Mohammadhossein Amouei,Mohsen Rezvani,Mansoor Fateh

DOI: https://doi.org/10.1109/TDSC.2021.3095417

2023-12-13

Abstract:Due to the increasing sophistication of web attacks, Web Application Firewalls (WAFs) have to be tested and updated regularly to resist the relentless flow of web attacks. In practice, using a brute-force attack to discover vulnerabilities is infeasible due to the wide variety of attack patterns. Thus, various black-box testing techniques have been proposed in the literature. However, these techniques suffer from low efficiency. This paper presents Reinforcement-Learning-Driven and Adaptive Testing (RAT), an automated black-box testing strategy to discover injection vulnerabilities in WAFs. In particular, we focus on SQL injection and Cross-site Scripting, which have been among the top ten vulnerabilities over the past decade. More specifically, RAT clusters similar attack samples together. It then utilizes a reinforcement learning technique combined with a novel adaptive search algorithm to discover almost all bypassing attack patterns efficiently. We compare RAT with three state-of-the-art methods considering their objectives. The experiments show that RAT performs 33.53% and 63.16% on average better than its counterparts in discovering the most possible bypassing payloads and reducing the number of attempts before finding the first bypassing payload when testing well-configured WAFs, respectively.

Cryptography and Security,Artificial Intelligence,Information Retrieval

Ankur Chowdhary,Kritshekhar Jha,Ming Zhao

DOI: https://doi.org/10.3390/s23188014

2023-09-21

Abstract:The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the significant effort invested in manual penetration testing.

Ke Li,Heng Yang,Willem Visser

DOI: https://doi.org/10.48550/arXiv.2206.05743

2022-06-12

Abstract:Web application firewall (WAF) plays an integral role nowadays to protect web applications from various malicious injection attacks such as SQL injection, XML injection, and PHP injection, to name a few. However, given the evolving sophistication of injection attacks and the increasing complexity of tuning a WAF, it is challenging to ensure that the WAF is free of injection vulnerabilities such that it will block all malicious injection attacks without wrongly affecting the legitimate message. Automatically testing the WAF is, therefore, a timely and essential task. In this paper, we propose DaNuoYi, an automatic injection testing tool that simultaneously generates test inputs for multiple types of injection attacks on a WAF. Our basic idea derives from the cross-lingual translation in the natural language processing domain. In particular, test inputs for different types of injection attacks are syntactically different but may be semantically similar. Sharing semantic knowledge across multiple programming languages can thus stimulate the generation of more sophisticated test inputs and discovering injection vulnerabilities of the WAF that are otherwise difficult to find. To this end, in DaNuoYi, we train several injection translation models by using multi-task learning that translates the test inputs between any pair of injection attacks. The model is then used by a novel multi-task evolutionary algorithm to co-evolve test inputs for different types of injection attacks facilitated by a shared mating pool and domain-specific mutation operators at each generation. We conduct experiments on three real-world open-source WAFs and six types of injection attacks, the results reveal that DaNuoYi generates up to 3.8x and 5.78x more valid test inputs (i.e., bypassing the underlying WAF) than its state-of-the-art single-task counterparts and the context-free grammar-based injection construction.

Neural and Evolutionary Computing

Fan Zhang,Qianmei Wu,Bohan Xuan,Yuqi Chen,Wei Lin,Christopher M. Poskitt,Jun Sun,Binbin Chen

DOI: https://doi.org/10.1109/tse.2023.3309330

2020-01-01

Abstract:Cyber-physical systems (CPSs) automating critical public infrastructure face a pervasive threat of attack, motivating research into different types of countermeasures. Assessing the effectiveness of these countermeasures is challenging, however, as benchmarks are difficult to construct manually, existing automated testing solutions often make unrealistic assumptions, and blindly fuzzing is ineffective at finding attacks due to the enormous search spaces and resource requirements. In this work, we propose active sensor fuzzing , a fully automated approach for building test suites without requiring any a prior knowledge about a CPS. Our approach employs active learning techniques. Applied to a real-world water treatment system, our approach manages to find attacks that drive the system into 15 different unsafe states involving water flow, pressure, and tank levels, including nine that were not covered by an established attack benchmark. Furthermore, we successfully generate targeted multi-point attacks which have been long suspected to be possible. We reveal that active sensor fuzzing successfully extends the attack benchmarks generated by our previous work, an ML-guided fuzzing tool, with two more kinds of attacks. Finally, we investigate the impact of active learning on models and the reason that the model trained with active learning is able to discover more attacks.

