Visible to the public Biblio

Filters: Keyword is vulnerability detection  [Clear All Filters]
2015-05-05
Gupta, M.K., Govil, M.C., Singh, G..  2014.  Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey. Recent Advances and Innovations in Engineering (ICRAIE), 2014. :1-5.

Dependence on web applications is increasing very rapidly in recent time for social communications, health problem, financial transaction and many other purposes. Unfortunately, presence of security weaknesses in web applications allows malicious user's to exploit various security vulnerabilities and become the reason of their failure. Currently, SQL Injection (SQLI) and Cross-Site Scripting (XSS) vulnerabilities are most dangerous security vulnerabilities exploited in various popular web applications i.e. eBay, Google, Facebook, Twitter etc. Research on defensive programming, vulnerability detection and attack prevention techniques has been quite intensive in the past decade. Defensive programming is a set of coding guidelines to develop secure applications. But, mostly developers do not follow security guidelines and repeat same type of programming mistakes in their code. Attack prevention techniques protect the applications from attack during their execution in actual environment. The difficulties associated with accurate detection of SQLI and XSS vulnerabilities in coding phase of software development life cycle. This paper proposes a classification of software security approaches used to develop secure software in various phase of software development life cycle. It also presents a survey of static analysis based approaches to detect SQL Injection and cross-site scripting vulnerabilities in source code of web applications. The aim of these approaches is to identify the weaknesses in source code before their exploitation in actual environment. This paper would help researchers to note down future direction for securing legacy web applications in early phases of software development life cycle.

Gupta, M.K., Govil, M.C., Singh, G..  2014.  A context-sensitive approach for precise detection of cross-site scripting vulnerabilities. Innovations in Information Technology (INNOVATIONS), 2014 10th International Conference on. :7-12.

Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML context-sensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones.

Guowei Dong, Yan Zhang, Xin Wang, Peng Wang, Liangkun Liu.  2014.  Detecting cross site scripting vulnerabilities introduced by HTML5. Computer Science and Software Engineering (JCSSE), 2014 11th International Joint Conference on. :319-323.

Recent years, HTML5 is widely adopted in popular browsers. Unfortunately, as a new Web standard, HTML5 may expand the Cross Site Scripting (XSS) attack surface as well as improve the interactivity of the page. In this paper, we identified 14 XSS attack vectors related to HTML5 by a systematic analysis about new tags and attributes. Based on these vectors, a XSS test vector repository is constructed and a dynamic XSS vulnerability detection tool focusing on Webmail systems is implemented. By applying the tool to some popular Webmail systems, seven exploitable XSS vulnerabilities are found. The evaluation result shows that our tool can efficiently detect XSS vulnerabilities introduced by HTML5.

Buja, G., Bin Abd Jalil, K., Bt Hj Mohd Ali, F., Rahman, T.F.A..  2014.  Detection model for SQL injection attack: An approach for preventing a web application from the SQL injection attack. Computer Applications and Industrial Electronics (ISCAIE), 2014 IEEE Symposium on. :60-64.

Since the past 20 years the uses of web in daily life is increasing and becoming trend now. As the use of the web is increasing, the use of web application is also increasing. Apparently most of the web application exists up to today have some vulnerability that could be exploited by unauthorized person. Some of well-known web application vulnerabilities are Structured Query Language (SQL) Injection, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). By compromising with these web application vulnerabilities, the system cracker can gain information about the user and lead to the reputation of the respective organization. Usually the developers of web applications did not realize that their web applications have vulnerabilities. They only realize them when there is an attack or manipulation of their code by someone. This is normal as in a web application, there are thousands of lines of code, therefore it is not easy to detect if there are some loopholes. Nowadays as the hacking tools and hacking tutorials are easier to get, lots of new hackers are born. Even though SQL injection is very easy to protect against, there are still large numbers of the system on the internet are vulnerable to this type of attack because there will be a few subtle condition that can go undetected. Therefore, in this paper we propose a detection model for detecting and recognizing the web vulnerability which is; SQL Injection based on the defined and identified criteria. In addition, the proposed detection model will be able to generate a report regarding the vulnerability level of the web application. As the consequence, the proposed detection model should be able to decrease the possibility of the SQL Injection attack that can be launch onto the web application.

