Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents

Pacheco, María Leonor; Hippel, Max von; Weintraub, Ben; Goldwasser, Dan; Nita-Rotaru, Cristina

doi:10.1109/sp46214.2022.9833673

Cited by 22 publications

(5 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This method uses an NLP algorithm based on zero-shot learning to extract network protocol syntax information from RFC documents, with an accuracy of 0.82. Reference [24] is also an artificial intelligence extraction method based on protocol specifications. The author proposes a data-driven method for extracting finite state machines from protocol specification RFC documents.…”

Section: Related Workmentioning

confidence: 99%

A Novel Network Protocol Syntax Extracting Method for Grammar-Based Fuzzing

Li,

Zhang,

Zhao

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

Network protocol syntax information plays a crucial role in grammar-based fuzzing. Current network protocol syntax extraction methods are less versatile, inefficient, and the extracted information is not comprehensive. This paper proposes a novel method for extracting syntax information, which innovatively extracts network protocol syntax from Wireshark protocol dissector files. The extracted syntax information includes packet types of the protocol, the constituent fields of each packet type, and detailed attributes of each field. Based on this method, an automated system for network protocol syntax information extraction was developed. The experiment was conducted with this system on a variety of protocols including DCCP, DNP3.0, Modbus TCP, and S7COMM. The experimental results show that compared with the current methods, our method has a better performance in terms of efficiency and versatility and at the same time ensures the comprehensiveness and accuracy of the extracted syntax information.

show abstract

Section: Related Workmentioning

confidence: 99%

A Novel Network Protocol Syntax Extracting Method for Grammar-Based Fuzzing

Li,

Zhang,

Zhao

et al. 2024

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…The evaluation showed that this approach could discover the same attacks as manually specified systems with fewer test cases. In 2022, Pacheco et al further proposed a more comprehensive method [69]. The method included three key steps: (1) a large-scale word representation learning of technical languages, (2) a zero-shot learning mapping of protocol text to an intermediate language, and (3) rule-based mapping from the intermediate language to specific protocol finite-state machines.…”

Section: Active-inference-based Approachesmentioning

confidence: 99%

A Survey on the Development of Network Protocol Fuzzing Techniques

Zhang¹,

Zhang²,

Zhao³

et al. 2023

Electronics

View full text Add to dashboard Cite

Network protocols, as the communication rules among computer network devices, are the foundation for the normal operation of networks. However, security issues arising from design flaws and implementation vulnerabilities in network protocols pose significant risks to network operations and security. Network protocol fuzzing is an effective technique for discovering and mitigating security flaws in network protocols. It offers unparalleled advantages compared to other security analysis techniques thanks to the minimal requirement for prior knowledge of the target and low deployment complexity. Nevertheless, the randomness in test case generation, uncontrollable test coverage, and unstable testing efficiency introduce challenges in ensuring the controllability of the testing process and results. In order to comprehensively survey the development of network protocol fuzzing techniques and analyze their advantages and existing issues, in this paper, we categorized and summarized the protocol fuzzing and its related techniques based on the generation methods of test cases and testing conditions. Specifically, we overviewed the development trajectory and patterns of these techniques over the past two decades according to chronological order. Based on this analysis, we further predict the future directions of fuzzing techniques.

show abstract

“…After matrix G is calculated, the maximum value in the matrix is taken as the similarity measure of the two packets, as shown in Equation (15).…”

Section: Fuzzing Test Cases Generation Algorithm Of Genetic Algorithm...mentioning

confidence: 99%

“…In protocol semantic analysis [14], field recognition algorithms are designed according to the characteristics of fields such as constant, length field, serial number, and function code. Pacheco [15] combines sequence alignment algorithms and dynamic stain analysis techniques for protocol reverse engineering. This work first uses the dynamic stain analysis method to parse out the field boundary, and then uses the sequence alignment algorithm to optimize the inference result of the field boundary in the previous step.…”

Section: Introductionmentioning

confidence: 99%

Fuzzing Technology Based on Information Theory for Industrial Proprietary Protocol

Che

Geng²,

Zhang

et al. 2023

Electronics

View full text Add to dashboard Cite

With the rapid development of the Industrial Internet of Things (IIoT), programmable logic controllers (PLCs) are becoming increasingly intelligent, leading to improved productivity. However, this also brings about a growing number of security vulnerabilities. As a result, efficiently identifying potential security vulnerabilities in PLCs has become a crucial research topic for security researchers. This article proposes a method for fuzzing industrial proprietary protocols to effectively identify security vulnerabilities in PLCs’ proprietary protocols. The aim of this study is to develop a protocol fuzzing approach that can uncover security vulnerabilities in PLCs’ proprietary protocols. To achieve this, the article presents a protocol structure parsing algorithm specifically designed for PLC proprietary protocols, utilizing information theory. Additionally, a fuzzing case generation algorithm based on genetic algorithms is introduced to select test cases that adhere to the format specifications of the proprietary protocol while exhibiting a high degree of mutation. The research methodology consists of several steps. Firstly, the proposed protocol structure parsing algorithm is used to analyze two known industrial protocols, namely Modbus TCP and S7Comm. The parsing results obtained from the algorithm are then compared with the correct results to validate its effectiveness. Next, the protocol structure parsing algorithm is applied to analyze the proprietary protocol formats of two PLC models. Finally, based on the analysis results, the PLCs are subjected to fuzzing. Overall, the proposed protocol fuzzing approach, incorporating the protocol structure parsing algorithm and the fuzzing case generation algorithm, successfully identifies two denial-of-service vulnerabilities in the PLCs’ proprietary protocols. Notably, one of these vulnerabilities is a zero-day vulnerability, indicating that it was previously unknown and undisclosed.

show abstract

Automated Attack Synthesis by Extracting Finite State Machines from Protocol Specification Documents

Cited by 22 publications

References 37 publications

A Novel Network Protocol Syntax Extracting Method for Grammar-Based Fuzzing

A Novel Network Protocol Syntax Extracting Method for Grammar-Based Fuzzing

A Survey on the Development of Network Protocol Fuzzing Techniques

Fuzzing Technology Based on Information Theory for Industrial Proprietary Protocol

Contact Info

Product

Resources

About