Liqun Yang,Chunan Li,Yongxin Qiu,Chaoren Wei,Jian Yang,Hongcheng Guo,Jinxin Ma,Zhoujun Li

2024-01-30

Abstract:The importance of addressing security vulnerabilities is indisputable, with software becoming crucial in sectors such as national defense and finance. Consequently, The security issues caused by software vulnerabilities cannot be ignored. Fuzz testing is an automated software testing technology that can detect vulnerabilities in the software. However, most previous fuzzers encounter challenges that fuzzing performance is sensitive to initial input seeds. In the absence of high-quality initial input seeds, fuzzers may expend significant resources on program path exploration, leading to a substantial decrease in the efficiency of vulnerability detection. To address this issue, we propose WGAN-AFL. By collecting high-quality testcases, we train a generative adversarial network (GAN) to learn their features, thereby obtaining high-quality initial input seeds. To overcome drawbacks like mode collapse and training instability inherent in GANs, we utilize the Wasserstein GAN (WGAN) architecture for training, further enhancing the quality of the generated seeds. Experimental results demonstrate that WGAN-AFL significantly outperforms the original AFL in terms of code coverage, new paths, and vulnerability discovery, demonstrating the effective enhancement of seed quality by WGAN-AFL.

Cryptography and Security

Jiahao Yu,Xingwei Lin,Zheng Yu,Xinyu Xing

2024-06-28

Abstract:Large language models (LLMs) have recently experienced tremendous popularity and are widely used from casual conversations to AI-driven programming. However, despite their considerable success, LLMs are not entirely reliable and can give detailed guidance on how to conduct harmful or illegal activities. While safety measures can reduce the risk of such outputs, adversarial jailbreak attacks can still exploit LLMs to produce harmful content. These jailbreak templates are typically manually crafted, making large-scale testing challenging. In this paper, we introduce GPTFuzz, a novel black-box jailbreak fuzzing framework inspired by the AFL fuzzing framework. Instead of manual engineering, GPTFuzz automates the generation of jailbreak templates for red-teaming LLMs. At its core, GPTFuzz starts with human-written templates as initial seeds, then mutates them to produce new templates. We detail three key components of GPTFuzz: a seed selection strategy for balancing efficiency and variability, mutate operators for creating semantically equivalent or similar sentences, and a judgment model to assess the success of a jailbreak attack. We evaluate GPTFuzz against various commercial and open-source LLMs, including ChatGPT, LLaMa-2, and Vicuna, under diverse attack scenarios. Our results indicate that GPTFuzz consistently produces jailbreak templates with a high success rate, surpassing human-crafted templates. Remarkably, GPTFuzz achieves over 90% attack success rates against ChatGPT and Llama-2 models, even with suboptimal initial seed templates. We anticipate that GPTFuzz will be instrumental for researchers and practitioners in examining LLM robustness and will encourage further exploration into enhancing LLM safety.

Artificial Intelligence

Bojian Jiang,Yi Jing,Tianhao Shen,Tong Wu,Qing Yang,Deyi Xiong

2024-10-05

Abstract:Ensuring the safety of large language models (LLMs) is paramount, yet identifying potential vulnerabilities is challenging. While manual red teaming is effective, it is time-consuming, costly and lacks scalability. Automated red teaming (ART) offers a more cost-effective alternative, automatically generating adversarial prompts to expose LLM vulnerabilities. However, in current ART efforts, a robust framework is absent, which explicitly frames red teaming as an effectively learnable task. To address this gap, we propose Automated Progressive Red Teaming (APRT) as an effectively learnable framework. APRT leverages three core modules: an Intention Expanding LLM that generates diverse initial attack samples, an Intention Hiding LLM that crafts deceptive prompts, and an Evil Maker to manage prompt diversity and filter ineffective samples. The three modules collectively and progressively explore and exploit LLM vulnerabilities through multi-round interactions. In addition to the framework, we further propose a novel indicator, Attack Effectiveness Rate (AER) to mitigate the limitations of existing evaluation metrics. By measuring the likelihood of eliciting unsafe but seemingly helpful responses, AER aligns closely with human evaluations. Extensive experiments with both automatic and human evaluations, demonstrate the effectiveness of ARPT across both open- and closed-source LLMs. Specifically, APRT effectively elicits 54% unsafe yet useful responses from Meta's Llama-3-8B-Instruct, 50% from GPT-4o (API access), and 39% from Claude-3.5 (API access), showcasing its robust attack capability and transferability across LLMs (especially from open-source LLMs to closed-source LLMs).

