Distributed Deep Neural-Network-Based Middleware for Cyber-Attacks Detection in Smart IoT Ecosystem: A Novel Framework and Performance Evaluation Approach
Round 1
Reviewer 1 Report
Comments for Authors
The authors proposed AI-enabled detection method discovers multi-level attacks and malware in smart environments. The proposed method proactively monitors the streamed network traffic data to detect malware and attacks. The deep neural network (DNN) has been used as the best choice with high-performance scores for malware detection and classification. My comments to the authors:
1) The title should be change to "Distributed deep neural network-based Middleware for Cyberattacks Detection in Smart IoT Ecosystem: A Novel Framework and Performance Evaluation Approach". This is mainly because AI is very wide area and the authors only used DNN methods. Also, the whole manuscript should change with DNN
2) Abstract should include one connection sentence with IoT between " Cyberattacks are always the major concerns and challenging issues in the modern digital world. " and " The lessons from the earlier experiences …" ; in which type of challenge for IoT.
3) Change the words " Literature Review" to "Related Works".
4) Why you have been used DNN? You must put a reason sentence at the end of related works.
5) Authors must use the format of electronics MDPI journal with complete affiliation, no gap between Figure 1(fonts are not clear) and caption of figures, Tables and references.
6) Many havens (-) have been used which should be corrected " in-production, multi-class, etc. "
7) Cam you add the processing delay comparison in Table 2.
8) The critical question that must be answer, how your system detects malware and attacks methods? What is the features that your system used?
9) Can compare your methods with at least two of related works methods?
Author Response
|
Comments |
Responses |
|
1) The title should be changed to "Distributed deep neural network-based Middleware for Cyberattacks Detection in Smart IoT Ecosystem: A Novel Framework and Performance Evaluation Approach". This is mainly because AI is a very wide area and the authors only used DNN methods. Also, the whole manuscript should change with DNN |
Thank you for the suggestion! We agree on changing the title to reflect more specifically on the DNN method. Now the title has been changed to “Distributed Deep Neural Network-based Middleware for Cyber-attacks Detection in Smart IoT Ecosystem: A Novel Framework and Performance Evaluation Approach” as suggested. |
|
2) Abstract should include one connection sentence with IoT between " Cyberattacks are always the major concerns and challenging issues in the modern digital world. " and " The lessons from the earlier experiences …" ; in which type of challenge for IoT. |
Great comment! Now, we have added a statement (second sentence of abstract) to reflect the type of challenges and possible threats for IoT. |
|
3) Change the words " Literature Review" to "Related Works". |
Corrected! |
|
4) Why you have been used DNN? You must put a reason sentence at the end of related works. |
To address this point, we have added two paragraphs- the second last, and the last paragraph in the 2-Related Work section. The added information provides the reason for using ML and DNN for IoT malware and attack prediction. |
|
5) Authors must use the format of electronics MDPI journal with complete affiliation, no gap between Figure 1(fonts are not clear) and caption of figures, Tables, and references. |
Now the manuscript is formatted according to MDPI Electronics journal guidelines. The font size of Figure 1 and the caption is clearer now. |
|
6) Many havens (-) have been used which should be corrected " in-production, multi-class, etc. " |
We have avoided hyphens (-) from many places as much as possible. For some of the terms like use-cases, AI-enabled, data-driven, etc., we kept them as it is since there is a common practice to use them as such in the literature. |
|
7) Cam you add the processing delay comparison in Table 2. |
Thank you for the nice comment! The approx. processing delay can be seen in the figures as a sparkling period after the time of ML model initiation till the point it behaves normally in ML model running mode. We were not able to get the exact time duration of the period. Sometimes it depends on the amount of data in the network traffic. We will further investigate this processing delay measure in our future work. |
|
8) The critical question that must be answer, how your system detects malware and attacks methods? What is the features that your system used? |
Thank you for the comment! We want to refer to Subsections 3.1 and 3.4 which describe how malware and attacks are detected. Subsection 4.1 provides a description of the dataset and features we have considered for the study. Now we have released GitHub where one can find the source code and information on how preprocessing and train/test of the ML models are done. |
Author Response File: 
Author Response.pdf
Reviewer 2 Report
The general quality of the writing is bad enough to interfere with reading for content. The very first sentence of the abstract has a number of disagreements with the terms. Some sentences are not complete. Extensive editing is required. The content is interesting. However, some figures do not add value. Not clear what Figures 1 and 2 contribute. However, Figure 3, Table 1, and table 2 are very valuable.
The topic is important and the authors make a contribution, however, a significant rewrite is required.
Author Response
Thank you for the comment and suggestion to improve the manuscript!
