Next Article in Journal
Efficient Hyperbolic Perceptron for Image Classification
Next Article in Special Issue
Optimal Transport-Embedded Neural Network for Fairness Transfer Problem
Previous Article in Journal
Enhanced Grey Wolf Optimization Algorithm for Mobile Robot Path Planning
Previous Article in Special Issue
Optimal Reconstruction of Single-Pixel Images through Feature Feedback Mechanism and Attention
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 12
Issue 19
10.3390/electronics12194025
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

CPL-Net: A Malware Detection Network Based on Parallel CNN and LSTM Feature Fusion

Electronics 2023, 12(19), 4025; https://doi.org/10.3390/electronics12194025
by Jun Lu *, Xiaokai Ren, Jiaxin Zhang and Ting Wang
Reviewer 1:
Ridha Ouni
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Electronics 2023, 12(19), 4025; https://doi.org/10.3390/electronics12194025
Submission received: 26 August 2023 / Revised: 22 September 2023 / Accepted: 22 September 2023 / Published: 25 September 2023
(This article belongs to the Special Issue Recent Advances and Related Technologies in Neuromorphic Computing)

Round 1

Reviewer 1 Report

This paper proposes a parallel fusion of CNN and LSTM networks with spatio-temporal features to improve the classification accuracy of malware. All concepts outlined in the paper as well as the contributions of the proposed work have been proposed and performed by many other related works. The Novelty is low. The results are good.

 

A.     Minor comments

 

1.       Page 2, line 50. “In this work, classify the grayscale images of malwares.” Reformulate the sentence.

2.       Page 2, line 61. “The main contribution of this paper:” replace by “The main contribution of this paper are the following:”

3.       Line 62. “We proposes a new …” typo

4.       Keep space between word and reference.

5.       Line 73. Abbrev “PE” ?

6.       Abbreviation should be given at the 1st time when it appears in the text.

7.       Inside table 3. “Convolutional Atteneion” typo

8.       Line 136. Experimental (more specific terms to outline the subject of the section)

9.       On top of figure 4, write CNN accuracy instead of model accuracy (as well for figures 5 & 6).

 

 

B.      Major comments

 

1.       Related work section needs more development.

2.       More relationship is needed between equations 1 to 7 and figure 3.

3.       Result section needs more details to indicate the impact of the proposed methodology/models on the final results. Result analysis and its comparison with the related work need more improvements.

4.       References listed in the “related work” section did not used for comparison. However, references [20-28] used in the comparative table (table 3) are not included in the “related work” section.

 

 

1.       Page 2, line 50. “In this work, classify the grayscale images of malwares.” Reformulate the sentence.

2.       Page 2, line 61. “The main contribution of this paper:” replace by “The main contribution of this paper are the following:”

3.       Line 62. “We proposes a new …” typo

4.       Keep space between word and reference.

5.       Line 73. Abbrev “PE” ?

6.       Abbreviation should be given at the 1st time when it appears in the text.

7.       Inside table 3. “Convolutional Atteneion” typo

8.       Line 136. Experimental (more specific terms to outline the subject of the section)

9.       On top of figure 4, write CNN accuracy instead of model accuracy (as well for figures 5 & 6).

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The article highlights the growing threat of malware to network security and emphasizes the importance of effective malware detection methods. To provide a stronger foundation, it would be beneficial to expand on the current landscape of network security threats and the increasing sophistication of malware.

 

1. In line  24 -78 Provide more background information on the current state of malware detection and the significance of the problem. Explain why malware detection is crucial in today's network security landscape.

2.   In the introduction : Give a brief overview of the limitations or challenges faced by existing malware detection methods, both static and dynamic. Explain how these limitations have led to the exploration of machine learning and deep learning approaches.

3.   In the introduction : Clarify the research gap that this article aims to address. Explain why the use of malware texture images and the fusion of spatial and temporal features are important advancements in malware detection.

1. Elaborate on the dataset used for evaluation and the specific evaluation metrics employed. Provide information on the size, diversity, and characteristics of the dataset to ensure transparency and credibility of the results.

2. Discuss the experimental setup in more detail, including the training process, hyperparameter settings, and any data preprocessing techniques applied. This will allow readers to replicate the experiments and validate the findings.

3. To enhance the reliability and robustness of our model, we have made the experiment code available on Kaggle and GitHub. By providing access to the code, we aim to ensure transparency and allow others to verify and reproduce our results

4. Present a comparative analysis of the proposed CPL-Net model with existing malware detection methods. Highlight the advantages and improvements achieved by the proposed model, such as higher accuracy rates or reduced false positives/negatives.  [ in same  dataset]

 

5. Provide insights into the limitations or potential drawbacks of the proposed approach. Discuss any challenges faced during the experiments and possible avenues for future research to address these limitations.

Overall, I highly recommend major revision, until the revised version, which includes significant improvements to the content

No comments 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

This paper mainly introduces a novel method for detecting malware, which combines the strengths of CNN and LSTM networks to analyze texture images of malicious code. The importance of feature fusion is also discussed, and the effectiveness of the proposed method is demonstrated through ablation experiments. Additionally, related work on malware detection and potential applications of the proposed method are presented in this paper.But there are still some minor issues to be improved. 

 

 

1.When comparing with different algorithms, it is desirable to compare as many metrics as possible to demonstrate the performance of your algorithm.

2.Although some formulas are listed when introducing LSTM, the explanation of some of the parameters should be more detailed, preferably a detailed flowchart.

3.Since feature fusion is currently a key way to improve model performance, how effective is it if you use other feature fusion methods besides the one you employed?

This paper mainly introduces a novel method for detecting malware, which combines the strengths of CNN and LSTM networks to analyze texture images of malicious code. The importance of feature fusion is also discussed, and the effectiveness of the proposed method is demonstrated through ablation experiments. Additionally, related work on malware detection and potential applications of the proposed method are presented in this paper.But there are still some minor issues to be improved. 

 

 

1.When comparing with different algorithms, it is desirable to compare as many metrics as possible to demonstrate the performance of your algorithm.

2.Although some formulas are listed when introducing LSTM, the explanation of some of the parameters should be more detailed, preferably a detailed flowchart.

3.Since feature fusion is currently a key way to improve model performance, how effective is it if you use other feature fusion methods besides the one you employed?

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

please check the figure numbers

keep space between reference and the word before.

Author Response

Please see the attachment.

Author Response File: Author Response.docx

Reviewer 2 Report

All of my comments have been addressed by the authors.

Thank you 

Author Response

Thank you very much for taking the time to review this manuscript.

Back to TopTop