A Test Cases Generation Method for Industrial Control Protocol Test

The coverage of test cases is an important indicator for the security and robustness test of industrial control protocols. It is an important research topic to complete the test with less use cases. Taking Modbus protocol as an example, a calculation method of case similarity and population dispersion based on weight division is proposed in this paper. The method can describe the similarity of use cases and the dispersion degree of individuals in the population more accurately. Genetic algorithm is used to generate and optimize test cases, and individual similarity and population dispersion are used as fitness functions of genetic algorithm. Experimental results show that the proposed method can increase the population dispersion by 3.45% compared with the conventional methods and effectively improve the coverage of test cases.

[1]  Chih-Ta Lin,et al.  Cyber attack and defense on industry control systems , 2017, 2017 IEEE Conference on Dependable and Secure Computing.

[2]  Pavol Zavarsky,et al.  Analysis of SCADA Security Using Penetration Testing: A Case Study on Modbus TCP Protocol , 2018, 2018 29th Biennial Symposium on Communications (BSC).

[3]  Stavros A. Koubias,et al.  A Modbus/TCP Fuzzer for testing internetworked industrial systems , 2015, 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA).

[4]  Zachary N. J. Peterson,et al.  Analysis of Mutation and Generation-Based Fuzzing , 2007 .

[5]  Zhuo Chen,et al.  A Vulnerability Mining System Based on Fuzzing for IEC 61850 Protocol , 2017 .

[6]  Eliane Martins,et al.  ConData: A Tool for Automating Specification-Based Test Case Generation for Communication Systems , 1999, Proceedings of the 33rd Annual Hawaii International Conference on System Sciences.

[7]  Toshio Miyachi,et al.  Current issues and challenges on cyber security for industrial automation and control systems , 2014, 2014 Proceedings of the SICE Annual Conference (SICE).

[8]  Igor Nai Fovino,et al.  Design and Implementation of a Secure Modbus Protocol , 2009, Critical Infrastructure Protection.

[9]  Jing Liu,et al.  Vulnerability Mining Method for the Modbus TCP Using an Anti-Sample Fuzzer , 2020, Sensors.

[10]  Chao Zhang,et al.  MOPT: Optimized Mutation Scheduling for Fuzzers , 2019, USENIX Security Symposium.

[11]  Weihai Li,et al.  Fuzzing test data generation based on message matrix perturbation with keyword reference , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[12]  Andrew F. Tappenden,et al.  Policy Generator (PG): A Heuristic-Based Fuzzer , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[13]  Kenji Kono,et al.  AspFuzz: A state-aware protocol fuzzer based on application-layer protocols , 2010, The IEEE symposium on Computers and Communications.

[14]  Tibor Gyimóthy,et al.  Grammarinator: a grammar-based open source fuzzer , 2018, A-TEST@ESEC/SIGSOFT FSE.

[15]  J. David Schaffer,et al.  Representation and Hidden Bias: Gray vs. Binary Coding for Genetic Algorithms , 1988, ML.

[16]  Yaozong Liu,et al.  Troubleshooting Test Method Based on Industrial Control Grammar Model , 2019, 2019 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[17]  Kevin C. Almeroth,et al.  SNOOZE: Toward a Stateful NetwOrk prOtocol fuzZEr , 2006, ISC.

[18]  Roxana Geambasu,et al.  Pythia: Grammar-Based Fuzzing of REST APIs with Coverage-guided Feedback and Learning-based Mutations , 2020, ArXiv.

[19]  Aitor Arrieta,et al.  Search-based test case generation for Cyber-Physical Systems , 2017, 2017 IEEE Congress on Evolutionary Computation (CEC).

[20]  Zhang Yuqing,et al.  A fuzzing test for dynamic vulnerability detection on Android Binder mechanism , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[21]  Wang Chao,et al.  An Android Application Vulnerability Mining Method Based On Static and Dynamic Analysis , 2020, 2020 IEEE 5th Information Technology and Mechatronics Engineering Conference (ITOEC).

[22]  Ting Wang,et al.  Design and Implementation of Fuzzing Technology for OPC Protocol , 2013, 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[23]  Abdellatif Mezrioui,et al.  Cyber Security challenges and Issues of Industrial Control Systems–Some Security Recommendations , 2019, 2019 IEEE International Smart Cities Conference (ISC2).