determine whether the byte length of the private protocol is variable or not; if the length of the private protocol byte is variable, carrying out content variation on the variable field; if the byte length of the private protocol is not changed, carrying out content variation and variation of the upper and lower limits of the byte length on the unchanged field; and generating a new test case according to the mutated result, and sending the test case to the target equipment to complete the generation of the test case. The method combines the characteristics of high real-time performance and high reliability of the proprietary protocol of the industrial control system to carry out vulnerability mining on the proprietary protocol, thereby preventing the vulnerability from happening in the bud.
Description
Technical Field
The invention relates to the technical field of private protocol fuzzing test, in particular to a method for generating a private protocol fuzzing test case based on byte length classification.
Background
In recent years, an attack event of a programmable controller in a power grid system occurs sometimes, which seriously jeopardizes national economic construction, for example, an ukrainian power grid in the world frightened by hacker attack, which causes a large-area power failure accident, etc., and the safe operation of the power grid needs higher requirements.
The invention focuses on the communication security research of the programmable controller in the power grid, and carries out security experiment verification on the communication protocol of the programmable controller by using a real environment, and for the known problems, people can take security protection measures to make up the defects and prevent the defects from being utilized by hackers, but the invention is incapable of solving the problem of unknown vulnerabilities.
Fuzz testing is widely used for vulnerability discovery, but most of these tests do not consider cross-protocol or multi-protocol testing, which is a communication protocol that is not suitable for industrial control systems. The fuzzy test method of the current industrial control system has the defects of too simple and random fuzzy data, low abnormal positioning precision, low test efficiency and the like, and is particularly suitable for the fuzzy test case generation method of the proprietary protocol of the industrial control system.
The invention provides a method for generating a private protocol fuzzy test case based on byte length classification by combining the characteristics of high instantaneity and high reliability of a private protocol of an industrial control system, and vulnerability mining is carried out on the private protocol fuzzy test case, so that the situation is prevented in the bud. The method has low requirements on the technical level of testers, does not need deep analysis on the protocol, and does not need higher requirements on the testing technology.
Disclosure of Invention
This section is for the purpose of summarizing some aspects of embodiments of the invention and to briefly introduce some preferred embodiments. In this section, as well as in the abstract and title of the application, simplifications or omissions may be made to avoid obscuring the purpose of the section, the abstract and the title, and such simplifications or omissions are not intended to limit the scope of the invention.
The invention is provided in view of the problems of low abnormal positioning precision and low testing efficiency in the prior art.
Therefore, the technical problem solved by the invention is as follows: and the abnormal positioning precision and the testing efficiency are improved.
In order to solve the technical problems, the invention provides the following technical scheme: comparing and analyzing characteristics of a private protocol by using an MSA data stream to determine whether the byte length of the private protocol is variable; if the length of the private protocol byte is variable, carrying out content variation on the variable field of the private protocol byte; if the private protocol byte length is not changed, carrying out content variation and the variation of the upper and lower limits of the byte length on the unchanged field; and generating a new test case according to the mutated result, and sending the test case to the target equipment to complete the generation of the test case.
As a preferred scheme of the method for generating the fuzzy test case of the private protocol based on byte length classification, the method comprises the following steps: the characteristics of the private protocol include a protocol characteristic value, a protocol version number, a field length, a function code characteristic value, and a data value.
As a preferred scheme of the method for generating the fuzzy test case of the private protocol based on byte length classification, the method comprises the following steps: the private-protocol field includes bytes of variable length and bytes of constant length.
As a preferred scheme of the method for generating the byte length classification-based proprietary protocol fuzzing test case, the method comprises the following steps: the definition of variation of upper and lower limits of private protocol field value comprises breaking the range of byte length specified by the protocol characteristics, lengthening or shortening the byte length, and again varying the content.
As a preferred scheme of the method for generating the fuzzy test case of the private protocol based on byte length classification, the method comprises the following steps: the field format mutation includes mutation according to a class defined by the input field format call.
As a preferred scheme of the method for generating the fuzzy test case of the private protocol based on byte length classification, the method comprises the following steps: and the new byte data comprises the steps of defining byte inversion mutation to generate the test case, and generating new byte data according to a binary bit inversion method based on the specified variant byte.
As a preferred scheme of the method for generating the fuzzy test case of the private protocol based on byte length classification, the method comprises the following steps: the byte block mutation comprises, defining to copy a byte block from a default value, each mutation moving forward one byte class; if some contents in the communication protocol are fixed values, the fields to be mutated are converted into fixed values, and the fields are shifted by half a byte at a time.
