Next Article in Journal
WhistleGAN for Biomimetic Underwater Acoustic Covert Communication
Previous Article in Journal
Design of a 1.2 kV SiC MOSFET with Buried Oxide for Improving Switching Characteristics
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 13
Issue 5
10.3390/electronics13050963
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Dynamic Analysis Data Preprocessing Technique for Malicious Code Detection with TF-IDF and Sliding Windows

Electronics 2024, 13(5), 963; https://doi.org/10.3390/electronics13050963
by Mihui Kim * and Haesoo Kim
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Electronics 2024, 13(5), 963; https://doi.org/10.3390/electronics13050963
Submission received: 14 January 2024 / Revised: 26 February 2024 / Accepted: 27 February 2024 / Published: 2 March 2024

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Idea of the research article is interesting and well presented. However, author need to incorporate following points in the revised article.

1. Lack of detailed experimental design and results description: The article fails to provide a thorough description of the specific design and execution process of the experiment, including details about the hyperparameters used during model training, among other things. Additionally, there is a lack of sufficient explanation regarding the experimental results. While indicators such as accuracy, recall, precision, and F1 score are mentioned, no further analysis or discussion is provided regarding the significance and influencing factors of these indicators.

 

2. The review of related work is not comprehensive: The article only tackles a limited amount of previous work, neglecting to mention other relevant literature and research outcomes. This limits the perceived innovation and contribution of the article.

 

3. Limited data sources and sample size: The article employs a dataset consisting of only 201,549 samples, most of which are benign files, with less than 2,000 malicious files. This limited sample size may restrict the generalizability of the results. Moreover, the article does not provide an explanation regarding the source and collection method of the dataset, making it impossible to assess its representativeness and reliability.

Author Response

The paper has been revised according to the Reviewer’s comments. Please note that the revised parts corresponded to the comment are yellow-highlighted in the revised manuscript. We received professional English proofreading and editing service by professional editors at Editage as attached certificate. We greatly appreciate the reviewers’ comments on this paper.
Please refer to the attached file for correspondence to each comment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

Dear authors

It gives me a pleasure to review your paper that focuses on new technique of malicious code detection.  Though the paper has its own merits, I have few suggestions.

1. The authors have mentioned related method and then mentioned the proposed method. However, the superiority of new method needs to be highlighted. In what way the new method becomes beneficial  when compared to the previous well-established methods (eventhough static)

2. The authors need to include a new subsection under which they can mention how this new method advances the theory. And also list out possible limitations. In addition, it is also necessary to explain the practical implications. 

I hope my suggestions will help in improving the quality of the manuscript.

I wish good luck to the authors.

 

Author Response

The paper has been revised according to the Reviewer’s comments. Please note that the revised parts corresponded to the comment are yellow-highlighted in the revised manuscript. We received professional English proofreading and editing service by professional editors at Editage as attached certificate. We greatly appreciate the reviewers’ comments on this paper.Please refer to the attached file for correspondence to each comment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

 

In this paper, the authors propose an extension of conference scientific work (ref [6]). They aim to enhance the proposed preprocessing technique for dynamic analysis data for malware detection.

They use TF-IDF for weight calculation and sliding window as data reduction technique. This last issue helped to address the excessive overhead seen with other approaches.

The paper sounds good. The authors have clearly presented their motivations and have presented a use case study to illustrate clearly the proposed approach.

In the paper title, is it « A Dynamic Analytic Data » or « A Dynamic Analysis Data ». In my opinion, the use of « Analysis » is more appropriate.

The algorithm 2 title have to be changed and also the content. Since it is an algorithm, it has to be written in a pseud-code and not mix Python code with the pseudo code (same remark for algorithm 3 and algorithm 1 for some instructions).

In paragraph below the algorithm 2, some descriptions have to be changed since the algorithm content would be changed, like « ...uses a loop structure that is constructed using a range function ». range function is spectific to Python langage, and so it is related to the implementation of the algorithm in Python.

More details should be given about the use of LSTM to compare the performance of the proposed approach with existing solutions. How the dataset has been divided on training and testing dataset ?

The conclusion also should be developed more.

In page 1, in the sentence « Accordingly, to convert dynamic analysis data to a fixed size, our previous study [5] used the term frequency-inverse document frequency (TF-IDF) [6] », the authors should correctly place the references numbers : by « our previous study », the authors are refering to [6] and not to [5].

In page 7, at the end of the 1st paragraph of subsection 4.2., « 5. Conclusion » has to be removed.

Author Response

The paper has been revised according to the Reviewer’s comments. Please note that the revised parts corresponded to the comment are yellow-highlighted in the revised manuscript. We received professional English proofreading and editing service by professional editors at Editage as attached certificate. We greatly appreciate the reviewers’ comments on this paper.Please refer to the attached file for correspondence to each comment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

The authors have appropriately revised the manuscript to make it suitable for publication.

Author Response

we appreciate very much for your review service.
The paper has been revised according to the Reviewer’s comments. Please note that the revised parts corresponding to the comment are yellow-highlighted in the revised manuscript. We received professional English proofreading and editing service from professional editors at Editage as an attached certificate. We greatly appreciate the reviewers’ comments on this paper.

Reviewer 3 Report

Comments and Suggestions for Authors

The authors have performed the requested major revisions.

 

Remain the following minor revision :

In Algorithm 1, the instruction 6, have to be written in pseudo-code and not in Python code :

(length of Wac) % N == 0 –> (length of Wac) MOD N = 0

 

 

Author Response

Considering your point, we've changed the instruction 6 in algorithm 1 and the instruction 4 in algorithm 3   to pseudocode. The modified algorithm can be found on lines 111, and 181.

Back to TopTop