A growing awareness is brought that the safety and security of industrial control systems cannot be dealt with in isolation, and the safety and security of industrial control protocols (ICPs) should be considered jointly. Fuzz testing (fuzzing) for the ICP is a common way to discover whether the ICP itself is designed and implemented with flaws and network security vulnerability. Traditional fuzzing methods promote the safety and security testing of ICPs, and many of them have practical applications. However, most traditional fuzzing methods rely heavily on the specification of ICPs, which makes the test process a costly, time-consuming, troublesome and boring task. And the task is hard to repeat if the specification does not exist. In this study, we propose a smart and automated protocol fuzzing methodology based on improved deep convolution generative adversarial network and give a series of performance metrics. An automated and intelligent fuzzing framework BLSTM-DCNNFuzz for application is designed. Several typical ICPs, including Modbus and EtherCAT, are applied to test the effectiveness and efficiency of our framework. Experiment results show that our methodology outperforms the existing ones like General Purpose Fuzzer and other deep learning based fuzzing methods in convenience, effectiveness, and efficiency.

人们日益意识到，不能孤立地处理工业控制系统的安全性，应该共同考虑工业控制协议（ICP）的安全性。ICP的模糊测试（fuzzing）是发现ICP本身是否设计和实施有缺陷和网络安全漏洞的一种常用方法。传统的模糊方法促进了ICP的安全性测试，其中许多具有实际应用价值。但是，大多数传统的模糊测试方法严重依赖于ICP的规范，这使测试过程成为昂贵，费时，麻烦且无聊的任务。如果不存在该规范，则该任务很难重复。在这个研究中，我们提出了一种基于改进的深度卷积生成对抗网络的智能自动化协议模糊方法，并给出了一系列性能指标。设计了一种用于应用程序的自动智能模糊测试框架BLSTM-DCNNFuzz。包括Modbus和EtherCAT在内的几种典型ICP用于测试我们框架的有效性和效率。实验结果表明，我们的方法在便利性，有效性和效率方面均优于通用模糊器和其他基于深度学习的模糊方法。用于测试我们框架的有效性和效率。实验结果表明，我们的方法在便利性，有效性和效率方面均优于通用模糊器和其他基于深度学习的模糊方法。用于测试我们框架的有效性和效率。实验结果表明，我们的方法在便利性，有效性和效率方面均优于通用模糊器和其他基于深度学习的模糊方法。