Kentaro Ohno,Norihiro Yoshida,Wenqing Zhu,Hiroaki Takada

DOI: https://doi.org/10.48550/arXiv.2110.10493

2021-10-20

Abstract:Since IoT systems provide services over the Internet, they must continue to operate safely even if malicious users attack them. Since the computational resources of edge devices connected to the IoT are limited, lightweight platforms and network protocols are often used. Lightweight platforms and network protocols are less resistant to attacks, increasing the risk that developers will embed vulnerabilities. The code clone research community has been developing approaches to fix buggy (e.g., vulnerable) clones simultaneously. However, there has been little research on IoT-related vulnerable clones. It is unclear whether existing code clone detection techniques can perform simultaneous fixes of the vulnerable clones. In this study, we first created two datasets of IoT-related vulnerable code. We then conducted a preliminary investigation to show whether existing code clone detection tools (e.g., NiCaD, CCFinderSW) are capable of detecting IoT-related vulnerable clones by applying them to the created datasets. The preliminary result shows that the existing tools can detect them partially.

Cryptography and Security,Software Engineering

Qiu-Yuan CHEN,Shan-Ping LI,Meng YAN,Xin XIA

DOI: https://doi.org/10.13328/j.cnki.jos.005711

2019-01-01

Journal of Software

Abstract:Code clone refers to more than two duplicate or similar code fragments existing in a software system. Code clone is a common phenomenon during software development which can facilitate development and has positive impacts on software system. However, research shows that code clone will also do harm to the development and maintenance of software system, including but not limited to the decline of stability, redundancy of source code repository and propagation of software defects. Code clone is one of the most active research areas in software engineering. Therefore, various detection techniques are proposed to automatically detect code clone in software systems, which help improve software quality. There are a lot of achievements in this area, and these techniques can be categorized to text-based, lexisbased, syntax-based and semantic-based categories. Current techniques have obtained effective results in text-based clone detection, but still challenges in detecting other types of code clone. More advanced and unified theoretic and technical guidelines are needed to improve code clone detection techniques. Therefore, in this paper, we present a literature review for code detection especially from the perspective of source code representation. In summary, the contributions of this paper are: (1) We conclude and classify current code clone detection techniques from the perspective of code representation; (2) We conclude the model validation and performance measures in model evaluation; and (3) We summarize the key issues of code clone research from three aspects: scientific, practical and technical difficulties. We elaborate on the possible solutions to the problems and the future development of the research, focusing on data annotation, characteri zation methods, model construction and engineering practice.

Kai Bu,Minyu Weng,Yi Zheng,Bin Xiao,Xuan Liu

DOI: https://doi.org/10.1109/comst.2017.2688411

2017-01-01

Abstract:Radio-frequency identification (RFID) is one of the driving technologies for Internet of Things. The architecture-succinctness and cost-effectiveness of RFID tags promise their proliferation as well as allure security and privacy breaches. The cloning attack using clone tags to impersonate genuine tags can lead to unimaginable threats because RFID applications equate tag genuineness to the authenticity of tagged objects. Proposed countermeasures, however, keep showing limitations in effectiveness, efficiency, security, privacy, or applicability as new RFID applications emerge. The countermeasures therefore require constant review and improvement to stay at the leading edge. In this paper, we conduct the first comprehensive and systematic survey of RFID clone prevention and detection solutions. We systematically classify existing RFID cloning countermeasures over the period 2003-2016, sketch the main idea and highlight the strengths and weaknesses of each solution type, and summarize the similarity and difference among solution types. We find that RFID cloning countermeasures turn to be much more complex to design than they were thought in the literature. Prevention solutions can hardly thwart RFID cloning completely. Detection solutions may have specific application requirements to take effect. Many open issues further complicate the design of RFID cloning countermeasures. We hope that our survey can provide academic researchers and industrial engineers with useful references to combat RFID cloning and therefore to secure RFID ecosystem.

