To systematically explore the input and state space of HTTP protocol implementations and automate vulnerability discovery, a large language model-driven security testing method, LRPT, was proposed. Targeting text-based protocols such as HTTP in network devices, the method built an intelligent agent system centered on the DeepSeek model. It semantically analyzed limited captured traffic to infer protocol message formats. Based on these inferred formats, the system generated test requests, sent them to the server, and captured responses. The agent iteratively analyzed the responses to expand the protocol’s input and state space. On this basis, it autonomously generated test cases likely to trigger security flaws and detected potential vulnerabilities. Experimental results showed that the method could explore a broader range of request types and parameter combinations, even with minimal traffic samples, and uncovered ten security vulnerabilities on network devices. These findings demonstrate the effectiveness of large language models in protocol security testing and provide a novel intelligent approach to protocol analysis and vulnerability discovery.

With the widespread deployment of unmanned aerial vehicle (UAV) swarms in emergency response, intelligent reconnaissance, and collaborative operations, identity authentication technologies face critical challenges such as communication link exposure, dynamic node mobility, and resource constraints. To address these issues, this paper proposed a multi-module entropy-cooperative PUF (Physical Unclonable Function) generation method tailored for general-purpose micro-UAV platforms. The method leveraged onboard hardware components—including analog-to-digital converters (ADC), pulse-width modulators (PWM), real-time clocks (RTC), and floating-point units (FPU)—as heterogeneous entropy sources. A self-supervised encoder with cross-layer residual connections was employed to extract stable features from each module while preserving critical identification cues through residual pathways. This design generated challenge-response pairs (CRPs) with improved stability and uniqueness, effectively mitigating the instability, limited entropy strength, and modeling vulnerabilities found in single-module PUFs. In addition, a decentralized identity authentication protocol was designed based on extended CRPs to overcome the reliance on centralized authorities and the risk of single points of failure. Experimental results showed that the proposed PUF generation method significantly outperformed traditional schemes in resisting machine learning-based modeling attacks. Formal analysis under the Dolev-Yao threat model using the Scyther tool further validated the security of the proposed distributed authentication process, revealing no feasible attack paths across multiple simulated adversarial rounds. This work provides a lightweight, hardware-compatible authentication solution that enables secure, decentralized identity verification for UAV swarms operating in dynamic and resource-constrained environments.