KIT | KIT-Bibliothek | Impressum | Datenschutz

Smarter Evolution: Enhancing Evolutionary Black Box Fuzzing with Adaptive Models

Borcherding, Anne ORCID iD icon 1; Morawetz, Martin 2; Pfrang, Steffen 1
1 Fraunhofer-Institut für Optronik, Systemtechnik und Bildauswertung (IOSB)
2 Fakultät für Informatik – Lehrstuhl IES Beyerer: Interaktive Echtzeitsysteme (Lehrstuhl IES Beyerer: Interaktive Echtzeitsysteme), Karlsruher Institut für Technologie (KIT)

Abstract (englisch):

Smart production ecosystems are a valuable target for attackers. In particular, due to the high level of connectivity introduced by Industry 4.0, attackers can potentially attack individual components of production systems from the outside. One approach to strengthening the security of industrial control systems is to perform black box security tests such as network fuzzing. These are applicable, even if no information on the internals of the control system is available. However, most security testing strategies assume a gray box setting, in which some information on the internals are available. We propose a new approach to bridge the gap between these gray box strategies and the real-world black box setting in the domain of industrial control systems. This approach involves training an adaptive machine learning model that approximates the information that is missing in a black box setting. We propose three different approaches for the model, combine them with an evolutionary testing approach, and perform an evaluation using a System under Test with known vulnerabilities. Our evaluation shows that the model is indeed able to learn valuable information about a previously unknown system, and that more vulnerabilities can be uncovered with our approach. ... mehr


Verlagsausgabe §
DOI: 10.5445/IR/1000162163
Veröffentlicht am 18.09.2023
Originalveröffentlichung
DOI: 10.3390/s23187864
Scopus
Zitationen: 1
Web of Science
Zitationen: 1
Dimensions
Zitationen: 1
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Anthropomatik und Robotik (IAR)
Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Fakultät für Informatik – Lehrstuhl IES Beyerer: Interaktive Echtzeitsysteme (Lehrstuhl IES Beyerer: Interaktive Echtzeitsysteme)
Publikationstyp Zeitschriftenaufsatz
Publikationsdatum 13.09.2023
Sprache Englisch
Identifikator ISSN: 1424-8220
KITopen-ID: 1000162163
HGF-Programm 46.23.04 (POF IV, LK 01) Engineering Security for Production Systems
Erschienen in Sensors
Verlag MDPI
Band 23
Heft 18
Seiten Art.-Nr.: 7864
Bemerkung zur Veröffentlichung This article belongs to the Special Issue Technological Challenges and Trends in Smart Production Ecosystems.
Nachgewiesen in Scopus
Web of Science
Dimensions
Globale Ziele für nachhaltige Entwicklung Ziel 9 – Industrie, Innovation und Infrastruktur
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page