Farhan Ullah,Muhammad Rashid Naeem,Leonardo Mostarda,Syed Aziz Shah

DOI: https://doi.org/10.1007/s13042-020-01246-9

2021-01-10

International Journal of Machine Learning and Cybernetics

Abstract:The protection and privacy of the 5G-IoT framework is a major challenge due to the vast number of mobile devices. Specialized applications running these 5G-IoT systems may be vulnerable to clone attacks. Cloning applications can be achieved by stealing or distributing commercial Android apps to harm the advanced services of the 5G-IoT framework. Meanwhile, most Android app stores run and manage Android apps that developers have submitted separately without any central verification systems. Android scammers sell pirated versions of commercial software to other app stores under different names. Android applications are typically stored on cloud servers, while API access services may be used to detect and prevent cloned applications from being released. In this paper, we proposed a hybrid approach to the Control Flow Graph (CFG) and a deep learning model to secure the smart services of the 5G-IoT framework. First, the newly submitted APK file is extracted and the JDEX decompiler is used to retrieve Java source files from possibly original and cloned applications. Second, the source files are broken down into various android-based components. After generating Control-Flow Graphs (CFGs), the weighted features are stripped from each component. Finally, the Recurrent Neural Network (RNN) is designed to predict potential cloned applications by training features from different components of android applications. Experimental results have shown that the proposed approach can achieve an average accuracy of 96.24% for cloned applications selected from different android application stores.

Kechao Wang,Chenguang Zhu,Tiantian Wang,Xiaohong Su

DOI: https://doi.org/10.3969/j.issn.1001-3695.2017.03.025

2017-01-01

Abstract:Most existing clone detection tools only output the detection results in the form of clone sets,lacking clone analysis.To solve this problem,this paper proposed a key clone recognition approach.The approach could analysis the clones which decreased the quality of software.Firstly,this approach defined a unified clone representation form to support the analysis of various clone detection tools.Then,the approach analysed the source code and clone detection results to detect identifier renaming inconsistent clones,which were potential bugs.Next,the approach detected the clones diffusing in various functional different files,which might decrease the maintainability of software.Finally,the approach visually analysed the detection results.The proposed analysis tool analyzed the open source code httpd,which detected 1 identifier renaming inconsistent clone,and 44 clones diffusing in various functional different files.The experimental results show that it can facilitate the analysis and maintenance of code clones.

Shui-Tao GAN,Xiao-Jun QIN,Zuo-Ning CHEN,Lin-Zhang WANG

DOI: https://doi.org/10.13328/j.cnki.jos.004786

2015-01-01

Abstract:This article proposes a clone detection method based on a program characteristic metrics. Though analyzing the syntax and semantic characteristics of vulnerabilities, this detection method abstracts certain key nodes which describe different forms of vulnerability type from syntax parser tree, and expands four basic types of code clone to auxiliary classes. The characteristic metrics of the code then is finalized by obtaining the number of key nodes which are calculated via scanning corresponding code segment in the syntax parser tree. The clone detection based on a characteristic metrics creates basic knowledge base by extracting partial instances of open vulnerability database, and precisely locates the vulnerability codes by performing cluster calculation on the same codes responding to multiple types of code clone. Comparing with the detection method based on single characteristic vector, the proposed method produces more precise description about vulnerability. This detection method also offers a remedy to the drawbacks of formal detection method on its vulnerability type covering ability. Nine vulnerabilities are detected in an android-kernel system test. Testing on software of different code sizes shows that the performance of this method is linear with the size of the code.

Kai Bu,Mingjie Xu,Xuan Liu,Jiaqing Luo,Shigeng Zhang

DOI: https://doi.org/10.1109/mass.2014.12

2014-01-01

Abstract:Cloning attacks seriously impede the security of Radio-Frequency Identification (RFID) applications. In this paper, we tackle deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few clones tolerated. We propose two protocols, BASE and DeClone, toward fast and deterministic clone detection for large anonymous RFID systems. BASE leverages the observation that clone tags make tag cardinality exceed ID cardinality. DeClone is built on a recent finding that clone tags cause collisions that are hardly reconciled through rearbitration. For DeClone to achieve detection certainty, we design breadth first tree traversal toward quickly verifying unreconciled collisions and hence the cloning attack. We validate their detection performance through analysis and simulation. The results show that BASE delivers faster detection for small systems while DeClone for large ones especially when clone ratio increases.

