Directed Greybox Fuzzing Method for Power System Terminal Firmware Based on Vulnerability Prediction

Directed Greybox Fuzzing Method for Power System Terminal Firmware Based on Vulnerability Prediction

연구 분야: Analysis

학회: EITCE '24: Proceedings of the 2024 8th International Conference on Electronic Information Technology and Computer Engineering

As power systems evolve and more IoT devices are integrated into system terminals, vulnerabilities in these devices increasingly pose serious threats to the safety of terminals and the entire system. To address the low accuracy of existing vulnerability prediction methods and the inefficiency of vulnerability detection, this paper proposes a directed greybox fuzzing method for power system terminal firmware based on vulnerability prediction. The proposed method consists of two main parts: (1) vulnerability point prediction and (2) directed greybox fuzzing targeting these vulnerability points. For vulnerability point prediction, a pretrained vulnerability prediction model is constructed to predict potential vulnerabilities in the target program. The regions with higher vulnerability scores are more likely to contain bugs. In fuzzing, the initial test case generation and mutation strategies are improved to account for power-specific protocols. Experimental results show that the proposed method effectively enhances the accuracy of vulnerability point prediction and improves vulnerability detection efficiency.