IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v17y2025i1p33-d1566725.html
   My bibliography  Save this article

Question–Answer Methodology for Vulnerable Source Code Review via Prototype-Based Model-Agnostic Meta-Learning

Author

Listed:
  • Pablo Corona-Fraga

    (Centro de Investigación e Innovación en Tecnologías de la Información y Comunicación, Avenida San Fernando No. 37, Colonia Toriello Guerra, Delegación Tlalpan, Mexico City 14050, Mexico)

  • Aldo Hernandez-Suarez

    (Instituto Politecnico Nacional, ESIME Culhuacan, Mexico City 04440, Mexico)

  • Gabriel Sanchez-Perez

    (Instituto Politecnico Nacional, ESIME Culhuacan, Mexico City 04440, Mexico)

  • Linda Karina Toscano-Medina

    (Instituto Politecnico Nacional, ESIME Culhuacan, Mexico City 04440, Mexico)

  • Hector Perez-Meana

    (Instituto Politecnico Nacional, ESIME Culhuacan, Mexico City 04440, Mexico)

  • Jose Portillo-Portillo

    (Instituto Politecnico Nacional, ESIME Culhuacan, Mexico City 04440, Mexico)

  • Jesus Olivares-Mercado

    (Instituto Politecnico Nacional, ESIME Culhuacan, Mexico City 04440, Mexico)

  • Luis Javier García Villalba

    (Group of Analysis, Security and Systems (GASS), Department of Software Engineering and Artificial Intelligence (DISIA), Faculty of Computer Science and Engineering, Office 431, Universidad Complutense de Madrid (UCM), Calle Profesor José García Santesmases, 9, Ciudad Universitaria, 28040 Madrid, Spain)

Abstract

In cybersecurity, identifying and addressing vulnerabilities in source code is essential for maintaining secure IT environments. Traditional static and dynamic analysis techniques, although widely used, often exhibit high false-positive rates, elevated costs, and limited interpretability. Machine Learning (ML)-based approaches aim to overcome these limitations but encounter challenges related to scalability and adaptability due to their reliance on large labeled datasets and their limited alignment with the requirements of secure development teams. These factors hinder their ability to adapt to rapidly evolving software environments. This study proposes an approach that integrates Prototype-Based Model-Agnostic Meta-Learning(Proto-MAML) with a Question-Answer (QA) framework that leverages the Bidirectional Encoder Representations from Transformers (BERT) model. By employing Few-Shot Learning (FSL), Proto-MAML identifies and mitigates vulnerabilities with minimal data requirements, aligning with the principles of the Secure Development Lifecycle (SDLC) and Development, Security, and Operations (DevSecOps). The QA framework allows developers to query vulnerabilities and receive precise, actionable insights, enhancing its applicability in dynamic environments that require frequent updates and real-time analysis. The model outputs are interpretable, promoting greater transparency in code review processes and enabling efficient resolution of emerging vulnerabilities. Proto-MAML demonstrates strong performance across multiple programming languages, achieving an average precision of 98.49 % , recall of 98.54 % , F1-score of 98.78 % , and exact match rate of 98.78 % in PHP, Java, C, and C++.

Suggested Citation

  • Pablo Corona-Fraga & Aldo Hernandez-Suarez & Gabriel Sanchez-Perez & Linda Karina Toscano-Medina & Hector Perez-Meana & Jose Portillo-Portillo & Jesus Olivares-Mercado & Luis Javier García Villalba, 2025. "Question–Answer Methodology for Vulnerable Source Code Review via Prototype-Based Model-Agnostic Meta-Learning," Future Internet, MDPI, vol. 17(1), pages 1-39, January.
    • Handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:33-:d:1566725
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/17/1/33/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/17/1/33/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. J. van Doorn & A. Ly & M. Marsman & E.-J. Wagenmakers, 2020. "Bayesian rank-based hypothesis testing for the rank sum test, the signed rank test, and Spearman's ρ," Journal of Applied Statistics, Taylor & Francis Journals, vol. 47(16), pages 2984-3006, December.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kelter, Riko, 2022. "Power analysis and type I and type II error rates of Bayesian nonparametric two-sample tests for location-shifts based on the Bayes factor under Cauchy priors," Computational Statistics & Data Analysis, Elsevier, vol. 165(C).
    2. Riko Kelter, 2021. "Analysis of type I and II error rates of Bayesian and frequentist parametric and nonparametric two-sample hypothesis tests under preliminary assessment of normality," Computational Statistics, Springer, vol. 36(2), pages 1263-1288, June.
    3. Suzanne Hoogeveen & Julia M. Haaf & Joseph A. Bulbulia & Robert M. Ross & Ryan McKay & Sacha Altay & Theiss Bendixen & Renatas Berniūnas & Arik Cheshin & Claudio Gentili & Raluca Georgescu & Will M. G, 2022. "The Einstein effect provides global evidence for scientific source credibility effects and the influence of religiosity," Nature Human Behaviour, Nature, vol. 6(4), pages 523-535, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:17:y:2025:i:1:p:33-:d:1566725. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.