针对传统Fuzzing测试应用于工控系统存在测试覆盖率和有效性低、异常监测手段受限等不足,提出了一种基于状态的工控协议Fuzzing测试方法.该方法采用XML脚本对协议状态机进行描述,设计了基于协议状态机的测试序列生成算法PSTSGM,对被测对象进行状态引导以求达到更高的命中率和覆盖率.提出了基于心跳的异常监测与定位方法HFDLM,采用心跳探测和循环定位的方式,对被测嵌入式设备进行异常行为监测和异常用例定位.设计并实现了基于中间人代理的模糊测试原型系统SCADA-Fuzz,对电力SCADA系统进行了测试.实验结果表明,利用状态引导的测试能够有效发现安全漏洞.%Traditional fuzzing methods for industrial control system(ICS) have shortcomings of small coverage,low effectiveness and limitation of fault monitoring in fuzzing.This paper proposed a protocol state machine based fuzzing method for ICS protocols.Firstly,it describes the protocol state machine model with XML scripts,and designs a protocol state based test sequences generating method (PSTSGM) to achieve higher coverage rate during fuzzing process.Then,it puts forward a heart-beat based detecting and locating method for faults (HDLMF).It aims to detect embedded equipment behavior faults and locate the abnormal cases via the way of heart-beat detection and loop location.On the basis of the proposed method,we designed and implemented a fuzzing tool SCADA-Fuzz,and performed tests on a power control SCADA system.Experimental results show that SCADA-Fuzz can effectively and efficiently trigger behavior faults and locate security vulnerabilities.
展开▼
