Vulnerability mining for Modbus TCP based on exception field positioning

Abstract Fuzzing has become an important approach in recent years in detecting vulnerabilities in industrial control system and its network protocol. Traditional fuzzing methods have the shortcomings of low efficiency and blindness. To solve this problem, we have developed an improved fuzzing method based on exception field positioning. The method adds a positioning phase in the testing procedure. We have established a field attribute set model of Modbus protocol and combined it with the attribute reduction algorithm to locate the key fields that trigger potential vulnerabilities. This algorithm assists in connecting the effects of the test cases so that we can adjust the test cases toward a more guided testing procedure, instead of plain random testing. In the simulation experiment, the developed fuzzing method has discovered certain vulnerabilities in Modbus TCP, which include an original vulnerability that has been submitted to the China National Vulnerability Database.

[1]  Martin Vuagnoux,et al.  Autodafé: an Act of Software Torture , 2005 .

[2]  El-Sayed M. El-Alfy,et al.  Towards scalable rough set based attribute subset selection for intrusion detection using parallel genetic algorithm in MapReduce , 2016, Simul. Model. Pract. Theory.

[3]  Helen D. Karatza,et al.  Performance evaluation of a SaaS cloud under different levels of workload computational demand variability and tardiness bounds , 2019, Simul. Model. Pract. Theory.

[4]  M S Waterman,et al.  Identification of common molecular subsequences. , 1981, Journal of molecular biology.

[5]  Doo-Hwan Bae,et al.  Automatic and lightweight grammar generation for fuzz testing , 2013, Comput. Secur..

[6]  Zhen Yang,et al.  Design and analysis on trusted network equipment access authentication protocol , 2015, Simul. Model. Pract. Theory.

[7]  Kai Chen,et al.  Using memory propagation tree to improve performance of protocol fuzzer when testing ICS , 2019, Comput. Secur..

[8]  Sujeet Shenoi,et al.  Attack taxonomies for the Modbus protocols , 2008, Int. J. Crit. Infrastructure Prot..

[9]  Yinong Chen,et al.  Internet of intelligent things and robot as a service , 2013, Simul. Model. Pract. Theory.

[10]  Rehab Duwairi,et al.  A novel approach for initializing the spherical K-means clustering algorithm , 2015, Simul. Model. Pract. Theory.

[11]  Andrzej Skowron,et al.  Rudiments of rough sets , 2007, Inf. Sci..

[12]  Zhen Yang,et al.  On monitoring and predicting mobile network traffic abnormality , 2015, Simul. Model. Pract. Theory.

[13]  Taeshik Shon,et al.  Grammar-based adaptive fuzzing: Evaluation on SCADA modbus protocol , 2016, 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm).

[14]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[15]  Stavros A. Koubias,et al.  A Modbus/TCP Fuzzer for testing internetworked industrial systems , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[16]  Helen D. Karatza,et al.  The impact of data locality on the performance of a SaaS cloud with real-time data-intensive applications , 2017, 2017 IEEE/ACM 21st International Symposium on Distributed Simulation and Real Time Applications (DS-RT).

[17]  Ting Wang,et al.  Design and Implementation of Fuzzing Technology for OPC Protocol , 2013, 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[18]  Chang Choi,et al.  A novel valuation pruning optimization fuzzing test model based on mutation tree for industrial control systems , 2018, Appl. Soft Comput..