Back to Search Start Over

DiffusionFuzz: Fuzzing Framework of Industrial Control Protocols Based on Denoising Diffusion Probabilistic Model

Authors :
Xuejun Zong
Wenjie Luo
Bowei Ning
Kan He
Lian Lian
Yifei Sun
Source :
IEEE Access, Vol 12, Pp 67795-67808 (2024)
Publication Year :
2024
Publisher :
IEEE, 2024.

Abstract

With the opening of industrial networks in the information age, the characteristic of Industrial Control Protocols (ICPs) to transmit plaintext without encryption exposes serious security risks, threatening the safe and stable operation of Industrial Control Systems (ICSs). Exploring the work of mining vulnerabilities in ICPs can use fuzzing to mine potential vulnerabilities in protocols to ensure the safe operation of ICS. However, traditional fuzzing methods require the construction of test cases based on expert experience and the format syntax specification of ICPs. This process is time-consuming, labor-intensive, inefficient, and limited when facing unknown ICPs. In response to these issues, this paper proposes an automated fuzzing method for ICPs based on the Denoising Diffusion Probabilistic Model (DDPM). Specifically, DDPM achieves the conversion from noise to data samples, which can easily and quickly generate test cases. On this basis, we designed a universal fuzzing framework, DiffusionFuzz, that can be applied to most ICPs. The experimental results obtained on ICPs such as Modbus/TCP in the Industrial Attack-Defense Range of the Key Laboratory of Information Security for Petrochemical Industry in Liaoning Province demonstrate that the test cases generated by this method are diverse, and outperform other fuzzing methods in terms of acceptance rate and ability to trigger exceptions. Certainly, DiffusionFuzz can enhance the effectiveness of fuzzing, identify vulnerabilities in ICPs, and thereby reduce potential economic risks and impacts.

Details

Language :
English
ISSN :
21693536
Volume :
12
Database :
Directory of Open Access Journals
Journal :
IEEE Access
Publication Type :
Academic Journal
Accession number :
edsdoj.9a31ea10994390933493b813a1f18f
Document Type :
article
Full Text :
https://doi.org/10.1109/ACCESS.2024.3399820