On the Effectiveness of Clone Detection for Detecting IoT-related Vulnerable Clones

Since IoT systems provide services over the Internet, they must continue to operate safely even if malicious users attack them. Since the computational resources of edge devices connected to the IoT are limited, lightweight platforms and network protocols are often used. Lightweight platforms and network protocols are less resistant to attacks, increasing the risk that developers will embed vulnerabilities. The code clone research community has been developing approaches to fix buggy (e.g., vulnerable) clones simultaneously. However, there has been little research on IoT-related vulnerable clones. It is unclear whether existing code clone detection techniques can perform simultaneous fixes of the vulnerable clones. In this study, we first created two datasets of IoT-related vulnerable code. We then conducted a preliminary investigation to show whether existing code clone detection tools (e.g., NiCaD, CCFinderSW) are capable of detecting IoT-related vulnerable clones by applying them to the created datasets. The preliminary result shows that the existing tools can detect them partially.