Next Article in Journal
Road Segmentation and Environment Labeling for Autonomous Vehicles
Next Article in Special Issue
SGXDump: A Repeatable Code-Reuse Attack for Extracting SGX Enclave Memory
Previous Article in Journal
Deep Knowledge Tracing Based on Spatial and Temporal Representation Learning for Learning Performance Prediction
Previous Article in Special Issue
SPEEDY Quantum Circuit for Grover’s Algorithm
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 12
Issue 14
10.3390/app12147189
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Toward an Efficient Automatic Self-Augmentation Labeling Tool for Intrusion Detection Based on a Semi-Supervised Approach

Appl. Sci. 2022, 12(14), 7189; https://doi.org/10.3390/app12147189
by Basmah Alsulami 1, Abdulmohsen Almalawi 1,* and Adil Fahad 2
Reviewer 1: Anonymous
Reviewer 3:
Han Qi
Appl. Sci. 2022, 12(14), 7189; https://doi.org/10.3390/app12147189
Submission received: 8 June 2022 / Revised: 13 July 2022 / Accepted: 14 July 2022 / Published: 17 July 2022
(This article belongs to the Special Issue Recent Advances in Cybersecurity and Computer Networks)

Round 1

Reviewer 1 Report

 

In this work, the authors apply machine learning techniques to intrusion detection. They propose a semi-supervised approach called self automatic labeling. The method is tested against NSL-KDD dataset ISCX dataset. Experimental results are comparing to that of probabilistic graphical model method and various-widths clustering method. Comparing to the other two methods, the proposed method provides good accuracy but bad runtime performance for the reported data. The topic is interesting, but there are several issues that should be addressed.

 

Section 2.1

Line 102: What is DPNN? I checked the reference and it stands for “density peaks nearest neighbors.” It would be better to include the full name in the manuscript.

Line 109-113: There is a long sentence “Among the machine learning… IDS problems.” It seems to be grammatically incorrect.

 

Section 3.1

General question: The ensemble voting method is well-explained. However, it would be helpful to also provide some short description of the supervised classifiers C_i used in the experiments.

 

Line 240: Could the authors explain why Eq. (1) is not written in terms of argmax (like Eq. (2))?

 

Section 4.5

Fig.6, Fig.7, Fig.8, Fig.9: The scale of y-axis is different and missing for KNNVWC method.

 

Section 4.5.4

Table 5: What is the unit of runtime?

Line 546: There is a broken sentence “From Table.5 it 546 can be observed that.”

Line 548: “Second,When…” The “W” should be lower-case.

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 2 Report

Results and illustrative material must be revised. It requires special attention.

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

How to improve the classification accuracy of large-scale data using limited sample data is always the target of various semi-supervised learning models. In this manuscript, the Self Automatic Labeling approach, called SAL, is introduced for using a small labelled network traffic data to potentially detect most types of attacks in intrusion detection. The authors claimed that the proposed SAL approach has a better performance in overall accuracy, class balance accuracy, and F-measure by contrast to PGM and KNNVWC approaches.

overall, this research is innovative, the quality of presentation, however, needs to be improved. It is suggested to revise the content according to the following comments.

1.     The content to introduce the selected datasets is too much, as the datasets is not the core in this research.

2.     What do the TP, TN short for in equation 10, 11. More explanations for both variable and equations are required.

3.     Duplicated content in line 490.

4.     Title mistake of fig 11 (a)

5.     More introductions for fig 6-9, and fig 11 are required. Such as why the shapes like that, why the SAL has a better performance at normal class.

6.     The “most up-to-date” in line 424 is inappropriate, due to the PGM and KNNVWC are proposed in 2010 and 2015, respectively. The semi-supervised models, such as 3VMs, VAT(Virtual Adversarial Training),MixMatch UDA(Unsupervised Data Augmentation), might be considered to select as a comparison in the manuscript. Anyway. the reason for selecting the PGM and KNNVWC should be given more.

7.     Table 4 and fig 10 have little significance in the manuscript.

8.     It seems unnecessary to use 2 datasets in the experiments. Using one dataset is enough to indicate that most types of attacks can be detected by using a small labeled network traffic data.

9.     It is necessary to further explain how the datasets are used in the experiment, such as the proportion of training and test data, iteration times, etc.

10.  How the Zero-Day attacks (mentioned in the abstract) is evaluated in the experiments?

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

The concerns in my previous report are addressed appropriately. I have a few minor suggestions:

 

1.     Page 14, line 460: The programming language, operation system and hardware for the experiments are mentioned. It would be nice to present some more details. For example, how many physical cores are there in the CPU? Is the program threaded? 2.6GHz is not enough for readers to identify the CPU being used. Is there some specific machine learning package being used in the python code? The software packages should also be cited.

2.     Page 18, line 564: “…and stable rate detection rate…” It seems like some revision would be required.

3.     Page 18, line 567: “…upon reason- able request…” Might be “reasonable”?

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Back to TopTop