Next Article in Journal
State Feedback Control Based Seamless Switch Control for Microgrid Inverter
Previous Article in Journal
Expansion of the Laser Beam Wavefront in Terms of Zernike Polynomials in the Problem of Turbulence Testing
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 11
Issue 24
10.3390/app112412113
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Hybrid Online Classifier System for Internet Traffic Based on Statistical Machine Learning Approach and Flow Port Number

Appl. Sci. 2021, 11(24), 12113; https://doi.org/10.3390/app112412113
by Hamza Awad Hamza Ibrahim *, Omer Radhi A. L. Zuobi, Awad M. Abaker and Musab B. Alzghoul
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Appl. Sci. 2021, 11(24), 12113; https://doi.org/10.3390/app112412113
Submission received: 18 November 2021 / Revised: 9 December 2021 / Accepted: 14 December 2021 / Published: 20 December 2021
(This article belongs to the Topic Machine and Deep Learning)

Round 1

Reviewer 1 Report

1 Figure 4 The algorithm picture is not clear;
2 The article enumerates the shortcomings of many methods, but does not elaborate on the shortcomings of the algorithm proposed in the article;
3 The article only introduces the important role of statistical algorithms in the system, and does not introduce how to use statistical algorithms in classification;
4 The author introduces the advantages of the algorithm in this article and the current mainstream algorithm. More data sets should be added and proved by experiments at the same time;
5 It is recommended to increase the scheme to reduce the complexity of the algorithm;
6 The content of the chart is too simple and does not reflect professionalism;
7 Insufficient research on relevant literature;
8 Check whether the sentence has spelling errors and grammatical problems;

Author Response

A great thank for your valuable comments which comes from one of expert of our research area. We try to do our best to achieve your instructions and we make some changes in our article based on reviewer comments. 
Note: the article with track change was attached 

Response to Reviewer 1 Comments

Comment 1:  Figure 4 The algorithm picture is not clear.. 


Response 1: You totally correct .  The figure was updated.

 

Comment 2: The article enumerates the shortcomings of many methods, but does not elaborate on the shortcomings of the algorithm proposed in the article.

Response 2: One  paragraph which includes the limitation of our work was added to the conclusion

 

Comment 3: The article only introduces the important role of statistical algorithms in the system, and does not introduce how to use statistical algorithms in classification.

Response 3: Section  3.3 (ML Partial Classifier) discussed ML statistical algorithms and its role in HOC system. In addition, section 3.4 highlight how HOC statistical algorithms take his classification decision   

 

Comment 4: The author introduces the advantages of the algorithm in this article and the current mainstream algorithm. More data sets should be added and proved by experiments at the same time;.

Response 4: The limitation of our work, was added to the conclusion

 

Comment 5: It is recommended to increase the scheme to reduce the complexity of the algorithm;

Response 5: The  article try to use real network environment by collect internet traffic from one of campus router.  We look in our next study to increase the scheme to cover big part of our campus network

 

Comment 6: The content of the chart is too simple and does not reflect professionalism;

Response 6: The  article try to use real network environment by collect internet traffic from one of campus router.  We look in our next study to increase the scheme to cover big part of our campus network

Comment 7: Insufficient research on relevant literature;

Response 7:  about 7 new studies was added and its references was cited  

 

Comment 8: Check whether the sentence has spelling errors and grammatical problems;

Response 8:  Some expert of native English checks the spelling and grammar and make some language changes

Author Response File: Author Response.docx

Reviewer 2 Report

The author presents a hybrid machine learning classifier that uses online-port-based alongside statistical feature classification. They suggest the online approach because of speed. The idea is very new and exciting, but the lack of online port rules learned are not discussed as I would compare with a decision tree classifier. I think this approach of lack of details can be overcome by using standard datasets known in cybersecurity. The authors mention WhatsApp is encrypted but not in enough fact about how anomaly was simulated in WhatsApp or the training and validation set, which seems to be the shortcoming to appreciate how the hybrid classifier can have an accuracy of 89%. As the results are quite good, it will be good for the authors to describe how false alarms can often be handled high in anomaly detection classifiers. For the results to be useful to cybersecurity researchers, the paper needs to add use-cases that can be similar to pen-testing in the context of the Mitre Instruction Detection Model.

Author Response

A great thank for your valuable comments which comes from one of expert of our research area. We try to do our best to achieve your instructions and we make some changes in our article based on reviewers comments. 
Note: the article with track change was attached 

Response to Reviewer2 Comments

Point 1: …….  but the lack of online port rules learned are not discussed as I would compare with a decision tree classifier... 


 Response 1: You totally right, port number method did not have the same discussion like ML method. However, Section  3.3 (ML Partial Classifier) discussed ML statistical algorithms and its role in HOC system. In addition, section 3.4 highlight how HOC statistical algorithms take his classification decision

 Point 2: I think this approach of lack of details can be overcome by using standard datasets known in cybersecurity.

Response 2: Always standard datasets have a fair judgment of models accuracy. We try to follow the same path of previous works in the area of internet traffic classification. Most of them generate their own datasets because of differentiate networks environment.

Point 3: The authors mention WhatsApp is encrypted but not in enough fact about how anomaly was simulated in WhatsApp or the training and validation set, which seems to be the shortcoming to appreciate how the hybrid classifier can have an accuracy of 89%..

Response 3: Small paragraph was added which may highlights WhatsApp encryption. The  article try to use real network environment by collect internet traffic from one of campus router.  We look in our next study to increase the scheme to cover big part of our campus network   

Point 4:As the results are quite good, it will be good for the authors to describe how false alarms can often be handled high in anomaly detection classifiers.

Response 4: The  article try to use real network environment by collect internet traffic from one of campus router.  We look in our next study to increase the scheme to cover big part of our campus network and FP will be considered

Point 5: the paper needs to add use-cases that can be similar to pen-testing in the context of the Mitre Instruction Detection Model.

Response 5: figure 4 was updated which is doing the same role of use-case diagram.

Author Response File: Author Response.docx

Reviewer 3 Report

There are too many references older than 5 years and in this subject that makes them history.

Remove phrases, 'internet explosion' style as inappropriate.

Conclusion is too long and in part more of an analysis - separate.

Statistical argument needs to include the limitations of the results too.

Author Response

A great thank for your valuable comments which comes from one of the expert in our research area. We try to do our best to achieve your instructions
Note: article with track changes was attached

Response to Reviewer 3 Comments

Comments 1:  There are too many references older than 5 years and in this subject that makes them history.. 


Response 1: You totally correct, there are some older references

The older reference was updated by newer ones and all related date as well updated. However, some references which includes specific case (such as three stage classifier) was kept. That because most of the new hybrid works used two stages classifier.

Point 2: Remove phrases, 'internet explosion' style as inappropriate.

Response 2: we did not found this phrases “internet explosion” in our paper

 

Point 3: Conclusion is too long and in part more of an analysis - separate.

Response 3: We partly summarize the conclusion, but as some other reviewer ask us to add the limitation of our work, we added to the conclusion another small paragraph

 

Point 4: Statistical argument needs to include the limitations of the results too.

Response 4: The limitations of our work, was added to the conclusion

 

 

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

The article is revised reasonably. I suggest to modify the table structure and pictures appropriately to make the article more professional and beautiful.

Back to TopTop