An adaptive fuzzing method based on transformer and protocol similarity mutation

Industrial control protocols have a large number of vulnerabilities due to lacking authentication and mis-use of function codes, which seriously threaten the production safety. Fuzzing, as a common method for vulnerability mining, has the disadvantages of low reception rate of generated test cases and blind mutation, which leads to poor vulnerability mining. To address these issues, we propose an adaptive fuzzing method based on Transformer and protocol similarity mutation. Firstly, the Transformer network is trained to learn the semantics information of the commonly used industrial control protocol Modbus TCP, which can generate test cases with a high reception rate in a short time. Secondly, during the test case generation stage, compare the semantic similarity and the size of random values between the newly generated bytes and the model input fields to determine whether to perform bit-flip mutation for the newly generated bytes, so as to reduce the overall similarity of the test cases and improve the test sys-tem abnormal rate. Finally, the byte importance self-adaptive algorithm is used to improve the mutation probability of bytes that are prone to trigger vulnerabilities. Experimental results indicate that compared with the traditional method, our method not only effectively improves the testing efficiency, but also increases the test system's abnormal rate. In addition, the ability of vulnerability mining capability has been effectively improved. (c) 2023 Elsevier Ltd. All rights reserved.