Modern vehicles are increasingly integrating electronic control units (ECUs),
enhancing their intelligence but also amplifying potential security threats.
Vehicle network security testing is crucial for ensuring the safety of
passengers and vehicles. ECUs communicate via the in-vehicle network, adhering
to the Controller Area Network (CAN) bus protocol. Due to its exposed
interfaces, lack of data encryption, and absence of identity authentication, the
CAN network is susceptible to exploitation by attackers. Fuzz testing is a
critical technique for uncovering vulnerabilities in CAN network. However,
existing fuzz testing methods primarily generate message randomly, lacking
learning from the data, which results in numerous ineffective test cases,
affecting the efficiency of fuzz testing. To improve the effectiveness and
specificity of testing, understanding of the CAN message format is essential.
However, the communication matrix of CAN messages is proprietary to the Original
Equipment Manufacturer (OEM) and varie s among different models of the same
vehicle brand, requiring manual reverse analysis of the CAN protocol, which
significantly increases the cost and complexity of an attack. To enhance the
efficiency of fuzz testing data generation, a fuzz testing data generation
algorithm based on Denoising Diffusion Probabilistic Models (DDPMs) is proposed.
This method learns the distribution of existing CAN bus message data, enabling
the generation of data messages similar to the original data distribution for
testing purposes. Furthermore, the LoRA fine-tuning method is introduced to
accommodate the differences between communication matrices of various vehicles.
Comparative analysis indicates that this method can generate fuzz test messages
that more closely resemble real message data than existing methods.