{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T22:44:07Z","timestamp":1779144247548,"version":"3.51.4"},"reference-count":48,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2021,8,3]],"date-time":"2021-08-03T00:00:00Z","timestamp":1627948800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2021,8,3]],"date-time":"2021-08-03T00:00:00Z","timestamp":1627948800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecur"],"published-print":{"date-parts":[[2021,12]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The fuzzing test is able to discover various vulnerabilities and has more chances to hit the zero-day targets. And ICS(Industrial control system) is currently facing huge security threats and requires security standards, like ISO 62443, to ensure the quality of the device. However, some industrial proprietary communication protocols can be customized and have complicated structures, the fuzzing system cannot quickly generate test data that adapt to various protocols. It also struggles to define the mutation field without having prior knowledge of the protocols. Therefore, we propose a fuzzing system named ICPFuzzer that uses LSTM(Long short-term memory) to learn the features of a protocol and generates mutated test data automatically. We also use the responses of testing and adjust the weight strategies to further test the device under testing (DUT) to find more data that cause unusual connection status. We verified the effectiveness of the approach by comparing with the open-source and commercial fuzzers. Furthermore, in a real case, we experimented with the DLMS\/COSEM for a smart meter and found that the test data can cause a unusual response. In summary, ICPFuzzer is a black-box fuzzing system that can automatically execute the testing process and reveal vulnerabilities that interrupt and crash industrial control communication. Not only improves the quality of ICS but also improves safety.<\/jats:p>","DOI":"10.1186\/s42400-021-00087-5","type":"journal-article","created":{"date-parts":[[2021,8,2]],"date-time":"2021-08-02T23:08:05Z","timestamp":1627945685000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":12,"title":["ICPFuzzer: proprietary communication protocol fuzzing by using machine learning and feedback strategies"],"prefix":"10.1186","volume":"4","author":[{"given":"Pei-Yi","family":"Lin","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7829-7778","authenticated-orcid":false,"given":"Chia-Wei","family":"Tien","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ting-Chun","family":"Huang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chin-Wei","family":"Tien","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2021,8,3]]},"reference":[{"issue":"2","key":"87_CR1","doi-asserted-by":"publisher","first-page":"157","DOI":"10.1109\/72.279181","volume":"5","author":"Y Bengio","year":"1994","unstructured":"Bengio, Y, Simard P, Frasconi P (1994) Learning long-term dependencies with gradient descent is difficult. IEEE Trans Neural Netw 5(2):157\u2013166.","journal-title":"IEEE Trans Neural Netw"},{"key":"87_CR2","unstructured":"Beyond security (2020) BeSTORM: Black box testing. https:\/\/beyondsecurity.com\/solutions\/bestorm.html?cn-reloaded=1. Accessed 13 Dec 2020."},{"key":"87_CR3","doi-asserted-by":"publisher","unstructured":"B\u00f6ttinger, K, Godefroid P, Singh R (2018) Deep reinforcement fuzzing In: 2018 IEEE Security and privacy workshops (SPW), 116\u2013122. https:\/\/doi.org\/10.1109\/SPW.2018.00026.","DOI":"10.1109\/SPW.2018.00026"},{"key":"87_CR4","unstructured":"Darkweb and nnovic (2011) ModbusPal - Java MODBUS simulator. http:\/\/modbuspal.sourceforge.net\/. Accessed 13 Dec 2020."},{"key":"87_CR5","unstructured":"GISA Security Compliance Institute (2020) IEC-62443-CSA-Certification. https:\/\/www.isasecure.org\/en-US\/Certification\/IEC-62443-CSA-Certification#tab2. Accessed 13 Dec 2020."},{"key":"87_CR6","unstructured":"GMicrosoft (2020) Security engineering. https:\/\/www.microsoft.com\/en-us\/securityengineering\/sdl\/. Accessed 13 Dec 2020."},{"key":"87_CR7","doi-asserted-by":"publisher","unstructured":"Godefroid, P, Peleg H, Singh R (2017) Learn fuzz: Machine learning for input fuzzing In: 2017 32nd IEEE\/ACM International conference on automated software engineering (ASE), 50\u201359. https:\/\/doi.org\/10.1109\/ASE.2017.8115618.","DOI":"10.1109\/ASE.2017.8115618"},{"key":"87_CR8","unstructured":"Graham ross and matt Sargent (2020) ModbusTool - A modbus TCP and RTU master and slave tool with import and export functionality. https:\/\/github.com\/graham22\/ModbusTool. Accessed 13 Dec 2020."},{"key":"87_CR9","unstructured":"Grubbs, HL (2018) Field programmable gate array high capacity technology for radar and counter-radar drfm signal processing. Calhoun. https:\/\/calhoun.nps.edu\/handle\/10945\/59670. Accessed 13 Dec 2020."},{"key":"87_CR10","doi-asserted-by":"publisher","unstructured":"Han, X, Wen Q, Zhang Z (2012) A mutation-based fuzz testing approach for network protocol vulnerability detection In: Proceedings of 2012 2nd International conference on computer science and network technology, 1018\u20131022. https:\/\/doi.org\/10.1109\/ICCSNT.2012.6526099.","DOI":"10.1109\/ICCSNT.2012.6526099"},{"issue":"8","key":"87_CR11","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S, Schmidhuber J (1997) Long short-term memory. Neural Comput 9(8):1735\u20131780.","journal-title":"Neural Comput"},{"key":"87_CR12","unstructured":"ICPDAS (2020) Programmable Automation Controller (iP-8441-MTCP). https:\/\/www.icpdas.com\/root\/product\/solutions\/pac\/ipac\/ip-8x41-mtcp.html. Accessed 13 Dec 2020."},{"key":"87_CR13","unstructured":"IDEC (2020) IDEC programmable logic controller. http:\/\/tw.idec.com\/zht\/p\/c60\/. Accessed 13 Dec 2020."},{"key":"87_CR14","unstructured":"Institute for Information Industry (2020) ICPFuzzer evaluation data. https:\/\/reurl.cc\/VXedlR. Accessed 13 Dec 2020."},{"key":"87_CR15","unstructured":"J\u00e4\u00e4skel\u00e4, E (2016) Genetic algorithm in code coverage guided fuzz testing."},{"key":"87_CR16","unstructured":"Joshua, P (2020) Boofuzz - network protocol fuzzing for humans. https:\/\/github.com\/jtpereyda\/boofuzz. Accessed 13 Dec 2020."},{"key":"87_CR17","doi-asserted-by":"publisher","unstructured":"Katsigiannis, K, Serpanos D (2018) Mtf -storm: a high performance fuzzer for modbus\/tcp In: 2018 IEEE 23rd International conference on emerging technologies and factory automation (ETFA), 926\u2013931. https:\/\/doi.org\/10.1109\/ETFA.2018.8502600.","DOI":"10.1109\/ETFA.2018.8502600"},{"issue":"3","key":"87_CR18","doi-asserted-by":"publisher","first-page":"1199","DOI":"10.1109\/TR.2018.2834476","volume":"67","author":"H Liang","year":"2018","unstructured":"Liang, H, Pei X, Jia X, Shen W, Zhang J (2018) Fuzzing: State of the art. IEEE Trans Reliab 67(3):1199\u20131218.","journal-title":"IEEE Trans Reliab"},{"key":"87_CR19","doi-asserted-by":"publisher","unstructured":"Lin, J, Liu L (2019) Research on security detection and data analysis for industrial internet In: 2019 IEEE 19th international conference on software quality, reliability and security companion (QRS-C), 466\u2013470. https:\/\/doi.org\/10.1109\/QRS-C.2019.00089.","DOI":"10.1109\/QRS-C.2019.00089"},{"key":"87_CR20","unstructured":"Lipton, ZC, Berkowitz J, Elkan C (2015) A critical review of recurrent neural networks for sequence learning. http:\/\/arxiv.org\/abs\/1506.00019."},{"key":"87_CR21","unstructured":"Luc Jean (2019) Modbus-tk: Create Modbus app easily with Python. https:\/\/github.com\/ljean\/modbus-tk. Accessed 13 Dec 2020."},{"issue":"3","key":"87_CR22","doi-asserted-by":"publisher","first-page":"352","DOI":"10.1109\/TST.2016.7488746","volume":"21","author":"R Ma","year":"2016","unstructured":"Ma, R, Wang D, Hu C, Ji W, Xue J (2016) Test data generation for stateful network protocol fuzzing using a rule-based state machine. Tsinghua Sci Technol 21(3):352\u2013360.","journal-title":"Tsinghua Sci Technol"},{"issue":"5","key":"87_CR23","doi-asserted-by":"publisher","first-page":"1039","DOI":"10.1109\/JPROC.2015.2512235","volume":"104","author":"S McLaughlin","year":"2016","unstructured":"McLaughlin, S, Konstantinou C, Wang X, Davi L, Sadeghi A, Maniatakos M, Karri R (2016) The cybersecurity landscape in industrial control systems. Proc IEEE 104(5):1039\u20131057.","journal-title":"Proc IEEE"},{"key":"87_CR24","doi-asserted-by":"crossref","unstructured":"M\u00fcller, K (2016) Accelerating weighted random sampling without replacement.","DOI":"10.32614\/CRAN.package.wrswoR"},{"key":"87_CR25","doi-asserted-by":"publisher","first-page":"252","DOI":"10.1007\/978-3-642-41485-5_22","volume-title":"Critical information infrastructures security","author":"C Nan","year":"2013","unstructured":"Nan, C, Eusgeld I, Kr\u00f6ger W (2013) Hidden vulnerabilities due to interdependencies between two systems. In: H\u00e4mmerli BM, Kalstad Svendsen N, Lopez J (eds)Critical information infrastructures security, 252\u2013263.. Springer Berlin Heidelberg, Berlin."},{"issue":"3","key":"87_CR26","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1016\/0022-2836(70)90057-4","volume":"48","author":"SB Needleman","year":"1970","unstructured":"Needleman, SB, Wunsch CD (1970) A general method applicable to the search for similarities in the amino acid sequence of two proteins. J Mol Biol 48(3):443\u2013453.","journal-title":"J Mol Biol"},{"key":"87_CR27","doi-asserted-by":"publisher","unstructured":"Niedermaier, M, Fischer F, von Bodisco A (2017) Propfuzz \u2013 an it-security fuzzing framework for proprietary ics protocols In: 2017 International conference on applied electronics (AE), 1\u20134. https:\/\/doi.org\/10.23919\/AE.2017.8053600.","DOI":"10.23919\/AE.2017.8053600"},{"key":"87_CR28","unstructured":"openMUC (2020) JRxTx - Java serial communication library. https:\/\/github.com\/openmuc\/jrxtx. Accessed 13 Dec 2020."},{"key":"87_CR29","unstructured":"Peach Tech (2020) Peach fuzzer. https:\/\/www.peach.tech\/. Accessed 13 Dec 2020."},{"key":"87_CR30","doi-asserted-by":"publisher","unstructured":"Peng, H, Shoshitaishvili Y, Payer M (2018) T-fuzz: Fuzzing by program transformation In: 2018 IEEE Symposium on security and privacy (SP), 697\u2013710. https:\/\/doi.org\/10.1109\/SP.2018.00056.","DOI":"10.1109\/SP.2018.00056"},{"key":"87_CR31","doi-asserted-by":"publisher","unstructured":"Poletykin, A (2018) Cyber security risk assessment method for scada of industrial control systems In: 2018 International russian automation conference (RusAutoCon), 1\u20135. https:\/\/doi.org\/10.1109\/RUSAUTOCON.2018.8501811.","DOI":"10.1109\/RUSAUTOCON.2018.8501811"},{"key":"87_CR32","unstructured":"ProconX Pty Ltd (2020) Diagslave modbus slave simulator. https:\/\/www.modbusdriver.com\/diagslave.html. Accessed 13 Dec 2020."},{"key":"87_CR33","unstructured":"Rajpal, M, Blum W, Singh R (2017) Not all bytes are equal: Neural byte sieve for fuzzing."},{"key":"87_CR34","doi-asserted-by":"crossref","unstructured":"Rawat, S, Jain V, Kumar A, Cojocar L, Giuffrida C, Bos H (2017) Vuzzer: Application-aware evolutionary fuzzing In: Network and Distributed System Security Symposium. Sourced from Microsoft Academic - https:\/\/academic.microsoft.com\/paper\/2613534458.","DOI":"10.14722\/ndss.2017.23404"},{"key":"87_CR35","unstructured":"RiptideIO (2020) PyModbus - A python modbus stack. https:\/\/github.com\/riptideio\/pymodbus. Accessed 13 Dec 2020."},{"key":"87_CR36","doi-asserted-by":"publisher","first-page":"57","DOI":"10.1007\/978-3-642-24864-1_5","volume-title":"Critical Infrastructure Protection V","author":"R Shapiro","year":"2011","unstructured":"Shapiro, R, Bratus S, Rogers E, Smith S (2011) Identifying vulnerabilities in scada systems via fuzz-testing. In: Butts J Shenoi S (eds)Critical Infrastructure Protection V, 57\u201372.. Springer Berlin Heidelberg, Berlin."},{"key":"87_CR37","doi-asserted-by":"publisher","unstructured":"Su, W, Antoniou A, Eagle C (2017) Cyber security of industrial communication protocols In: 2017 22nd IEEE International conference on emerging technologies and factory automation (ETFA), 1\u20134. https:\/\/doi.org\/10.1109\/ETFA.2017.8247769.","DOI":"10.1109\/ETFA.2017.8247769"},{"key":"87_CR38","unstructured":"Synopsys (2020) Defensics fuzz testing. https:\/\/www.synopsys.com\/software-integrity\/security-testing\/fuzz-testing.html. Accessed 13 Dec 2020."