Junaid Akram,Zhendong Shi,Majid Mumtaz,Luo Ping

DOI: https://doi.org/10.1109/compsac.2018.00021

2018-01-01

Abstract:Android became more popular and widely used operating system. It has been noticed that the code clones in Android apps make it difficult to maintain the security flaws in source code. To avoid these problems, it is essential to find, identify, evaluate and recover those code clones as early as possible. In this paper, we propose and design DroidCC, a novel clone detection approach in Android applications, that helps to detect different types of clones from APK's source code. A prototype has been developed and implemented on the dataset of almost 30,000 top rated Android apps. DroidCC detects type-1, type-2 and type-3 clones in Android apps at the source code level. It also detects the similar code fragments, that were injected into many applications, which might be an indication of spreading malware. Meanwhile it can detect full and partial level similarity between applications. We evaluate DroidCC clone detection approach on real time data-set and count the Recall and Precision, which is quite significant. Furthermore, our results show that our approach is very efficient and effective in detecting different types of clones to check the similarity level in Android applications.

Kai Xing,Fang Liu,Xiuzhen Cheng,David H. C. Du

DOI: https://doi.org/10.1109/icdcs.2008.55

2008-01-01

Abstract:A central problem in sensor network security is that sensors are susceptible to physical capture attacks. Once a sensor is compromised, the adversary can easily launch clone attacks by replicating the compromised node, distributing the clones throughout the network, and starting a variety of insider attacks. Previous works against clone attacks suffer from either a high communication/storage overhead or a poor detection accuracy. In this paper, we propose a novel scheme for detecting clone attacks in sensor networks, which computes for each sensor a social fingerprint by extracting the neighborhood characteristics, and verifies the legitimacy of the originator for each message by checking the enclosed fingerprint. The fingerprint generation is based on the superimposed s-disjunct code, which incurs a very light communication and computation overhead. The fingerprint verification is conducted at both the base station and the neighboring sensors, which ensures a high detection probability. The security and performance analysis indicate that our algorithm can identify clone attacks with a high detection probability at the cost of a low computation/communication/storage overhead. To our best knowledge, our scheme is the first to provide realtime detection of clone attacks in an effective and efficient way.

Kai Bu,Xuan Liu,Jiaqing Luo,Bin Xiao,Guiyi Wei

DOI: https://doi.org/10.1109/TIFS.2012.2237395

IF: 7.231

2013-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Cloning attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing cloning attack detection methods are enslaved to the knowledge of tag identifiers (IDs). Tag IDs, however, should be protected to enable and secure privacy-sensitive applications in anonymous RFID systems. In a first step, this paper tackles cloning attack detection in anonymous RFID systems without requiring tag IDs as a priori. To this end, we leverage unreconciled collisions to uncover cloning attacks. An unreconciled collision is probably due to responses from multiple tags with the same ID, exactly the evidence of cloning attacks. This insight inspires GREAT, our pioneer protocol for cloning attack detection in anonymous RFID systems. We evaluate the performance of GREAT through theoretical analysis and extensive simulations. The results show that GREAT can detect cloning attacks in anonymous RFID systems fairly fast with required accuracy. For example, when only six out of 50,000 tags are cloned, GREAT can detect the cloning attack in 75.5 s with a probability of at least 0.99.

Johannes Obermaier,Marc Schink,Kosma Moczek

DOI: https://doi.org/10.48550/arXiv.2008.09710

2020-08-21

Cryptography and Security

Abstract:With the increasing complexity of embedded systems, the firmware has become a valuable asset. At the same time, pressure for cost reductions in hardware is imminent. These two aspects are united at the heart of the system, i.e., the microcontroller. It runs and protects its firmware, but simultaneously has to prevail against cheaper alternatives. For the very popular STM32F1 microcontroller series, this has caused the emergence of many competitors in the last few years who offer drop-in replacements or even sell counterfeit devices at a fraction of the original price. Thus, the question emerges whether the replacements are silicon-level clones and, if not, whether they provide better, equal, or less security. In this paper, we analyze a total of six devices by four manufacturers, including the original device, in depth. Via a low-level analysis, we identify all of them as being individually developed devices. We further put the focus on debug and hardware security, discovering several novel vulnerabilities in all devices, causing the exposure of the entire firmware. All of the presented vulnerabilities, including invasive ones, are on a Do it Yourself (DiY) level without the demand for a sophisticated lab -- thereby underlining the urgency for hardware fixes. To facilitate further research, reproduction, and testing of other devices, we provide a comprehensive description of all vulnerabilities in this paper and code for proofs-of-concepts online.