Cryptography and Security,Computation and Language

Jinyin Chen,Shulong Hu,Haibin Zheng,Changyou Xing,Guomin Zhang

DOI: https://doi.org/10.1016/j.cose.2022.103055

2022-12-09

Abstract:Penetration testing (PT) is an efficient tool for network testing and vulnerability mining by simulating the hackers' attacks to obtain valuable information applied in operating and database systems. Most of the traditional manual solutions are strongly relying on the domain knowledge of human experts with high penetration costs. Therefore, solutions based on the artificial intelligent algorithm such as reinforcement learning (RL) and deep reinforcement learning (DRL), with less time-consuming and lower labor costs, become a great solution to address the challenge. However, there are still a few challenges for RL/DRL-based PT in real penetration scenarios, such as the large dimension size of the agent's discrete action space usually causing difficulties in convergence. To address the above issue, this paper proposes a novel framework named G enerative A dversarial I mitation L earning based intelligent P enetration T esting (GAIL-PT), which utilizes expert knowledge base and GAIL network to guide the policy generation of RL/DRL agents with lower costs. Specifically, we first construct the expert knowledge bases by collecting state-action pairs from the successful exploitations of pre-trained RL/DRL models. Secondly, we feed the expert knowledge bases generated by different RL/DRL models online into the discriminator of GAIL-PT to guide its training process. Besides, we integrate the losses of the generator and the discriminator in GAIL-PT to optimize the overall objective and use the discriminator's discounted rewards for policy generation. The extensive experiments conducted on the practical target hosts and simulated network scenarios demonstrate that GAIL-PT achieves outstanding performance, and outperforms the state-of-art method DeepExploit in exploiting Metasploitable2 and Q-learning in different scale networks. It also verified that GAIL-PT is a general leading framework suitable for RL/DRL-based methods. The code of GAIL-PT is open-sourced at https://github.com/Shulong98/GAIL-PT//.

computer science, information systems

Kirti V. Deshpande,Jaibir Singh

DOI: https://doi.org/10.1007/s11042-023-17356-9

IF: 2.577

2023-10-18

Multimedia Tools and Applications

Abstract:Web application firewalls (WAFs) and other Intrusion Detection Systems (IDS) techniques are employed to defend the network against web attacks. Even so, attacks may succeed since most WAFs demand extensive configuration expertise that depends on filters. Despite notable successes, deep information has been utilized in varied applications. Still, it's crucial to have a reliable method for detecting the attack due to the attacker's various ways of concealment of the URLs. Several methods were introduced for detecting the attacks in web applications; still, the accuracy of detection and the computation burden are challenging aspects. Hence, a web attack detection mechanism is introduced in this research using the deep learning framework using the URL request. The proposed method utilizes a three-fold attack detection strategy to detect the attack with minimal computation complexity. Initially, the profile is checked to determine the genuinity of a user, and then, the bot scanners are identified using the generalized adversarial network (GAN). Finally, the attack detection is employed using the transformer neural network, wherein the adjustable parameters are modified using the weighted mean of vectors (INFO) optimization technique. The performance of a proposed method is evaluated based on various assessment measures like Accuracy, Precision, Recall, F-Measure, TPR, FPR, FNR and TNR and acquired the values of 99.97%, 99.96%, 99.97%, 99.97%, 99.97%, 0.03%, 0.03%, and 99.97% respectively.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Hongri Liu,Chuhan Liu,Xiansheng Wu,Yun Qu,Hongmei Liu

