Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences
Yuqi Chen, Christopher M. Poskitt, Jun Sun, Sridhar Adepu, Fan Zhang
TL;DR
This paper introduces smart fuzzing, a machine learning-guided automated testing method for cyber-physical systems that uncovers previously unknown attack vectors and evaluates defense mechanisms effectively.
Contribution
It presents a novel, system-agnostic fuzzing approach using predictive models and metaheuristics to systematically discover unsafe states in CPS networks.
Findings
Successfully identified 27 unsafe states in real-world CPS testbeds.
Discovered 6 new attack scenarios not covered by existing benchmarks.
Revealed weaknesses in an invariant-based defense system.
Abstract
The threat of attack faced by cyber-physical systems (CPSs), especially when they play a critical role in automating public infrastructure, has motivated research into a wide variety of attack defence mechanisms. Assessing their effectiveness is challenging, however, as realistic sets of attacks to test them against are not always available. In this paper, we propose smart fuzzing, an automated, machine learning guided technique for systematically finding 'test suites' of CPS network attacks, without requiring any knowledge of the system's control programs or physical processes. Our approach uses predictive machine learning models and metaheuristic search algorithms to guide the fuzzing of actuators so as to drive the CPS into different unsafe physical states. We demonstrate the efficacy of smart fuzzing by implementing it for two real-world CPS testbeds---a water purification plant and…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.