The response to your comments are as follows-
|
Comment |
Response |
|
The general quality of the writing is bad enough to interfere with reading for content. The very first sentence of the abstract has a number of disagreements with the terms. Some sentences are not complete. Extensive editing is required. The content is interesting. However, some figures do not add value. Not clear what Figures 1 and 2 contribute. However, Figure 3, Table 1, and table 2 are very valuable. The topic is important and the authors make a contribution, however, a significant rewrite is required. |
Thank you for the comment! We thoroughly read the manuscript, corrected grammatical errors and punctuation, and did a significate rewrite of the paper. The very first sentence of the abstract has now been fixed. Figure 1 and Figure 2 mainly depict the workflow of the approach and test-cases scenarios of the deployed IoT environment respectively. In the current version of the manuscript, we have put some descriptive information in Figure 1 and Figure 2 (refer to the first paragraph of Section 3 and second paragraph of Subsection 3.1) |
Just let us know if we need further improvement to the manuscript!
Author Response File: Author Response.pdf
Reviewer 3 Report
Interesting work and important domain. Good and easy writing. This is a plus.
Please add some insight to the results why AI is working for this? What could be potential reasons, what parameter is working why. I know that DNN works in mysterious ways, however with now AI being everywhere there is not much fun and research in just applying DNN and AI to any problem. I am not asking for concrete results, proofs or statements, a discussion sort of section should be good enough. This section should have your thoughts and insights on why and how the AI worked for this solution.
Please add a summary of the results at the beginning of the section 4. And some numbers in the abstract too.
Try to make the paper concise 19 pages are too much.
Please also discuss briefly in context of the early cyber and network attacks like Morrisworm. Something like where were we where have we come and where to go. Whether or not and why the lessons from such early attack are relevant for modern scenario. Check out the following comprehensive work on Morrisworm (you may cite this in you discussions): https://arxiv.org/abs/2112.07647
Author Response
Thank you for the comments and suggestions to improve the manuscript!
The following are the responses to the reviewer. Each comment is answered, and the manuscript modification is also made accordingly.
|
Comments |
Responses |
|
Interesting work and important domain. Good and easy writing. This is a plus. |
Thank you! |
|
Please add some insight to the results why AI is working for this? What could be potential reasons, what parameter is working why. I know that DNN works in mysterious ways, however with now AI being everywhere there is not much fun and research in just applying DNN and AI to any problem. I am not asking for concrete results, proofs or statements, a discussion sort of section should be good enough. This section should have your thoughts and insights on why and how the AI worked for this solution. |
To address this point, we have added two paragraphs- the second last, and the last paragraph in the 2-Related Work section. The added information provides the reason for using ML and DNN for IoT malware and attack prediction. |
|
Please add a summary of the results at the beginning of the section 4. And some numbers in the abstract too. |
Thank you! |
|
Try to make the paper concise 19 pages are too much. |
We understand the point. Now after addressing the comments, the size of the paper remained at 19 pages. The publicly released GitHub repo provides supplementary information and technical details of the work along with the source code. We could further reduce the length if requested. |
|
Please also discuss briefly in context of the early cyber and network attacks like Morrisworm. Something like where were we where have we come and where to go. Whether or not and why the lessons from such early attack are relevant for modern scenario. Check out the following comprehensive work on Morrisworm (you may cite this in you discussions): https://arxiv.org/abs/2112.07647 |
Thank you for the comment! We agree on the suggestion. Now we have added a paragraph at Discussion section (Subsection 5.1- third/last paragraph) covering Morris worm, WannaCry ransomware, including current ongoing challenges and future of machine learning for cybersecurity. |
Just let us know if we need further improvement to the manuscript!
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
The authors addressed and correct all my comments.
Author Response
Thank you so much for your time and suggestions to strengthen the quality of the manuscript!
Reviewer 2 Report
Ready for publication.
Author Response
Thank you so much for your time and suggestions to strengthen the quality of the manuscript!
Reviewer 3 Report
I am okay with the changes made.
As the aurthors mentioned that providing numbers before the setup and procedure is not okay. I disagree. One may provide brief summary. Just some numbers to give an overall idea of results. Not all the readers have time to read the entire paper. The synopsys helps such readers in better understanding your work and provides more reachability to your work.
However, I will leave this decision upto the authors. I am okay with accepting the paper in its revised form.
Author Response
Thank you so much for your time and suggestions to strengthen the quality of the manuscript!
We have addressed the reviewer’s comment in the second revised version of the manuscript. We agree with the reviewer's point on providing some numbers of the experimental result to show the highlights and overall idea of the work before jumping into the detailed reading, is a good idea.
We have added a few statements (the last few sentences (8th-10th sentences)) in the abstract of the updated version of the manuscript.
We welcome any further suggestions to improve the quality and readability of the paper.
Thank you!
