IEDFuRL: A Black-box Fuzz Tester for IEC61850-based Intelligent Electronic Devices using Reinforcement Learning

Abstract

Intelligent Electronic Devices (IEDs) are essential components of modern power grids, functioning as microprocessor-based controllers that facilitate communication, monitoring, protection, and control within Supervisory Control and Data Acquisition (SCADA) systems. As these devices operate across power generation, transmission, and distribution, they have become prime targets for cyberattacks, leading to risks such as large-scale power disruptions, unauthorized data access, and critical equipment failures. Communication between these devices is governed by the IEC 61850 standard, which defines the Manufacturing Message Specification (MMS) protocol over TCP/IP network stack. In this thesis, we propose IEDFuRL, a black-box fuzz testing tool for IEC 61850-based IEDs. IEDFuRL aims to identify vulnerabilities in the communication module of the IEDs. Our approach begins by crafting valid MMS requests targeting various data points within the IEDs and using response packets as feedback for categorization. We develop a reinforcement learning (RL) agent that is rewarded for discovering new category of responses and crashes. The agent learns the optimal sequence of mutations from any specific request packet to generate new category of responses and crashes thereby increasing the fuzz testing coverage.