Can Movable Antenna-enabled Micro-Mobility Replace UAV-enabled Macro-Mobility? A Physical Layer Security Perspective

This paper investigates the potential of movable antenna (MA)-enabled micro-mobility to replace UAV-enabled macro-mobility for enhancing physical layer security (PLS) in air-to-ground communications. While UAV trajectory optimization offers high flexibility and Line-of-Sight (LoS) advantages, it suffers from significant energy consumption, latency, and complex trajectory optimization. Conversely, MA technology provides fine-grained spatial reconfiguration (antenna positioning within a confined area) with ultra-low energy overhead and millisecond-scale response, enabling real-time channel manipulation and covert beam steering. To systematically compare these paradigms, we establish a dual-scale mobility framework where a UAV-mounted uniform linear array (ULA) serves as a base station transmitting confidential information to a legitimate user (Bob) in the presence of an eavesdropper (Eve). We formulate non-convex average secrecy rate (ASR) maximization problems for both schemes: 1) MA-based micro-mobility: Jointly optimizing antenna positions and beamforming (BF) vectors under positioning constraints; 2) UAV-based macro-mobility: Jointly optimizing the UAV's trajectory and BF vectors under kinematic constraints. Extensive simulations reveal distinct operational regimes: MA micro-mobility demonstrates significant ASR advantages in low-transmit-power scenarios or under antenna constraints due to its energy-efficient spatial control. Conversely, UAV macro-mobility excels under resource-sufficient conditions (higher power, larger antenna arrays) by leveraging global mobility for optimal positioning. The findings highlight the complementary strengths of both approaches, suggesting hybrid micro-macro mobility as a promising direction for balancing security, energy efficiency, and deployment complexity in future wireless networks.

PatchFinder: A Two-Phase Approach to Security Patch Tracing for Disclosed Vulnerabilities in Open-Source Software

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to patches. Although rank-based approaches have been proposed for security patch tracing, they heavily rely on handcrafted features in a single-step framework, which limits their effectiveness. In this paper, we propose PatchFinder, a two-phase framework with end-to-end correlation learning for better-tracing security patches. In the **initial retrieval** phase, we employ a hybrid patch retriever to account for both lexical and semantic matching based on the code changes and the description of a CVE, to narrow down the search space by extracting those commits as candidates that are similar to the CVE descriptions. Afterwards, in the **re-ranking** phase, we design an end-to-end architecture under the supervised fine-tuning paradigm for learning the semantic correlations between CVE descriptions and commits. In this way, we can automatically rank the candidates based on their correlation scores while maintaining low computation overhead. We evaluated our system against 4,789 CVEs from 532 OSS projects. The results are highly promising: PatchFinder achieves a Recall@10 of 80.63% and a Mean Reciprocal Rank (MRR) of 0.7951. Moreover, the Manual Effort@10 required is curtailed to 2.77, marking a 1.94 times improvement over current leading methods. When applying PatchFinder in practice, we initially identified 533 patch commits and submitted them to the official, 482 of which have been confirmed by CVE Numbering Authorities.