2017-02-14
D. Kergl.  2015.  "Enhancing Network Security by Software Vulnerability Detection Using Social Media Analysis Extended Abstract". 2015 IEEE International Conference on Data Mining Workshop (ICDMW). :1532-1533.

Detecting attacks that are based on unknown security vulnerabilities is a challenging problem. The timely detection of attacks based on hitherto unknown vulnerabilities is crucial for protecting other users and systems from being affected as well. To know the attributes of a novel attack's target system can support automated reconfiguration of firewalls and sending alerts to administrators of other vulnerable targets. We suggest a novel approach of post-incident intrusion detection by utilizing information gathered from real-time social media streams. To accomplish this we take advantage of social media users posting about incidents that affect their user accounts of attacked target systems or their observations about misbehaving online services. Combining knowledge of the attacked systems and reported incidents, we should be able to recognize patterns that define the attributes of vulnerable systems. By matching detected attribute sets with those attributes of well-known attacks, we furthermore should be able to link attacks to already existing entries in the Common Vulnerabilities and Exposures database. If a link to an existing entry is not found, we can assume to have detected an exploitation of an unknown vulnerability, i.e., a zero day exploit or the result of an advanced persistent threat. This finding could also be used to direct efforts of examining vulnerabilities of attacked systems and therefore lead to faster patch deployment.

2017-03-07
Gupta, M. K., Govil, M. C., Singh, G., Sharma, P..  2015.  XSSDM: Towards detection and mitigation of cross-site scripting vulnerabilities in web applications. 2015 International Conference on Advances in Computing, Communications and Informatics (ICACCI). :2010–2015.

With the growth of the Internet, web applications are becoming very popular in the user communities. However, the presence of security vulnerabilities in the source code of these applications is raising cyber crime rate rapidly. It is required to detect and mitigate these vulnerabilities before their exploitation in the execution environment. Recently, Open Web Application Security Project (OWASP) and Common Vulnerabilities and Exposures (CWE) reported Cross-Site Scripting (XSS) as one of the most serious vulnerabilities in the web applications. Though many vulnerability detection approaches have been proposed in the past, existing detection approaches have the limitations in terms of false positive and false negative results. This paper proposes a context-sensitive approach based on static taint analysis and pattern matching techniques to detect and mitigate the XSS vulnerabilities in the source code of web applications. The proposed approach has been implemented in a prototype tool and evaluated on a public data set of 9408 samples. Experimental results show that proposed approach based tool outperforms over existing popular open source tools in the detection of XSS vulnerabilities.

2017-05-30
Wang, Kai, Zhang, Yuqing, Liu, Peng.  2016.  Call Me Back!: Attacks on System Server and System Apps in Android Through Synchronous Callback. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :92–103.

Android is the most commonly used mobile device operation system. The core of Android, the System Server (SS), is a multi-threaded process that provides most of the system services. Based on a new understanding of the security risks introduced by the callback mechanism in system services, we have discovered a general type of design flaw. A vulnerability detection tool has been designed and implemented based on static taint analysis. We applied the tool on all the 80 system services in the SS of Android 5.1.0. With its help, we have discovered six previously unknown vulnerabilities, which are further confirmed on Android 2.3.7-6.0.1. According to our analysis, about 97.3% of the entire 1.4 billion real-world Android devices are vulnerable. Our proof-of-concept attack proves that the vulnerabilities can enable a malicious app to freeze critical system functionalities or soft-reboot the system immediately. It is a neat type of denial-of-service at-tack. We also proved that the attacks can be conducted at mission critical moments to achieve meaningful goals, such as anti anti-virus, anti process-killer, hindering app updates or system patching. After being informed, Google confirmed our findings promptly. Several suggestions on how to use callbacks safely are also proposed to Google.

2017-11-13
Böhme, Marcel, Pham, Van-Thuan, Roychoudhury, Abhik.  2016.  Coverage-based Greybox Fuzzing As Markov Chain. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :1032–1043.

