Journal of Shandong University(Engineering Science) ›› 2019, Vol. 49 ›› Issue (2): 17-22.doi: 10.6040/j.issn.1672-3961.0.2018.340

• Machine Learning & Data Mining • Previous Articles     Next Articles

The vulnerability mining method for KWP2000 protocol based on deep learning and fuzzing

Chengbin ZHANG1(),Hui ZHAO2,Zongyu CAO2   

  1. 1. College of Information Engineering, Yancheng Institute of Technology, Yancheng 224051, Jiangsu, China
    2. National Trusted Embedded Software Engineering Technoloy Research Center, East China Normal University, Shanghai 200062, China
  • Received:2018-08-13 Online:2019-04-20 Published:2019-04-19
  • Supported by:


A kind of vehicle-onboard diagnosis Protocol standard, keyword protocol 2000 (KWP2000) KWP2000, was investigated in details. KWP2000 was widely used in the automobile industry and the loophole of possible communication Protocol. We analyzed the current situations of the fuzzing, and based on this, we proposed a generative adversarial networks (GAN) by deep learning neural network for automobile body network KWP2000 protocol hole mining method. The forward feedback network was closeted as the generation model, and the support vector machine was used as the discriminant model. We used the neural network model to train the test case data of the KWP2000 protocol data, the fuzzing of KWP2000 was carried out by using these test case data. Through experiments, we found that the target protocol KWP2000 had long loopholes, coding errors and other vulnerabilities. Experimental results showed that this fuzzing method was efficient and safe.

Key words: KWP2000, deep learning, generative adversarial nets, fuzzing, onboard diagnostic

CLC Number: 

  • TP18

Table 1

The unit format of the network layer protocol"

地址信息 协议控制信息 数据域
N_AI(1) N_PCI(2) N_Data(3)

Table 2

The PCI format corresponding four PDU of the ISO 15765 protocol network layer"

Byte #1Byte#2 Byte#3
Bit#7-4 Bit#3-0
单帧(SF) N_PCItype=0 SF_DL N/A N/A
第一帧(FF) N_PCItype=1 FF_DL FF_DL N/A
连续帧(CF) N_PCItype=2 SN N/A N/A
流控制帧(FC) N_PCItype=3 FS BS STmin


The model of the generative adversarial network"


The model of the feed forward neural networks"


The schematic diagram of the support vector machine"


The generating adversarial network model for the KMP2000 protocol security test"


The structure diagram of the security test"

