Machine Learning-Based Intrusion Detection for Rare-Class Network Attacks
Round 1
Reviewer 1 Report
In this paper, authors have proposed a geometric synthetic minority oversampling technique based on optimized kernel density estimation for detection for rare class network attacks. Overall, the paper is well written and organized, however, there are few minor concerns to be addressed before its acceptance. Consider the following points while preparing the revisions.
Point 1#: Abstract should include the specific findings of the research, for example % improvement in the prediction accuracy for the model proposed.
Point 2#: Why G_SMOTE technique was preferred to address the data the data imbalance issue. Pros and cons of the methods in light of other techniques used in the subject domain should be highlighted.
Point 3#: The related works section and the summary table should be expanded by including other relevant studies on the topic.
Point 4#: Model’s evaluation in terms of other metrics such as Kappa, ROC and AUC should be considered.
Point 5#: Discussion of the results in light of recently related published literature should be included.
Point 6#: Study usefulness for practical policy implications should be highlighted.
Point 7#: Study limitations and outlook for future works should be refined.
Point 8#: Overall, the English language and writing style of the paper is good, however, there are few typos and occasional grammar mistakes that should be rectified while preparing the revisions.
English language and writing style of the paper is good, however, there are few typos and occasional grammar mistakes
Author Response
Please see the attachment.
Author Response File: 
Author Response.pdf
Reviewer 2 Report
The paper presents a geometric synthetic minority oversampling technique based on optimised kernel density estimation algorithm. The reasoning is well described as current network systems are becoming more complex and generate massive, unbalanced attack traffic. Authors use machine learning methods to propose a new approach to classify attack data. The results show that the method achieves a good overall detection rate outperforming existing techniques.
The paper is well-structured, it is very interesting, and I have learned a lot while reading it. Results shown in Section 4 provide a nice demonstration of how the method compares to the existing approaches.
There are some minor drawbacks that should be considered to improve the quality of the paper before publishing:
1) Section 3.1. Provide some more information on how parameters are chosen for the outlined modules. There is a thorough description of the used methods later in the text but still no mention of the specific parameters.
2) Please break down large paragraphs into smaller ones otherwise it becomes hard to follow. Paragraphs should not contain more than 5-6 sentences. That is especially true for Section 2, where the first paragraph covers lines 77 – 117 followed by more large paragraphs.
3) Please do not break words across a line-break by means of a hyphen. It is generally not advisable to do in scientific papers. If a word does not fit on a line, move it fully to the next line.
4) Tables and figures should be closer to places in texts where they are first mentioned. Please double check entire paper for that. For example, lines 152 and 153 mention Table 3 and Figure 1 that can be found only a full page later after a lot of text. That will make paper easier to follow.
Once this is amended, the paper will be suitable for publication in this journal.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 3 Report
the paper shows an extensive study and comparison between seers methods for intrusion detection. need to emphasize more the achievement on the conclision
conclusion need to be re-edited explaining the contributed work. it’s not clear
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 4 Report
This paper proposes three modules- imbalance processing, feature dimension reduction, and classification- for intrusion detection system (IDS).
Specific comments are as follows:
l The dataset used in this paper NSL-KDD and N-BaIoT is small (150K and 80K samples). The much larger complete dataset CSE-CIC-IDS2018 with 16M samples are used in most recent (2023) papers should be commented (or compared) such as: https://doi.org/10.1016/j.array.2023.100306 and https://doi.org/10.3390/s23042171
l The contributions of the proposed scheme with respect to the baseline schemes (specified as Ref [XX]) should be emphasized at the end of sec. 1 or 2.
l The proposed scheme has three modules. Does hyperparameters tuning is done for each module? For example, the number of layers and the number of parameters of the MDSAE module is optimized? Recent paper 1 mentioned above did this.
|
l The self attention mechanism is used in feature dimension reduction module. self attention (or transformer) is best suited for long term dependency such as long video scene detection https://doi.org/10.48550/arXiv.2212.14427 and https://doi.org/10.3390/s23167050 |
Why is the justification of applying self attention in feature dimension reduction module? Please comment.
l The unknown attack in Table needs further explanations.
l The paper title is deep learning-based …, but the proposed scheme actually uses both machine learning and deep learning, as indicated in Table 2 etc.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 4 Report
All comments are addressed. No further comments.
Author Response
Thank you very much for your previous valuable suggestions and for recognizing the changes we have made.
