Timely identification of issue reports reflecting software vulnerabilities is crucial, particularly for Internet-of-Things (IoT) where analysis is slower than non-IoT systems. While Machine Learning (ML) and Large Language Models (LLMs) detect vulnerability-indicating issues in non-IoT systems, their IoT use remains unexplored. We are the first to tackle this problem by proposing two approaches: (1) combining ML and LLMs with Natural Language Processing (NLP) techniques to detect vulnerability-indicating issues of 21 Eclipse IoT projects and (2) fine-tuning a pre-trained BERT Masked Language Model (MLM) on 11,000 GitHub issues for classifying \vul. Our best performance belongs to a Support Vector Machine (SVM) trained on BERT NLP features, achieving an Area Under the receiver operator characteristic Curve (AUC) of 0.65. The fine-tuned BERT achieves 0.26 accuracy, emphasizing the importance of exposing all data during training. Our contributions set the stage for accurately detecting IoT vulnerabilities from issue reports, similar to non-IoT systems.

翻译：及时识别反映软件漏洞的问题报告至关重要，尤其对于物联网系统而言，其分析速度通常慢于非物联网系统。尽管机器学习和大型语言模型已用于检测非物联网系统中的漏洞指示性问题，但它们在物联网领域的应用仍未被探索。我们首次通过提出两种方法来解决这一问题：（1）结合机器学习、大型语言模型与自然语言处理技术，以检测21个Eclipse物联网项目中的漏洞指示性问题；（2）在11,000个GitHub问题上微调预训练的BERT掩码语言模型，用于分类漏洞。我们的最佳性能来自基于BERT自然语言处理特征训练的支持向量机，其接收者操作特征曲线下面积达到0.65。微调后的BERT模型准确率为0.26，突显了训练过程中暴露全部数据的重要性。我们的贡献为从问题报告中准确检测物联网漏洞奠定了基础，类似于非物联网系统。