Go to DBLP homepageTFVDFuzzer: Transformer-based Fuzzing Framework for Vulnerability Detection in Modbus Protocol
Abstract: The development of industrial control systems (ICS) has led to security vulnerabilities in ICS protocols, which have caused significant threats to these systems. Fuzzing is a highly effective technique for detecting vulnerabilities by exposing the target program to a large volume of malformed and unexpected input. Traditional fuzzing methods are time-consuming and have low acceptance rates and coverage due to the manual extraction of specifications, lack of guidance, and blind mutations, limiting their efficiency in discovering vulnerabilities. Currently, the Generative Adversarial Network (GAN)-based fuzzing methods are used to learn the syntax and format of the input data and generate valid test cases. However, they still suffer from low diversity in the generated test cases, which can affect the potential of triggering vulnerabilities. We have proposed a transformerbased fuzzing framework called TFVDFuzzer to solve these issues. In this framework, we leverage the Transformer model to automate the learning of ICS protocol specifications, especially Modbus, significantly speeding up the fuzzing process and enhancing the test case acceptance rate. Furthermore, we used a deep learning model that employs an attention mechanism to determine the appropriate bytes for mutations to enhance the diversity of the test cases. The TFVDFuzzer is assessed using a benchmark Modbus dataset. It outperforms Peach, Fuzzowski, and NCMFuzzer with significant improvements, achieving a Test Case Reception Rate (TCRR) of $\mathbf{9 8. 1 5 \%}$ compared to their highest values of $\mathbf{5 1. 4 2 \%, ~} \mathbf{6 9. 0 2 \%}$, and $\mathbf{9 4. 2 5 \%}$, respectively, and a Test System Anomaly Rate (TSAR) of $3.1 \%$ relative to their highest values of $0.445 \%, 0.475 \%$, and $0.96 \%$, respectively.
External IDs:dblp:conf/pst/AldystyML25
Loading