A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion [post]

2020 unpublished
The safety of Industrial Internet Control Systems has been a hotspot in the information security. To meet needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such
more » ... e with such security threats, academia and industry generally adopt fuzzy test methods. However, the current industrial control protocol fuzzy test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch, and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent, and greatly increases the probability of anomaly detection in the protocol implementation
doi:10.21203/rs.2.23600/v1 fatcat:ybjllryayzgpzp4rjtukmcuuda