Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.1.179

Randomness Based Fuzzing Test Case Evaluation for Vulnerability Analysis of Industrial Control System  

Kim, SungJin (Ajou University)
Shon, Taeshik (Ajou University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.1, 2018 , pp. 179-186 More about this Journal
Abstract
The number of devices connect to the internet is rapidly increasing with the advent of the IoT(Internet of Things). The IoT has improved the convenience of life. However, it makes security issues such as privacy violations. Therefore cybersecurity is the most important issue to be discussed nowadays. Especially, various protocols are used for same purpose due to rapidly increase of IoT market. To deal with this security threat noble vulnerability analysis is needed. In this paper, we contribute to the IoT security by proposing a new randomness-based test case evaluation methodology using variance and entropy. The test case evaluation method proposed in this paper can evaluate the test cases at a high speed regardless of the test set size, unlike the traditional technique.
Keywords
Vulnerability Analysis; Fuzzing Test; Test Case Evaluation; Industrial Control System;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 IoT Security Alliance of KISA, IoT common security guide for security internalization of ICT convergence products and services, KISA, Sep. 2016.
2 Tahbildar, Hitesh, and Bichitra Kalita. "Automated software test data Generation: Direction of Research," International Journal of Computer Science and Engineering Survey, vol. 2, no. 1,pp. 99-120, Fep. 2011.   DOI
3 Rebecca Shapiro, Sergey Bratus, Edmond Rogers, and Sean Smith, "Identifying vulnerabilities in SCADA systems via fuzz-testing," International Conference on Critical Infrastructure Protection, pp. 57-72, Mar. 2011.
4 A. Shahbazi and J. Miller, "Black-Box String Test Case Generation through a Multi-Objective Optimization," IEEE Transactions on Software Engineering, vol. 42, no. 4, pp. 361-378, Apr. 2016.   DOI
5 Lee Jaeseo, Kim Jong-Myong, Kim SuYong, Yun Young-Tae, Kim Yong-Min, and Noh Bong-Nam, "A Length-based File Fuzzing Test Suite Reduction Algorithm for Evaluation of Software Vulnerability," Journal of The Korea Institute of Information Security & Cryptology, 23(2), pp. 231-242, Apr. 2013.   DOI
6 L. Bassham, Andrew R., et al, "A statistical test suite for random and pseudorandom number generators for cryptographic applications," NIST Sp 800-22, Apr. 2010.
7 SungJin Kim, Taeshik Shon. "Field Classification based Novel Fuzzing Case Generation for ICS Protocols," Journal of Supercomputing, pp. 1-17, Feb. 2017.
8 Becker, Sheila, Humberto Abdelnur, Radu State, and Thomas Engel, "An autonomic testing framework for IPv6 configuration protocols," IFIP International Conference on Autonomous Infrastructure, pp. 65-76, Jun. 2010.
9 Tsong yueh Chen, Rei-Ching Kuo, Robert G. merkel, and T.H. Tse, "Adaptive random testing: The art of test case diversity," Journal of Systems and Software, vol. 83, no. 1, pp. 60-66, Jan. 2010.   DOI
10 Hyunguk Yoo, Taeshik Shon, "Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol," IEEE SmartGridComm, Nov. 2016.
11 Peng, S., Cui, B., Jia, R., Liang, S., and Zhang, Y, "A novel vulnerability detection method for ZigBee MAC layer," International Journal of Grid and Utility Computing, vol. 4, no. 2/3, pp. 134-143, Sep. 2013.   DOI
12 Raimbault, S. "libmodbus". Available from http://libmodbus.org/. (Accessed 25 May 2017).
13 Hemmati, H., Arcuri, A., and Briand, L., "Reducing the cost of model-based testing through test case diversity," International Conference on Testing Software and Systems, pp.63-78, Nov. 2010.
14 Shi, Q., Chen, Z., Fang, C., Feng, Y., and Xu, B., "Measuring the diversity of a test set with distance entropy," IEEE Transactions on Reliability, vol. 65, no. 1, pp. 19-27, Mar. 2016.   DOI
15 Hemmati, H., Arcuri, A., and Briand, L., "Achieving scalable model-based testing through test case diversity," ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 22, no. 6, Feb. 2013.
16 Arcuri, A., and Briand, L., "Adaptive random testing: An illusion of effectiveness?," 2011 International Symposium on Software Testing and Analysis(ISSTA), pp.265-275, Jul. 2011.