FN-GNN: A Novel Graph Embedding Approach for Enhancing Graph Neural Networks in Network Intrusion Detection Systems

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper proposes a preprocessing method called FN-GNN for flow data from network intrusion detection  systems (NIDS), enhancing the efficacy of a graph neural network model in malicious flow detection.  

In general, the proposed method lacks innovation and is only an application of the graph neural network method. We should analyze the unique characteristics of network intrusion detection, for example, what are the characteristics of malicious network flow and what are the characteristics of normal network flow. What are the problems that lead to the low detection accuracy and high false positive rate of the methods in this field? Why the existing graph neural network method is suitable to solve or improve these problems. If it can not be completely solved, what kind of improvements should be made to the existing graph neural network to solve the existing problems? I didn't see any relevant analysis of the above problems in the paper.

 NIDS is a field that has been studied for a long time and has a lot of research results, and the references mentioned in this paper are far from enough.

 In the experimental part, the author did not demonstrate the improvement points mentioned in the paper.

 My biggest piece of advice is to make sure that your methodology is closely linked to the problem you are trying to solve in NIDS. Otherwise, reading will give the impression that the proposed method is appropriate in any field. This also shows that there are no targeted solutions.

Comments on the Quality of English Language

English very difficult to understand/incomprehensible

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

clearly differentiate your contribution.

Provide a table summarizing the hyperparameters used, their values, and the rationale for choosing these specific settings.

Include more details on the steps and the rationale behind choosing specific features.

Include more details on the preprocessing steps for both datasets. Clearly state any assumptions made during data cleaning and feature selection.

Feature Selection: While you mention the use of Random Forest Regression for feature selection, include a brief explanation or reference to the methodology used to ensure readers unfamiliar with the process can follow.

Training and Testing: Clarify the splitting strategy for the training and testing datasets. Mention if any cross-validation techniques were used and provide reasons for the chosen strategy.

Provide a statistical analysis of the results to support the claims of significance. This can include confidence intervals or p-values where appropriate

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

Strengths of the Paper:

1.      The paper introduces a FN-GNN model for network intrusion detection, which leverages graph neural networks to enhance the detection of malicious activities.

2.      The paper provides a comparison of the proposed FN-GNN model with state-of-the-art models on the CIC-IDS2017 and UNSW-NB15 datasets.

3.      The paper highlights the stability and convergence of the model during training.

4.      The evaluation results show that the proposed model achieves significantly higher effectiveness compared to models employing the same feature selection approach.

 

Weaknesses of the Paper:

1.      The paper lacks detailed information about the datasets used, such as data preprocessing steps, class distribution, and any data augmentation techniques applied.

2.      While the paper focuses on F1-Score comparisons, a more extensive evaluation with additional metrics like precision, recall, and ROC curves could provide a more comprehensive analysis of the model's performance.

3.      The paper does not delve into the practical aspects of deploying the FN-GNN model in real-world network environments, such as computational efficiency, and adaptability to dynamic network conditions.

 

 Technical Issues:

1.      The paper does not address the scalability of the FN-GNN model, particularly in handling large-scale network traffic data, which is crucial for real-world deployment.

2.      The interpretability of the FN-GNN model's decisions is not discussed, which is essential for understanding how the model detects and classifies network intrusions.

3.      The paper could benefit from discussing the generalizability of the proposed model to different network architectures and attack scenarios beyond the datasets used in the study.

 

4.      There is a lack of discussion on the computational complexity of the FN-GNN model, including training time, memory requirements, and inference speed, which are vital considerations for practical implementation.

Comments on the Quality of English Language

Some moderate revision is required to enhance the linguistic quality and fluency of the manuscript's English language.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

• Based on your reply, I'm sorry to say that I still think the method proposed in the paper is a very general method, which is not only applicable to intrusion detection, but also applicable to other detection fields, without pertinency.

Comments on the Quality of English Language

Extensive editing of English language required

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The authors improved the manuscript

Author Response

Thank you for your comments. 

Reviewer 3 Report

Comments and Suggestions for Authors

The authors have satisfactorily replied to the concerns raised and complemented the manuscript accordingly.

Author Response

Thank you for your comments. 

Round 3

Reviewer 1 Report

Comments and Suggestions for Authors

 Moderate editing of English language required

Comments on the Quality of English Language

The FN-GNN model, a novel graph embedding method, is proposed to enhance the performance of network intrusion detection systems (NIDS). By representing network flow data as graph data and processing it with graph neural network (GNN) model, FN-GNN can better capture complex relationships between network flows.

1. The research solves the problem that the deep learning model lacks standardized input data when processing network flow data, and improves the accuracy and performance of the model through new preprocessing methods.

2. The proposed FN-GNN model has excellent performance on two widely used intrusion detection data sets, and the experimental results are convincing, which proves the effectiveness and practicability of the method.

3. The paper describes the model design, data preprocessing steps and experimental Settings in detail, providing sufficient technical details to make the research results repeatable and reliable.

I suggest

1. Increase the discussion on the computational efficiency and resource consumption of the model, especially the application scenarios in large-scale network environments. The scalability and feasibility of practical deployment of the FN-GNN model can be evaluated through experimental or theoretical analysis.

2. Expand the research on the robustness and adaptability of the model, and explore the performance of FN-GNN in the face of dynamic network environment and new attacks. 

3. Enrich the review part of relevant work, compare the advantages and disadvantages of FN-GNN with existing methods in detail, and highlight its innovation points and unique contributions. In this way, the significance and novelty of the research can be better demonstrated, and the persuasive power of the paper can be enhanced.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf