	US 12,407,708 B2
	System and method for detecting vulnerability of internet of things in power systems (IOTIPS) protocol based on fuzz testing
Jin Wang, Hubei (CN); Yu Shen, Hubei (CN); Chang Liu, Hubei (CN); Jiangpei Xu, Hubei (CN); Chang Liu, Hubei (CN); Xiao Yu, Hubei (CN); Li Tian, Hubei (CN); Jie Wang, Hubei (CN); Liang Zhou, Hubei (CN); and Feng Long, Hubei (CN)
Assigned to State Grid Hubei Electric Power Research Institute, Wuhan (CN)
Appl. No. 18/016,877
Filed by State Grid Hubei Electric Power Research Institute, Hubei (CN)
PCT Filed May 20, 2022, PCT No. PCT/CN2022/094037 § 371(c)(1), (2) Date Jan. 19, 2023, PCT Pub. No. WO2022/247738, PCT Pub. Date Dec. 1, 2022.
Claims priority of application No. 202110567713 (CN), filed on May 24, 2021.
Prior Publication US 2023/0188556 A1, Jun. 15, 2023
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1433 (2013.01)

7 Claims

1. A system for detecting a vulnerability of an Internet of Things in Power Systems (IOTIPS) protocol based on fuzz testing, comprising:

a protocol configuration module configured to configure a protocol to be detected and a data frame of the protocol to be detected;

a sample generation module configured to: after loading the protocol and the data frame configured by the protocol configuration module, configure a mutation strategy based on the loaded protocol, and generate a test sample based on the configured mutation strategy; and

an execution monitoring module configured to transfer the test sample generated by the sample generation module to a device to be detected for testing, perform link management, perform test execution, store a test result, and generate a detection report;

wherein a method of triggering the sample generation module comprises generating a test task or transferring in an abnormal sample after a round of testing, which is specifically as follows: responsive to executing the test task, determining and configuring protocol information by means of the sample generation module, determining whether to use a single-byte mode or a double-byte mode, determining a start position of the data frame where mutation needs to be started, selecting a predefined or custom sample, and then generating, based on the configured mutation strategy, the test sample to be delivered to an execution monitoring system for a first round of testing by means of the sample generation module; and after the first round of testing, a second method of triggering the sample generation module comprises transferring the test sample generated in the first round of testing to a secondary learning model of the sample generation module, and generating a test sample to be delivered to the execution monitoring system for a second round of testing; and

a Seq2Seq model of an Attention mechanism introduced is used in secondary learning, wherein the Seq2Seq model mainly comprises an Encoder and a Decoder; after primary detection is completed for the generated sample, the secondary learning is performed on a marked abnormal sample by using the Seq2Seq model and then secondary detection is conducted to obtain more abnormal data frames with a higher hit ratio; and in a model training process, a mean absolute error (MAE) is configured to express a difference between a predicted data frame and an actual data frame, wherein assuming that x₁, x₂, . . . , x_iis configured to represent a predicted data sequence, and y₁, y₂, . . . , y_iis configured to represent an actual data sequence, the MAE is expressed as follows:

wherein the MAE is more directly expressed as follows:

in the model training process, a loss function is optimized by using a stochastic gradient descent method, wherein X represents the predicted data sequence x₁, x₂, . . . , x_iassumed above, and Y represents the actual data sequence y₁, y₂, . . . , y_i; and responsive to logMAE(X, Y) is obtained reaches a minimum value, values of the variables X, Y are expressed as follows as a whole:

argmin logMAE(X, Y).