Towards Autonomous Detection and Hot Patching of Binary Vulnerabilities in UAV Software

I. Stopochkina, O. Novikov, M. Ilin, A. Voitsekhovskyi (Igor Sikorsky KPI, Ukraine)

Modern Unmanned Aerial Vehicles (UAVs) increasingly rely on complex software stacks, making them vulnerable to zero-day exploits and binary-level attacks. Traditional security patching cycles are often too slow for mission-critical operations, especially when communication bandwidth is limited. This paper proposes a novel methodology for the autonomous detection and "hot patching" of binary vulnerabilities in UAV firmware. The core of the proposed approach is a specialized pipeline that leverages Large Language Models (LLMs) to analyze disassembled code, identify vulnerable patterns, and generate minimal, functionally equivalent security patches in machine code. To ensure seamless deployment without mission interruption, the system integrates an automated Over-the-Air (OTA) distribution mechanism. This mechanism utilizes a modular architecture to inject patches into the running process memory (hot patching), minimizing downtime and preserving the UAV’s operational state. Preliminary results suggest that LLM-driven synthesis significantly reduces the time-to-patch compared to manual methods, while the OTA-based delivery ensures robust synchronization across the fleet. To mitigate the stochastic nature of LLM outputs, the proposed framework employs a multi-stage validation loop. Each generated patch undergoes formal verification through symbolic execution and automated regression testing in a Software-in-the-Loop (SITL) environment. This ensures that the security fix does not introduce side effects into the UAV’s flight control logic or real-time constraints. Keywords: UAV Security, Binary Vulnerabilities, Hot Patching, Large Language Models (LLM), Over-the-Air (OTA) Updates, Autonomous Systems