{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,24]],"date-time":"2026-06-24T07:49:49Z","timestamp":1782287389261,"version":"3.54.5"},"reference-count":35,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"9","license":[{"start":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T00:00:00Z","timestamp":1777593600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T00:00:00Z","timestamp":1777593600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T00:00:00Z","timestamp":1777593600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62401624"],"award-info":[{"award-number":["62401624"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Internet Things J."],"published-print":{"date-parts":[[2026,5,1]]},"DOI":"10.1109\/jiot.2026.3662325","type":"journal-article","created":{"date-parts":[[2026,2,9]],"date-time":"2026-02-09T21:08:09Z","timestamp":1770671289000},"page":"19058-19075","source":"Crossref","is-referenced-by-count":1,"title":["CID4IoT: IoT-Oriented Command Injection Vulnerability Detection Based on Critical Code Extraction and LLM Analysis"],"prefix":"10.1109","volume":"13","author":[{"ORCID":"https:\/\/orcid.org\/0009-0001-2372-6854","authenticated-orcid":false,"given":"Zhao","family":"Huang","sequence":"first","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhenji","family":"Zhou","sequence":"additional","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lei","family":"Song","sequence":"additional","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Fenglei","family":"Deng","sequence":"additional","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Lei","family":"Zhang","sequence":"additional","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kunkun","family":"SongGong","sequence":"additional","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Minghang","family":"Shen","sequence":"additional","affiliation":[{"name":"Army Engineering University of PLA, Nanjing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","volume-title":"60+ Amazing IoT Statistics (2024\u20132030)","author":"Duarte","year":"2024"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-024-00865-5"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/IC2IE60547.2023.10331333"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCNT49239.2020.9225283"},{"key":"ref5","first-page":"887","article-title":"Understanding and securing device vulnerabilities through automated bug report analysis","volume-title":"Proc. 28th USENIX Conf. Secur. Symp.","author":"Feng"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2023.3334017"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359826"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/3427228.3427294"},{"key":"ref10","first-page":"1099","article-title":"FIRM-AFL: High-throughput greybox fuzzing of IoT firmware via augmented process emulation","volume-title":"Proc. 28th USENIX Secur. Symp.","author":"Zheng"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23229"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/3423167"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598062"},{"key":"ref14","first-page":"303","article-title":"Sharing more and checking less: Leveraging common input keywords to detect bugs in embedded systems","volume-title":"Proc. 30th USENIX Secur. Symp. (USENIX Secur.)","author":"Chen"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00036"},{"key":"ref16","first-page":"7067","article-title":"Leveraging semantic relations in code and data to enhance taint analysis of embedded systems","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Secur.)","author":"Zhao"},{"key":"ref17","article-title":"xCodeEval: A large scale multilingual multitask benchmark for code understanding, generation, translation and retrieval","author":"Khan","year":"2023","journal-title":"arXiv:2303.03004"},{"key":"ref18","article-title":"AI-based blackbox code deobfuscation: Understand, improve and mitigate","author":"Menguy","year":"2021","journal-title":"arXiv:2102.04805"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3472883.3486995"},{"key":"ref20","article-title":"PentestGPT: An LLM-empowered automatic penetration testing tool","author":"Deng","year":"2023","journal-title":"arXiv:2308.06782"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1145\/3597926.3598067"},{"key":"ref22","article-title":"Pop quiz! Can a large language model help with reverse engineering?","author":"Pearce","year":"2022","journal-title":"arXiv:2202.01142"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3702973"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ISSREW60843.2023.00058"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542486"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME58944.2024.00012"},{"key":"ref27","article-title":"Evaluation of ChatGPT model for vulnerability detection","author":"Cheshkov","year":"2023","journal-title":"arXiv:2304.07232"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3670275"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-024-10594-x"},{"key":"ref30","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103971","article-title":"Detecting command injection vulnerabilities in linux-based embedded firmware with LLM-based taint analysis of library functions","volume":"144","author":"Ye","year":"2024","journal-title":"Comput. Secur."},{"key":"ref31","volume-title":"The Interactive Disassembler Pro is a Computer Software Disassembler Which Generates Assembly Language Code From Machine-Executable Code","year":"2005"},{"key":"ref32","volume-title":"An IDA Plugin Which Makes It Possible to Write Scripts for IDA","year":"2019"},{"key":"ref33","first-page":"1","article-title":"Faster and better: Detecting vulnerabilities in linux-based IoT firmware with optimized reaching definition analysis","volume-title":"Proc. Netw. Distrib. Syst. Secur. Symp.","author":"Gao"},{"key":"ref34","first-page":"1","article-title":"BERT: Pre-training of deep bidirectional transformers for language understanding","volume-title":"Proc. North Amer. Chapter Assoc. Comput. Linguistics","author":"Devlin"},{"key":"ref35","first-page":"7123","article-title":"Operation mango: Scalable discovery of taint-style vulnerabilities in binary firmware services","volume-title":"Proc. 33rd USENIX Secur. Symp. (USENIX Secur.)","author":"Gibbs"}],"container-title":["IEEE Internet of Things Journal"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/6488907\/11494393\/11381604.pdf?arnumber=11381604","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,27]],"date-time":"2026-04-27T19:51:16Z","timestamp":1777319476000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11381604\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,5,1]]},"references-count":35,"journal-issue":{"issue":"9"},"URL":"https:\/\/doi.org\/10.1109\/jiot.2026.3662325","relation":{},"ISSN":["2327-4662","2372-2541"],"issn-type":[{"value":"2327-4662","type":"electronic"},{"value":"2372-2541","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,5,1]]}}}