Anomaly Detection Module for Network Traffic Monitoring in Public Institutions
Round 1
Reviewer 1 Report
This paper proposed the Anomaly Detection Module for Network Traffic Monitoring in Public Institutions. Overall, the structure of this paper is well organized, and the presentation is clear. However, there are still some crucial problems that need to be carefully addressed before a possible publication. More specifically,
1. A deep literature reviews should be given, particularly advanced and SOTA machine learning and deep learning models in data processing and analysis. Therefore, the reviewer suggests discussing some related works by analyzing the following papers in the revised manuscript, e.g., 10.1109/TGRS.2020.3015157, 10.1109/TGRS.2020.3016820, 10.1109/TIP.2022.3228497
2. Please clarify the contributions to this field, for example, which are the existing ones and which are your own ones?
3. The Anomaly detection methods should be also reviewed deeply by following the work “Hyperspectral anomaly detection using deep learning: A review”
4. What are the differences in techniques between the proposed method and existing methods?
5. The ablation analysis should be given to show the performance gain.
6. Some future directions should be pointed out in the conclusion.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 2 Report
The authors presented an anomaly detection module for network traffic monitoring system. The article lacks in the novelty, originality, and overall presentation. In general abstract should include the precise statement of the problem or issue, followed by a description of the research method and design, the major findings, and the conclusions reached. But in this manuscript does not include the state of work. The experimental results accuracy also missing in the abstract section.
The introduction section is to simple and does not provide the flow of the work. Related work should include more number research comparison of existing works and also must state the need for research. But in this article authors presented only the description of Anomaly detection model.
In section 3.2 authors just included the reference number it will better to include the description of that work. How these works are related to your proposed work.
Authors clearly presented the implementation of anomaly detection methods. In that, recommend to include parameter variable in the model construction section.
Experimental results presented better results and authors clearly described classification measures, anomaly detection percentage in various environment.
The conclusion and future works are presented well and clear.
The references are adequate.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 3 Report
The paper focuses on increasing network traffic safety based on continuous monitoring of network traffic statistics and detecting possible anomalies in the network traffic description. The developed solution ADM is mostly dedicated to public institutions as the additional component of the network security services. The topic is valuable, but many points should be improved:
1. The abstract must be improved; please note that it is not part of the text and should be complete. For example, lines 1-2 indicate, "It seems to be a truism to say that we should pay more and more attention to network traffic safety. Such a goal may be achieved with many different approaches", but what are the principal objectives and scope of the investigation?
2. As a research article, the Introduction section is not well-organized. It should present first, with all possible clarity, the nature, and scope of the problem investigated, which are not obvious to me.
3. Section 3.2 should be improved. The authors should summarize the advantages and disadvantages of related methods and compare their approach with the existing methods.
4. In section 4, some of the procedures used in this study could be clearer to me; the authors are requested to present their rationale for such procedures. In addition, the contribution and innovation of this approach over previous schemes should be clearly stated.
5. I would like to point out that the captions of figures and tables seem to be too weak. It should lead the reader to catch the main contents.
6. The experimental results need to be further discussed; for example, present the relationships and generalizations shown by the results.
7. The conclusion section should summarize your evidence for each conclusion. For example, lines 375-376 indicate "as a complement for other network monitoring systems" how do you address evidence “for other network monitoring systems"?
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
This paper proposed the Anomaly Detection Module for Network Traffic Monitoring in Public Institutions. Overall, the structure of this paper is well organized, and the presentation is clear. However, there are still some crucial problems that need to be carefully addressed before a possible publication. More specifically,
1. A deep literature review should be given, particularly advanced and SOTA deep learning or AI models in data processing and analysis. Therefore, the reviewer suggests discussing these currently SOTA works in revised manuscript, such as 10.1109/TGRS.2020.3015157, 10.1109/TIP.2022.3228497, 10.1109/TGRS.2020.3016820.
2. Please clarify the contributions, why this method is important?
3. How about the computational complexity?
4. The ablation analysis should be given to show the performance gain.
5. It is well-known that the data usually tend to suffer from various degradation, noise effects, or variabilities in the process of imaging. Please give the discussion and analysis by referring to the paper titled by e.g., An Augmented Linear Mixing Model to Address Spectral Variability for hyperspectral unmixing. The reviewer is wondering what will happen if the proposed method meets the various variabilities.
6. Some future directions should be pointed out in the conclusion.
Reviewer 2 Report
Authors carried out all the suggestions given by reviewers. Now the related work part enhanced for better understanding of readers.
Reviewer 3 Report
The authors have addressed my concerns.