Purdue University Graduate School
MS_Thesis___Parvin_Kumar.pdf (2.5 MB)

APEX-ICS: Automated Protocol Exploration and Fuzzing For Closed-Source ICS Protocols

Download (2.5 MB)
posted on 2023-04-28, 03:17 authored by Parvin KumarParvin Kumar

 A closed-source ICS communication is a fundamental component of supervisory software and PLCs operating critical infrastructure or configuring devices. As this is a vital communication, a compromised protocol can allow attackers to take over the entire critical infrastructure network and maliciously manipulate field device values. Thus, it is crucial to conduct security assessments of these closed-source protocol communications before deploying them in a production environment to ensure the safety of critical infrastructure. However, Fuzzing closed-source communication without understanding the protocol structure or state is ineffective, making testing such closed-source communications a challenging task.

This research study introduces the APEX-ICS framework, which consists of two significant components: Automatic closed-source ICS protocol reverse-engineering and stateful black-box fuzzing. The former aims to reverse-engineer the protocol communication, which is critical to effectively performing the fuzzing technique. The latter component leverages the generated grammar to detect vulnerabilities in communication between supervisory software and PLCs. The framework prototype was implemented using the Codesys v3.0 closed-source protocol communication to conduct reverse engineering and fuzzing and successfully identified 4 previously unknown vulnerabilities, which were found to impact more than 400 manufacturer’s devices. 


Degree Type

  • Master of Science


  • Computer Science

Campus location

  • West Lafayette

Advisor/Supervisor/Committee Chair

Dongyan Xu

Additional Committee Member 2

Antonio Bianchi

Additional Committee Member 3

Dave (Jing) Tian

Additional Committee Member 4

Z. Berkay Celik

Usage metrics



    Ref. manager