网络安全与数据治理2025,Vol.44Issue(12):6-15,10.DOI:10.19358/j.issn.2097-1788.2025.12.002
一种协同表征学习与强化学习的工控协议模糊测试方法
A fuzz testing method for industrial control protocols based on representation learning and reinforcement learning
摘要
Abstract
Given the difficulty in modeling the complex formats and field dependencies of industrial control protocols,traditional fuzz testing suffers from shortcomings in test case acceptance rate and sample diversity.This paper proposes a fuzz testing method for industrial control protocols that combines multi-scale representation learning with reinforcement learning.This method com-bines the efficient feature extraction capabilities of depthwise separable convolutions with the global dependency modeling advanta-ges of a multi-head self-attention mechanism to design a multi-scale feature extractor that captures both local and global features.A reinforcement learning optimization strategy is introduced to enhance the latent space representation capability.A general ICP(Industrial Control Protocols)fuzz testing framework,RLCAFuzzer,is designed and validated experimentally against three com-mon industrial control protocols(Modbus/TCP,Ethernet/IP,and S7 comm)in a typical energy enterprise attack and defense scenario.Results demonstrate a significant improvement in the TCAR metric and enhanced anomaly triggering capability,demon-strating its effectiveness and advancement in industrial control protocol vulnerability detection.关键词
模糊测试/工业控制协议/漏洞挖掘/变分自编码器/TransformerKey words
fuzz testing/industrial control protocols/vulnerability detection/variational autoencoder/Transforme分类
信息技术与安全科学引用本文复制引用
He Kan,Wang Zhi,Shi Hongyan,Lian Lian,Sun Yifei,Ning Bowei,Zong Xuejun..一种协同表征学习与强化学习的工控协议模糊测试方法[J].网络安全与数据治理,2025,44(12):6-15,10.基金项目
辽宁省应用基础研究计划(2025JH2/101300012) (2025JH2/101300012)
辽宁省科技重大专项(2024JH1/11700049) (2024JH1/11700049)
辽宁省自然科学基金(2023-MSLH-273) (2023-MSLH-273)
辽宁省科学技术计划项目(2023JH1/10400082) (2023JH1/10400082)
