摘要： Modbus/TCP安全漏洞挖掘的相关协议包常采用随机方式生成，易产生过多无效包，降低漏洞挖掘效率。为此，基于循环神经网络（RNN）提出结构性模糊算法Fuzzy-RNN。从Modbus/TCP训练集中学习协议包各部分的概率分布，并考虑极端参数条件，实现针对性的模糊生成。实验结果表明，与通用模糊测试器GPF相比，Fuzzy-RNN算法在Modbus Slave、xMasterSlave等多种仿真软件上能以更高概率实现合法协议包的模糊生成，测试时间缩减50%以上，测试效率明显提高。

关键词: 工业控制协议, 漏洞挖掘, 模糊测试, 网络安全, 循环神经网络, 序列到序列

Abstract: The related protocol packets for Modbus/TCP security vulnerability mining are often generated in a random way,which is prone to generate excessive invalid packets and reduce the efficiency of vulnerability mining.To deal with this problem,a structural fuzzy algorithm named Fuzzy-RNN is proposed based on the concept of Recurrent Neural Networks(RNN).It learns the probability distribution of each part of the proptocol packet from the Modbus-TCP training set,and takes the corner cases into account,so as to realize the targeted fuzzy generation.Experimental results show that compared with the General Protocol Fuzzer(GPF),in a variety of simulation software such as Modbus Slave and xMasterSlave,the Fuzzy-RNN algorithm can achieve the fuzzy generation of legal protocol packets with a higher probability.The test time can be reduced by more than 50%,and its efficiency can be obviously improved.

Key words: Industrial Control Protocol(ICP), vulnerability mining, fuzzy testing, network security, Recurrent Neural Networks(RNN), sequence to sequence(seq2seq)

中图分类号: 

• TP393