An industrial control system combined with IT is not a special thing; however, cyber security in this field does not mature. Therefore, vulnerability analysis techniques for protocols used in this field are clearly needed. In this paper, we propose a novel test case generation technique for a fuzzing test that can be used for various industrial control system protocols. The proposed fuzzing test is designed for generating a cross-field fuzzing test case because of field dependencies, a characteristic of industrial control system protocols. Additionally, we focus on multilayer testing because the weaknesses of lower layer protocols are inherited by upper layer protocols.
This work was supported by the Power Generation and Electricity Delivery Core Technology Program of Korea Institute of Energy Technology Evaluation and Planning (KETEP) granted financial resource from the Ministry of Trade, Industry, and Energy, Republic of Korea (no. 20131020402090) and MSIP (Ministry of Science, ICT, and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2016-R0992-16-1006) supervised by the IITP (Institute for Information & communications Technology Promotion). This work was supported by the Power Generation and Electricity Delivery Core Technology Program of Korea Institute of Energy Technology Evaluation and Planning (KETEP) granted financial resource from the Ministry of Trade, Industry, and Energy, Republic of Korea (no. 20131020402090) and MSIP(Ministry of Science, ICT, and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2016-R0992-16-1006) supervised by the IITP (Institute for Information & communications Technology Promotion).Acknowledgements This work was supported by the Power Generation and Electricity Delivery Core Technology Program of Korea Institute of Energy Technology Evaluation and Planning (KETEP) granted financial resource from the Ministry of Trade, Industry, and Energy, Republic of Korea (no. 20131020402090) and MSIP (Ministry of Science, ICT, and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2016-R0992-16-1006) supervised by the IITP (Institute for Information & communications Technology Promotion).This work was supported by the Power Generation and Electricity Delivery Core Technology Program of Korea Institute of Energy Technology Evaluation and Planning (KETEP) granted financial resource from the Ministry of Trade, Industry, and Energy, Republic of Korea (no. 20131020402090) and MSIP(Ministry of Science, ICT, and Future Planning), Korea, under the ITRC(Information Technology Research Center) support program (IITP-2016-R0992-16-1006) supervised by the IITP (Institute for Information & communications Technology Promotion).