Coverage-based Greybox Fuzzing (CGF) is a random testing approach that requires no program analysis. A new test is generated by slightly mutating a seed input. If the test exercises a new and interesting path, it is added to the set of seeds; otherwise, it is discarded. We observe that most tests exercise the same few "high-frequency" paths and develop strategies to explore significantly more paths with the same number of tests by gravitating towards low-frequency paths. We explain the challenges and opportunities of CGF using a Markov chain model which specifies the probability that fuzzing the seed that exercises path i generates an input that exercises path j. Each state (i.e., seed) has an energy that specifies the number of inputs to be generated from that seed. We show that CGF is considerably more efficient if energy is inversely proportional to the density of the stationary distribution and increases monotonically every time that seed is chosen. Energy is controlled with a power schedule. We implemented the exponential schedule by extending AFL. In 24 hours, AFLFAST exposes 3 previously unreported CVEs that are not exposed by AFL and exposes 6 previously unreported CVEs 7x faster than AFL. AFLFAST produces at least an order of magnitude more unique crashes than AFL.

2017-11-27
Weerathunga, P. E., Cioraca, A..  2016.  The importance of testing Smart Grid IEDs against security vulnerabilities. 2016 69th Annual Conference for Protective Relay Engineers (CPRE). :1–21.

As the Smart Grid becomes highly interconnected, the power protection, control, and monitoring functions of the grid are increasingly relying on the communications infrastructure, which has seen rapid growth. At the same time concerns regarding cyber threats have attracted significant attention towards the security of power systems. A properly designed security attack against the power grid can cause catastrophic damages to equipment and create large scale power outages. The smart grid consists of critical IEDs, which are considered high priority targets for malicious security attacks. For this reason it is very important to design the IEDs from the beginning with cyber security in mind, starting with the selection of hardware and operating systems, so that all facets of security are addressed and the product is robust and can stand attacks. Fact is that the subject of cyber security is vast and it covers many aspects. This paper focuses mainly on one of these aspects, namely the aspect of IED firmware system testing from the security point of view. The paper discusses practical aspects of IED security testing, and introduces the reader to types of vulnerability exploitations on the IED communication stack and SCADA applications, practical aspects of security testing, the importance of early vulnerability detection and ways in which the security testing helps towards regulatory standards compliance, such as NERC-CIP. Finally, based on the results from the simulated attacks, the paper discusses the importance of good security practices in design and coding, so that the potential to introduce vulnerabilities is kept to a minimum. Designing with security in mind also includes good security practices, both in design and coding, and adequate policies for the software development process. Critical software development milestones must be established, such as design and test documentation review, code review, unit, integration and system testing.

Mohammadi, M., Chu, B., Lipford, H. R., Murphy-Hill, E..  2016.  Automatic Web Security Unit Testing: XSS Vulnerability Detection. 2016 IEEE/ACM 11th International Workshop in Automation of Software Test (AST). :78–84.

Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show that this technique can detect 0-day XSS vulnerabilities that cannot be found by static analysis tools. We will also show that our approach can efficiently cover a common type of XSS vulnerability. This approach can be generalized to test for input validation against other types injections such as command line injection.

Kim, S. S., Lee, D. E., Hong, C. S..  2016.  Vulnerability detection mechanism based on open API for multi-user's convenience. 2016 International Conference on Information Networking (ICOIN). :458–462.

Vulnerability Detection Tools (VDTs) have been researched and developed to prevent problems with respect to security. Such tools identify vulnerabilities that exist on the server in advance. By using these tools, administrators must protect their servers from attacks. They have, however, different results since methods for detection of different tools are not the same. For this reason, it is recommended that results are gathered from many tools rather than from a single tool but the installation which all of the tools have requires a great overhead. In this paper, we propose a novel vulnerability detection mechanism using Open API and use OpenVAS for actual testing.

Holm, H., Sommestad, T..  2016.  SVED: Scanning, Vulnerabilities, Exploits and Detection. MILCOM 2016 - 2016 IEEE Military Communications Conference. :976–981.

