Treffer: A time factor-optimized lightweight identification method for third-party library vulnerabilities in low-altitude IoT.

The core functions of low-altitude Internet of things (IoT), such as communication and navigation heavily rely on third-party libraries. Vulnerabilities in third-party libraries can lead to significant risks such as drone loss of control and data leakage. To address the limitations of existing vulnerability identification methods, such as difficul-ties in promptly detecting vulnerabilities in newly migrated libraries and inefficiencies when running on resource-constrained IoT devices, a migration library vulnerability identification method based on time factor optimization was proposed. By deeply mining migration information from open-source projects, six metrics, including temporal support and label support, were constructed to screen novel and lightweight migration libraries. A streamlined transformer model was employed to detect vulnerabilities in the selected libraries, which reduced the computational burden on edge devices and enabled light-weight yet accurate vulnerability identification. Experimental results demonstrated that the proposed method achieved an average F1-score of 0.78 in vulnerability identification tasks, outperforming mainstream approaches by more than 10%. Training time was reduced by approximately 58%, and the average prediction time was only 4.7 ms. The method effectively enhanced both the security and real-time performance of library migration in low-altitude scenarios, providing efficient protection for low-altitude IoT devices. [ABSTRACT FROM AUTHOR]

Copyright of Chinese Journal on Internet of Things / Wulianwang Xuebao is the property of Beijing Xintong Media Co., Ltd. and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)