Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT

GAO Yan; LUO Qin

doi:10.11959/j.issn.2096-3750.2025.00519

您当前的位置：

首页 >

文章列表页 >

Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT

Theory and Technology | 更新时间：2026-01-04

- Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT
- Chinese Journal on Internet of Things Vol. 9, Issue 4, Pages: 125-136(2025)
- 作者机构：
  
  1.中国电子科技集团公司第三十研究所，四川成都 610000
  2.西南石油大学计算机与软件学院，四川成都 610000
- 作者简介：
- 基金信息：
- DOI：10.11959/j.issn.2096-3750.2025.00519
  CLC：
- Received：20 July 2025，
  
  Revised：2025-09-12，
  
  Published：10 December 2025
- 稿件说明：
移动端阅览
高燕,罗琴.基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法[J].物联网学报,2025,09(04):125-136.

GAO Yan,LUO Qin.Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT[J].Chinese Journal on Internet of Things,2025,09(04):125-136.
高燕,罗琴.基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法[J].物联网学报,2025,09(04):125-136. DOI： 10.11959/j.issn.2096-3750.2025.00519.

GAO Yan,LUO Qin.Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT[J].Chinese Journal on Internet of Things,2025,09(04):125-136. DOI： 10.11959/j.issn.2096-3750.2025.00519.

摘要

低空物联网的通信、导航等核心功能高度依赖第三方库，而此类库中的漏洞可能引发无人机失控、数据泄露等重大安全风险。针对现有漏洞识别方法难以及时捕捉新迁移库漏洞，且难以在资源受限的物联网设备中高效运行等问题，提出了一种基于时间因子优化的迁移库漏洞识别方法。该方法通过深度挖掘开源项目中的迁移信息，构建包括时间支持度、标签支持度在内的6类指标，筛选出新颖的轻量级迁移库。在此基础上，采用精简Transformer模型对所选库进行漏洞检测，降低边缘设备的计算负担，实现对漏洞的轻量化准确识别。实验结果表明，所提方法在漏洞识别任务中的

1值平均达到0.78，相比主流方法提升10%以上，训练时间缩短了约58%，平均预测时间仅4.7 ms，能够有效提升低空场景下库迁移过程的安全性与实时性，为低空物联网设备提供高效的安全防护。

Abstract

The core functions of low-altitude Internet of things (IoT)

such as communication and navigation heavily rely on third-party libraries. Vulnerabilities in third-party libraries

can lead to significant risks such as drone loss of control and data leakage. To address the limitations of existing vulnerability identification methods

such as difficul-ties in promptly detecting vulnerabilities in newly migrated libraries and inefficiencies when running on resource-constrained IoT devices

a migration library vulnerability identification method based on time factor optimization was proposed. By deeply mining migration information from open-source projects

six metrics

including temporal support and label support

were constructed to screen novel and lightweight migration libraries. A streamlined transformer model was employed to detect vulnerabilities in the selected libraries

which reduced the computational burden on edge devices and enabled light-weight yet accurate vulnerability identification. Experimental results demonstrated that the proposed method achieved an average

1-score of 0.78 in vulnerability identification tasks

outperforming mainstream approaches by more than 10%. Training time was reduced by approximately 58%

and the average prediction time was only 4.7 ms. The method effectively enhanced both the security and real-time performance of library migration in low-altitude scenarios

providing efficient protection for low-altitude IoT devices.

关键词

Keywords

references

LARIOS VARGAS E , ANICHE M , TREUDE C , et al . Selecting third-party libraries: the practitioners’ perspective [C ] // Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering . New York : ACM , 2020 : 245 - 256 .

TEYTON C , FALLERI J R , BLANC X . Mining library migration graphs [C ] // Proceedings of the 2012 19th Working Conference on Reverse Engineering . Piscataway : IEEE Press , 2012 : 289 - 298 .

HE H , XU Y L , MA Y X , et al . A multi-metric ranking approach for library migration recommendations [C ] // Proceedings of the 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) . Piscataway : IEEE Press , 2021 : 72 - 83 .

LI B , QUAN H W , WANG J W , et al . Neural library recommendation by embedding project-library knowledge graph [J ] . IEEE Transactions on Software Engineering , 2024 , 50 ( 6 ): 1620 - 1638 .

JIANG T , WANG D Q , SUN L L , et al . LightXML: Transformer with dynamic negative sampling for high-performance extreme multi-label text classification [J ] . Proceedings of the AAAI Conference on Artificial Intelligence , 2021 , 35 ( 9 ): 7987 - 7994 .

LYU Y B , LE-CONG T , KANG H J , et al . Chronos: time-aware zero-shot identification of libraries from vulnerability reports [C ] // Proceedings of the 45th International Conference on Software Engineering . New York : ACM , 2023 : 1033 - 1045 .

TANG B W , YAN L , ZHANG J , et al . Data-free generalized zero-shot learning [J ] . arXiv preprint , 2024 , arXiv: 2401.15657 .

ZHANG T , LIANG K M , DU R Y , et al . Disentangling before composing: learning invariant disentangled features for compositional zero-shot learning [J ] . IEEE Transactions on Pattern Analysis and Machine Intelligence , 2025 , 47 ( 2 ): 1132 - 1147 .

CHEN Y , SANTOSA A E , SHARMA A , et al . Automated identification of libraries from vulnerability data [C ] // Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice . New York : ACM , 2020 : 90 - 99 .

ALRUBAYE H , MKAOUER M W , OUNI A . MigrationMiner: an automated detection tool of third-party Java library migration at the method level [C ] // Proceedings of the 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME) . Piscataway : IEEE Press , 2019 : 414 - 417 .

PRABHU Y , VARMA M . FastXML: a fast, accurate and stable tree-classifier for extreme multi-label learning [C ] // Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining . New York : ACM , 2014 : 263 - 272 .

KHANDAGALE S , XIAO H , BABBAR R . Bonsai: diverse and shallow trees for extreme multi-label classification [J ] . Machine Learning , 2020 , 109 ( 11 ): 2099 - 2119 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Stable federated learning method for low-altitude IoT networks based on election strategy

Related Author

SHEN Lingfeng

WANG Guanghui

BAI Tianshui

ZHU Zhengyu

ZHANG Qiankun

Related Institution

School of Software, Henan University

Henan International Joint Laboratory of Intelligent Network Theory and Key Technology

School of Electrical and Information Engineering, Zhengzhou University

China Information Technology Designing & Consulting Institute Co., Ltd.

⁰