Next Article in Journal
Research on Lightning Overvoltage Protection of Line-Adjacent Pipelines Based on Solid-State Decoupling
Previous Article in Journal
Asphalt Pavement Transverse Cracking Detection Based on Vehicle Dynamic Response
Previous Article in Special Issue
Anthropological Comparative Analysis of CCTV Footage in a 3D Virtual Environment
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 22
10.3390/app132212528
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Malware Detection Framework Based on Semantic Information of Behavioral Features

Appl. Sci. 2023, 13(22), 12528; https://doi.org/10.3390/app132212528
by Yuxin Zhang 1,2, Shumian Yang 1,2, Lijuan Xu 1,2, Xin Li 1,2 and Dawei Zhao 1,2,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3:
Xiaoliang Chen
Appl. Sci. 2023, 13(22), 12528; https://doi.org/10.3390/app132212528
Submission received: 18 October 2023 / Revised: 8 November 2023 / Accepted: 16 November 2023 / Published: 20 November 2023
(This article belongs to the Special Issue Intelligent Digital Forensics and Cyber Security)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The article clearly delineates the growing prominence of malware in network security and emphasizes the importance of understanding API call sequences for effective detection. It adequately addresses the existing gaps in feature analysis, highlighting the need for a more comprehensive approach. The proposed method's significance in leveraging semantic information for malware detection is well-articulated. The utilization of characterizing semantic structure and statistical information of API names is innovative and has the potential to address the information loss observed in prior methods. The combination of CNN and bidirectional GRU for detecting both local and global features between API calls is a significant contribution to the field.

 

Author Response

Thank you very much for your review. We are happy to hear what you think of our work. Please feel free to let us know if you have any other questions about our work or need more information. Thank you again for your time and professional input.

Reviewer 2 Report

Comments and Suggestions for Authors

A Malware Detection Framework Based on Semantic Information of Behavioral Features

 

The paper deals with an important research topic.

·        The authors have described the work well, but I have the following comments.

·        Discuss the dataset in the abstract section.

·        A graphical abstract is needed in the introduction section.

·        The paper organization section is missing at the end of the introduction.

·        Section 2 Related work needs a table that summarizes the state-of-the-art with limitations for each citation

·        Section 3 should be Dataset. It should describe the dataset used in the study all the preprocessing steps undertaken and its influence on the results. Show some sample files.

·        What are training and testing samples?

·        Any overfitting?? Data imbalance details.

·        Section 3.3 should be a separate section with the name Methodology

·        Figure 4 (CNNs-BiGRU model architecture) should be properly explained. It is not explained in detail.

·        Equations are not cited in the text

·        Figure 5 is also not cited in the text

·        Section 4.1.2 Experimental setup is very weak. Please explain it in detail.

·        Figure 8 should be represented in tabular format with all the values.

·        Figure 9 should be represented in tabular format with all the values.

·        What are the limitations of this work??

·        What is the computational complexity

·        What are the hyperparameters??

·        Table 3 should be compared with similar datasets. Discuss the methodologies of all the references.

 

 

Comments on the Quality of English Language

NO Comments

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors This paper proposes a novel malware detection framework based on analyzing the semantic information of behavioral features extracted from API call sequences. The key contribution is developing an NLP-inspired malware detection approach that can learn semantic representations of API call sequences and names. The results demonstrate this can identify malicious behaviors and achieve a good detection performance. While the paper presents some interesting ideas, some potential limitations to point out: (1) They manually design the API name encoding based on categories. Automated semantic learning of API names could be more flexible. (2) The embedding methods used are standard Word2Vec and TF-IDF. More advanced NLP embedding techniques could potentially improve representation learning and capture the better semantic information. One potential suggestion is to integrate multi-granularity semantic features such as character level, word level and topic level, so as to improve the embedding quality to a certain extent.  (3) The description of "semantic" appears at least 20 times in this article. The "semantic similarity computing" strategy in this paper mainly plays the key role. However, at present, semantic modeling is mainly aimed at API calls. In order to improve the theoretical work, the author should supplement or at least explain the basic theory (formula,such as DOI:10.1007/s11227-023-05592-7, or other rigorous formal method) of semantic similarity computing. Using only API is less theoretical. (4) Awkward or unclear sentences: (Line279) "Therefore, here we also analyze the TF-IDF values of APIs, as shown in Equation (2), to learn their statistical characteristics." This could be clarified as: "We also analyze the TF-IDF values of each API, as shown in Equation (2), to incorporate statistical characteristics into the name embeddings."

The core ideas seem valid and the results are promising. The novel application of NLP-based semantic modeling to API call analysis is a worthwhile exploration. I recommend accepting this paper after a minor revision.

Comments on the Quality of English Language

Need to modify a few unclear descriptions

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

The authors have responded to all the comments, and hence the paper can be accepted for publication.

Comments on the Quality of English Language

NO comments

Back to TopTop