Comparative Study of AI-Enabled DDoS Detection Technologies in SDN
Round 1
Reviewer 1 Report
The abstract should be rewritten to be more direct and specific
What is the contribution of this paper? include more points on this at the introduction section
At least five More recent works should be reviewed and included such as: https://doi.org/10.3390/su141911950
The source of table 1 was clearly missing . It has to be indicated.
An algorithm can be written to depict the new approach
Extensive editing of English language required
paper presents some ideas that appears novel
Extensive editing required
Author Response
[1] The abstract should be rewritten to be more direct and specific
- We did a very precise check on the abstract and then modified it into an elaborate sentence.
[2] What is the contribution of this paper? include more points on this at the introduction section
- Our contributions in this paper are as follows. Firstlly, it is possible to reduce the amount and time of collecting DDoS attack data-sets that affect the performance of the learning model. Secondly, it can reduce the time and cost of comparing various learning models and performance required for determining a learning model suitable for DDoS detection. we are verified that it is possible to reduce detection time of DDoS and appropriately utilize it when determining a detection model. Finally, various experimental methods for evaluating the performance of the learning model are presented so that related researchers can utilize them. Based on the results of this study, we are currently developing a new learning model for DDoS detection and mitigation in a blockchain network environment, and are conducting experiments and verification in real environments.
[3] At least five More recent works should be reviewed and included such as: https://doi.org/10.3390/su141911950
We added more recent working papers including above paper.
[4] The source of table 1 was clearly missing . It has to be indicated.
Table 1 shows the recent research methods for detecting DDoS attacks and the advantages and disadvantages of each.
[5] An algorithm can be written to depict the new approach
[6] Extensive editing of English language required
We have read and revised the paper several times.
[7] paper presents some ideas that appears novel
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments:
The research addresses the different machine and deep learning models to detect DDoS attacks in SDN , the paper presents a good comparative study. the paper could be enhanced by assigning a section to further discuss the results of the algorithms in more detail. the current section only demonstrates the results by numbers and illustrations.
1. Comparative studies enrich the researchers’ knowledge. Surveys papers are usually the first source that the researchers try to reach.
The current paper focuses on both deep and machine learning, which is good. But it lacks detailed discussion. Explaining why these specific algorithms are selected to contribute to the research, what is the authors’ perspective about the results, how the features set are determined for each algorithm, why the factors are not unified to be able to compare fairly, ….etc.
Moreover, what is the impact for feature selection (should be compared with no feature selection). The two steps of feature selection are not explained well in the methodology.
2. Conclusion could be further detailed with the comparison analysis when performed.
3. Figures could be more clear
Author Response
- Comparative studies enrich the researchers’ knowledge. Surveys papers are usually the first source that the researchers try to reach.
The current paper focuses on both deep and machine learning, which is good. But it lacks detailed discussion. Explaining why these specific algorithms are selected to contribute to the research, what is the authors’ perspective about the results, how the features set are determined for each algorithm, why the factors are not unified to be able to compare fairly, ….etc.
Moreover, what is the impact for feature selection (should be compared with no feature selection). The two steps of feature selection are not explained well in the methodology.
The reason for selecting features by applying the permutation importance algorithm in Kaggle data is to delete features that do not affect learning. Through this process, the learning time was reduced and the accuracy of the DDoS attack detection rate was improved.
Conclusion could be further detailed with the comparison analysis when performed.
We plan to conduct our research in the field in the future. In other words, more unexpected attacks and various types of DDoS attacks are possible in the field than in the laboratory. Research to overcome and improve this situation is very important. In addition, a new machine learning-based learning model will be developed to prove the superiority of detection performance.- Figures could be more clear
We made every effort to replace it with a clear picture.
Author Response File: Author Response.pdf
Reviewer 3 Report
The manuscript presents the results of a quantitative comparison of machine learning and deep learning techniques for the detection of DDoS attacks on software defined networks. The paper focuses on the relative ability of each technique to recognize statistical patterns among the detailed characteristics of historical attacks. There is little discussion of the structure and operation of SDNs or the theoretical basis underlying the various ML and DL techniques. All in all, the manuscript compares the relative effectiveness of several off-the-shelf data analysis methods in classifying segments of a well-understood data set, largely taken out of its practical context in data networking. While this comparison is of some interest on its own, the real test of such methods is the ability to detect a DDoS in real time and mitigate the harm to an actual SDN. Given the wide interest in applying ML to DDoS detection, such practical experiments are not uncommon.
Although I would recommend an expanded discussion of the significance of the data flow features in DDoS and normal traffic used in the study, and mitigation techniques in a difficult problem of computer networking, I can accept the paper in its present structure.
The manuscript requires a very extensive editing of the English. There are many serious errors of grammar and syntax that make the paper quite difficult to read.
Author Response
Thank you so much.
Author Response File: Author Response.pdf