As a preferred scheme of the method for generating the byte length classification-based proprietary protocol fuzzing test case, the method comprises the following steps: the executing block data variation comprises that the copied data is placed behind the required variation bytes according to the executing block data of the copying part during variation, and then the data of the description length is changed.
As a preferred scheme of the method for generating the byte length classification-based proprietary protocol fuzzing test case, the method comprises the following steps: the variation based on the length byte of the seed field comprises the steps of defining a base class based on the execution block mutation, generating a seed of variation in the test case according to the variation, and performing variation based on the length byte of the seed field.
As a preferred scheme of the method for generating the fuzzy test case of the private protocol based on byte length classification, the method comprises the following steps: the sequence variation includes using a 0-9 full permutation method based on a specified length range including a correlation test method and a hierarchical test method.
The invention has the beneficial effects that: the method combines the characteristics of high real-time performance and high reliability of the proprietary protocol of the industrial control system to carry out vulnerability mining on the proprietary protocol, thereby preventing the proprietary protocol from getting ill in the bud.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise. Wherein:
FIG. 1 is a flowchart of test case generation for a method for generating a fuzzy test case of a private protocol based on byte length classification according to an embodiment of the present invention;
FIG. 2 is a flow chart of fuzz testing for a method for generating a private protocol fuzz test case based on byte length classification according to an embodiment of the present invention;
fig. 3 is a diagram of the proprietary protocol feature recognition and data structure design of a method for generating a proprietary protocol fuzz test case based on byte length classification according to an embodiment of the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, specific embodiments accompanied with figures are described in detail below, and it is apparent that the described embodiments are a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present invention, shall fall within the protection scope of the present invention.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, but the present invention may be practiced in other ways than those specifically described and will be readily apparent to those of ordinary skill in the art without departing from the spirit of the present invention, and therefore the present invention is not limited to the specific embodiments disclosed below.
Furthermore, the references herein to "one embodiment" or "an embodiment" refer to a particular feature, structure, or characteristic that may be included in at least one implementation of the present invention. The appearances of the phrase "in one embodiment" in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments.
The present invention will be described in detail with reference to the drawings, wherein the cross-sectional views illustrating the structure of the device are not enlarged partially in general scale for convenience of illustration, and the drawings are only exemplary and should not be construed as limiting the scope of the present invention. In addition, the three-dimensional dimensions of length, width and depth should be included in the actual fabrication.
Meanwhile, in the description of the present invention, it should be noted that the terms "upper, lower, inner and outer" and the like indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, and are only for convenience of describing the present invention and simplifying the description, but do not indicate or imply that the referred device or element must have a specific orientation, be constructed in a specific orientation and operate, and thus, cannot be construed as limiting the present invention. Furthermore, the terms first, second, or third are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
The terms "mounted, connected and connected" in the present invention are to be understood broadly, unless otherwise explicitly specified or limited, for example: can be fixedly connected, detachably connected or integrally connected; they may be mechanically, electrically, or directly connected, or indirectly connected through intervening media, or may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in a specific case to those of ordinary skill in the art.
Example 1
For the disclosed industrial control system communication protocol, the content of the protocol can be clearly known according to the protocol specification, and then a test strategy is specified, but for the proprietary protocol, the content of the protocol specification cannot be known, and preliminary analysis of the protocol is needed. In addition, testers need to be familiar with protocols, and the current method can not meet the requirements of high standard, high coverage rate and high efficiency for the fuzzy test of the proprietary protocol of the industrial control system.
Referring to fig. 1 to 3, an embodiment of the present invention provides a method for generating a private protocol fuzzing test case based on byte length classification, including:
s1: the characteristics of the private protocol are analyzed using MSA data stream comparison to determine if the private protocol byte length is variable. It should be noted that the characteristics of the private protocol include a protocol characteristic value, a protocol version number, a field length, a function code characteristic value, and a data value; the private-protocol field includes variable-length bytes and constant-length bytes.
The variable field length of the private protocol means that the length of the byte of the protocol characteristic is uncertain, and the length can be adjusted according to the requirement.
Specifically, the proprietary protocol in the industrial control system is generally more complex than other protocols according to the needs of functional tasks, and its characteristics mainly include protocol characteristic value, protocol version number, field length, function code characteristic value and data value. Firstly, comparing original data according to a test target protocol by utilizing MSA data streams to perform characteristic analysis, identifying the byte length of a field, and then performing the next operation.
