Adaptive Patch Management: Predicting Security Requirements in Evolving Software Environments
Keywords:
Adversarial robustness, Deep learning, Defect prediction, Explainable AI, Graph neural networks, Machine learning, Security requirements, Software maintenance, Vulnerability detectionAbstract
The integration of Machine Learning (ML) into software maintenance processes represents a paradigm shift in identifying, predicting, and remediating security vulnerabilities and defects within evolving codebases. This survey examines peer-reviewed literature published between 2020 and 2025, synthesizing empirical findings from fifteen major methodological approaches in ML-driven software maintenance. Our critical analysis encompasses deep learning architectures (CNNs, LSTMs, Transformers, and Graph Neural Networks) applied to vulnerability detection, defect prediction, security patch identification, and code clone detection. The survey reveals that contemporary approaches achieve accuracy rates spanning 79.6% to 95.1%, yet persistent challenges remain regarding model generalizability across projects, dataset imbalance, adversarial robustness, and interpretability of security-critical predictions. Notably, transformer-based models, coupled with Code Property Graphs (CPGs) and graph neural networks, demonstrate superior scalability and semantic preservation compared with recurrent approaches. This work identifies critical gaps between laboratory performance and real-world deployment scenarios, emphasizing the necessity for principled data collection methodologies, standardized evaluation protocols, and hybrid human-in-the-loop frameworks. Ethical and legal implications surrounding automated security decision-making and privacy-preserving model deployment are discussed. Concrete future research directions address cross-project transferability, explainable AI integration, and resilience against adversarial manipulation—all imperative for trustworthy, production-grade ML systems in security-critical software maintenance contexts.
References
M. M. Lehman and L. A. Belady, “Program Evolution Processes of Software Change,” Academic Press, 1985. Available: https://gwern.net/doc/cs/1985-lehman-programevolution.pdf
F. E. Usman-Hamza, A. O. Balogun, and H. Mamman, “Empirical Analysis of Data Sampling-Based Decision Forest Classifiers for Software Defect Prediction,” Software, vol. 4, no. 2, pp. 7–7, Mar. 2025, doi: https://doi.org/10.3390/software4020007
W. Cai, J. Chen, J. Yu, and L. Gao, “A software vulnerability detection method based on deep learning with complex network analysis and subgraph partition,” Information and Software Technology, vol. 164, pp. 107328–107328, Dec. 2023, doi: https://doi.org/10.1016/j.infsof.2023.107328
J. Meier and E. Rossi, “Transformer-Based Code Analysis for Automated Vulnerability Discovery,” International Journal of Engineering Technology Research & Management, vol. 10, 2025. Available: https://ijetrm.com/issues/files/Oct-2025-29-1761739489-OCT54.pdf
A. M. Alashjaee, “Deep learning for network security: an Attention-CNN-LSTM model for accurate intrusion detection,” Scientific Reports, vol. 15, no. 1, Jul. 2025, doi: https://doi.org/10.1038/s41598-025-07706-y
M. Ali, T. Mazhar, A. Al-Rasheed, and T. Shahzad, “Enhancing software defect prediction: a framework with improved feature selection and ensemble machine learning,” Peer Journal of Computer Science, vol. 10, pp. e1860 e1860, Feb. 2024, doi: https://doi.org/10.7717/peerj-cs.1860
X. Du, Z. Zhou, B. Yin, and G. Xiao, “Cross-project bug type prediction based on transfer learning,” Software Quality Journal, vol. 28, no. 1, pp. 39–57, Sep. 2019, doi: https://doi.org/10.1007/s11219-019-09467-0
S. Kiran and I. Emre, “Prioritization of Regression Test Cases Based on Machine Learning Methods,” Journal of Science, vol. 38, no. 1, 2023. https://dergipark.org.tr/en/download/article-file/3769500
S. Wang, X. Wang, K. Sun, S. Jajodia, H. Wang, and Q. Li, “GraphSPD: Graph-Based Security Patch Detection with Enriched Code Semantics,” 2022 IEEE Symposium on Security and Privacy (SP), pp. 2409–2426, May 2023, doi: https://doi.org/10.1109/sp46215.2023.10179479
F. Burock, W. Amme, T. Heinze, and E. Ostryanin, “CloReCo: Benchmarking Platform for Code Clone Detection,” Proceedings of the 20th International Conference on Software Technologies, pp. 394–399, 2025, doi: https://doi.org/10.5220/0013644900003964
M. Wei, N. S. Harzevili, Y. Huang, J. Yang, J. Wang, and S. Wang, “Demystifying and Detecting Misuses of Deep Learning APIs,” In Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Apr. 2024, doi: https://doi.org/10.1145/3597503.3639177
S. Hashtroudi and J. Shin, “Automated Test Case Generation Using Code Models and Domain Adaptation,” Openreview.net, 2023. https://openreview.net/forum?id=MQiYUcJ3YW
P. Sinha, D. Sahu, S. Prakash, T. Yang, R. S. Rathore, and V. K. Pandey, “A high performance hybrid LSTM CNN secure architecture for IoT environments using deep learning,” Scientific Reports, vol. 15, no. 1, Mar. 2025, doi: https://doi.org/10.1038/s41598-025-94500-5
N. Christou and D. Jin, Automated vulnerability discovery in deep learning frameworks. Berkeley, Ca: Usenix Association, 2003. Available: https://www.usenix.org/node/186174
B. Sotto-Mayor and M. Kalech, “A Survey on Transfer Learning for Cross-Project Defect Prediction,” IEEE Access, vol. 12, pp. 93398–93425, 2024, doi: https://doi.org/10.1109/access.2024.3424311
