{"id":"https://openalex.org/W7129071302","doi":"https://doi.org/10.1109/tdsc.2026.3665343","title":"LIVA: A Multi-Agent LLM-Assisted System for IoT Vulnerability Analysis","display_name":"LIVA: A Multi-Agent LLM-Assisted System for IoT Vulnerability Analysis","publication_year":2026,"publication_date":"2026-02-16","ids":{"openalex":"https://openalex.org/W7129071302","doi":"https://doi.org/10.1109/tdsc.2026.3665343"},"language":null,"primary_location":{"id":"doi:10.1109/tdsc.2026.3665343","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3665343","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5126153397","display_name":"Zhe Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zhe Yang","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0005-3735-7331","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126077000","display_name":"Hao Peng","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hao Peng","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-0458-5977","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043600708","display_name":"Yong Jiang","orcid":"https://orcid.org/0000-0001-5540-377X"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yanling Jiang","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126149162","display_name":"Jianwei Liu","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianwei Liu","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0003-2965-3518","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5126114734","display_name":"Hongbin Luo","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongbin Luo","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-6807-512X","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5125408495","display_name":"Mingsheng Tang","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Mingsheng Tang","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102013439","display_name":"Jiahe Li","orcid":"https://orcid.org/0000-0003-4131-3356"},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiahe Li","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0001-6596-501X","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5126117504","display_name":"Kun Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I82880672","display_name":"Beihang University","ror":"https://ror.org/00wk2mp56","country_code":"CN","type":"education","lineage":["https://openalex.org/I82880672"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kun Zhang","raw_affiliation_strings":["School of Cyber Science and Technology, Beihang University, Beijing, China"],"raw_orcid":"https://orcid.org/0009-0005-1755-1487","affiliations":[{"raw_affiliation_string":"School of Cyber Science and Technology, Beihang University, Beijing, China","institution_ids":["https://openalex.org/I82880672"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5126153397"],"corresponding_institution_ids":["https://openalex.org/I82880672"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.20339968,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"23","issue":"3","first_page":"6474","last_page":"6489"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7059999704360962,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.7059999704360962,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.08810000121593475,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.08560000360012054,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6626999974250793},{"id":"https://openalex.org/keywords/taint-checking","display_name":"Taint checking","score":0.6517000198364258},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.6165000200271606},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.503000020980835},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4943000078201294},{"id":"https://openalex.org/keywords/security-analysis","display_name":"Security analysis","score":0.48190000653266907},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.43160000443458557},{"id":"https://openalex.org/keywords/point","display_name":"Point (geometry)","score":0.41100001335144043}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8658000230789185},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6626999974250793},{"id":"https://openalex.org/C63116202","wikidata":"https://www.wikidata.org/wiki/Q7676227","display_name":"Taint checking","level":3,"score":0.6517000198364258},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.6165000200271606},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5683000087738037},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.503000020980835},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4943000078201294},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.48190000653266907},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.43160000443458557},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.41100001335144043},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.38960000872612},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3508000075817108},{"id":"https://openalex.org/C111335779","wikidata":"https://www.wikidata.org/wiki/Q3454686","display_name":"Reduction (mathematics)","level":2,"score":0.3441999852657318},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.32440000772476196},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.2962000072002411},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.29170000553131104},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2822999954223633},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.2786000072956085},{"id":"https://openalex.org/C172776598","wikidata":"https://www.wikidata.org/wiki/Q7943570","display_name":"Vulnerability