Active fuzzing for testing and securing cyber-physical systems

Author

Yuqi CHEN, Singapore Management UniversityFollow
Bohan XUAN, Zhejiang University
Christopher M. POSKITT, Singapore Management UniversityFollow
Jun SUN, Singapore Management UniversityFollow
Fan ZHANG, Zhejiang University

Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

7-2020

Abstract

Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to manually construct, blindly testing is ineffective due to the enormous search spaces and resource requirements, and intelligent fuzzing approaches require impractical amounts of data and network access. In this work, we propose active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing knowledge about the payload encodings. Our approach learns regression models for predicting sensor values that will result from sampled network packets, and uses these predictions to guide a search for payload manipulations (i.e. bit flips) most likely to drive the CPS into an unsafe state. Key to our solution is the use of online active learning, which iteratively updates the models by sampling payloads that are estimated to maximally improve them. We evaluate the efficacy of active fuzzing by implementing it for a water purification plant testbed, finding it can automatically discover a test suite of flow, pressure, and over/underflow attacks, all with substantially less time, data, and network access than the most comparable approach. Finally, we demonstrate that our prediction models can also be utilised as countermeasures themselves, implementing them as anomaly detectors and early warning systems.

Keywords

cyber-physical systems, fuzzing, active learning, benchmark generation, testing defence mechanisms

Discipline

Software Engineering

Research Areas

Software and Cyber-Physical Systems

Publication

ISSTA '20: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual, July 18-22

First Page

14

Last Page

26

ISBN

9781450380089

Identifier

10.1145/3395363.3397376

Publisher

ACM

City or Country

New York

Citation

CHEN, Yuqi; XUAN, Bohan; POSKITT, Christopher M.; SUN, Jun; and ZHANG, Fan. Active fuzzing for testing and securing cyber-physical systems. (2020). ISSTA '20: Proceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis, Virtual, July 18-22. 14-26.
Available at: https://ink.library.smu.edu.sg/sis_research/5189

Copyright Owner and License

Authors

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3395363.3397376