LIVA: A Multi-Agent LLM-Assisted System for IoT Vulnerability Analysis

Release time:2026-03-16 Hits:

DOI number:10.1109/TDSC.2026.3665343

Journal:IEEE Transactions on Dependable and Secure Computing

Key Words:Microprogramming, Internet of Things, Security, Codes, Semantics, Web services, Large language models, Accuracy, HTTP, Computer architecture

Abstract:IoT devices have become deeply integrated into our daily lives, making comprehensive security research on critical infrastructure devices increasingly important. Static analysis techniques, particularly those leveraging taint propagation, have demonstrated promise in identifying security vulnerabilities within these devices, effectively detecting critical vulnerabilities. However, current solutions often struggle with limitations in both detection efficiency and accuracy. To address these challenges, this paper introduces Liva, a novel static taint analysis tool designed for detecting web vulnerabilities in IoT devices. Liva employs a large language model (LLM) multi-agent approach for static binary taint analysis, primarily leveraging fine-tuned open-source models and commercial LLMs to improve source/sink identification and taint data analysis—areas where traditional methods often fall short—thereby enhancing overall analysis efficiency. LIVA's core analysis engine leverages a Qwen3-32B open-source model that has been fine-tuned using a dataset of 3,000 real-world device samples. This fine-tuned model achieves a 3 percentage point improvement in accuracy for identifying taint data propagation relationships compared to commercial LLMs, while also increasing average analysis efficiency by 5.5%. A comprehensive evaluation of Liva, conducted on a dataset of 64 devices from 11 vendors, revealed that it detected 309 and 349 more known vulnerabilities than the state-of-the-art solutions SaTC and Karonte, respectively, while simultaneously reducing false positive rates by 59.4% and 67.6%. Liva achieves a recall of 98.1% and a precision of 74.6%, with a 6.7× reduction in analysis time compared to the best-performing baseline. Furthermore, in the realm of zero-day vulnerability detection, Liva discovered 64 previously unknown vulnerabilities, 39 of which have since been assigned official CVE/CNVD identifiers.

Co-author:Mingsheng Tang

Indexed by:Journal paper

First-Level Discipline:Computer Science and Technology

Document Type:J

Translation or Not:no

Date of Publication:2026-02-16

Included Journals:SCI