DOI: https://doi.org/10.3390/electronics13214311

IF: 2.9

2024-11-03

Electronics

Abstract:Given the large action space and state space involved in penetration testing, reinforcement learning is widely applied to enhance testing efficiency. This paper proposes an automatic penetration testing scheme based on hierarchical reinforcement learning to reduce both action space and state space. The scheme includes a network intelligence responsible for specifying the penetration host and a host intelligence designated to perform penetration testing on the selected host. Specifically, within the network intelligence, an action-masking mechanism is adopted to shield unenabled actions, thereby reducing the explorable action space and improving the penetration testing efficiency. Additionally, the host intelligence employs an invalid discrimination mechanism, terminating testing after actions that do not alter system states, thereby preventing sudden increases in the number of neural network training steps for an action. An optimistic estimation mechanism is also introduced to select penetration strategies suited to various hosts, preventing training crashes due to value confusion between different hosts. Ablation experiments demonstrate that the host intelligence can learn different penetration strategies for varying penetration depths without significant fluctuations in training steps, and the network intelligence can coordinate with the host intelligence to perform network penetration steadily. This hierarchical reinforcement learning framework can detect network vulnerabilities more quickly and accurately, significantly reducing the cost of security policy updates.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuqi Chen,Christopher M. Poskitt,Jun Sun,Sridhar Adepu,Fan Zhang

DOI: https://doi.org/10.1109/ase.2019.00093

2019-11-01

Abstract:The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to test them against are not always available. In this paper, we propose smart fuzzing, an automated, machine learning guided technique for systematically finding ‘test suites’ of CPS network attacks, without requiring any knowledge of the system’s control programs or physical processes. Our approach uses predictive machine learning models and metaheuristic search algorithms to guide the fuzzing of actuators so as to drive the CPS into different unsafe physical states. We demonstrate the efficacy of smart fuzzing by implementing it for two real-world CPS testbeds-a water purification plant and a water distribution system–finding attacks that drive them into 27 different unsafe states involving water flow, pressure, and tank levels, including six that were not covered by an established attack benchmark. Finally, we use our approach to test the effectiveness of an invariant-based defence system for the water treatment plant, finding two attacks that were not detected by its physical invariant checks, highlighting a potential weakness that could be exploited in certain conditions.

Boyu Sun,Wenyuan Yang,Mengqi Yan,Yuesheng Zhu,Zhiqiang Bai

DOI: https://doi.org/10.1109/icccs55155.2022.9846237

2022-01-01

Abstract:Website Fingerprinting (WF) can be used by network eavesdroppers to infer information about the content of encrypted and anonymous connections. Several defenses leverage adversarial examples to mitigate the threat of WF attacks, but they require to get entire traffic traces after network sessions have concluded to produce adversarial examples, thus offer users little protection in practical settings. In this paper, a novel practical WF defense method called WF-UAP is proposed by crafting Universal Adversarial Perturbations (UAP) to fight back against WF attacks, in which adversarial examples are produced to fool the classifiers used in WF attacks when UAPs are added to any network traffic trace in the target domain. We further present a Generative Adversarial Network (GAN) based UAP generation approach to enhance the performance of UAPs. It can efficiently generate UAPs once the generator is trained and make the adversarial traces and original traffic traces are more difficult to distinguish. Our experimental results over a public dataset demonstrate that WF-UAP reduces the accuracy of the state-of-the-art WF attacks from 98% to 15% with at most 20% increased bandwidth overhead, which outperforms the previous defenses in terms of the defense performance and overhead.

Wanyou Lv,Jiawen Xiong,Jianqi Shi,Yanhong Huang,Shengchao Qin

DOI: https://doi.org/10.1007/s10845-020-01584-z

IF: 8.3

2020-05-23

Journal of Intelligent Manufacturing

Abstract:A growing awareness is brought that the safety and security of industrial control systems cannot be dealt with in isolation, and the safety and security of industrial control protocols (ICPs) should be considered jointly. Fuzz testing (fuzzing) for the ICP is a common way to discover whether the ICP itself is designed and implemented with flaws and network security vulnerability. Traditional fuzzing methods promote the safety and security testing of ICPs, and many of them have practical applications. However, most traditional fuzzing methods rely heavily on the specification of ICPs, which makes the test process a costly, time-consuming, troublesome and boring task. And the task is hard to repeat if the specification does not exist. In this study, we propose a smart and automated protocol fuzzing methodology based on improved deep convolution generative adversarial network and give a series of performance metrics. An automated and intelligent fuzzing framework BLSTM-DCNNFuzz for application is designed. Several typical ICPs, including Modbus and EtherCAT, are applied to test the effectiveness and efficiency of our framework. Experiment results show that our methodology outperforms the existing ones like General Purpose Fuzzer and other deep learning based fuzzing methods in convenience, effectiveness, and efficiency.