This paper presents the Scanning, Vulnerabilities, Exploits and Detection tool (SVED). SVED facilitates reliable and repeatable cyber security experiments by providing a means to design, execute and log malicious actions, such as software exploits, as well the alerts provided by intrusion detection systems. Due to its distributed architecture, it is able to support large experiments with thousands of attackers, sensors and targets. SVED is automatically updated with threat intelligence information from various services.

Chopade, P., Zhan, J., Bikdash, M..  2016.  Micro-Community detection and vulnerability identification for large critical networks. 2016 IEEE Symposium on Technologies for Homeland Security (HST). :1–7.

In this work we put forward our novel approach using graph partitioning and Micro-Community detection techniques. We firstly use algebraic connectivity or Fiedler Eigenvector and spectral partitioning for community detection. We then used modularity maximization and micro level clustering for detecting micro-communities with concept of community energy. We run micro-community clustering algorithm recursively with modularity maximization which helps us identify dense, deeper and hidden community structures. We experimented our MicroCommunity Clustering (MCC) algorithm for various types of complex technological and social community networks such as directed weighted, directed unweighted, undirected weighted, undirected unweighted. A novel fact about this algorithm is that it is scalable in nature.

Kuze, N., Ishikura, S., Yagi, T., Chiba, D., Murata, M..  2016.  Detection of vulnerability scanning using features of collective accesses based on information collected from multiple honeypots. NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium. :1067–1072.

Attacks against websites are increasing rapidly with the expansion of web services. An increasing number of diversified web services make it difficult to prevent such attacks due to many known vulnerabilities in websites. To overcome this problem, it is necessary to collect the most recent attacks using decoy web honeypots and to implement countermeasures against malicious threats. Web honeypots collect not only malicious accesses by attackers but also benign accesses such as those by web search crawlers. Thus, it is essential to develop a means of automatically identifying malicious accesses from mixed collected data including both malicious and benign accesses. Specifically, detecting vulnerability scanning, which is a preliminary process, is important for preventing attacks. In this study, we focused on classification of accesses for web crawling and vulnerability scanning since these accesses are too similar to be identified. We propose a feature vector including features of collective accesses, e.g., intervals of request arrivals and the dispersion of source port numbers, obtained with multiple honeypots deployed in different networks for classification. Through evaluation using data collected from 37 honeypots in a real network, we show that features of collective accesses are advantageous for vulnerability scanning and crawler classification.

Meng, Q., Shameng, Wen, Chao, Feng, Chaojing, Tang.  2016.  Predicting buffer overflow using semi-supervised learning. 2016 9th International Congress on Image and Signal Processing, BioMedical Engineering and Informatics (CISP-BMEI). :1959–1963.

As everyone knows vulnerability detection is a very difficult and time consuming work, so taking advantage of the unlabeled data sufficiently is needed and helpful. According the above reality, in this paper a method is proposed to predict buffer overflow based on semi-supervised learning. We first employ Antlr to extract AST from C/C++ source files, then according to the 22 buffer overflow attributes taxonomies, a 22-dimension vector is extracted from every function in AST, at last, the vector is leveraged to train a classifier to predict buffer overflow vulnerabilities. The experiment and evaluation indicate our method is correct and efficient.

Pang, Y., Xue, X., Namin, A. S..  2016.  Early Identification of Vulnerable Software Components via Ensemble Learning. 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA). :476–481.

Software components, which are vulnerable to being exploited, need to be identified and patched. Employing any prevention techniques designed for the purpose of detecting vulnerable software components in early stages can reduce the expenses associated with the software testing process significantly and thus help building a more reliable and robust software system. Although previous studies have demonstrated the effectiveness of adapting prediction techniques in vulnerability detection, the feasibility of those techniques is limited mainly because of insufficient training data sets. This paper proposes a prediction technique targeting at early identification of potentially vulnerable software components. In the proposed scheme, the potentially vulnerable components are viewed as mislabeled data that may contain true but not yet observed vulnerabilities. The proposed hybrid technique combines the supports vector machine algorithm and ensemble learning strategy to better identify potential vulnerable components. The proposed vulnerability detection scheme is evaluated using some Java Android applications. The results demonstrated that the proposed hybrid technique could identify potentially vulnerable classes with high precision and relatively acceptable accuracy and recall.

