A survey on fuzz testing technologies for industrial control protocols

Abstract

The development of the industrial Internet of Things enables industrial control systems to become inter-networked and inter-connected, making them intelligent with high productivity. However, these systems are exposed to external environments and vulnerable to network attacks, which also suffer from internal vulnerabilities. Fuzz testing, in short fuzzing, is a technique to enhance the security of industrial control systems by finding errors when repeatedly executing software that injects illegal, malformed, or unexpected inputs into the systems. Unfortunately, traditional fuzzing of communication protocols faces low coverage and efficiency problems when being applied to industrial protocols, considering the characteristics of industrial protocols such as real-time and multi-interaction. Moreover, fuzzing is difficult to perform because many structures of industrial control protocols are not publicly available. Although researchers have started to focus on the fuzzing of industrial control protocols, existing literature still lacks a thorough survey of its recent advances. To fill this gap, we conduct a comprehensive survey on existing fuzzing methods for industrial control protocols. After a brief introduction to industrial control protocols and fuzzing, we propose a set of metrics for judging the pros and cons of existing fuzzing methods. Based on these metrics, we evaluate and compare the performance of fuzzing methods of industrial control protocols in the past eight years. Based on our review and analysis, we further summarize the open problems of these methods for achieving the proposed metrics and elaborate on future research directions toward secure industrial control systems.