Next Article in Journal
A Snake-Like Robot with Envelope Wheels and Obstacle-Aided Gaits
Next Article in Special Issue
Failure-Robot Path Complementation for Robot Swarm Mission Planning
Previous Article in Journal
Non-Thermal Plasma Accelerates Astrocyte Regrowth and Neurite Regeneration Following Physical Trauma In Vitro
Previous Article in Special Issue
A Brunnstrom Stage Evaluation System with Fuzzy-Accelerometer
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 9
Issue 18
10.3390/app9183748
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Cloud-Based Real-Time Mechanism to Protect End Hosts against Malware

Appl. Sci. 2019, 9(18), 3748; https://doi.org/10.3390/app9183748
by Fu-Hau Hsu 1, Chia-Hao Lee 1, Ting Luo 1, Ting-Cheng Chang 2 and Min-Hao Wu 2,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Appl. Sci. 2019, 9(18), 3748; https://doi.org/10.3390/app9183748
Submission received: 23 August 2019 / Revised: 30 August 2019 / Accepted: 1 September 2019 / Published: 8 September 2019
(This article belongs to the Special Issue Intelligent System Innovation)

Round 1

Reviewer 1 Report

The authors present a mechanism called "Skywalker" that makes every program to be verified by VirusTotal before being executed in the host. This prevents the need for complete host system analysis and guarantees an updated antivirus check every time the program is executed. The first time a program is scanned it can take some significant time, but the subsequent executions are much faster (below half a second). I find the proposed solution very interesting, given if we can guarantee an optimal access to the Internet. However, the paper focus on a service that is already provided by VirusTotal Enterprise.


In paragraph 67-75 the author state some benefits of the use of Skywalker, like the lack for complete system scan and the avoidance of antivirus vulnerabilities, however the delay in the execution of a program is much higher than having it analysed by an installed antivirus and the fact that Skywalker itself may have vulnerabilities that could also be exploited, and it also need maintenance. Moreover, Virustotal may also have vulnerabilities and maintenance schedules. So, all of the four major goals described in paragraph 76-83 are, to some extent, compromised.

The two tips presented in paragraph 174-183 are important to save time and bandwidth and show care the authors had with system performance.

In paragraph 259-271 the authors identified a threshold of 1/3 of the number of antivirus Virustotal uses to detect an infection. Why did the authors used this value? How did the authors obtained this value? Should I be confident that there is no problem if only less than 1/3 of the antivirus report a problem?

As the authors state in their section 4.5 Limitations, using Skywalker makes the start of the program taking a very long time, which is a huge limitation of this solution. The authors should have done some of the proposed solutions they discuss in this section and based this paper on them. This way it would be a more mature paper and closer to something that could eventually be used in real life. Like it is now, it is rather useless in practice.

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 2 Report

The authors developed a cloud-based real-time defense mechanism named Skywalker to allow users to safely utilize antivirus without the above problems. The approach runs an app in the cloud after verifying for malicious contents with antivirus, the runtime performance shows limited delay.

As a new runtime approach, the idea is original and novel. The approach suffers some potential issue though. For example, what if no internet connection available, this approach will not work at all. Secondly, the capability of antivirus is limited in terms of signature, so if a program is malicious and no signature is available yet, then it will run and the mechanism fails. The authors should discuss some strategies to overcome these limitations to have their approach more practical. 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Back to TopTop