Settanni, G., Shovgenya, Y., Skopik, F., Graf, R., Wurzenberger, M., Fiedler, R..  2016.  Correlating cyber incident information to establish situational awareness in Critical Infrastructures. 2016 14th Annual Conference on Privacy, Security and Trust (PST). :78–81.

Protecting Critical Infrastructures (CIs) against contemporary cyber attacks has become a crucial as well as complex task. Modern attack campaigns, such as Advanced Persistent Threats (APTs), leverage weaknesses in the organization's business processes and exploit vulnerabilities of several systems to hit their target. Although their life-cycle can last for months, these campaigns typically go undetected until they achieve their goal. They usually aim at performing data exfiltration, cause service disruptions and can also undermine the safety of humans. Novel detection techniques and incident handling approaches are therefore required, to effectively protect CI's networks and timely react to this type of threats. Correlating large amounts of data, collected from a multitude of relevant sources, is necessary and sometimes required by national authorities to establish cyber situational awareness, and allow to promptly adopt suitable countermeasures in case of an attack. In this paper we propose three novel methods for security information correlation designed to discover relevant insights and support the establishment of cyber situational awareness.

Bruillard, P., Nowak, K., Purvine, E..  2016.  Anomaly Detection Using Persistent Homology. 2016 Cybersecurity Symposium (CYBERSEC). :7–12.

Many aspects of our daily lives now rely on computers, including communications, transportation, government, finance, medicine, and education. However, with increased dependence comes increased vulnerability. Therefore recognizing attacks quickly is critical. In this paper, we introduce a new anomaly detection algorithm based on persistent homology, a tool which computes summary statistics of a manifold. The idea is to represent a cyber network with a dynamic point cloud and compare the statistics over time. The robustness of persistent homology makes for a very strong comparison invariant.

2018-04-04
Wu, F., Wang, J., Liu, J., Wang, W..  2017.  Vulnerability detection with deep learning. 2017 3rd IEEE International Conference on Computer and Communications (ICCC). :1298–1302.
Vulnerability detection is an import issue in information system security. In this work, we propose the deep learning method for vulnerability detection. We present three deep learning models, namely, convolution neural network (CNN), long short term memory (LSTM) and convolution neural network — long short term memory (CNN-LSTM). In order to test the performance of our approach, we collected 9872 sequences of function calls as features to represent the patterns of binary programs during their execution. We apply our deep learning models to predict the vulnerabilities of these binary programs based on the collected data. The experimental results show that the prediction accuracy of our proposed method reaches 83.6%, which is superior to that of traditional method like multi-layer perceptron (MLP).
Zhang, B., Ye, J., Feng, C., Tang, C..  2017.  S2F: Discover Hard-to-Reach Vulnerabilities by Semi-Symbolic Fuzz Testing. 2017 13th International Conference on Computational Intelligence and Security (CIS). :548–552.
Fuzz testing is a popular program testing technique. However, it is difficult to find hard-to-reach vulnerabilities that are nested with complex branches. In this paper, we propose semi-symbolic fuzz testing to discover hard-to-reach vulnerabilities. Our method groups inputs into high frequency and low frequency ones. Then symbolic execution is utilized to solve only uncovered branches to mitigate the path explosion problem. Especially, in order to play the advantages of fuzz testing, our method locates critical branch for each low frequency input and corrects the generated test cases to comfort the branch condition. We also implemented a prototype\textbackslashtextbarS2F, and the experimental results show that S2F can gain 17.70% coverage performance and discover more hard-to-reach vulnerabilities than other vulnerability detection tools for our benchmark.
Majumder, R., Som, S., Gupta, R..  2017.  Vulnerability prediction through self-learning model. 2017 International Conference on Infocom Technologies and Unmanned Systems (Trends and Future Directions) (ICTUS). :400–402.

