A Holistic Review of Fuzzing for Vulnerability Assessment in Industrial Network Protocols
Industrial control systems (ICSs) are considered the backbone of the industry field due to their essential role in supervising and handling crucial manufacturing operations in critical infrastructures such as power grids, water supply systems, and manufacturing processes. ICS systems were not initia...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Open Journal of the Communications Society |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11002567/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Industrial control systems (ICSs) are considered the backbone of the industry field due to their essential role in supervising and handling crucial manufacturing operations in critical infrastructures such as power grids, water supply systems, and manufacturing processes. ICS systems were not initially designed with robust security measures, making them vulnerable to potential attacks. Accordingly, these attacks can lead to severe consequences, including disrupting services, causing economic damage, and compromising public safety. Notably, the security of Industrial Control Systems depends on the robustness of Industrial Network Protocols (INPs). Therefore, exposing and addressing their vulnerabilities is essential to strengthening these critical infrastructures and proactively mitigating cyber threats. Fuzzing has emerged as a powerful technique for uncovering security flaws in network protocols by systematically generating malformed inputs to trigger unexpected behavior. In this paper, we address a critical area in industrial cybersecurity by examining recent advancements in fuzzing methods for industrial network protocols. Our work provides a comprehensive overview of the fuzzing process, identifies key vulnerabilities in INPs, especially within the widely used Modbus protocol, and highlights the need for more advanced fuzzing strategies. Thus, we present a systematic machine learning-based fuzzing framework tailored to the unique characteristics of industrial protocols, leveraging proven methodologies from existing literature. By evaluating the strengths and limitations of state-of-the-art approaches, we offer valuable insights into the key challenges associated with applying fuzzing to discover vulnerabilities in industrial protocols, such as maintaining message integrity, implementing intelligent log analysis, and addressing the lack of explainability in fuzzing outcomes. Crucially, we also explore how the capabilities of large language models (LLMs), including their comprehensive knowledge bases, contextual understanding, and knowledge consolidation, can be harnessed to overcome these challenges and enhance the effectiveness of fuzzing in industrial environments, which we demonstrate through a mini case study. Lastly, this paper provides actionable guidance for future research and development in securing industrial network protocols. |
|---|---|
| ISSN: | 2644-125X |