Industrial control protocols have a large number of vulnerabilities due to lacking authentication and misuse of function codes, which seriously threaten the production safety. Fuzzing, as a common method for vulnerability mining, has the disadvantages of low reception rate of generated test cases and blind mutation, which leads to poor vulnerability mining. To address these issues, we propose an adaptive fuzzing method based on Transformer and protocol similarity mutation. Firstly, the Transformer network is trained to learn the semantics information of the commonly used industrial control protocol Modbus TCP, which can generate test cases with a high reception rate in a short time. Secondly, during the test case generation stage, compare the semantic similarity and the size of random values between the newly generated bytes and the model input fields to determine whether to perform bit-flip mutation for the newly generated bytes, so as to reduce the overall similarity of the test cases and improve the test system abnormal rate. Finally, the byte importance self-adaptive algorithm is used to improve the mutation probability of bytes that are prone to trigger vulnerabilities. Experimental results indicate that compared with the traditional method, our method not only effectively improves the testing efficiency, but also increases the test system’s abnormal rate. In addition, the ability of vulnerability mining capability has been effectively improved.

工业控制协议由于缺乏认证和功能代码的滥用而存在大量漏洞，严重威胁生产安全。Fuzzing作为漏洞挖掘的常用方法，存在生成测试用例接收率低、盲目变异等缺点，导致漏洞挖掘效果不佳。为了解决这些问题，我们提出了一种基于 Transformer 和协议相似性变异的自适应模糊测试方法。首先训练Transformer网络学习常用工业控制协议Modbus TCP的语义信息，可以在短时间内生成高接收率的测试用例。其次，在测试用例生成阶段，比较新生成的字节和模型输入字段之间的语义相似度和随机值的大小，以确定是否对新生成的字节进行位翻转变异，以降低测试用例的整体相似度，提高测试系统异常率。最后采用字节重要性自适应算法，提高易触发漏洞字节的变异概率。实验结果表明，与传统方法相比，该方法不仅有效提高了测试效率，而且提高了测试系统的异常率。此外，漏洞挖掘能力得到有效提升。从而降低测试用例的整体相似度，提高测试系统的异常率。最后采用字节重要性自适应算法，提高易触发漏洞字节的变异概率。实验结果表明，与传统方法相比，该方法不仅有效提高了测试效率，而且提高了测试系统的异常率。此外，漏洞挖掘能力得到有效提升。从而降低测试用例的整体相似度，提高测试系统的异常率。最后采用字节重要性自适应算法，提高易触发漏洞字节的变异概率。实验结果表明，与传统方法相比，该方法不仅有效提高了测试效率，而且提高了测试系统的异常率。此外，漏洞挖掘能力得到有效提升。我们的方法不仅有效地提高了测试效率，而且提高了测试系统的异常率。此外，漏洞挖掘能力得到有效提升。我们的方法不仅有效地提高了测试效率，而且提高了测试系统的异常率。此外，漏洞挖掘能力得到有效提升。