TXL-Fuzz: A Long Attention Mechanism-Based Fuzz Testing Model for Industrial IoT Protocols

In recent years, industrial control systems (ICSs) security incidents have revealed vulnerabilities in the system hardware, user programs, and communication protocols. The various components of the ICS are connected by the Industrial Internet of Things (IIoT) protocol. Nevertheless, malicious attackers can exploit vulnerabilities in IIoT protocol to manipulate the ICS, potentially causing damage to the associated ICS equipment. This work focuses on the challenge of identifying vulnerabilities in IIoT protocols, aiming to enhance the system security through advanced fuzz testing techniques. To address the limitations of current fuzz testing in IIoT protocols, such as short prediction sequence lengths and low recognition rates, this work proposes a novel fuzz testing model based on the long attention mechanism, named TXL-Fuzz. This model is capable of handling longer protocol sequences and improving the diversity of the generated test cases. Experimental results demonstrate that the model outperforms the existing fuzz testers in test case recognition rate (TCRR) for the protocols of different lengths. Notably, TXL-Fuzz achieves a bits-per-character (BPC) of approximately 0.5, significantly lower by nearly 0.3 compared to the Anti-Sample Fuzzer, the long short-term memory network (LSTM)-based model, and GRU-based model. Furthermore, it exhibits a TCRR that is 5% to 15% higher than Peach Fuzzer, Anti-Sample Fuzzer, and BLSTM-DCNNFuzz under similar conditions.