Vulnerability being the buzz word in the modern time is the most important jargon related to software and operating system. Since every now and then, software is developed some loopholes and incompleteness lie in the development phase, so there always remains a vulnerability of abruptness in it which can come into picture anytime. Detecting vulnerability is one thing and predicting its occurrence in the due course of time is another thing. If we get to know the vulnerability of any software in the due course of time then it acts as an active alarm for the developers to again develop sound and improvised software the second time. The proposal talks about the implementation of the idea using the artificial neural network, where different data sets are being given as input for being used for further analysis for successful results. As of now, there are models for studying the vulnerabilities in the software and networks, this paper proposal in addition to the current work, will throw light on the predictability of vulnerabilities over the due course of time.

Lan, T., Wang, W., Huang, G. M..  2017.  False data injection attack in smart grid topology control: Vulnerability and countermeasure. 2017 IEEE Power Energy Society General Meeting. :1–5.
Cyber security is a crucial factor for modern power system as many applications are heavily relied on the result of state estimation. Therefore, it is necessary to assess and enhance cyber security for new applications in power system. As an emerging technology, smart grid topology control has been investigated in stability and reliability perspectives while the associated cyber security issue is not studied before. In successful false data injection attack (FDIA) against AC state estimation, attacker could alter online stability check result by decreasing real power flow measurement on the switching target line to undermine physical system stability in topology control. The physical impact of FDIA on system control operation and stability are illustrated. The vulnerability is discussed on perfect FDIA and imperfect FDIA against residue based bad data detection and corresponding countermeasure is proposed to secure critical substations in the system. The vulnerability and countermeasure are demonstrated on IEEE 24 bus reliability test system (RTS).
Liang, J., Sankar, L., Kosut, O..  2017.  Vulnerability analysis and consequences of false data injection attack on power system state estimation. 2017 IEEE Power Energy Society General Meeting. :1–1.
An unobservable false data injection (FDI) attack on AC state estimation (SE) is introduced and its consequences on the physical system are studied. With a focus on understanding the physical consequences of FDI attacks, a bi-level optimization problem is introduced whose objective is to maximize the physical line flows subsequent to an FDI attack on DC SE. The maximization is subject to constraints on both attacker resources (size of attack) and attack detection (limiting load shifts) as well as those required by DC optimal power flow (OPF) following SE. The resulting attacks are tested on a more realistic non-linear system model using AC state estimation and ACOPF, and it is shown that, with an appropriately chosen sub-network, the attacker can overload transmission lines with moderate shifts of load.
Lin, Y., Abur, A..  2017.  Identifying security vulnerabilities of weakly detectable network parameter errors. 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton). :295–301.
This paper is concerned about the security vulnerabilities in the implementation of the Congestion Revenue Rights (CRR) markets. Such problems may be due to the weakly detectable network model parameter errors which are commonly found in power systems. CRRs are financial tools for hedging the risk of congestion charges in power markets. The reimbursements received by CRR holders are determined by the congestion patterns and Locational Marginal Prices (LMPs) in the day-ahead markets, which heavily rely on the parameters in the network model. It is recently shown that detection of errors in certain network model parameters may be very difficult. This paper's primary goal is to illustrate the lack of market security due to such vulnerabilities, i.e. CRR market calculations can be manipulated by injecting parameter errors which are not likely to be detected. A case study using the IEEE 14-bus system will illustrate the feasibility of such undetectable manipulations. Several suggestions for preventing such cyber security issues are provided at the end of the paper.
Ran, L., Lu, L., Lin, H., Han, M., Zhao, D., Xiang, J., Yu, H., Ma, X..  2017.  An Experimental Study of Four Methods for Homology Analysis of Firmware Vulnerability. 2017 International Conference on Dependable Systems and Their Applications (DSA). :42–50.

In the production process of embedded device, due to the frequent reuse of third-party libraries or development kits, there are large number of same vulnerabilities that appear in more than one firmware. Homology analysis is often used in detecting this kind of vulnerabilities caused by code reuse or third-party reuse and in the homology analysis, the widely used methods are mainly Binary difference analysis, Normalized compression distance, String feature matching and Fuzz hash. But when we use these methods for homology analysis, we found that the detection result is not ideal and there is a high false positive rate. Focusing on this problem, we analyzed the application scenarios of these four methods and their limitations by combining different methods and different types of files and the experiments show that the combination of methods and files have a better performance in homology analysis.