Vulnerability mining for DoIP based on weighted mutation for combined fields
Conference: CIBDA 2022 - 3rd International Conference on Computer Information and Big Data Applications
03/25/2022 - 03/27/2022 at Wuhan, China
Proceedings: CIBDA 2022
Pages: 4Language: englishTyp: PDF
Authors:
Li, Jingru (School of Computer and Information Engineering, Xiamen University of Technology, Xiamen, China)
Xie, Yong (School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing, China)
Abstract:
Remote diagnostic services based on DoIP protocols provide convenience for vehicle bootloader and diagnostics but inevitably posing a potential risk to automotive information security. Therefore, it is of practical importance to perform the security testing of DoIP implementations. The use of existing fuzzing frameworks for network protocol is blind and requires high computing resources for vehicle devices. To address the above problems, a weighted mutation for combined fields is proposed, combined with depth-first search algorithm for protocol state machine traversal to form a two-layer data generation strategy. Further, the weight matrix is adjusted during test iterations based on a feedback mechanism to optimize the quality of the test case set, ultimately ensuring fuzz efficiency despite limited test resources.