关键词: 工业控制系统, 工控网络协议, 工控私有协议, 模糊测试, 协议特征学习, 漏洞挖掘, Modbus TCP协议

Abstract: To solve the difficulties that traditional vulnerability mining method can't be directly applied to Industrial Control System(ICS),a vulnerability mining method for industrial control network protocol based on fuzz testing was proposed.Protocol feature values were generated by testing cases variation factors for industrial control network protocol,each of which represented a type of ICS vulnerability features.Different test cases were generated by Modbus TCP protocol features and variation factors.Through bypass monitoring method and Modbus TCP protocol features relation between request and response,the difficult problem of determining the validity of testing cases was solved.Aiming at fuzzing industrial control private protocol,the industrial control private protocol tree was established,and the private protocol data set was classified.The private protocol features were learned by probability statistical method of variable byte values,length field learning method,Apriori and Needleman/Wunsch algorithm,which effectively improved the acceptance rate of testing cases for private protocol.Experimental analysis on real industrial control equipment proved that the proposed method could effectively detect vulnerabilities of industrial control public and private protocol.

Key words: industrial control system, industrial control network protocol, industrial control private protocol, fuzz testing, protocol features learning, vulnerability mining, Modbus TCP protocol