Jing Xu,Kai Xing,Chi Zhang,Shuo Zhang,Zhonghu Xu,Chunlin Zhong,Haojin Zhu,Zheng Yang,Yunhao Liu

DOI: https://doi.org/10.1109/jiot.2020.3032127

IF: 10.6

2021-04-01

IEEE Internet of Things Journal

Abstract:Clone attack is considered as a severely destructive threat in Internet of Things (IoT), because: 1) the attack may be easily launched due to the deficiency of hardware architecture and the limited resources against physical capture and compromise and 2) it may trigger a large variety of insider and outsider attacks. Different from traditional clone attack detection approaches that ground on a large amount of data traversing the network (e.g., locations and identities), this article tackles this problem by answering the following fundamental questions: do we really need so much raw information? whether there is an alternative for local event detection by a node far away from that event? when acquiring/tracing global knowledge of a system/network, do we really need a global collection effort? These questions are of much importance in a large variety of networks. Specifically, this article provides a collective memory design for global topology and identity tracing (GTI Tracing), via a localized computing paradigm within neighborhood. This localized paradigm computationally builds a connection of identity and topology from time and space domain to a new computation domain. Such a computation domain retains four properties: 1) transitivity; 2) global convergence; 3) determinacy; and 4) causality. With byte-size information at an arbitrary device, it can recover and keep tracing global topology and identity information, and thus providing deterministic detection of clones. Both theoretical analysis and experimental study have shown the advantages of the proposed design in both detection accuracy and privacy protection, at a cost of light communication, storage, and computation overhead at each device.

computer science, information systems,telecommunications,engineering, electrical & electronic

Vishalini R. Laguduva,Sheikh Ariful Islam,Sathyanarayanan Aakur,Srinivas Katkoori,Robert Karam

DOI: https://doi.org/10.48550/arXiv.1909.07891

2019-09-17

Abstract:Advances in technology have enabled tremendous progress in the development of a highly connected ecosystem of ubiquitous computing devices collectively called the Internet of Things (IoT). Ensuring the security of IoT devices is a high priority due to the sensitive nature of the collected data. Physically Unclonable Functions (PUFs) have emerged as critical hardware primitive for ensuring the security of IoT nodes. Malicious modeling of PUF architectures has proven to be difficult due to the inherently stochastic nature of PUF architectures. Extant approaches to malicious PUF modeling assume that a priori knowledge and physical access to the PUF architecture is available for malicious attack on the IoT node. However, many IoT networks make the underlying assumption that the PUF architecture is sufficiently tamper-proof, both physically and mathematically. In this work, we show that knowledge of the underlying PUF structure is not necessary to clone a PUF. We present a novel non-invasive, architecture independent, machine learning attack for strong PUF designs with a cloning accuracy of 93.5% and improvements of up to 48.31% over an alternative, two-stage brute force attack model. We also propose a machine-learning based countermeasure, discriminator, which can distinguish cloned PUF devices and authentic PUFs with an average accuracy of 96.01%. The proposed discriminator can be used for rapidly authenticating millions of IoT nodes remotely from the cloud server.

Cryptography and Security

Yisen Wang,Jianjing Shen,Jian Lin,Rui Lou

DOI: https://doi.org/10.1109/access.2019.2893733

IF: 3.9

2019-01-01

IEEE Access

Abstract:The security situation of the Internet of Things (IoT) is more serious than ever, and there is an urgent need to detect and patch device vulnerability rapidly. With the astronomical numbers of IoT devices, it is very difficult to execute regular security inspections. Existing vulnerability detection technology based on simple feature matching cannot reach high accuracy to detect firmware vulnerabilities while using a control flow graph matching directly has proven to be too expensive. To address the problem of accurate and efficient, we present a method of staged firmware vulnerability detection based on code similarity. The first stage, function embedding based on neural network is used to analyze the similarities among functions, and large-scale firmware security inspection can be achieved efficiently. The second stage, the similarity among function local call flow graphs is calculated for fine-grained firmware security analysis, and this stage can improve the accuracy of vulnerability detection. We compared our method with state-of-the-art approaches, and the experimental results demonstrate that our method is more accurate. The average retraining time of our method is 1 h, and the real-world firmware vulnerability detection experiment of our method demonstrates that the true positive rate of the top 30 is as high as 86%.

