工业控制网络与系统研究室知识库

针对现有工控协议模糊测试框架生成的测试用例存在覆盖度低和效率低的问题，提出了一种基于特征矩阵的测试用例生成方法。首先通过解析协议规约提取协议特征和约束规则，利用各协议特征的属性值进行笛卡尔积进而构造协议特征矩阵，然后设计针对性的结构变异策略作用于特征矩阵，同时不断采用约束规则降低用例冗余进而得到高质量的组合测试用例集。最后提出基于特征矩阵的测试用例生成算法，并将本方案与Peach框架进行对比实验，其结果表明该方法能够有效地提高测试用例覆盖度和测试执行效率，并具有漏洞检测能力。

To address the problem of low coverage and efficiency of the test cases generated by the existing industrial control protocol fuzzy test framework, we propose a test case generation method based on feature matrix. First, through an analysis of the protocol agreement to extract protocol features and constraint rules, the protocol feature matrix is constructed by the Cartesian product of the property values of each protocol feature. Then, the targeted structural variation strategy is designed to act on the feature matrix, while the constraint rules are used to reduce the redundancy of test cases and obtain a high-quality combination test case set. Finally, the test case generation algorithm based on the feature matrix is proposed. A comparison with the Peach framework shows that the method can effectively improve the coverage of test cases and test execution efficiency. Moreover, the method can detect vulnerabilities.