Research on Virtualization-Based and Intelligently Guided Fuzzing Method for Industrial Control Systems Abstract
摘要
The security of Industrial Control Systems (ICS) is paramount for safeguarding national infrastructure and fostering economic progress. Traditional security testing methods often struggle with the intricacies of complex ICS environments. In response, this study introduces a novel fuzzing approach that leverages virtualization and intelligent guidance to enhance the detection of vulnerabilities within ICS software. The approach encompasses three key innovations: first, the creation of a virtualized environment designed to mimic ICS operating conditions across various operating systems, including VxWorks; second, the development of a state tree-guided test case generation strategy to boost coverage of business logic; and third, the incorporation of a cross-segment feedback mechanism to refine seed selection and mutation strategies. Empirical evaluations demonstrate that this method substantially outperforms conventional techniques in terms of test coverage and efficiency in uncovering vulnerabilities. This research contributes a pioneering technical strategy to bolster ICS security, which is vital for the protection of critical infrastructure.