Lirong Fu,Shouling Ji,Kangjie Lu,Peiyu Liu,Xuhong Zhang,Yuxuan Duan,Zihui Zhang,Wenzhi Chen,Yanjun Wu

DOI: https://doi.org/10.1145/3460120.3484738

2021-01-01

Abstract:To reduce the development costs, IoT vendors tend to construct IoT kernels by customizing the Linux kernel. Code pruning is common in this customization process. However, due to the intrinsic complexity of the Linux kernel and the lack of long-term effective maintenance, IoT vendors may mistakenly delete necessary security operations in the pruning process, which leads to various bugs such as memory leakage and NULL pointer dereference. Yet detecting bugs caused by code pruning in IoT kernels is difficult. Specifically, (1) a significant structural change makes precisely locating the deleted security operations (DSO ) difficult, and (2) inferring the security impact of a DSO is not trivial since it requires complex semantic understanding, including the developing logic and the context of the corresponding IoT kernel. In this paper, we present CPscan, a system for automatically detecting bugs caused by code pruning in IoT kernels. First, using a new graph-based approach that iteratively conducts a structure-aware basic block matching, CPscan can precisely and efficiently identify theDSOs in IoT kernels. Then, CPscan infers the security impact of a DSO by comparing the bounded use chains (where and how a variable is used within potentially influenced code segments) of the security-critical variable associated with it. Specifically, CPscan reports the deletion of a security operation as vulnerable if the bounded use chain of the associated security-critical variable remains the same before and after the deletion. This is because the unchanged uses of a security-critical variable likely need the security operation, and removing it may have security impacts. The experimental results on 28 IoT kernels from 10 popular IoT vendors show that CPscan is able to identify 3,193DSO s and detect 114 new bugs with a reasonably low false-positive rate. Many such bugs tend to have a long latent period (up to 9 years and 5 months). We believe CPscan paves a way for eliminating the bugs introduced by code pruning in IoT kernels. We will open-source CPscan to facilitate further research.

Xingyu Chen,Jia Liu,Xia Wang,Xiaocong Zhang,Yanyan Wang,Lijun Chen

DOI: https://doi.org/10.1109/sahcn.2018.8397134

2018-01-01

Abstract:In RFID systems, a cloning attack is to fabricate one or more replicas of a genuine tag, so that these replicas behave exactly the same as the genuine tag and fool the reader for getting legal authorization, leading to potential financial loss or reputation damage for the corporations. These replicas are called clone tags. Although many advanced solutions have been proposed to combat cloning attack, they need to either modify the MAC- layer protocols or increase extra hardware resources, which cannot be deployed on commercial off-the-shelf (COTS) RFID devices for practical use. In this paper, we take a fresh attempt to counterattack tag cloning based on COTS RFID devices and the universal C1G2 standard, without any software redesign or hardware augment needed. The basic idea is to use the RF signal profile to characterize each tag. Since these physical-layer data are measured by the reader and susceptible to various environmental factors, they are hard to be estimated by the attackers; let alone be cloned. Even so, we assert that it is challenging to identify clone tags as the signal data from a genuine tag and its clones are all mixed together. Besides, the tag moving has a great impact on the measured RF signals. To overcome these challenges, we propose a clustering-based scheme that detects the cloning attack in the still scene and a chain- based scheme for clone detection in the dynamic scene, respectively. Extensive experiments on COTS RFID devices demonstrate that the detection accuracy of our approaches reaches 99.8% in a still case and 99.3% in a dynamic scene.