engineering, manufacturing,computer science, artificial intelligence

Piyush Jha,Joseph Scott,Jaya Sriram Ganeshna,Mudit Singh,Vijay Ganesh

2024-02-02

Abstract:We present a novel tool BertRLFuzzer, a BERT and Reinforcement Learning (RL) based fuzzer aimed at finding security vulnerabilities for Web applications. BertRLFuzzer works as follows: given a set of seed inputs, the fuzzer performs grammar-adhering and attack-provoking mutation operations on them to generate candidate attack vectors. The key insight of BertRLFuzzer is the use of RL with a BERT model as an agent to guide the fuzzer to efficiently learn grammar-adhering and attack-provoking mutation operators. In order to establish the efficacy of BertRLFuzzer we compare it against a total of 13 black box and white box fuzzers over a benchmark of 9 victim websites with over 16K LOC. We observed a significant improvement relative to the nearest competing tool in terms of time to first attack (54% less), new vulnerabilities found (17 new vulnerabilities), and attack rate (4.4% more attack vectors generated).

Software Engineering,Cryptography and Security,Machine Learning

Isamu Isozaki,Manil Shrestha,Rick Console,Edward Kim

2024-10-26

Abstract:Hacking poses a significant threat to cybersecurity, inflicting billions of dollars in damages annually. To mitigate these risks, ethical hacking, or penetration testing, is employed to identify vulnerabilities in systems and networks. Recent advancements in large language models (LLMs) have shown potential across various domains, including cybersecurity. However, there is currently no comprehensive, open, end-to-end automated penetration testing benchmark to drive progress and evaluate the capabilities of these models in security contexts. This paper introduces a novel open benchmark for LLM-based automated penetration testing, addressing this critical gap. We first evaluate the performance of LLMs, including GPT-4o and Llama 3.1-405B, using the state-of-the-art PentestGPT tool. Our findings reveal that while Llama 3.1 demonstrates an edge over GPT-4o, both models currently fall short of performing fully automated, end-to-end penetration testing. Next, we advance the state-of-the-art and present ablation studies that provide insights into improving the PentestGPT tool. Our research illuminates the challenges LLMs face in each aspect of Pentesting, e.g. enumeration, exploitation, and privilege escalation. This work contributes to the growing body of knowledge on AI-assisted cybersecurity and lays the foundation for future research in automated penetration testing using large language models.

Cryptography and Security,Artificial Intelligence

Gelei Deng,Yi Liu,Víctor Mayoral-Vilches,Peng Liu,Yuekang Li,Yuan Xu,Tianwei Zhang,Yang Liu,Martin Pinzger,Stefan Rass

2024-06-03

Abstract:Penetration testing, a crucial industrial practice for ensuring system security, has traditionally resisted automation due to the extensive expertise required by human professionals. Large Language Models (LLMs) have shown significant advancements in various domains, and their emergent abilities suggest their potential to revolutionize industries. In this research, we evaluate the performance of LLMs on real-world penetration testing tasks using a robust benchmark created from test machines with platforms. Our findings reveal that while LLMs demonstrate proficiency in specific sub-tasks within the penetration testing process, such as using testing tools, interpreting outputs, and proposing subsequent actions, they also encounter difficulties maintaining an integrated understanding of the overall testing scenario. In response to these insights, we introduce PentestGPT, an LLM-empowered automatic penetration testing tool that leverages the abundant domain knowledge inherent in LLMs. PentestGPT is meticulously designed with three self-interacting modules, each addressing individual sub-tasks of penetration testing, to mitigate the challenges related to context loss. Our evaluation shows that PentestGPT not only outperforms LLMs with a task-completion increase of 228.6\% compared to the \gptthree model among the benchmark targets but also proves effective in tackling real-world penetration testing challenges. Having been open-sourced on GitHub, PentestGPT has garnered over 4,700 stars and fostered active community engagement, attesting to its value and impact in both the academic and industrial spheres.

