Active fuzzing for testing and securing cyber-physical systems
Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2020
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/5189 https://ink.library.smu.edu.sg/context/sis_research/article/6192/viewcontent/active_fuzzing_issta20.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-6192 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-61922021-05-24T07:57:20Z Active fuzzing for testing and securing cyber-physical systems CHEN, Yuqi XUAN, Bohan POSKITT, Christopher M. SUN, Jun ZHANG, Fan Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to manually construct, blindly testing is ineffective due to the enormous search spaces and resource requirements, and intelligent fuzzing approaches require impractical amounts of data and network access. In this work, we propose active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing knowledge about the payload encodings. Our approach learns regression models for predicting sensor values that will result from sampled network packets, and uses these predictions to guide a search for payload manipulations (i.e. bit flips) most likely to drive the CPS into an unsafe state. Key to our solution is the use of online active learning, which iteratively updates the models by sampling payloads that are estimated to maximally improve them. We evaluate the efficacy of active fuzzing by implementing it for a water purification plant testbed, finding it can automatically discover a test suite of flow, pressure, and over/underflow attacks, all with substantially less time, data, and network access than the most comparable approach. Finally, we demonstrate that our prediction models can also be utilised as countermeasures themselves, implementing them as anomaly detectors and early warning systems. 2020-07-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/5189 info:doi/10.1145/3395363.3397376 https://ink.library.smu.edu.sg/context/sis_research/article/6192/viewcontent/active_fuzzing_issta20.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University cyber-physical systems fuzzing active learning benchmark generation testing defence mechanisms Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
cyber-physical systems fuzzing active learning benchmark generation testing defence mechanisms Software Engineering |
| spellingShingle |
cyber-physical systems fuzzing active learning benchmark generation testing defence mechanisms Software Engineering CHEN, Yuqi XUAN, Bohan POSKITT, Christopher M. SUN, Jun ZHANG, Fan Active fuzzing for testing and securing cyber-physical systems |
| description |
Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to manually construct, blindly testing is ineffective due to the enormous search spaces and resource requirements, and intelligent fuzzing approaches require impractical amounts of data and network access. In this work, we propose active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing knowledge about the payload encodings. Our approach learns regression models for predicting sensor values that will result from sampled network packets, and uses these predictions to guide a search for payload manipulations (i.e. bit flips) most likely to drive the CPS into an unsafe state. Key to our solution is the use of online active learning, which iteratively updates the models by sampling payloads that are estimated to maximally improve them. We evaluate the efficacy of active fuzzing by implementing it for a water purification plant testbed, finding it can automatically discover a test suite of flow, pressure, and over/underflow attacks, all with substantially less time, data, and network access than the most comparable approach. Finally, we demonstrate that our prediction models can also be utilised as countermeasures themselves, implementing them as anomaly detectors and early warning systems. |
| format |
text |
| author |
CHEN, Yuqi XUAN, Bohan POSKITT, Christopher M. SUN, Jun ZHANG, Fan |
| author_facet |
CHEN, Yuqi XUAN, Bohan POSKITT, Christopher M. SUN, Jun ZHANG, Fan |
| author_sort |
CHEN, Yuqi |
| title |
Active fuzzing for testing and securing cyber-physical systems |
| title_short |
Active fuzzing for testing and securing cyber-physical systems |
| title_full |
Active fuzzing for testing and securing cyber-physical systems |
| title_fullStr |
Active fuzzing for testing and securing cyber-physical systems |
| title_full_unstemmed |
Active fuzzing for testing and securing cyber-physical systems |
| title_sort |
active fuzzing for testing and securing cyber-physical systems |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2020 |
| url |
https://ink.library.smu.edu.sg/sis_research/5189 https://ink.library.smu.edu.sg/context/sis_research/article/6192/viewcontent/active_fuzzing_issta20.pdf |
| _version_ |
1770575325805150208 |