GFDG: A Genetic Fuzzing Method for the Controller Area Network Protoco

Stey, Miguel; Hachani, Murad; Fuxen, Philipp; Graf, Julian; Hackenberg, Rudolf

Home // CLOUD COMPUTING 2025, The Sixteenth International Conference on Cloud Computing, GRIDs, and Virtualization // View article

GFDG: A Genetic Fuzzing Method for the Controller Area Network Protoco

Authors:
Miguel Stey
Murad Hachani
Philipp Fuxen
Julian Graf
Rudolf Hackenberg

Keywords: Automotive Security; Controller Area Network; Fuzz Testing; Genetic Algorithm; Side-Channel Analysis

Abstract:
Ensuring the security of modern automotive systems is critical due to their increasing complexity and reliance on interconnected Electronic Control Units. The Controller Area Network still serves as a key communication protocol within these systems, making it a primary target for security testing. Traditional fuzz testing approaches for Controller Area Networks often rely on random or brute-force message generation, not leveraging the system's feedback to improve the generation process. This paper introduces the Genetic Fuzz Data Generator, a fuzzing method that leverages Genetic Algorithms and side-channel analysis to enhance Controller Area Network security testing. The Genetic Fuzz Data Generator dynamically refines its fuzzing strategy by evaluating system responses through side-channel data, such as processing unit temperatures and power supply variations. By structuring Controller Area Network messages as genetic individuals and applying evolutionary principles—including selection, crossover, and mutation—the Genetic Fuzz Data Generator systematically identifies active Controller Area Network IDs and generates targeted fuzz messages. Experimental validation was conducted on a real automotive electronic control unit within a controlled laboratory setup. The first results demonstrated the approach's effectiveness, revealing system anomalies, including a Denial of Service vulnerability that disrupted functions of the investigated Electronic Control Unit. The findings highlight the potential of feedback-driven fuzzing for improving the efficiency of black-box security testing in Controller Area Network-based systems. Future research could further optimize fitness functions or explore additional side-channel metrics.

Pages: 40 to 45

Copyright: Copyright (c) IARIA, 2025

Publication date: April 6, 2025

Published in: conference

ISSN: 2308-4294

ISBN: 978-1-68558-258-6

Location: Valencia, Spain

Dates: from April 6, 2025 to April 10, 2025