MARLFuzz: industrial control protocols fuzzing based on multi-agent reinforcement learning

MARLFuzz: industrial control protocols fuzzing based on multi-agent reinforcement learning

연구 분야: Strategies

학회: Computing

Industrial control protocols play a pivotal role in facilitating communication within industrial control systems, and their security is directly intertwined with the overall communication security of the system. Traditional methods that rely on static test cases for fuzzing fail to effectively consider the changing environment to dynamically adjust the strategy for generating test cases. They also struggle to jointly extract the structural and temporal characteristics of industrial control protocols. Consequently, they suffer from the issue of ineffective test cases, resulting in limited ability to discover protocol vulnerabilities. We propose a novel approach called MARLFuzz, which is a multi-agent reinforcement learning-based fuzzing method designed for industrial control protocols. MARLFuzz incorporates a cooperative relationship-based multi-agent reinforcement learning mechanism that guides a fuzzing multi-agent array. This approach aims to achieve efficient and scalable fuzzing of the target protocol under examination. The proposed method begins with message sampling and data preprocessing. Subsequently, a reinforcement learning-based fuzzing test multi-agent array is constructed, along with its corresponding action set. A policy network based on recurrent neural networks is employed to learn temporal and spatial features of messages, while a value network, also based on recurrent neural networks, assists in central training of the multi-agent array. Finally, the decentralized fuzzing is carried out by the array of fuzzing agents. Experimental results conducted on Modbus-TCP and EtherCAT protocols demonstrate that our approach exhibits high effectiveness in generating test cases and efficiently triggering exceptions. It showcases the ability to customize the framework for different target protocols and exhibits strong scalability. The experiments indicate that the test cases of MARLFuzz achieved increases of 10.39% in effective identification rate, 38.68% in the number of anomaly triggers, and 61.87% in anomaly trigger efficiency compared to the best methods in the control group. Furthermore, there was a reduction of 37.96% in the average interval between anomaly triggers.