The byte length of its private-protocol field can be divided into variable-length bytes and constant-length bytes. The byte length of some protocol features is fixed, but the byte length of some fields is adjusted according to the data transmission needs, and different fields in the same message have corresponding relation, for example, the value of the previous field is the length of the next field, and the field with fixed byte length is separated from the field with non-fixed byte length.
S2: if the length of the private protocol byte is variable, carrying out content variation on the variable field; if the private protocol byte length is not changed, the content and the upper and lower limits of the byte length are varied on the unchanged field.
Wherein, the upper and lower limit variation definition of the private protocol field value comprises breaking the byte length range specified by the protocol characteristics, lengthening or shortening the byte length, and varying the content again;
the field format variation comprises the variation according to the class defined by the input field format call;
the new byte data comprises a defined byte turning mutation generation test case, and new byte data is generated according to a binary bit turning method based on the specified variant byte;
the byte block mutation comprises, defining to copy a byte block from a default value, each mutation moving forward one byte class; if some contents are fixed values according to the communication protocol, the fields to be mutated are converted into fixed values and are shifted by half a byte at a time.
Performing block data mutation comprises, according to the block data of the copy part during mutation, placing the copied data after the bytes needing mutation, and changing the data of the description length;
the variation based on the length byte of the seed field comprises defining base classes based on the execution block mutation, generating varied seeds in the test case according to the variation, and performing the variation based on the length byte of the seed field.
The sequence variation includes methods using 0-9 full permutation based on a range of specified lengths, including correlation test methods and hierarchical test methods.
Specifically, for a field with a fixed byte length of the field, only the variation of the content is performed to generate a test case, the variation of the upper and lower limits of the length is not considered any more, if the length of the field exceeds the length of the field, the exceeding part is analyzed according to the next characteristic value during protocol analysis, the content of the variation of the field is not changed any more, and the variation of the next field can be reflected in the numerical variation of the next field. Based on the field with unfixed byte length, we need to perform variation of the upper and lower limits of the field length in addition to the variation of the content. The variation of the upper and lower limits of the length of the field is defined, the length range specified by the protocol is broken, and new content variation is performed once every byte is added or reduced outside the specified length range of the protocol.
Among them, there are several variation methods for content variation strategy, which mainly include:
the method comprises the steps of defining fields to execute bit flipping mutation classes of N continuous bits, and after the mutated fields are designated, carrying out binary flipping operation on the fields needing to be mutated to generate test cases.
And secondly, defining that a byte block is copied from a default value, each mutation is moved forward by one byte class, part of contents in a communication protocol are fixed values, fields needing mutation are converted into the fixed values, and half bytes are moved at a time.
And thirdly, defining the use of a plurality of repeated execution block copies, wherein each time the test case is mutated, only the fields needing mutation are subjected to repeated execution block copy, and the fields without mutation are subjected to repeated execution block copy, so that the integrity of the communication message is ensured.
And defining a base class for executing block mutation, wherein the test case generated by the mutation is subjected to the mutation based on the length byte of the seed field by utilizing a seed with the mutation.
And defining to delete one byte block from the default value, moving one byte class forward for each mutation, deleting a certain byte block to generate a new test case when a plurality of byte blocks exist in the communication message.
And defining that a byte block is set to a specific value from a default value, each mutation is moved forward by one byte class, fields needing mutation are set to be fixed values of certain protocols, and each mutation is moved by one byte.
And a seventh step of defining the number of continuous bytes in the flip message, and moving forward one byte class for each mutation.
And eighthly, carrying out mutation according to the class defined by the input field format call.
Furthermore, in the first method, a test case is generated by byte flipping and mutation, new byte data is generated in the specified variant byte according to a binary bit flipping method, and the new byte data is used as the new test case. In the second method, in the byte needing mutation, the byte content is converted into a fixed value, such as a function code identification character, in the mutation process, 1Bit is moved backwards every time from the first Bit of the mutation byte, then 2 bits are moved backwards from the first Bit, and so on, until after the first Bit is mutated, the next moving digit is greater than the byte length; in the third method, the copy part executes block data during mutation, places the copied data behind the required mutation bytes, and then changes the data with the description length as a new test case. In the fourth method, the varied bytes are determined, the length and the value range of the bytes are determined, and random mutation is performed on the basis to generate a new test case. In the fifth method, one byte is deleted from the variant byte, new test cases are sequentially generated from the beginning to the end, then two bytes are deleted, and new test cases are sequentially generated from the beginning to the end until all the contents needing to be variant are deleted.
