Bringing Light into the Darkness: Leveraging Hidden Markov Models for Blackbox Fuzzing

Securing the network interfaces of industrial control systems is essential for protecting critical infrastructure like water treatment plants and nuclear centrifuges from potential attacks. A key strategy to mitigate risks of successful attacks involves identifying and closing vulnerabilities exploitable through network interfaces using testing techniques such as fuzzing. While established techniques exist for graybox fuzzing, which assume access to system binaries, industrial components often require blackbox testing due to the use of third-party components and regulatory constraints. We propose Palpebratum, an approach that leverages Hidden Markov Models to approximate missing information in blackbox test scenarios. We evaluate Palpebratum’s performance in terms of code coverage, comparing it with two baseline blackbox fuzzers and the graybox fuzzer AFLnwe. Our results demonstrate that Palpebratum significantly outperforms one blackbox fuzzer, achieving an average of 4,379.33 basic blocks compared to 4,307.60 (p-value < 0.001). For the second blackbox fuzzer, Palpebratum achieves comparable coverage but with only half the number of test cases, demonstrating effectiveness despite the Hidden Markov Model’s overhead. These findings suggest that Palpebratum enhances blackbox test case generation and emphasizes the importance of an efficient implementation to offset the added overhead.