本文選題：工控協(xié)議 + 模糊測試��； 參考：《計算機科學(xué)》2017年05期

【摘要】：針對傳統(tǒng)Fuzzing測試應(yīng)用于工控系統(tǒng)存在測試覆蓋率和有效性低、異常監(jiān)測手段受限等不足,提出了一種基于狀態(tài)的工控協(xié)議Fuzzing測試方法。該方法采用XML腳本對協(xié)議狀態(tài)機進行描述,設(shè)計了基于協(xié)議狀態(tài)機的測試序列生成算法PSTSGM,對被測對象進行狀態(tài)引導(dǎo)以求達到更高的命中率和覆蓋率。提出了基于心跳的異常監(jiān)測與定位方法 HFDLM,采用心跳探測和循環(huán)定位的方式,對被測嵌入式設(shè)備進行異常行為監(jiān)測和異常用例定位。設(shè)計并實現(xiàn)了基于中間人代理的模糊測試原型系統(tǒng)SCADA-Fuzz,對電力SCADA系統(tǒng)進行了測試。實驗結(jié)果表明,利用狀態(tài)引導(dǎo)的測試能夠有效發(fā)現(xiàn)安全漏洞。
[Abstract]:Aiming at the shortcomings of traditional fuzzing test application in industrial control system, such as low test coverage, low effectiveness and limited abnormal monitoring means, a state-based industrial control protocol fuzzing testing method is proposed. In this method, XML script is used to describe the protocol state machine, and a test sequence generation algorithm based on protocol state machine (PSTSGM) is designed to guide the object under test to achieve higher hit rate and coverage. A method of abnormal monitoring and localization based on heartbeat is presented in this paper. The method of heartbeat detection and cyclic localization is used to detect abnormal behavior and locate abnormal use cases of embedded devices. A fuzzy test prototype system SCADA-Fuzzbased on middleman agent is designed and implemented, and the SCADA system of electric power is tested. Experimental results show that the state-guided test can effectively detect security vulnerabilities.
【作者單位】： 解放軍理工大學(xué)指揮信息系統(tǒng)學(xué)院;
【基金】：國家自然科學(xué)基金資助項目(611032253) 江蘇省自然科學(xué)基金資助項目(BK2011115)資助
【分類號】：TP273;TP309
，

本文編號：2038448