The method can cover other related test and layered test methods, and the method covers the related test and the layered test methods because the mutation strategy used by the method mutates one protocol characteristic at a time and other protocol characteristics are unchanged.
S3: and generating a new test case according to the mutated result, and sending the test case to the target equipment to complete the generation of the test case.
More specifically, as shown in fig. 2, the target is determined, and what is determined first in the fuzz test is the test target and the test range, and in the case where the test object and the test range are not determined, the fuzz test tool or technique cannot be selected. Generally we need to consider the following: the type of the target to be tested, such as what type of controller the target to be tested is, identifies whether the communication protocol used is an application layer protocol or a transport layer protocol, whether the target to be tested has a bug historically, where the cause of the bug historically, and the like, according to the version information of the programmable controller. As input is identified in fig. 2, almost all vulnerabilities that can be exploited are due to the fact that the device accepts input of illegal data and, when processing the input data, does not first clear or operate on instructions for the illegal data, enumerating the input data is critical to the success of the fuzz test. The input data to the target equipment cannot be positioned, which has serious influence on the fuzzy test and can not accurately position bugs, any input data to the target equipment should be constructed and designed, the inputs must be set according to a protocol specification format, the input data should contain information headers, parameter information, function codes, data types and the like, and all the data should be considered as test cases of the fuzzy test and should be fuzzy test variables. As shown in fig. 2, once the client identifies the input vector, it can generate the fuzz test variable data according to the identification information, and can make a corresponding fuzz test data generation strategy according to the characteristics of the test object, for example, it can dynamically generate data by changing the existing data, and no matter what strategy is selected, automation should be introduced in the process of generating the fuzz test data. As in FIG. 2, where fuzz testing is performed, the execution may include sending a data packet to the target device, initiating the device, or downloading the program. Similarly, in the process, functions of continuously generating test cases, sending the test cases, monitoring abnormity and the like exist, so that automation of the test process is also important, and effective fuzzy test cannot be successfully executed without automation. As shown in fig. 2 for detecting an anomaly, in the fuzz testing process, the monitoring process of a fault or an anomaly is significant, for example, if we have no way to accurately indicate which data packet causes a crash, 10000 fuzz testing data packets are sent to the target device, which eventually causes the device to crash and lose significance, and the monitoring can take various forms, and should not depend on the target device and the selected fuzz testing type. As shown in fig. 2, when a potential bug is detected, and an anomaly monitoring function is provided in the fuzzy test process, once a target is detected to be faulty by the anomaly monitoring function, it is necessary to determine whether the discovered bug is reproducible, the recurrent bug should be located first, and then replay detection is performed by using the most common means, that is, a packet replay tool is called to replay a dumped network packet. After the reproduction is successful, whether the Bug can be utilized or not needs to be further judged, which is a typical manual process and needs professional knowledge in the safety field.
As shown in fig. 3, the protocol features are extracted, whether the length of the protocol field is variable or not is classified, and then different mutation strategies are performed. The invention can be used not only for proprietary protocols, but also for public protocols.
Example 2
The technical effects adopted in the method are verified and explained, in the embodiment, the OpenVAS (open vulnerability assessment system) and the method are selected for comparison and test, and the test results are compared by means of scientific demonstration to verify the real effect of the method.
The OpenVAS (open vulnerability assessment system) is a network scanner including related tools, and the core component of the OpenVAS is a server including a set of network vulnerability testing programs, which can detect security problems in remote systems and applications. As shown in fig. 1, a Kitty fuzzy test framework is used in combination with an industrial control protocol component in the ISF and a conventional technical scheme to perform fuzzy test on the siemens S7comm protocol to dig vulnerabilities. Firstly, kitty sets an interface and a target, can be connected with the target for three times and can be connected with the target for two times by COTP, then protocol original data in an ISF industrial control protocol assembly is called, a fuzzy test module can perform variation on the original data according to a variation method to generate a test case and send the test case to target equipment, and an open vulnerability assessment system directly sends a tested hole to a server through a network vulnerability test program. The results of comparison of the test data are shown in the following table:
| comparison object | The method of the invention | OpenVAS |
| Number of detected leaks | 3 are provided with | 1 is provided with |
| Vulnerability database | CVE | NVT |
| Unknown vulnerability detection | Support for | Do not support |
| Manual verification | Need to make sure that | Need not necessarily require |
| Consuming time | 24s | 840s |
Compared with the OpenVAS method, the method can detect three bugs, can detect 2 more bugs, can detect unknown bugs, reduces the consumed time by 816s compared with the traditional scheme, greatly reduces the time cost, can perform fuzzy test on the private protocol without deep analysis, avoids the need of a tester to master the relevant knowledge of the protocol when a test case is generated by the traditional fuzzy test, greatly reduces the burden of the tester, improves the abnormal positioning precision and the test efficiency, and increases the test range.
