Fuzz Testing Modbus using Optimized Seeds

Abstract: The complexity of industrial internet of things devices increases since new network protocols should be incorporated while still maintaining backward compatibility with existing protocols. When the complexity of the devices increases, the need for testing also increases, which can be performed using fuzz testing. Fuzz testing is a highly automated testing technique that has developed to become a fast and efficient way of detecting bugs in different systems, including network protocols. In this thesis, a complete fuzz testing framework is developed, which considers and motivates both the choice of seed selection strategy and the choice of fuzzer. The system under test used in this thesis is an implementation of the Modbus protocol provided by a company called HMS Networks, designed to run on an industrial internet of things device. The fuzz testing framework is used to evaluate the performance of the unweighted minimal set seed selection strategy originally presented elsewhere by comparing it to the afl-cmin strategy and selecting seeds at random. The results obtained when comparing the seed selection strategies contradict the earlier results in five out of six cases, making it interesting to perform further experiments to allow stronger conclusions to be made regarding the performance of the unweighted minimal set strategy.