Software Engineering,Cryptography and Security

Peishuai Sun,Shuhao Li,Jiang Xie,Hongbo Xu,Zhenyu Cheng,Rong Yang

DOI: https://doi.org/10.1016/j.cose.2023.103257

2023-04-13

Abstract:Machine learning (ML) is increasingly used for malicious traffic detection and proven to be effective. However, ML-based detections are at risk of being deceived by adversarial examples. It is critical to carry out adversarial attacks to evaluate the robustness of detections. Some research papers have studied adversarial attacks on ML-based detections, while most of them are in unreal scenarios. It mainly includes two aspects: (i) adversarial attacks gain extra prior knowledge about ML-based models, such as the datasets and features used by the model, which are unlikely to be available in reality; (ii) adversarial attacks generate unpractical examples, which are traffic features or traffic that doesn't compliance with communication protocol rules. In this paper, we propose an adversarial attack framework GPMT , which generates practical adversarial malicious traffic to deceive the ML-based detection. Compared with previous work, our work mainly has the following advantages: (i) little prior knowledge: we limit the possessed prior knowledge to simulate black-box attacks for real situations; (ii) more adversarial and practical examples: we employ Wasserstein GAN (WGAN) to execute adversarial attacks and design a novel loss function, which generates practical adversarial examples that are more likely to deceive detections. We attack nine ML-based models in the CTU-13 dataset to demonstrate the framework's validity. Experimental results show that GPMT is more effective and versatile than other methods. For nine models, mean evasion increase rate ( EIR ) can reach 65.53%, which is 16.48% higher than the best of related methods, DIGFuPAS . In addition, we test other datasets to verify the generality of the framework. The experiment shows that our attack is equally applicable.

computer science, information systems

Qi Wang,Jianjun Chen,Zheyu Jiang,Run Guo,Ximeng Liu,Chao Zhang,Haixin Duan

DOI: https://doi.org/10.1109/sp54263.2024.00129

2024-01-01

Abstract:Web Application Firewalls (WAFs) are a crucial line of defense against web-based attacks. However, an emerging threat comes from protocol-level evasion vulnerabilities, in which adversaries exploit parsing discrepancies between the WAF HTTP parser and those of web applications to circumvent WAFs. Currently, uncovering these vulnerabilities still depends on manual, ad hoc methods. In this paper, we propose WAF Manis, a novel testing methodology to automatically discover protocol-level evasion vulnerabilities in WAFs. We evaluated WAF Manis against 14 popular WAFs including Cloudflare and ModSecurity and 20 popular web frameworks including Laravel and Spring. In total, we discovered 311 protocol-level evasion cases affecting all tested WAFs and applications. Due to the generic nature of protocol-level evasions, these evasion vulnerabilities do not hinge on specific payload patterns and can transmit any malicious payloads - for instance, SQL injection, XSS, or Log4jShell - to the target websites. We further analyzed these vulnerabilities and identified three primary reasons contributing to WAF evasions. We have reported those identified vulnerabilities to the affected providers and received acknowledgments and bug bounty rewards from Cloudflare WAF, Fortinet WAF, Alibaba Cloud WAF, Huawei Cloud WAF, ModSecurity, Go security Team, and the PHP security team.

Yuqi Chen,Bohan Xuan,Christopher M. Poskitt,Jun Sun,Fan Zhang

DOI: https://doi.org/10.1145/3395363.3397376

2020-07-16

Abstract:Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to manually construct, blindly testing is ineffective due to the enormous search spaces and resource requirements, and intelligent fuzzing approaches require impractical amounts of data and network access. In this work, we propose active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing knowledge about the payload encodings. Our approach learns regression models for predicting sensor values that will result from sampled network packets, and uses these predictions to guide a search for payload manipulations (i.e. bit flips) most likely to drive the CPS into an unsafe state. Key to our solution is the use of online active learning, which iteratively updates the models by sampling payloads that are estimated to maximally improve them. We evaluate the efficacy of active fuzzing by implementing it for a water purification plant testbed, finding it can automatically discover a test suite of flow, pressure, and over/underflow attacks, all with substantially less time, data, and network access than the most comparable approach. Finally, we demonstrate that our prediction models can also be utilised as countermeasures themselves, implementing them as anomaly detectors and early warning systems.

Software Engineering,Cryptography and Security,Machine Learning