1 史家康, 彭巍, 赵军辉. 汽车诊断与车载诊断系统(OBD)简介[J]. 运输经理世界, 2011, (11): 99- 101.
SHI Jiakang , PENG Wei , ZHAO Jiahui . Introduction to automotive diagnosis and vehicle-mounted diagnosis system (OBD)[J]. World of Transportation Managers, 2011, (11): 99- 101.
2 FANG X J, DU J Y, JIA M Q, et al. Development of ECU calibration system for electronic controlled engine based on labview[C]// International Conference on Electric Information and Control Engineering. Wuhan, China: IEEE Press, 2011: 4930-4933.
3 HAMIDA E B , NOURA H , ZNAIDI W . Security of cooperative intelligent transport systems: standards, threats analysis and cryptographic countermeasures[J]. Electronics, 2015, 4 (3): 380- 423.
doi: 10.3390/electronics4030380
4 张亚丰, 洪征, 吴礼发, 等. 基于状态的工控协议Fuzzing测试技术[J]. 计算机科学, 2017, 44 (5): 132- 140.
ZHANG Yafeng , HONG Zheng , WU Lifa , et al. Testing technology of state-based industrial control protocol fuzzing[J]. Computer Science, 2017, 44 (5): 132- 140.
5 KANG M J , KANG J W . Intrusion detection system using deep neural network for in-vehicle network security[J]. Plos One, 2016, 11 (6): e0155781.
doi: 10.1371/journal.pone.0155781
6 刘国权, 张伯英, 宋卫锋. KWP2000协议分析及开发测试[J]. 汽车技术, 2006, (5): 20- 24.
doi: 10.3969/j.issn.1000-3703.2006.05.006
LIU Guoquan , ZHANG Boying , SONG Weifeng . The analysis and development test of protocol KWP2000[J]. Automobile Technology, 2006, (5): 20- 24.
doi: 10.3969/j.issn.1000-3703.2006.05.006
7 JING F , WANG J , ZHONG J , et al. Development of a new calibration tool for in-vehicle electronic control units based on KWP2000[J]. Transactions of Csice, 2003, 21 (3): 265- 271.
8 CHEN Chen , CUI Baojiang , MA Jinxin , et al. A systematic review of fuzzing techniques[J]. Computers & Security, 2018, 75, 118- 137.
9 PETSIOS T, TANG, A, STOLFO S, et al. NEZHA: efficient domain-independent differential testing[C]//2017 IEEE Symposium on Security and Privacy. CA, USA: IEEE Press, 2017: 615-632.
10 GODEFROID P, PELEG H, SINGH R. Learn & fuzz: machine learning for input fuzzing[C]// 32nd IEEE/ACM International Conference on Automated Software Engineering. IL, USA: IEEE Press, 2017: 50-59.
11 MICHALSKI , RYSZARDS , JAIME G , et al. Machine learning: an artificial intelligence approach[M]. Germany: Springer Science & Business Media, 2013.
12 孙志森, 席耀一, 李强, 等. 人工智能与神经网络发展研究[J]. 计算机科学与应用, 2018, 8 (2): 154- 165.
SUN Zhisen , XI Yaoyi , LI Qiang , et al. Research on the development of artificial intelligence and neural network[J]. Computer Science and Application, 2018, 8 (2): 154- 165.
13 王坤峰, 苟超, 段艳杰, 等. 生成式对抗网络GAN的研究进展与展望[J]. 自动化学报, 2017, 43 (3): 321- 332.
WANG Kunfeng , GOU Chao , DUAN Yanjie , et al. Research progress and prospect of GAN with generative antagonistic network[J]. Journal of Automation, 2017, 43 (3): 321- 332.
14 胡聪丛, 胡桓. 深度神经网络的发展现状[J]. 电子技术与软件工程, 2017, (4): 29- 31.
HU Congcong , HU Heng . Development status of deep neural network[J]. Electronics Technology and Ssoftware Engineering, 2017, (4): 29- 31.
15 王万良, 李卓蓉. 生成式对抗网络研究进展[J]. 通信学报, 2018, (2): 135- 148.
doi: 10.3969/j.issn.1001-2400.2018.02.023
WANG Wanliang , LI Zuorong . Research progress of generative countermeasures network[J]. Journal of Communications, 2018, (2): 135- 148.
doi: 10.3969/j.issn.1001-2400.2018.02.023
16 张喜升.对抗样本和生成对抗网络:深度学习中的对抗方法综述[D].天津:南开大学, 2016.
ZHANG Xisheng. Antagonism sample and generation of antagonism network: a review of antagonism methods in deep learning[D]. Tianjing: Nankai University, 2016.
17 黄娜娜, 万良, 邓烜堃, 等. 一种基于序列最小优化算法的跨站脚本漏洞检测技术[J]. 信息网络安全, 2017, (10): 55- 62.
doi: 10.3969/j.issn.1671-1122.2017.10.009
HUANG Nana , WAN Liang , DENG Xuankun , et al. A cross-site script vulnerability detection technology based on sequence minimum optimization algorithm[J]. Information Network Security, 2017, (10): 55- 62.
doi: 10.3969/j.issn.1671-1122.2017.10.009
18 包姣.基于深度神经网络的回归模型及其应用研究[D].成都:电子科技大学, 2017.
BAO Jiao. Regression model based on deep neural network and its application research[D]. Chengdu: University of Electronic Science and Technology, 2017.
19 张明理, 杨晓亮, 滕云, 等. 基于主成分分析与前向反馈传播神经网络的风电场输出功率预测[J]. 电网技术, 2011, 35 (3): 183- 187.
ZHANG Mingli , YANG Xiaoliang , TENG Yun , et al. Prediction of wind farm output power based on principal component analysis and forward feedback propagation neural network[J]. Power System Technology, 2011, 35 (3): 183- 187.
20 洪洋,葛振华,王纪凯,等.深度卷积对抗生成网络综述[C]//第18届中国系统仿真技术及其应用学术年会论文集(18th CCSSTA 2017).兰州:中国科技大学出版社, 2017: 279-283.
HONG Yang, GE Zhenhua, WANG Jikai, et al. Review of deep convolution antagonistic generation network[C]//Annual conference of Chinese System Simulation Technology and its Application (18th CCSSTA 2017). Lanzhou: Press of University of Science and Technology of China, 2017: 279-283.
21 朱纯, 王翰林, 魏天远, 等. 基于深度卷积生成对抗网络的语音生成技术[J]. 仪表技术, 2018, (2): 13- 15.
doi: 10.3969/j.issn.1002-1841.2018.02.004
ZHU Chun , WANG Hanlin , WEI Tianyuan , et al. Speech generation gechnology based on deep convolution generation antagonistic[J]. Instrument Technology, 2018, (2): 13- 15.
doi: 10.3969/j.issn.1002-1841.2018.02.004
22 袁辰,钱丽萍,张慧,等.基于生成对抗网络的恶意域名训练数据生成[J/OL].计算机应用研究, 2019, 36(5).[2018-03-14]
YUAN Chen, QIAN Liping, ZHANG Hui, et al. Malicious domain name training data generation based on generation antagonistic network[J/OL]. Computer application research, 2019, 36(5).[2018-03-14].
23 王劼, 肖安雁, 杨巍. 基于模糊神经网络的自适应重合闸[J]. 武汉大学学报(工学版), 2008, (41): 115- 118.
WANG Jie , XIAO Anyan , YANG Wei . Adaptive reclosing based on fuzzy neural network[J]. Engineering Journal of Wuhan University, 2008, (41): 115- 118.
[1] Lizhao LI,Guoyong CAI,Jiao PAN. A microblog rumor events detection method based on C-GRU [J]. Journal of Shandong University(Engineering Science), 2019, 49(2): 102-106, 115.
[2] Xiaoxiong HOU,Xinzheng XU,Jiong ZHU,Yanyan GUO. Computer aided diagnosis method for breast cancer based on AlexNet and ensemble classifiers [J]. Journal of Shandong University(Engineering Science), 2019, 49(2): 74-79.
[3] XIE Zhifeng, WU Jiaping, MA Lizhuang. Chinese financial news classification method based on convolutional neural network [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(3): 34-39.
[4] TANG Leshuang, TIAN Guohui, HUANG Bin. An object fusion recognition algorithm based on DSmT [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(1): 50-56.
[5] ZHOU Funa, GAO Yulin, WANG Jiayu, WEN Chenglin. Early diagnosis and life prognosis for slowlyvarying fault based on deep learning [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2017, 47(5): 30-37.
[6] HE Zhengyi, ZENG Xianhua, QU Shengwei, WU Zhilong. The time series prediction model based on integrated deep learning [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2016, 46(6): 40-47.
[7] ZHENG Yi, ZHU Chengzhang. A prediction method of atmospheric PM2.5 based on DBNs [J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2014, 44(6): 19-25.
Full text



