Vulnerability mining for DoIP based on weighted mutation for combined fields

Konferenz: CIBDA 2022 - 3rd International Conference on Computer Information and Big Data Applications
25.03.2022 - 27.03.2022 in Wuhan, China

Tagungsband: CIBDA 2022

Seiten: 4Sprache: EnglischTyp: PDF

Autoren:
Li, Jingru (School of Computer and Information Engineering, Xiamen University of Technology, Xiamen, China)
Xie, Yong (School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China)

Inhalt:
Remote diagnostic services based on DoIP protocols provide convenience for vehicle bootloader and diagnostics but inevitably posing a potential risk to automotive information security. Therefore, it is of practical importance to perform the security testing of DoIP implementations. The use of existing fuzzing frameworks for network protocol is blind and requires high computing resources for vehicle devices. To address the above problems, a weighted mutation for combined fields is proposed, combined with depth-first search algorithm for protocol state machine traversal to form a two-layer data generation strategy. Further, the weight matrix is adjusted during test iterations based on a feedback mechanism to optimize the quality of the test case set, ultimately ensuring fuzz efficiency despite limited test resources.