A Survey of Software Clone Detection From Security Perspective

For software engineering, if two code fragments are closely similar with minor modifications or even identical due to a copy-paste behavior, that is called software/code clone. Code clones can cause trouble in software maintenance and debugging process because identifying all copied compromised code fragments in other locations is time-consuming. Researchers have been working on code clone detection issues for a long time, and the discussion mainly focuses on software engineering management and system maintenance. Another considerable issue is that code cloning provides an easy way to attackers for malicious code injection. A thorough survey work of code clone identification/detection from the security perspective is indispensable for providing a comprehensive review of existing related works and proposing future potential research directions. This paper can satisfy above requirements. We review and introduce existing security-related works following three different classifications and various comparison criteria. We then discuss three further research directions, (i) deep learning-based code clone vulnerability detection, (ii) vulnerable code clone detection for 5G-Internet of Things devices, and (iii) real-time detection methods for more efficiently detecting clone attacks. These methods are more advanced and adaptive to technological development than current technologies, and still have enough research space for future studies.