Next Article in Journal
Adaptive Fault-Tolerant Control for Second-Order Multiagent Systems with Unknown Control Directions via a Self-Tuning Distributed Observer
Next Article in Special Issue
Deep Learning-Based Modulation Recognition for Low Signal-to-Noise Ratio Environments
Previous Article in Journal
Security Access Control Method for Wind-Power-Monitoring System Based on Agile Authentication Mechanism
Previous Article in Special Issue
Piecewise Iterative Extrapolation Method for Bandlimited Signal
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 11
Issue 23
10.3390/electronics11233934
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Comparative Evaluation of AI-Based Techniques for Zero-Day Attacks Detection

Electronics 2022, 11(23), 3934; https://doi.org/10.3390/electronics11233934
by Shamshair Ali 1, Saif Ur Rehman 1, Azhar Imran 2, Ghazif Adeem 1, Zafar Iqbal 3 and Ki-Il Kim 4,*
Reviewer 1:
Khoa Dang Pham
Reviewer 2:
Waheeb Abu-Ulbeh
Electronics 2022, 11(23), 3934; https://doi.org/10.3390/electronics11233934
Submission received: 20 October 2022 / Revised: 17 November 2022 / Accepted: 25 November 2022 / Published: 28 November 2022
(This article belongs to the Special Issue Advances and Applications of Networking and Multimedia Technologies)

Round 1

Reviewer 1 Report

I am reading this work with a great interest. The authors aim at presenting a comprehensive literature review for AI-based techniques, which are used to detect Zero-day attacks. The topic of zero-day attacks detection is interesting, and hence, AI-based techniques have been used for this purpose based on datasets of previous attacks. The manuscript is citing relatively sufficient previous researches in the field and also trying to put qualititive analysis and comparisons between them. Overall this work is targeting an important and interesting research topic, which would gather interest from many readers.

 

However, I wouldn't accept to publish this work in its current form. In my opinion, this could be much more concise and better organised.

First of all and perhaps the most important feature for a literature review is the classification methodology or criteria. That would draw a line to define a research publication against a student's summary report. However, it is unclear to me what the methodology or criteria is being proposed in this manuscript. What I have read so far is a listing of recent AI-based techniques for Zero-day attacks detection, which is an effort, but not much a contribution yet. Perhaps the authors should start with the types of attack (IDS, Phising, DoS/DDoS, malware,...), which applications/domains (cloud computing, automotive, industrial control systems) attract which type of attack, what are the typical feature for each type of attack, and how previous works have used AI-based techniques to detect or predict them. These statements need to be made very early in the manuscript such as in abstract and introduction, rather than leaving readers to guess by themselves. I believe that the authors might have got enough raw materials for a good literature review paper in this topic given the number of references in the current manuscript. They just need to approach this topic more systemmatically and present the review more scientifically.

Another big issue what I found in this manuscript is that there are many repetitions about the description of AI-based techniques. In my opinion, the sections 2.3 "ML and DL based", 3.3 "Detection Models", and 3.4 "Algorithms and Techniques" can be combined to give readers a much more concise and hence comprehensive description about "AI-based techniques for detection".

There is no suggestion for future research on this topic, which is usually another contribution from a literature review.

All tables are not mentioned and not discussed anyhow in the main text, although they are quite good at summarising some parts of the manuscript. Hence, they are not effective in contributing to the rest of the story as they should be.

Some of keywords such as GWO, SWAT need to be defined before using.

Author Response

We are thankful to the honorable reviewers for their valuable comments. We have taken each comment very seriously and revised the manuscript in light of these valuable comments. The updated portions are highlighted (in red) in the revised manuscript. For the sake of minimizing the time of the honorable reviewers, these updates are also included in response to each comment in this file.

Author Response File: Author Response.pdf

Reviewer 2 Report

For the whole paper, authors should choose the way that "cybersecurity" or "cyber security" can be written. It appears as one word in the introduction (professionally) and two words in the conclusion.

It is useful to briefly explain the CIA triad, which refers to confidentiality, integrity, and availability.

It is recommended to mention that there is no universally agreed definition of "cybersecurity" before defining it.

Is there a reference for Figure 1?

The literature was introduced in a systematic and perfect way.

The comparative analysis was conducted using a variety of methods, which gives the paper power.

 

In future research, the authors should search for new recent datasets to overcome the very old datasets that were used by researchers in the literature like DARPA/KDD.

Author Response

We are thankful to the honorable reviewers for their valuable comments. We have taken each comment very seriously and revised the manuscript in light of these valuable comments. The updated portions are highlighted (in red) in the revised manuscript. For the sake of minimizing the time of the honorable reviewers, these updates are also included in response to each comment in this file.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

I would like to thank the authors for your swift response to my concerns.

The authors clarified that the purpose of this manuscript is to "provide the readers in detail insights into the current trends and the techniques being used by the researchers for detecting zero-day", so I think it's now clear about the contributions from this manuscript. In my opinion, this is acceptable but this manuscript could be much more impactful if the authors follow my suggestions in previous review by grouping attacks per application domain, typical signatures per attack, and techniques to detect them. This manuscript are close to be a quite impactful publication but it's up to the authors whether to take the chance.

There are still some comments as below:

* How is the paragraph and Table 1 in page 5 and 6 fit to the rest of the Section 2 "Literature Review"? They seem out-of-context in this current form.

* "Limitations" should be prior to any "Conclusion" to achieve the story's completeness. Perhaps the authors should rewrite the last two sections to "Results and Discussion", where discussion on current approaches' limitations is given, and then "Conclusion and Future Work".

Author Response

We are thankful to the honourable reviewers for their valuable comments. The authors took each comment very seriously and revised the manuscript in light of these valuable comments. The updated portions are highlighted (in red) in the revised manuscript. To minimise the time of the honourable reviewers, these updates are also included under the response to each comment in this file.

Author Response File: Author Response.docx

Back to TopTop