CGFuzzer: A Fuzzing Approach Based on Coverage-Guided Generative Adversarial Networks for Industrial IoT Protocols

Abstract

With the widespread application of the Industrial Internet of Things (IIoT), industrial control systems (ICSs) greatly improve industrial productivity, efficiency, and product quality. However, IIoT protocols as the bridge of different parts of ICSs are vulnerable to be attacked due to their vulnerabilities. To reduce cyberattack threats, we need to find the vulnerabilities of IIoT protocols by using efficient vulnerability mining methods, such as fuzzing. Fuzzing is often used to mine vulnerabilities for IIoT protocols. However, the traditional fuzzing methods for IIoT protocols have a low passing rate and low code coverage. To solve these problems, we propose a generative adversarial network (GAN), here referred to as coverage-guided GANs (CovGAN), which aims to generate test cases with a high passing rate and code coverage by learning IIoT protocol specifications. Based on the CovGAN, we construct a fuzzing framework (CGFuzzer) for IIoT protocols. Finally, we design a protocol simulator to verify the CovGAN performance. Experimental results show that the proposed methodology outperforms approximately 5%, 7%, and 39% of the passing rate of GANFuzz, SeqFuzzer, and Peach, respectively. In addition, CGFuzzer has a significant improvement in code coverage, which is about 17%, 24%, and 31% higher than GANFuzz, SeqFuzzer, and Peach, respectively.