management","level":4,"score":0.26759999990463257},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.26330000162124634},{"id":"https://openalex.org/C187691185","wikidata":"https://www.wikidata.org/wiki/Q2020720","display_name":"Grid","level":2,"score":0.26190000772476196}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tdsc.2026.3665343","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tdsc.2026.3665343","pdf_url":null,"source":{"id":"https://openalex.org/S133795288","display_name":"IEEE Transactions on Dependable and Secure Computing","issn_l":"1545-5971","issn":["1545-5971","1941-0018","2160-9209"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Dependable and Secure Computing","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.653509259223938}],"awards":[{"id":"https://openalex.org/G2541294726","display_name":null,"funder_award_id":"L253021","funder_id":"https://openalex.org/F4320322919","funder_display_name":"Natural Science Foundation of Beijing Municipality"},{"id":"https://openalex.org/G3818209425","display_name":null,"funder_award_id":"U25B2029","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7594744594","display_name":null,"funder_award_id":"62322202","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322919","display_name":"Natural Science Foundation of Beijing Municipality","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W202191487","https://openalex.org/W1538186256","https://openalex.org/W2060692877","https://openalex.org/W2085925880","https://openalex.org/W2166743230","https://openalex.org/W2514974017","https://openalex.org/W2532962075","https://openalex.org/W2882992559","https://openalex.org/W2884017574","https://openalex.org/W3015383024","https://openalex.org/W3107087963","https://openalex.org/W3111743984","https://openalex.org/W4200282997","https://openalex.org/W4223908338","https://openalex.org/W4245027182","https://openalex.org/W4294811443","https://openalex.org/W4384155508","https://openalex.org/W4386224065","https://openalex.org/W4388483262","https://openalex.org/W4391099804","https://openalex.org/W4391623949","https://openalex.org/W4391725290","https://openalex.org/W4394745858","https://openalex.org/W4400065514","https://openalex.org/W4401863706","https://openalex.org/W4402667093","https://openalex.org/W4403791800","https://openalex.org/W4405181837","https://openalex.org/W4405182814","https://openalex.org/W4405543707","https://openalex.org/W4406153408","https://openalex.org/W4409341650"],"related_works":[],"abstract_inverted_index":{"IoT":[0,75],"devices":[1,17,178],"have":[2,28,250],"become":[3],"deeply":[4],"integrated":[5],"into":[6],"our":[7],"daily":[8],"lives,":[9],"making":[10],"comprehensive":[11,168],"security":[12,33],"research":[13],"on":[14,173],"critical":[15,40],"infrastructure":[16],"increasingly":[18],"important.":[19],"Static":[20],"analysis":[21,67,115,119,163,226],"techniques,":[22],"particularly":[23],"those":[24],"leveraging":[25,92],"taint":[26,66,89,104,151],"propagation,":[27],"demonstrated":[29],"promise":[30],"in":[31,49,74,147,225,234],"identifying":[32,150],"vulnerabilities":[34,73,191],"within":[35],"these":[36,57],"devices,":[37],"effectively":[38],"detecting":[39,71],"vulnerabilities.":[41],"However,":[42],"current":[43],"solutions":[44,195],"often":[45,110],"struggle":[46],"with":[47,221],"limitations":[48],"both":[50],"detection":[51],"efficiency":[52,164],"and":[53,96,103,187,197,208,216],"accuracy.":[54],"To":[55],"address":[56],"challenges,":[58],"this":[59],"paper":[60],"introduces":[61],"Liva,":[62,171],"a":[63,79,122,131,142,174,212,217,222],"novel":[64],"static":[65,87],"tool":[68],"designed":[69],"for":[70,86,149],"web":[72],"devices.":[76],"Liva":[77,210,241],"employs":[78],"large":[80],"language":[81],"model":[82,125,140],"(LLM)":[83],"multi-agent":[84],"approach":[85],"binary":[88],"analysis,":[90],"primarily":[91],"fine-tuned":[93,129,139],"open-source":[94,124],"models":[95],"commercial":[97,157],"LLMs":[98],"to":[99,156,229],"improve":[100],"source/sink":[101],"identification":[102],"data":[105,152],"analysis\u2014areas":[106],"where":[107],"traditional":[108],"methods":[109],"fall":[111],"short\u2014thereby":[112],"enhancing":[113],"overall":[114],"efficiency.":[116],"LIVA's":[117],"core":[118],"engine":[120],"leverages":[121],"Qwen3-32B":[123],"that":[126,183],"has":[127],"been":[128,252],"using":[130],"dataset":[132,175],"of":[133,170,176,214,219,237,248],"3,000":[134],"real-world":[135],"device":[136],"samples.":[137],"This":[138],"achieves":[141,211],"3":[143],"percentage":[144],"point":[145],"improvement":[146],"accuracy":[148],"propagation":[153],"relationships":[154],"compared":[155,228],"LLMs,":[158],"while":[159,200],"also":[160],"increasing":[161],"average":[162],"by":[165,206],"5.5%.":[166],"A":[167],"evaluation":[169],"conducted":[172],"64":[177,243],"from":[179],"11":[180],"vendors,":[181],"revealed":[182],"it":[184],"detected":[185],"309":[186],"349":[188],"more":[189],"known":[190],"than":[192],"the":[193,230,235],"state-of-the-art":[194],"SaTC":[196],"Karonte,":[198],"respectively,":[199],"simultaneously":[201],"reducing":[202],"false":[203],"positive":[204],"rates":[205],"59.4%":[207],"67.6%.":[209],"recall":[213],"98.1%":[215],"precision":[218],"74.6%,":[220],"6.7\u00d7":[223],"reduction":[224],"time":[227],"best-performing":[231],"baseline.":[232],"Furthermore,":[233],"realm":[236],"zero-day":[238],"vulnerability":[239],"detection,":[240],"discovered":[242],"previously":[244],"unknown":[245],"vulnerabilities,":[246],"39":[247],"which":[249],"since":[251],"assigned":[253],"official":[254],"CVE/CNVD":[255],"identifiers.":[256]},"counts_by_year":[],"updated_date":"2026-05-15T06:05:50.897203","created_date":"2026-02-17T00:00:00"}