Study on the fuzzing test method for industrial supervisory control configuration software based on genetic algorithm

Abstract

Information security of industrial control systems (ICS) is increasingly critical and as a key part of the ICS, the industrial supervisory control configuration software has a great impact on the ICS information security. Accordingly, the current information security issues of the industrial supervisory control configuration software, such as low security protection level, quantities of vulnerabilities, significant harm after attack and lack of effective vulnerability discovery methods, we present a vulnerability discovery method which uses fuzzing test to discover the vulnerabilities in the industrial supervisory control configuration software. First, the information security features of the industrial supervisory control configuration software are analyzed, next the fuzzing test framework is designed according to the information security features obtained, and then the test data generation method based on a Genetic Algorithm (GA) in the fuzzing test is emphatically discussed. The proposed test framework and test data generation method in the fuzzing test can be successfully applied in discovering the vulnerabilities of industrial supervisory control configuration software.