It should be noted that the above-mentioned embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, which should be covered by the claims of the present invention.
Claims (6)
1. A method for generating a private protocol fuzzing test case based on byte length classification is characterized by comprising the following steps:
comparing and analyzing the characteristics of the private protocol by using the MSA data stream to determine whether the byte length of the private protocol is variable; the characteristics of the private protocol comprise a protocol characteristic value, a protocol version number, a field length, a function code characteristic value and a data value;
the fields of the private protocol include variable-length bytes and constant-length bytes
If the length of the private protocol byte is variable, carrying out content variation on the variable byte in the private protocol;
if the byte length of the private protocol is not changed, carrying out content variation and variation of the upper and lower limits of the byte length on the unchanged bytes in the private protocol;
the definition of the variation of the upper and lower limits of the byte length of the private protocol comprises the following steps:
breaking the byte length range specified by the protocol characteristics, lengthening or shortening the byte length, and mutating the content of the byte length;
the mutating in the private protocol on a basis of a length of bytes in a seed field includes:
defining base class based on execution block mutation, generating mutated seed in test case according to mutation, and performing mutation based on byte length in seed field
And generating a new test case according to the mutated result, and sending the test case to the target equipment to finish the use of the test case.
2. The byte-length-classification-based private protocol fuzzing test case generation method of claim 1, wherein: the proprietary protocol field format variant includes variant according to a class defined by the input field format call.
3. The byte length classification-based private protocol fuzzing test case generation method according to claim 2, characterized in that: the new byte data in the private protocol comprises:
defining byte flip mutation to generate the test case, and generating new byte data according to a binary bit flip method based on the specified variant byte.
4. The byte-length-classification-based private protocol fuzzing test case generation method of claim 3, wherein: the byte block mutation in the private protocol comprises:
defining a byte block to be copied from a default value and a byte class to be moved forward for each mutation;
if some contents in the communication protocol are fixed values, the fields to be mutated are converted into fixed values, and the fields are shifted by half a byte at a time.
5. The byte-length-classification-based private protocol fuzzing test case generation method of claim 4, wherein: performing block data mutation in the private protocol comprises:
and executing block data according to the copy-on-variation part, and placing the copied data into the data needing the variation bytes and then changing the description length of the copied data.
6. The byte-length-classification-based private protocol fuzzing test case generation method of claim 5, wherein: the sequential variations in the private protocol include:
a method for utilizing a full permutation of 0 to 9 over a specified length range, comprising: an association test method and a hierarchical test method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010872171.9A CN112055003B (en) | 2020-08-26 | 2020-08-26 | Method for generating private protocol fuzzy test case based on byte length classification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010872171.9A CN112055003B (en) | 2020-08-26 | 2020-08-26 | Method for generating private protocol fuzzy test case based on byte length classification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112055003A CN112055003A (en) | 2020-12-08 |
| CN112055003B true CN112055003B (en) | 2022-12-23 |
Family
ID=73600894
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010872171.9A Active CN112055003B (en) | 2020-08-26 | 2020-08-26 | Method for generating private protocol fuzzy test case based on byte length classification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112055003B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113392402B (en) * | 2021-05-24 | 2022-08-05 | 国网湖北省电力有限公司电力科学研究院 | Power Internet of things protocol vulnerability detection system and method based on fuzzy test |
| CN113381998B (en) * | 2021-06-08 | 2022-11-22 | 上海天旦网络科技发展有限公司 | Deep learning-based application protocol auxiliary analysis system and method |
