Industrial control protocol fuzzy test case generation method based on flow tracing

Abstract

The invention discloses an industrial control protocol fuzzy test case generation method based on flow tracing. The method comprises the following steps: step 1, reading a configuration file; step 2,extracting a protocol message related to the test protocol; step 3, filling the test case template to generate a test case script; analyzing real traffic, extracting message application layer data, converting the message data into Python language code representation, injecting the Python language code representation into a test case template, generating a test case script, and quickly carrying outa fuzzy test on the basis of not needing to manually compile a test case; and meanwhile, combining a plurality of different types of test cases in a targeted and random manner to test the target equipment. According to the invention, targeted and random combination is carried out by using a plurality of different types of test cases to test the target equipment, so that the test coverage rate iseffectively improved. The method is suitable for automatic testing of existing industrial control protocol vulnerability mining and industrial control protocol research and development.

Description

technical field [0001] The invention relates to the field of industrial network security, in particular to a method for generating fuzzy test cases of industrial control protocols based on traffic traceability. Background technique [0002] Industrial control systems are an important part of various infrastructures. With the development of computer and network technology, more and more Internet technologies are applied to them. While facing traditional control security threats, industrial control systems also face many threats from Internet network attacks, many of these attacks obtain key information of industrial control systems through loopholes in industrial control protocols, and even control the operation of industrial control system equipment through the network. Therefore, the security of industrial control protocols has become a focus of national information security. [0003] Fuzz testing is a highly automated black-box testing technique that is often used to disco...

AI Technical Summary

Problems solved by technology

Fuzz testing can find program implementation deficiencies by inputting a large amount of random data without entering the system or obtaining the source code. Will directly reset the connection, so such a test can only stay in the initial stage of the protocol state

[0004] In response to such problems, many fuzzing technologies generate test cases through message templates, such as Kitty, Sulley and other network protocol test frameworks. After manual analysis of protocol interactions and protocol definitions, the framework is used to provide field definition protocols, and then the framework is generated through these definitions. The test message is sent to the target device for fuzz testing, so that the message generated by the test can be parsed by the device and enter a deeper test path. However, the disadvantage of this type of fuzz testing technology is that it takes a lot of money to write test cases according to each test path. It is difficult to improve test efficiency when manpower is used to write use cases

Images