基于生成对抗网络的工控协议模糊测试研究OA

Traditional fuzzing relies on expert knowledge and protocol specifications,while neural network-based methods are constrained by the quality of training data and model structure.These methods exhibit poor effectiveness across different Industrial Control Protocols(ICPs)and lack a universal and efficient fuzzing approach.To address these issues,this paper proposes an ICP fuzzing method based on Wasserstein Generative Adversarial Network with Gradient Penalty(WGAN-GP),incorporating statisti-cal language model N-gram to refine the training results.This paper developed a universal fuzzing framework,GPFuzz,tailored for various ICPs.Experiments conducted in laboratory's oil and gas collection and transmission full-process industrial attack-defense range on three common ICPs(Modbus/TCP,Ethernet/IP,S7comm)demonstrate that the framework generates diverse test cases.These cases outperform other fuzzing methods in terms of acceptance rate and anomaly triggering indicators,providing an efficient and general security assessment method for ICS and enhancing the overall system security.