基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法

高燕; 罗琴

doi:10.11959/j.issn.2096-3750.2025.00519

您当前的位置：

首页 >

文章列表页 >

基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法

理论与技术 | 更新时间：2026-01-04

- 基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法
- Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT
- 物联网学报 2025年9卷第4期页码：125-136
- 作者机构：
  
  1.中国电子科技集团公司第三十研究所，四川成都 610000
  2.西南石油大学计算机与软件学院，四川成都 610000
- 作者简介：
  
  [ "高燕（1981‒ ），女，中国电子科技集团公司第三十研究所高级工程师，主要研究方向为通信技术、计算机网络、网络安全。" ]
  [ "罗琴（1981‒ ），女，博士，西南石油大学计算机与软件学院副研究员，主要研究方向为空间信息网络、网络安全。" ]
- 基金信息：
  
  MMR[3]：设计了4种量化指标，从项目层面挖掘并排序迁移规则
- DOI：10.11959/j.issn.2096-3750.2025.00519
  中图分类号：
- 收稿：2025-07-20，
  
  修回：2025-09-12，
  
  纸质出版：2025-12-10
- 稿件说明：
移动端阅览
高燕,罗琴.基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法[J].物联网学报,2025,09(04):125-136.

GAO Yan,LUO Qin.Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT[J].Chinese Journal on Internet of Things,2025,09(04):125-136.
高燕,罗琴.基于时间因子优化的低空物联网第三方库漏洞轻量化识别方法[J].物联网学报,2025,09(04):125-136. DOI： 10.11959/j.issn.2096-3750.2025.00519.

GAO Yan,LUO Qin.Time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT[J].Chinese Journal on Internet of Things,2025,09(04):125-136. DOI： 10.11959/j.issn.2096-3750.2025.00519.

摘要

低空物联网的通信、导航等核心功能高度依赖第三方库，而此类库中的漏洞可能引发无人机失控、数据泄露等重大安全风险。针对现有漏洞识别方法难以及时捕捉新迁移库漏洞，且难以在资源受限的物联网设备中高效运行等问题，提出了一种基于时间因子优化的迁移库漏洞识别方法。该方法通过深度挖掘开源项目中的迁移信息，构建包括时间支持度、标签支持度在内的6类指标，筛选出新颖的轻量级迁移库。在此基础上，采用精简Transformer模型对所选库进行漏洞检测，降低边缘设备的计算负担，实现对漏洞的轻量化准确识别。实验结果表明，所提方法在漏洞识别任务中的

1值平均达到0.78，相比主流方法提升10%以上，训练时间缩短了约58%，平均预测时间仅4.7 ms，能够有效提升低空场景下库迁移过程的安全性与实时性，为低空物联网设备提供高效的安全防护。

Abstract

The core functions of low-altitude Internet of things (IoT)

such as communication and navigation heavily rely on third-party libraries. Vulnerabilities in third-party libraries

can lead to significant risks such as drone loss of control and data leakage. To address the limitations of existing vulnerability identification methods

such as difficul-ties in promptly detecting vulnerabilities in newly migrated libraries and inefficiencies when running on resource-constrained IoT devices

a migration library vulnerability identification method based on time factor optimization was proposed. By deeply mining migration information from open-source projects

six metrics

including temporal support and label support

were constructed to screen novel and lightweight migration libraries. A streamlined transformer model was employed to detect vulnerabilities in the selected libraries

which reduced the computational burden on edge devices and enabled light-weight yet accurate vulnerability identification. Experimental results demonstrated that the proposed method achieved an average

1-score of 0.78 in vulnerability identification tasks

outperforming mainstream approaches by more than 10%. Training time was reduced by approximately 58%

and the average prediction time was only 4.7 ms. The method effectively enhanced both the security and real-time performance of library migration in low-altitude scenarios

providing efficient protection for low-altitude IoT devices.

关键词

Keywords

references

LARIOS VARGAS E , ANICHE M , TREUDE C , et al . Selecting third-party libraries: the practitioners’ perspective [C ] // Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering . New York : ACM , 2020 : 245 - 256 .

TEYTON C , FALLERI J R , BLANC X . Mining library migration graphs [C ] // Proceedings of the 2012 19th Working Conference on Reverse Engineering . Piscataway : IEEE Press , 2012 : 289 - 298 .

HE H , XU Y L , MA Y X , et al . A multi-metric ranking approach for library migration recommendations [C ] // Proceedings of the 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER) . Piscataway : IEEE Press , 2021 : 72 - 83 .

LI B , QUAN H W , WANG J W , et al . Neural library recommendation by embedding project-library knowledge graph [J ] . IEEE Transactions on Software Engineering , 2024 , 50 ( 6 ): 1620 - 1638 .

JIANG T , WANG D Q , SUN L L , et al . LightXML: Transformer with dynamic negative sampling for high-performance extreme multi-label text classification [J ] . Proceedings of the AAAI Conference on Artificial Intelligence , 2021 , 35 ( 9 ): 7987 - 7994 .

LYU Y B , LE-CONG T , KANG H J , et al . Chronos: time-aware zero-shot identification of libraries from vulnerability reports [C ] // Proceedings of the 45th International Conference on Software Engineering . New York : ACM , 2023 : 1033 - 1045 .

TANG B W , YAN L , ZHANG J , et al . Data-free generalized zero-shot learning [J ] . arXiv preprint , 2024 , arXiv: 2401.15657 .

ZHANG T , LIANG K M , DU R Y , et al . Disentangling before composing: learning invariant disentangled features for compositional zero-shot learning [J ] . IEEE Transactions on Pattern Analysis and Machine Intelligence , 2025 , 47 ( 2 ): 1132 - 1147 .

CHEN Y , SANTOSA A E , SHARMA A , et al . Automated identification of libraries from vulnerability data [C ] // Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice . New York : ACM , 2020 : 90 - 99 .

ALRUBAYE H , MKAOUER M W , OUNI A . MigrationMiner: an automated detection tool of third-party Java library migration at the method level [C ] // Proceedings of the 2019 IEEE International Conference on Software Maintenance and Evolution (ICSME) . Piscataway : IEEE Press , 2019 : 414 - 417 .

PRABHU Y , VARMA M . FastXML: a fast, accurate and stable tree-classifier for extreme multi-label learning [C ] // Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining . New York : ACM , 2014 : 263 - 272 .

KHANDAGALE S , XIAO H , BABBAR R . Bonsai: diverse and shallow trees for extreme multi-label classification [J ] . Machine Learning , 2020 , 109 ( 11 ): 2099 - 2119 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

基于选举策略的低空物联网稳定联邦学习方法