Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Industrial control protocol fuzzy test method based on flow replay

An industrial control protocol and fuzzy testing technology, applied in the direction of digital transmission systems, electrical components, transmission systems, etc., can solve problems such as difficulty in establishing a conversation process, low test coverage, incorrect information, etc., and achieve the effect of shortening the test preparation stage

Active Publication Date: 2019-11-26
HANGZHOU DIANZI UNIV
View PDF10 Cites 31 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of this type of fuzz testing technology is that many industrial control protocols such as Siemens S7 need to use the COTP protocol to establish an application layer session before performing operations. However, it is difficult for these technologies to establish a complete session process and dig out deep-seated vulnerabilities.
[0005] Aiming at the problem of dynamic session establishment of industrial control protocols, patent 201610094014.3 proposes to use the open source protocol reverse analysis project Netzob to extract the protocol state machine based on the protocol communication message samples, guide the industrial control equipment to the state to be tested based on the protocol state machine, and then mutate The final message is sent to the target device, but many industrial control protocols are composed of multi-layer protocols. For example, the CIP protocol (Common Industrial Protocol) uses Ethernet / IP encapsulation. The existing protocol reverse technology can accurately extract multi-layer unknown protocol fields. The rate is not high, so that when the industrial control protocol establishes a session, the information set in the equipment configuration such as the rack, slot, and password that needs to be filled in is incorrect, and the protocol message is rejected by the industrial control device, resulting in low test coverage.
[0006] However, the existing network protocol fuzzing test frameworks, such as Kitty, Sulley, Peach, etc., need to manually write a large number of protocol fuzzing test cases and other complicated and repetitive manual operations according to the protocol format description before each test, which reduces the protocol fuzzing test. work efficiency, so the present invention proposes an efficient fuzz testing method based on industrial control protocol flow data replay

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Industrial control protocol fuzzy test method based on flow replay
  • Industrial control protocol fuzzy test method based on flow replay
  • Industrial control protocol fuzzy test method based on flow replay

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0030] In order to better explain the solutions of the present invention, the implementation manners of the present invention will be described in detail below in conjunction with the accompanying drawings.

[0031] The invention provides an embodiment of an industrial control protocol fuzzy testing method based on traffic replay. Real industrial control protocol packets need to be obtained before testing, such as figure 1 As shown, the packet capture tool is placed between the host computer and the industrial control device under test. The packet capture device can be a switch with port mirroring enabled or a packet capture tool such as Wireshark opened on the host computer, and finally the datagram file is obtained. later as figure 2 As shown in , the datagram file, configuration file, and protocol message format definition file are used as the input of the whole method, and after being processed by the fuzzy testing method, the mutated message is sent to the target device...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to the field of industrial network security, in particular to an industrial control protocol fuzzy test method based on flow replay. The invention aims to provide an industrial control protocol fuzzy test method based on flow replay. Real protocol flow data of an operation environment of industrial control equipment is taken as a basis. A format is defined through a simple configuration file format and an industrial control protocol message. A corresponding protocol analyzer is constructed. An device protocol state message is extracted to fuzzify an industrial control protocol field specified by a user. Message application layer data is extracted. The message application layer data is packaged and replayed. An industrial control protocol fuzzy test is quickly and efficiently carried out on the premise of ensuring effective input and complete establishment of a protocol session. The invention is suitable for automatic testing of existing industrial control protocolvulnerability mining and industrial control protocol research and development and the like.

Description

technical field [0001] The invention relates to the field of industrial network security, in particular to an industrial control protocol fuzzy testing method based on traffic replay. Background technique [0002] In the past ten years, more and more computer-related network technologies have been applied to industrial control systems, but at the same time it has also brought about network security issues in industrial control systems. Industrial control networks have become hackers, terrorists, and hostile forces to attack and destroy new target. At present, industrial control system is an important part of key fields such as petrochemical, power grid, transportation, sewage treatment, etc., and its security has become a hot spot of national information security. [0003] Fuzz testing is a highly automated testing technique. By inputting a large amount of random data, it is possible to find deficiencies in the implementation of the program without entering the system or ob...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L12/26H04L29/06H04L29/08
CPCH04L43/18H04L63/1433H04L67/30H04L69/06H04L69/26
Inventor 徐向华邵帅王然程宗毛
Owner HANGZHOU DIANZI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com