[1] WANG Su-yu,<\sup>,AI Xing<\sup>,ZHAO Jun<\sup>,LI Zuo-li<\sup>,LIU Zeng-wen<\sup> . Milling force prediction model for highspeed end milling 3Cr2Mo steel[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2006, 36(1): 1 -5 .
[2] LI Kan . Empolder and implement of the embedded weld control system[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2008, 38(4): 37 -41 .
[3] LI Liang, LUO Qiming, CHEN Enhong. Graph-based ranking model for object-level search
[4] CHEN Rui, LI Hongwei, TIAN Jing. The relationship between the number of magnetic poles and the bearing capacity of radial magnetic bearing[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2018, 48(2): 81 -85 .
[5] JI Tao,GAO Xu/sup>,SUN Tong-jing,XUE Yong-duan/sup>,XU Bing-yin/sup> . Characteristic analysis of fault generated traveling waves in 10 Kv automatic blocking and continuous power transmission lines[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2006, 36(2): 111 -116 .
[7] QIN Tong, SUN Fengrong*, WANG Limei, WANG Qinghao, LI Xincai. 3D surface reconstruction using the shape based interpolation guided by maximal discs[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2010, 40(3): 1 -5 .
[8] LIU Wen-liang, ZHU Wei-hong, CHEN Di, ZHANG Hong-quan. Detection and tracking of moving targets using the morphology match in radar images[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2010, 40(3): 31 -36 .
[9] SUN Guohua, WU Yaohua, LI Wei. The effect of excise tax control strategy on the supply chain system performance[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2009, 39(1): 63 -68 .
[10] SUN Weiwei, WANG Yuzhen. Finite gain stabilization of singlemachine infinite bus system subject to saturation[J]. JOURNAL OF SHANDONG UNIVERSITY (ENGINEERING SCIENCE), 2009, 39(1): 69 -76 .