Hybrid Deep Learning Approach for Automatic DoS/DDoS Attacks Detection in Software-Defined Networks

Round 1

Reviewer 1 Report

The abstract needs to discuss overview of the study, existing problem, work done, results obtained and relevance of the study

in related works, authors should consider the following suggestions to be discussed: 

https://www.proquest.com/openview/f310d224205259b54be36b14508802ff/1?pq-origsite=gscholar&cbl=316223

https://link.springer.com/chapter/10.1007/978-3-030-87013-3_8

https://link.springer.com/chapter/10.1007/978-3-030-87013-3_8

https://link.springer.com/chapter/10.1007/978-3-030-89546-4_12

https://onlinelibrary.wiley.com/doi/abs/10.1002/9781119905141.ch14

The dataset needs to be discussed extensively, its features and samples.

discuss all tables and figures extensively

Show the obtained values of the confusion matrix

After Figure 14, discuss work done, results obtained, comparing with existing models.

conclusion should discuss results obtained, limitations and relevance as well as future directions

 

Author Response

Please see the attachment

Author Response File: Author Response.docx

Reviewer 2 Report

Major.

1. In abstract. The authors should state the scientific background and problem that need to be solved by the proposed method.

2. In the introduction. The authors need to state the scientific contribution and the novelty of this research. 

3. In section 3.4 authors state "Our model consists of a combination of a 1D convolutional neural network (CNN), a gated recurrent unit (GRU), and a dense neural network (DNN)". Why use CNN, GRU, amd DNN? Why not use the other algorithms? More explanation about these methods needs to be included in the manuscript

4. Figure 10 and 11 are the only screenshot that needs to be tabulated properly.

5. Comparison with the other algorithms needs to be conducted 

 

Minor. 

1. On page 6 line 265: 7- CICDDoS2019 dataset should be bold

2. Some equations need to be fixed. For example "x_i = f(W * x_{i-1} + b)"  index "i" should be subscript. 

Author Response

Please see the attachment

Author Response File: Author Response.docx

Reviewer 3 Report

The authors presented a hybrid deep learning system for SDN DoS/DDoS attack detection and defense. It needs a significant revision. 

1- The abstract and conclusion should be more informative.

2- Please write the tool/environment you used for performance evaluation, the methods you used for comparison, and the improvement percentages in the abstract, introduction, and conclusion sections.

3- The abstract section needs a significant revision. The IMRaD structure is a popular technique for organizing your abstract. It signifies Introduction, Methods, Results, and Discussion. The abstract for a journal article should be around 150 words. Please read the references I suggested at the end of my comments to understand how to write abstracts academically.

4- The motivation and contribution need to be clarified. Please read the references I suggested to understand how to write them.

5- The related works section is like the summarization of the other works. What are the main advantages of your work that overcomes the former works?

6- The proposed approach and the evaluation sections need significant revision. My suggestion is as follows:

Abstract.

1- Introduction (It includes motivation, contribution, and the organization of the article)

2- Related works

3. Proposed approach

3.1. Reference architecture

3.2. Problem statement

3.3. Proposed attack detection approach

4. Performance evaluation

4.1. Simulation setup

4.1.1. Simulation metrics

4.1.2. Simulation scenarios

4.2. Experimental results

5. Discussion (Optional)

Conclusion (and future work).

 

7- Please Improve the quality of the pictures.

 

8- Please write the conclusion and future work in one paragraph. Reduce the size of future work and increase the size of conclusion sentences.

9- Please improve the references you cited. Please pay attention to the venues and cite some papers that the prestigious venues have published. Cite all the articles I wrote here:

9-1 "DDoS attack detection and mitigation using SDN: methods, practices, and solutions." Arabian Journal for Science and Engineering 42 (2017): 425-441.

9-2 "Detection and mitigation of DDoS attacks in SDN: A comprehensive review, research challenges and future directions." Computer Science Review 37 (2020): 100279.

9-3 "Adversarial Deep Learning approach detection and defense against DDoS attacks in SDN environments." Future Generation Computer Systems 125 (2021): 156-167.

9-4 "FUPE: A security driven task scheduling approach for SDN-based IoT–Fog networks." Journal of information security and applications 60 (2021): 102853.

9-5 "A novel approach for accurate detection of the DDoS attacks in SDN-based SCADA systems based on deep recurrent neural networks." Expert Systems with Applications 197 (2022): 116748.

9-6 "A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs." IEEE Transactions on Cognitive Communications and Networking 8.4 (2022): 1862-1880.

9-7 "S-FoS: A secure workflow scheduling approach for performance optimization in SDN-based IoT-Fog networks." Journal of Information Security and Applications 72 (2023): 103404.

9-8 "RBF-SVM kernel-based model for detecting DDoS attacks in SDN integrated vehicular network." Ad Hoc Networks 140 (2023): 103026.

Author Response

Please see the attachment

Author Response File: Author Response.docx

Round 2

Reviewer 2 Report

All issues have been resolved in this version

Reviewer 3 Report

The authors answered my comments correctly. The paper is ok. 

Fingers crossed.