| CN114205340B (en) * | 2021-12-23 | 2024-04-02 | 绿盟科技集团股份有限公司 | Fuzzy test method and device based on intelligent power equipment |
| CN117453573B (en) * | 2023-12-22 | 2024-04-02 | 信联科技(南京)有限公司 | Fuzzy test case generation method and engine based on protocol feature matching and mutation policy selection |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014082908A1 (en) * | 2012-11-28 | 2014-06-05 | Siemens Aktiengesellschaft | Method and apparatus for generating test case for fuzz test |
| CN106330601A (en) * | 2016-08-19 | 2017-01-11 | 北京匡恩网络科技有限责任公司 | Test case generating method and device |
| CN109040081A (en) * | 2018-08-10 | 2018-12-18 | 哈尔滨工业大学(威海) | A kind of protocol fields conversed analysis system and method based on BWT |
| CN110597734A (en) * | 2019-09-23 | 2019-12-20 | 电子科技大学 | Fuzzy test case generation method suitable for industrial control private protocol |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105763392B (en) * | 2016-02-19 | 2019-03-08 | 中国人民解放军理工大学 | A kind of industry control agreement fuzz testing method based on protocol status |
| CN108173854B (en) * | 2017-12-28 | 2020-12-29 | 广东电网有限责任公司东莞供电局 | Safety monitoring method for power private protocol |
-
2020
- 2020-08-26 CN CN202010872171.9A patent/CN112055003B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014082908A1 (en) * | 2012-11-28 | 2014-06-05 | Siemens Aktiengesellschaft | Method and apparatus for generating test case for fuzz test |
| CN106330601A (en) * | 2016-08-19 | 2017-01-11 | 北京匡恩网络科技有限责任公司 | Test case generating method and device |
| CN109040081A (en) * | 2018-08-10 | 2018-12-18 | 哈尔滨工业大学(威海) | A kind of protocol fields conversed analysis system and method based on BWT |
| CN110597734A (en) * | 2019-09-23 | 2019-12-20 | 电子科技大学 | Fuzzy test case generation method suitable for industrial control private protocol |
Non-Patent Citations (2)
| Title |
|---|
| 一种西门子S7私有协议的Fuzzing漏洞检测方法;刘金永等;《上海电力大学学报》;20200815;第36卷(第4期);第408-414页 * |
| 基于范式语法的工控协议Fuzzing测试技术;张亚丰等;《计算机应用研究》;20160831(第08期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112055003A (en) | 2020-12-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112055003B (en) | Method for generating private protocol fuzzy test case based on byte length classification | |
| CN109379329B (en) | Network security protocol fuzzy test method and system based on LSTM | |
| Yang et al. | Anomaly-based intrusion detection for SCADA systems | |
| Tavallaee et al. | Toward credible evaluation of anomaly-based intrusion-detection methods | |
| US8006136B2 (en) | Automatic grammar based fault detection and isolation | |
| US9122671B2 (en) | System and method for grammar based test planning | |
| US20180288084A1 (en) | Method and device for automatically establishing intrusion detection model based on industrial control network | |
| Turnipseed | A new scada dataset for intrusion detection research | |
| CN112184091A (en) | Industrial control system security threat assessment method, device and system | |
| CN112749097B (en) | Performance evaluation method and device for fuzzy test tool | |
| CN115065623B (en) | Active and passive combined reverse analysis method for private industrial control protocol | |
| Iturbe et al. | On the feasibility of distinguishing between process disturbances and intrusions in process control systems using multivariate statistical process control | |
| Manickam et al. | Labelled Dataset on Distributed Denial‐of‐Service (DDoS) Attacks Based on Internet Control Message Protocol Version 6 (ICMPv6) | |
| CN111966604A (en) | Fuzzy industrial control protocol vulnerability mining system | |
| CN111625448B (en) | Protocol packet generation method, device, equipment and storage medium | |
| CN113328914A (en) | Fuzzy test method and device for industrial control protocol, storage medium and processor | |
| Landauer et al. | A framework for automatic labeling of log datasets from model-driven testbeds for HIDS evaluation | |
| CN108427882B (en) | Android software dynamic analysis detection method based on behavior feature extraction | |
| CN114553551B (en) | Method and device for testing intrusion prevention system | |
| CN113760753B (en) | QUIC protocol testing method based on gray box blurring technology | |
| CN110572296A (en) | Internet of things terminal equipment communication protocol consistency safety detection method | |
| Apolinário et al. | FingerCI: generating specifications for critical infrastructures | |
| CN113836539A (en) | Power engineering control system leak full-flow disposal system and method based on precise test | |
| Yu et al. | Mining anomaly communication patterns for industrial control systems | |
| CN115514582B (en) | Industrial Internet attack chain correlation method and system based on ATT & CK |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |