AI-enhanced fuzz testing via the CAN bus

Nonetheless, fuzz testing has fundamental technical constraints that so far have limited its test-case coverage, as well as its failure discovery, dissection, and root cause analysis. The key to remedying this is artificial intelligence (AI). It can be used to quickly and efficiently extend the test coverage and functions of fuzz tests via CAN bus. Using AI incorporates automation into major aspects of the process – such as constructing test cases, making smart mutations of test cases, and deriving the root cause of issues identified – which helps improve the quality of the results and significantly reduce overall run time.

ETAS’s new model AI-enhanced fuzzer now makes it possible to systematically leverage this potential. Crucial conditions for efficient security testing with this fuzzer are preparing the data and training the AI: in a kind of learning process, the fuzzer must first be able to reliably identify and categorize passed and failed test cases. To this end, the data must be prepared such that the AI model can process it efficiently and effectively. For example, the data must first be normalized before it is used to teach the AI fuzzer model. This means adjusting the average value of the data in such a way that it can be put in relation to all other values more easily, so the model has an easier time discovering the causes of failed test cases. In doing so, two key tasks must be implemented in the AI model: parsing of the output log files and identifying a technique to determine the (failure) verdict of each test case (Figure 2).

After the data is preprocessed, the fuzzer model is constructed from a selected AI software library (e.g. TensorFlow, Keras, PyTorch, or Pandas). It can then be trained and used to make test case predictions. Depending on the number of planned learning iterations, training functions, labels, and validation splits, the new ETAS solution was able to make refined predictions and classify unlabeled data after an average of 2–3 hours and 10,000 learning iterations in previous test projects.

The AI model is integrated into a traditional fuzzer by converting the fuzzer to an asynchronous model. Instead of in advance as usual, the AI-enhanced fuzzer can then generate new CAN fuzz test cases on the fly. The fuzzer analyzes pass/fail test cases in the field. For passed test cases, it automatically runs an inverse on what has passed. If a previously run test case fails, the fuzzer will run similar test cases to validate the failure. All the test data flows into a database, which from then on serves the software library as a basis for calculating predictions (Figure 3).