Research on Automated Anomaly Localization in the Power Internet of Things Based on Fuzzing and Semantic Analysis
Conference
Wang, G, Zhang, W, Yan, L et al. (2023). Research on Automated Anomaly Localization in the Power Internet of Things Based on Fuzzing and Semantic Analysis
. Proceedings of SPIE - The International Society for Optical Engineering, 10.1117/12.3013357
Wang, G, Zhang, W, Yan, L et al. (2023). Research on Automated Anomaly Localization in the Power Internet of Things Based on Fuzzing and Semantic Analysis
. Proceedings of SPIE - The International Society for Optical Engineering, 10.1117/12.3013357
The power IoT network serves as a critical social function in modern society but has also become a high-value target for malicious attackers. Therefore, it is of vital importance to rapidly discover vulnerabilities in power IoT devices and locate abnormal points for repairs in order to enhance the overall security of the power system. This paper presents the implementation of a prototype system called FuzzSem-AL for automated anomaly localization in power IoT devices. By utilizing deep learning-based semantic analysis techniques, the system recovers function names from the binary programs of power IoT devices and associates these functions with the communication protocol fields of the devices. Additionally, state backtracking techniques are employed to effectively eliminate the influence of non-root cause factors and pinpoint the root protocol fields that cause device crashes. Compared to existing techniques, this paper effectively combines the processes of fuzzing and anomaly localization, enabling automated identification of the core functions that trigger anomalies. The validation of the approach is conducted using past vulnerabilities in commonly used protocols in power IoT systems, such as FTP and SMTP. Ultimately, the paper successfully locates the function positions of 11 abnormal points out of 15 1day vulnerabilities.
