当前位置:
X-MOL 学术
›
J. Netw. Comput. Appl.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A survey on fuzz testing technologies for industrial control protocols
Journal of Network and Computer Applications ( IF 7.7 ) Pub Date : 2024-09-06 , DOI: 10.1016/j.jnca.2024.104020 Xiaoyan Wei , Zheng Yan , Xueqin Liang
Journal of Network and Computer Applications ( IF 7.7 ) Pub Date : 2024-09-06 , DOI: 10.1016/j.jnca.2024.104020 Xiaoyan Wei , Zheng Yan , Xueqin Liang
The development of the industrial Internet of Things enables industrial control systems to become inter-networked and inter-connected, making them intelligent with high productivity. However, these systems are exposed to external environments and vulnerable to network attacks, which also suffer from internal vulnerabilities. Fuzz testing, in short fuzzing, is a technique to enhance the security of industrial control systems by finding errors when repeatedly executing software that injects illegal, malformed, or unexpected inputs into the systems. Unfortunately, traditional fuzzing of communication protocols faces low coverage and efficiency problems when being applied to industrial protocols, considering the characteristics of industrial protocols such as real-time and multi-interaction. Moreover, fuzzing is difficult to perform because many structures of industrial control protocols are not publicly available. Although researchers have started to focus on the fuzzing of industrial control protocols, existing literature still lacks a thorough survey of its recent advances. To fill this gap, we conduct a comprehensive survey on existing fuzzing methods for industrial control protocols. After a brief introduction to industrial control protocols and fuzzing, we propose a set of metrics for judging the pros and cons of existing fuzzing methods. Based on these metrics, we evaluate and compare the performance of fuzzing methods of industrial control protocols in the past eight years. Based on our review and analysis, we further summarize the open problems of these methods for achieving the proposed metrics and elaborate on future research directions toward secure industrial control systems.
中文翻译:
工业控制协议的模糊测试技术调查
工业物联网的发展使工业控制系统变得互联互通,使其智能化、高生产力。但是,这些系统暴露在外部环境中,容易受到网络攻击,而网络攻击也受到内部漏洞的影响。模糊测试,简称模糊测试,是一种通过在重复执行将非法、格式错误或意外输入到系统中的软件时发现错误来增强工业控制系统安全性的技术。遗憾的是,考虑到工业协议的实时性和多交互性等特点,传统的通信协议模糊测试在应用于工业协议时面临覆盖率低和效率低的问题。此外,模糊测试很难执行,因为工业控制协议的许多结构尚未公开。尽管研究人员已经开始关注工业控制协议的模糊测试,但现有文献仍然缺乏对其最新进展的全面调查。为了填补这一空白,我们对工业控制协议的现有模糊测试方法进行了全面调查。在简要介绍了工业控制协议和模糊测试之后,我们提出了一组用于判断现有模糊测试方法优缺点的指标。基于这些指标,我们评估和比较了过去八年工业控制协议的模糊测试方法的性能。基于我们的回顾和分析,我们进一步总结了这些方法在实现所提出的指标方面存在的开放问题,并详细阐述了安全工业控制系统的未来研究方向。
更新日期:2024-09-06
中文翻译:
工业控制协议的模糊测试技术调查
工业物联网的发展使工业控制系统变得互联互通,使其智能化、高生产力。但是,这些系统暴露在外部环境中,容易受到网络攻击,而网络攻击也受到内部漏洞的影响。模糊测试,简称模糊测试,是一种通过在重复执行将非法、格式错误或意外输入到系统中的软件时发现错误来增强工业控制系统安全性的技术。遗憾的是,考虑到工业协议的实时性和多交互性等特点,传统的通信协议模糊测试在应用于工业协议时面临覆盖率低和效率低的问题。此外,模糊测试很难执行,因为工业控制协议的许多结构尚未公开。尽管研究人员已经开始关注工业控制协议的模糊测试,但现有文献仍然缺乏对其最新进展的全面调查。为了填补这一空白,我们对工业控制协议的现有模糊测试方法进行了全面调查。在简要介绍了工业控制协议和模糊测试之后,我们提出了一组用于判断现有模糊测试方法优缺点的指标。基于这些指标,我们评估和比较了过去八年工业控制协议的模糊测试方法的性能。基于我们的回顾和分析,我们进一步总结了这些方法在实现所提出的指标方面存在的开放问题,并详细阐述了安全工业控制系统的未来研究方向。
京公网安备 11010802027423号