Troubleshooting Test Method Based on Industrial Control Grammar Model

This paper starts with the network level in the realization of industrial control protocol, and gives a fuzzy security test method based on the grammatical model. This paper first expounds the concept of protocol description model, then gives the definition of related grammar, and proposes a grammar model for industrial control protocol based on high-order attribute grammar. The model can accurately describe the format and constraint relationship of the structured data of the industrial control protocol. On this basis, the model proposes a fuzzy security test algorithm, combined with the characteristics of the industrial control protocol, elaborates on the analysis tree structure, test case generation and mutation strategy. At the same time, the model performs comparative experiments by simulating Modbus/TCP communication between the master and slave stations in the industrial control system (based on Modbus/TCP and IEC-104 protocols), and statistically tests the test results. The above method verifies that anomalous results can still be found at a lower time cost when generating fewer test cases. To a certain extent, the experimental results reflect the improved relevance and effectiveness of test cases.

[1]  Donald E. Knuth Semantics of context-free languages: Correction , 2005, Mathematical systems theory.

[2]  Ferhat Khendek,et al.  Partial order semantics for use case and task models , 2011, Formal Aspects of Computing.

[3]  Avishai Wool,et al.  Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[4]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.

[5]  Lin Wang,et al.  Data Object Based Security for DNP3 Over TCP/IP for Increased Utility Commercial Aspects Security , 2007, 2007 IEEE Power Engineering Society General Meeting.

[6]  Jianping Wu,et al.  A Formal Approach to Robustness Testing of Network Protocol , 2008, NPC.

[7]  Jean-François Pétin,et al.  Performance assessment of industrial control system during pre-sales uncertain context using automatic Colored Petri Nets model generation , 2016, 2016 International Conference on Control, Decision and Information Technologies (CoDIT).

[8]  Lei Ren,et al.  Multi-scale Dense Gate Recurrent Unit Networks for bearing remaining useful life prediction , 2019, Future Gener. Comput. Syst..

[9]  Magdi S Mahmoud,et al.  Using OPC technology to support the study of advanced process control. , 2015, ISA transactions.

[10]  Kenji Kono,et al.  AspFuzz: A state-aware protocol fuzzer based on application-layer protocols , 2010, The IEEE symposium on Computers and Communications.

[11]  Laurence T. Yang,et al.  A tensor-based big data model for QoS improvement in software defined networks , 2016, IEEE Network.

[12]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[13]  Alfred V. Aho,et al.  Compilers: Principles, Techniques, and Tools , 1986, Addison-Wesley series in computer science / World student series edition.