Next Article in Journal
A General Analytical Solution for Two-Dimensional Columnar Crystal Growth during Laser Beam Welding of Thin Steel Sheets
Next Article in Special Issue
Breaking Alert Fatigue: AI-Assisted SIEM Framework for Effective Incident Response
Previous Article in Journal
Effects of Three Different Brazilian Green Propolis Extract Formulations on Pro- and Anti-Inflammatory Cytokine Secretion by Macrophages
Previous Article in Special Issue
ATWin: An Improved and Detailed Startup Model of TTP/C
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 10
10.3390/app13106251
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Intrusion Detection Model Based on Improved Transformer

Appl. Sci. 2023, 13(10), 6251; https://doi.org/10.3390/app13106251
by Yi Liu and Lanjian Wu *
Reviewer 1:
Honguk Woo
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Reviewer 4:
Gerhard W. Weber
Appl. Sci. 2023, 13(10), 6251; https://doi.org/10.3390/app13106251
Submission received: 2 April 2023 / Revised: 17 May 2023 / Accepted: 17 May 2023 / Published: 19 May 2023
(This article belongs to the Special Issue Machine Learning for Network Security)

Round 1

Reviewer 1 Report

This work presents a Transformer-based intrusion detection model with several techniques including a hybrid sampling method of combining KNN-based under-sampling and Borderline-SMOTE over-sampling to deal with class imbalance issues of intrusion detection datasets, a stacked auto-encoder to have dimensionality reduction, and an improved position encoding. 

First, this manuscript should be revised to clarify its contributions for publication. Most parts of the manuscript specify the techniques abovementioned, but do not clearly explain (1) how the techniques are specifically adapted in the context of intrusion detection scenarios, and (2) how the techniques are competitive compared to other techniques (more than other neural network models). The sections of Abstract and introduction should be revised to clarify the contributions. 

In machine learning, the issues mentioned in the manuscript such as large dimensions and class imbalance of datasets are well known and there exist many prior works to deal with those issues. Compared to existing approaches to tackle large dimensions and class imbalance, the authors should clarify the benefits of proposed techniques and the originality of their work. The proposed techniques such as hybrid (ensemble) sampling and auto-encoder-based feature extraction and dimension reduction are not new and quite well-studied in the context of machine learning. How are those specifically adapted for intrusion detection scenarios?     

 

The title of the manuscript is “intrusion detection model based on improved Transformer”. Which part of the manuscript discusses “improved Transformer” is not clear. Why is the improved Transformer needed for intrusion detection? Which application properties of intrusion detection make the improved Transformer appropriate? Is the position encoding really a new and effective improvement to Transformer?

 

The related work section should be added. In Section 1, there are some related works but they can be described in Related work section separately. And more relevant and recent related research works should be summarized and compared to the work in the manuscript. For example, there are several research works using Transformer for intrusion detection. These can be added in the Related work section and discussed including the comparison to the work in the manuscript. 

- RTIDS: A Robust Transformer-Based Approach for Intrusion Detection System

- Intrusion detection: A model based on the improved vision transformer

- An Efficient Intrusion Detection Model Based on Convolutional Neural Network and Transformer

- IDS-INT: Intrusion detection system using transformer-based transfer learning for imbalanced network traffic

 

In the manuscript, individual proposed techniques are described in Section 2 and 3. Before those, the overall approach need to be explained. 

 

In Section 4, experiments are limited. None of prior works in intrusion detection were evaluated and compared. Several neural network models were compared but more relevant comparison should be made in the context of intrusion detection. 

In addition, more than a single dataset (NSL-KDD) can be evaluated. 

Moderate editing of English language is needed.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 2 Report

1. This is a great work with much novelty. I find the number of reference papers is not sufficient. Please consider to review and compare with more recent publications, such as

[1] Huang, Tianlin, et al. "Neural embedding singular value decomposition for collaborative filtering." IEEE Transactions on Neural Networks and Learning Systems 33.10 (2021): 6021-6029.

[2] Zheng, Jianwei, et al. "Improving the generalization ability of deep neural networks for cross-domain visual recognition." IEEE Transactions on Cognitive and Developmental Systems 13.3 (2020): 607-620.

[3] Arora, Vinay, et al. "Transfer learning model to indicate heart health status using phonocardiogram." (2021).

2. In Tables 1 and 2, please also compare the computational complexity of each model, such as the number of trainable parameters or FLOPs, memory usage, etc.

3. The figures 4-7 are low resolution, please update them with high-resolution figures, at least 300 dpi.

The quality of English writing seems acceptable.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 3 Report

1.         Abstract

1.1.         Abstract must contain obligatory explained clearly article contribution to scientific knowladge on it's end.