Shigang Liu,Mahdi Dibaei,Yonghang Tai,Chao Chen,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.1109/tii.2019.2942800

IF: 12.3

2020-01-01

IEEE Transactions on Industrial Informatics

Abstract:Internet of Things (IoT) integrates a variety of software (e.g., autonomous vehicles and military systems) in order to enable the advanced and intelligent services. These software increase the potential of cyber-attacks because an adversary can launch an attack using system vulnerabilities. Existing software vulnerability analysis methods used to be relying on human experts crafted features, which usually miss many vulnerabilities. It is important to develop an automatic vulnerability analysis system to improve the countermeasures. However, source code is not always available (e.g., most IoT related industry software are closed source). Therefore, vulnerability detection on binary code is a demanding task. This article addresses the automatic binary-level software vulnerability detection problem by proposing a deep learning-based approach. The proposed approach consists of two phases: binary function extraction, and model building. First, we extract binary functions from the cleaned binary instructions obtained by using IDA Pro. Then, we employ the attention mechanism on top of a bidirectional long short-term memory for building the predictive model. To show the effectiveness of the proposed approach, we have collected datasets from several different sources. We have compared our proposed approach with a series of baselines including source code-based techniques and binary code-based techniques. We have also applied the proposed approach to real-world IoT related software such as VLC media player and LibTIFF project that used on Autonomous Vehicles. Experimental results show that our proposed approach betters the baselines and is able to detect more vulnerabilities.

Dapeng Wang,Pei Li,Pengfei Hu,Kai Xing,Yang Wang,Liusheng Huang,Yanxia Rong

DOI: https://doi.org/10.1007/978-3-642-31869-6_46

2012-01-01

Abstract:Clone attack detection is envisioned as a promising problem in distributed networking environments, e. g., wireless sensor networks, mobile ad hoc networks [5,2,9,3,7,1,8,4]. In this paper, we analyze the performance of Time domain based detection (TDD) and Space domain based detection (SDD) [6] of clone attacks in mobile ad hoc networks in terms of detection ratio and time. The study shows that TDD and SDD utilizes network resource efficiently and achieves great scalability and robust detection performance compared with existing schemes. In particular, the storage overhead of sensors is independent of the network size, and is evenly distributed across the network. Moreover, it only takes limited communication overhead to verify the validity of any node. In addition to the analysis, we also propose simulation study for clone attack detection. According to our proved theorems, TDD and SDD enable users to detect clones in an efficient and effective manner in the network.

Xiancun Zhou,Yan Xiong,Mingxi Li

DOI: https://doi.org/10.4304/jnw.8.1.221-228

2013-01-01

Abstract:Most of the existing node clone attack detection methods in wireless sensor networks depend on the accurate position information and the synchronization clock information of the network node. However, it is often very difficult to guarantee real-time node location information and synchronization clock information in actual network. Therefore, those detection schemes are either difficult to achieve or is with high cost and low availability. A new detection method based on distance measurement is proposed for detecting node clone attacks in wireless sensor networks, in which three detection rules are defined. It has provided that the design and implementation of the detection system. The system has low requirements for the hardware configuration of the node and is easy to implement; it can make real-time detection of clone node for network security. The analysis and the experiment show the system is secure and reliable. © 2013 ACADEMY PUBLISHER.

Weihao Huang,Guozhu Meng,Chaoyang Lin,Qiucun Yan,Kai Chen,Zhuo Ma

DOI: https://doi.org/10.1186/s42400-023-00148-x

2023-07-03

Abstract:Clone detection has received much attention in many fields such as malicious code detection, vulnerability hunting, and code copyright infringement detection. However, cyber criminals may obfuscate code to impede violation detection. To date, few studies have investigated the robustness of clone detectors, especially in-fashion deep learning-based ones, against obfuscation. Meanwhile, most of these studies only measure the difference between one code snippet and its obfuscation version. However, in reality, the attackers may modify the original code before obfuscating it. Then what we should evaluate is the detection of obfuscated code from cloned code, not the original code. For this, we conduct a comprehensive study evaluating 3 popular deep-learning based clone detectors and 6 commonly used traditional ones. Regarding the data, we collect 6512 clone pairs of five types from the dataset BigCloneBench and obfuscate one program of each pair via 64 strategies of 6 state-of-art commercial obfuscators. We also collect 1424 non-clone pairs to evaluate the false positives. In sum, a benchmark of 524,148 code pairs (either clone or not) are generated, which are passed to clone detectors for evaluation. To automate the evaluation, we develop one uniform evaluation framework, integrating the clone detectors and obfuscators. The results bring us interesting findings on how obfuscation affects the performance of clone detection and what is the difference between traditional and deep learning-based clone detectors. In addition, we conduct manual code reviews to uncover the root cause of the phenomenon and give suggestions to users from different perspectives.