CGFuzzer: A Fuzzing Approach Based on Coverage-Guided Generative Adversarial Networks for Industrial IoT Protocols

With the widespread application of the Industrial Internet of Things (IIoT), industrial control systems (ICSs) greatly improve industrial productivity, efficiency, and product quality. However, IIoT protocols as the bridge of different parts of ICSs are vulnerable to be attacked due to their vulnera...

Full description

Saved in:
Bibliographic Details
Published in:IEEE internet of things journal 2022-11, Vol.9 (21), p.21607-21619
Main Authors: Yu, Zhenhua, Wang, Haolu, Wang, Dan, Li, Zhiwu, Song, Houbing
Format: Article
Language:English
Subjects:
Codes
Control systems
Coverage guided
Fuzzing
Generative adversarial networks
generative adversarial networks (GANs)
Industrial applications
Industrial control
Industrial electronics
Industrial Internet of Things
industry control protocol
Internet of Things
Protocols
Security
vulnerability mining
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:With the widespread application of the Industrial Internet of Things (IIoT), industrial control systems (ICSs) greatly improve industrial productivity, efficiency, and product quality. However, IIoT protocols as the bridge of different parts of ICSs are vulnerable to be attacked due to their vulnerabilities. To reduce cyberattack threats, we need to find the vulnerabilities of IIoT protocols by using efficient vulnerability mining methods, such as fuzzing. Fuzzing is often used to mine vulnerabilities for IIoT protocols. However, the traditional fuzzing methods for IIoT protocols have a low passing rate and low code coverage. To solve these problems, we propose a generative adversarial network (GAN), here referred to as coverage-guided GANs (CovGAN), which aims to generate test cases with a high passing rate and code coverage by learning IIoT protocol specifications. Based on the CovGAN, we construct a fuzzing framework (CGFuzzer) for IIoT protocols. Finally, we design a protocol simulator to verify the CovGAN performance. Experimental results show that the proposed methodology outperforms approximately 5%, 7%, and 39% of the passing rate of GANFuzz, SeqFuzzer, and Peach, respectively. In addition, CGFuzzer has a significant improvement in code coverage, which is about 17%, 24%, and 31% higher than GANFuzz, SeqFuzzer, and Peach, respectively.
ISSN:2327-4662
2327-4662
DOI:10.1109/JIOT.2022.3183952