2.         Introduction

2.1.         The review of the literature in the Introduction of the paper and the state of the art deals with machine learning and deep learning and  did not include all possible approaches for solving the considered problem, so e.g entropy approach is not considered, which can be found in

Shojaei, M., Movahhedinia, N., Tork Ladani, B. (2011). An Entropy Based Approach for DDoS Attack Detection in IEEE 802.16 Based Networks. In: Iwata, T., Nishigaki, M. (eds) Advances in Information and Computer Security. IWSEC 2011. Lecture Notes in Computer Science, vol 7038. Springer, Berlin, Heidelberg.

https://doi.org/10.1007/978-3-642-25141-2_9,  then

the redundancy optimization approach is not specified, which can be found, for example, in the work of Babic, I.; Miljkovic, A.; Cabarkapa, M.; Nikolic, V.; Đordevic, A.; Randjelovic, M.; Randjelovic, D. TripleModular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems. Symmetry 2021, 13, 557. https: //doi.org/10.3390/sym13040557

and they should certainly be included, and not only them.

Rest of the paper is not well organized and difficult to understand.

 and

Structure of the paper should respect the organization by chapters as giTven in the journal manual and because of that second section should has name Materials and Methods

3.1.         The whole current second section 2. Data processing  could be first subsubsection in this new, with same name as it has now, and  with the second subsubsection which are now section 3. Model reasoning,also with existing name and both of them as parts of subsection  2.2 Methods.  The first subsection of this new section should be 2.1 Materials whic should be deal with used material in this paper for conducted experiment.

3.2          From the whole current  fourth  section and its content authors should separate new fifth section Discussion

3.3.         Disscusion section has  importance for clear and  sufficiently explantation of the contribution of this paper to the  body of knowledge and  what is even more important  because in this paper lacks a comparative evaluation of the proposed model with similar clearly described, existing

4.          Conclusions

Section conlusions must have wider and clearer explained further work of authors.

5.         References

5.1.       Number of total 18 references is to small for presented material and for so eminent journal.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 4 Report

The paper looks like good material. I like it. But it must be "cleaned" and "matured" a bit.  Upfront: see style and appeal of excellent papers (journal), learn how to use style and giving a very good appeal Let experts at hand help you (also to check style, content and formulas). Please check and if needed add all the missing punctuation ( , . ; : ) behind the formulas and also lists.  Do the same inside of formulas where punctuation could help the reader / understanding (or is just commonly used).  In fact, inside of the text, sometimes inside of a formula context, commas can help for structuring and reading help.  Please do not put a . when then a formula comes, You can use a : instead.  Formulas and text have not the same letter sizes.  You must be much "cleaner" in your style. Check all blanks - the unnecessary and the still needed. Sometimes blanks are missing behind commas.  Please use italics for letters (no other characters, and no full words) in formulas (even tiny ones) whenever missing.  Decent use of italics to enhance the paper's appeal and readability.  When you list, e.g., steps ... (with numbers), you can write Step 1 (etc.) in italics, etc.  Let some further experts near you check the whole paper, especially the mathematics. Please.  When you forgot italics for a letter (not a full word) in a formula, please do it now. If you will use it: Write minimize rather than min at the beginning of optimization problems and subject to and not s.t. Numbers please not in italics. ( and ) please neither in italics.  Please  min   max  (or better written out, unless they are operators)   not in italics. Work with an expert on writing in English, need not be a scientist here even.  Look for a broader view in the Conclusion and Outlook section. Find and see further works by other teams.  Please find and study/compare with works (older and/or newer) on modelling and addressing AI and ML, dynamics, hybrid systems (over time), networks and systems by Erik Kropat, Semih Kuter, Omur Ugur, Pakize Taylan, S. Zeynep Alparslan (Gok), Ayse Ozmen, Egemen Yilmaz, Diogo Azevedo and Emel Savku,  If it could be done if your team works hard, and it can become a great paper.

It is fine,   just a last re-check with an expert in English at hand.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Round 2

Reviewer 3 Report

The authors accepted the suggestions and in a very acceptable way incorporated the corresponding corrections in the revised paper.

Author Response

Thank you for providing feedback on the revised version of our paper. We are delighted to learn that the suggested changes were accepted and implemented appropriately. We would like to express our sincere appreciation for your valuable insights and guidance throughout the review process. Your feedback has played a crucial role in improving the clarity and overall quality of our work.

Once again, we would like to extend our gratitude for your time and effort in reviewing our manuscript.

Back to TopTop