},{"key":"87_CR39","doi-asserted-by":"publisher","unstructured":"Voyiatzis, AG, Katsigiannis K, Koubias S (2015) A modbus\/tcp fuzzer for testing internetworked industrial systems In: 2015 IEEE 20th Conference on emerging technologies factory automation (ETFA), 1\u20136. https:\/\/doi.org\/10.1109\/ETFA.2015.7301400.","DOI":"10.1109\/ETFA.2015.7301400"},{"issue":"3","key":"87_CR40","doi-asserted-by":"publisher","first-page":"253","DOI":"10.1145\/355744.355749","volume":"3","author":"AJ Walker","year":"1977","unstructured":"Walker, AJ (1977) An efficient method for generating discrete random variables with general distributions. ACM Trans Math Softw 3(3):253\u2013256.","journal-title":"ACM Trans Math Softw"},{"key":"87_CR41","unstructured":"Wikipedia contributors (2020) Triton (malware) \u2014 Wikipedia, the free encyclopedia. https:\/\/en.wikipedia.org\/wiki\/Triton_(malware). Accessed 13 Dec 2020."},{"key":"87_CR42","unstructured":"Wikipedia contributors (2020) Binary search algorithm. https:\/\/en.wikipedia.org\/wiki\/Binary_search_algorithm. Accessed 13 Dec 2020."},{"key":"87_CR43","unstructured":"Wikipedia contributors (2020) Pseudo-random number sampling \u2014 Wikipedia, The free encyclopedia. https:\/\/en.wikipedia.org\/wiki\/Pseudo-random_number_sampling. Accessed 13 Dec 2020."},{"key":"87_CR44","unstructured":"Witte Software (2020) Modbus slave simulator. https:\/\/www.modbustools.com\/download.html. Accessed 13 Dec 2020."},{"key":"87_CR45","doi-asserted-by":"publisher","unstructured":"Xiong, Q, Liu H, Xu Y, Rao H, Yi S, Zhang B, Jia W, Deng H (2015) A vulnerability detecting method for modbus-tcp based on smart fuzzing mechanism In: 2015 IEEE International conference on electro\/information technology (EIT), 404\u2013409. https:\/\/doi.org\/10.1109\/EIT.2015.7293376.","DOI":"10.1109\/EIT.2015.7293376"},{"key":"87_CR46","doi-asserted-by":"publisher","unstructured":"Yoo, H, Shon T (2016) Grammar-based adaptive fuzzing: Evaluation on scada modbus protocol In: 2016 IEEE International conference on smart grid communications (SmartGridComm), 557\u2013563. https:\/\/doi.org\/10.1109\/SmartGridComm.2016.7778820.","DOI":"10.1109\/SmartGridComm.2016.7778820"},{"key":"87_CR47","doi-asserted-by":"publisher","unstructured":"You, W, Wang X, Ma S, Huang J, Zhang X, Wang X, Liang B (2019) Profuzzer: On-the-fly input type probing for better zero-day vulnerability discovery In: 2019 IEEE symposium on security and privacy (SP), 769\u2013786. https:\/\/doi.org\/10.1109\/SP.2019.00057.","DOI":"10.1109\/SP.2019.00057"},{"key":"87_CR48","doi-asserted-by":"publisher","unstructured":"Zhao, H, Li Z, Wei H, Shi J, Huang Y (2019) Seqfuzzer: An industrial protocol fuzzing framework from a deep learning perspective In: 2019 12th IEEE Conference on software testing, validation and verification (ICST), 59\u201367. https:\/\/doi.org\/10.1109\/ICST.2019.00016.","DOI":"10.1109\/ICST.2019.00016"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00087-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-021-00087-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-021-00087-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T17:47:15Z","timestamp":1725558435000},"score":1,"resource":{"primary":{"URL":"https:\/\/cybersecurity.springeropen.com\/articles\/10.1186\/s42400-021-00087-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,3]]},"references-count":48,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2021,12]]}},"alternative-id":["87"],"URL":"https:\/\/doi.org\/10.1186\/s42400-021-00087-5","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021,8,3]]},"assertion":[{"value":"12 January 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 April 2021","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 August 2021","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Not applicable.","order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval and consent to participate"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}},{"value":"To the best of our knowledge, the named authors have no conflict of interest, financial or otherwise.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"28"}}