nach oben

The Journal of Supercomputing

Erschienen in:

14.02.2017

Field classification-based novel fuzzing case generation for ICS protocols

verfasst von: Sung Jin Kim, Taeshik Shon

Erschienen in: The Journal of Supercomputing | Ausgabe 9/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

An industrial control system combined with IT is not a special thing; however, cyber security in this field does not mature. Therefore, vulnerability analysis techniques for protocols used in this field are clearly needed. In this paper, we propose a novel test case generation technique for a fuzzing test that can be used for various industrial control system protocols. The proposed fuzzing test is designed for generating a cross-field fuzzing test case because of field dependencies, a characteristic of industrial control system protocols. Additionally, we focus on multilayer testing because the weaknesses of lower layer protocols are inherited by upper layer protocols.

Vorheriger Artikel A REST-based industrial web of things’ framework for smart warehousing

Nächster Artikel High-performance fieldbus application-specific integrated circuit design for industrial smart sensor networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Homeland Security (2016) NCCIC/ICS-CERT Year in Review National Cybersecurity and Communications Integration Center/Industrial Control Systems Cyber Emergency Response Team FY 2015

Zhao W et al (2013) Security testing methods and techniques of industrial control devices. In: Intelligent Information Hiding and Multimedia Signal Processing, 2013 Ninth International Conference on IEEE

Kim S, Jo W, Shon T (2016) A novel vulnerability analysis approach to generate fuzzing test case in industrial control system. In: Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)

Sutton M, Greene A, Amini P (2007) Fuzzing: brute force vulnerability discovery. Pearson Educ

Ma R et al. (2014) Fuzz testing data generation for network protocol using classification tree. In: Communications Security Conference (CSC 2014). IET

Bratus S, Hansen A, Shubina A (2008) LZfuzz: a fast compression-based fuzzer for poorly documented protocols, Technical report TR2008-634, Department of computer science, Dartmouth college, Hanover, New Hampshire

Duchene F et al (2014) KameleonFuzz: evolutionary fuzzing for black-box XSS detection. In: Proceedings of the 4th ACM Conference on Data and Application Security and Privacy. ACM

Duchene F et al (2012) XSS vulnerability detection using model inference assisted evolutionary fuzzing. In: SECTEST 2012-3rd International Workshop on Security Testing (Affiliated with ICST). IEEE Computer Society

Cui Baojiang et al. (2014) A novel fuzzing method for Zigbee based on finite state machine. Int J Distrib Sens Netw

10.

Tilaro F, Berges MG (2014) IEC 61850 Industrial communication standards under test

11.

Voyiatzis AG, Katsigiannis K, Koubias S (2015) A Modbus/TCP fuzzer for testing internetworked industrial systems. In: 2015 IEEE 20th Conference on Emerging Technologies and Factory Automation (ETFA), IEEE

12.

Devarajan, G (2007) Unraveling SCADA protocols: using sulley fuzzer. In: Defon 15 Hacking Conference

13.

Huang B, Wen Q (2011) An automatic fuzz testing method designed for detecting vulnerabilities on all protocol. In: Computer Science and Network Technology (ICCSNT), 2011 International Conference on IEEE, vol. 2

14.

Becker S, Abdelnur H, Engel T (2010) An autonomic testing framework for IPv6 configuration protocols. In: IFIP International Conference on Autonomous Infrastructure, Management and Security. Springer, Berlin

15.

Munea TL, Kim IL, Shon T (2016) Design and Implementation of fuzzing framework based on IoT applications, WPC. Springer (Online published Apr 2016)

16.

Munea TL, Lim H, Shon T (2015) Network protocol fuzz-testing for information systems and applications: a survey and taxonomy, multimedia tools and applications. Springer (Online Published)

17.

Yoo H, Taeshik S (2016) Evaluation on SCADA Modbus protocol. In: IEEE Smart Grid Communication, Grammar-Based Adaptive Fuzzing

18.

Gu S et al (2011) Fuzzing test data generation based on message matrix perturbation with keyword reference. In: 2011-MILCOM 2011 Military Communications Conference on IEEE

19.

Ma R et al (2016) Test data generation for stateful network protocol fuzzing using a rule-based state machine. Tsinghua Sci Technol 21.3:352–360CrossRefMATH

20.

Tsankov P, Dashti MT, Basin D (2012) SECFUZZ: fuzz-testing security protocols. In: Automation of Software Test (AST), 2012 7th International Workshop on IEEE

21.

Han X, Wen Q, Zhang Z (2012) A mutation-based fuzz testing approach for network protocol vulnerability detection. In: Computer Science and Network Technology (ICCSNT), 2012 2nd International Conference on IEEE

22.

Qi X et al (2014) OPC-MFuzzer: a novel multi-layers vulnerability detection tool for OPC protocol based on fuzzing technology. Int J Comput Commun Eng 3.4:300CrossRef

23.

Barbosa RRR, Sadre R, Pras A (2012) A first look into SCADA network traffic. In: 2012 IEEE Network Operations and Management Symposium

24.

Schwarz DIK, Eichbaeumle I. ISO 9506 (MMS)

25.

CVE-2005-4812. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4812

26.

CVE-2006-6489. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6489

27.

CVE-2007-2490. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2490

28.

Li H et al (2014) A novel vulnerability detection method for ZigBee MAC layer. In: Dependable, Autonomic and Secure Computing (DASC), 2014 IEEE 12th International Conference on IEEE

Titel: Field classification-based novel fuzzing case generation for ICS protocols
verfasst von: Sung Jin Kim
Taeshik Shon
Publikationsdatum: 14.02.2017
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 9/2018
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-017-1980-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 9/2018

SAFT-PHENIC: a thermal-aware microring fault-resilient photonic NoC

FS-IIoTSim: a flexible and scalable simulation framework for performance evaluation of industrial Internet of things systems

A novel fault-tolerant multiplexer in quantum-dot cellular automata technology

Models for availability and power consumption evaluation of a private cloud with VMM rejuvenation enabled by VM Live Migration

Schmitt trigger-based single-ended 7T SRAM cell for Internet of Things (IoT) applications

AnyNoC: new network on a chip switching using the shared-memory and output-queue techniques for complex Internet of things systems