A Survey of the Recent Trends in Deep Learning Based Malware Detection

Round 1

Reviewer 1 Report

Paper comments:

This paper first introduces the development trend of malware in recent years in the introduction and lists some cases. The development trends and cases are listed richly and explained clearly.It explores several possible strategies for real-time malware detection and proposes a layered model for real-time detection of security events or threats. This paper focuses on the role of traditional machine learning and deep learning in the field and compares the two, discusses the application of twin neural networks, illustrates the progress of deep learning in malware identification, and introduces the shortcomings of both , and the datasets and performance metrics it uses, which are the focus of this paper.The paper is yet another investigative paper, first surveying malware-related papers, focusing on summarizing different malware detection papers, and then summarizing a dozen papers each of deep learning-related methods and traditional machine learning methods in the field of malware detection , expounding the shortcomings and flaws of each paper in the application of their respective methods. This part of the investigation is careful and serious, and various deficiencies in the field of malware detection are investigated in detail.To sum up,this paper has a detailed summary and is an excellent paper that can be used by experts and government officials in related fields for policy reference and research planning.

 

Suggestion for revision:

1. In the introduction and comparison of machine learning and deep learning in the paper, more specific practical application parts should be written to make the article easier to understand.

2. When summarizing the shortcomings and deficiencies of the research methods of various papers in related fields, examples should be used to demonstrate.

3. As an investigative paper, in order to enable cross-industry experts and government officials to understand the summary of the paper, the structure of the paper should be adjusted for easy viewing.

4. The survey of this paper requires further improvement. On the detection of malicious behavior, “ Detecting Integrity Attacks on SCADA Systems, IEEE Transactions on Control System Technology” and “Statistical Approach to Detection of Attacks for Stochastic Cyber-Physical Systems, IEEE trans on Automatic Control”. On the attacked system analysis, “On the Performance Analysis of Reset Attack in Cyber-Physical Systems, IEEE trans on Automatic Control” and “The Vulnerability of Cyber-Physical System Under Stealthy Attacks, IEEE trans on Automatic Control”. I believe that theses works may help to improve the quality of this paper.

 

5.  Summarizing the shortcomings and limitations of other papers can be placed at the end for experts in the field to view.

6. There are small mistakes in the focus of the article. The focus of this paper is on the discussion of malware identification, but the research focus is on the application of machine learning and deep learning in this field, and you can consider modifying the title and abstract.

 

Author Response

We are grateful that you gave us the opportunity to improve our manuscript.

Reviewer 1:

We are quite grateful to you for your valuable suggestions and encouraging comments. Your suggestions have really made it possible for us to improve the quality of our manuscript. A methodical response to your suggestions is given below:

1. In the introduction and comparison of machine learning and deep learning in the paper, more specific practical application parts should be written to make the article easier to understand.

As per your kind suggestion we have tried to improve the introduction by mentioning the adverse effects of malware on practical applications like cyber physical systems. A complete paragraph mentioning the malware detection in cyber physical systems utilized in different application areas is mentioned in introduction. Similarly, practical damages caused by different types of malware like ransomware are also highlighted in introduction to shed clear light on the need of anti-malware system.

 

2. When summarizing the shortcomings and deficiencies of the research methods of various papers in related fields, examples should be used to demonstrate.

Thank you for highlighting this important aspect. Table 4, 5 and 6 contain the column of weaknesses/limitations, where we have added the shortcomings of the related review papers with examples. For the research methods which have worked over few hundred samples for training a machine learning algorithm, there we have identified the weakness as usage of small dataset. Similarly, there were many more shortcomings which were highlighted in above mentioned tables.

 

3. As an investigative paper, in order to enable cross-industry experts and government officials to understand the summary of the paper, the structure of the paper should be adjusted for easy viewing.

Thanks for this valuable suggestion. As per your concern, we have tried to make it easy for cross-industry experts and govt. officials to understand our paper through Figure 2 which displays the layout of the paper organization. Anyone interested in reading our manuscript can get an idea by looking at figure 2 that after introduction he will get to know about research work done in malware detection through statistical based methods, conventional machine learning based methods and then deep learning based methods. In the next section reader will come across the shortcomings of above mentioned methods highlighted through the research work done. Finally, reader will go through the direction of future work and then conclusion.

 

4. The survey of this paper requires further improvement. On the detection of malicious behavior, “Detecting Integrity Attacks on SCADA Systems, IEEE Transactions on Control System Technology” and “Statistical Approach to Detection of Attacks for Stochastic Cyber-Physical Systems, IEEE trans on Automatic Control”. On the attacked system analysis, “On the Performance Analysis of Reset Attack in Cyber-Physical Systems, IEEE trans on Automatic Control” and “The Vulnerability of Cyber-Physical System Under Stealthy Attacks, IEEE trans on Automatic Control”. I believe that these works may help to improve the quality of this paper.

Thank You for your suggested papers. They have really helped us out in improving the organization of our paper. They have also helped us in improving the quality of our work. We have used the work presented in these papers as practical examples of applying antimalware system.

 

5. Summarizing the shortcomings and limitations of other papers can be placed at the end for experts in the field to view.

Thank you for your valuable suggestion. To make it easy for experts to go through the shortcomings and limitations of other papers, we have placed summaries of shortcomings in tables. (Table 4, 5 and 6) which are at the end of respective sections. These tables highlight the major shortcomings of the research work due to which results claimed in the work can be non-reliable.

 

6. There are small mistakes in the focus of the article. The focus of this paper is on the discussion of malware identification, but the research focus is on the application of machine learning and deep learning in this field, and you can consider modifying the title and abstract.

Thank you for your kind suggestion. As per your suggestion, we have modified the title to “A Survey of Recent Trends in Deep Learning Based Malware Detection” and abstract is also modified to reflect the focus of our manuscript.

 

Reviewer 2 Report

This paper presents a survey of research trend in malware detection and analysis. Indicators of Compromise (IOC) is usually used to detect malware that is potentially harmful to computer system. Earlier approaches use malware signatures, which maintains and updates a database containing malware signatures. However, this naive approach cannot detect zero-day attacks and are vulnerable to anti-analysis techniques. Later, researchers start to use classical machine learning methods, which again turns to fail for reasons such as feature engineering and incapable to handle a large amount of data. Recently, deep learning techniques are used in malware detection and this paper compares deep learning techniques with the other two techniques.

This study is interesting, which thoroughly compares several approaches. However, a few limitations should be addressed.

First, for instance, in Table 6, only research works before 2019 is studies. It is better the authors include research papers published in 2020, 2021, 2022, and potentially 2023.

Second, there are typos. For example, in Appendix B, "algori3999thms" -> "algorithms".

Author Response

We are quite obliged for your kind suggestions and encouraging comments. A methodical response to your suggestions is given below:

1. First, for instance, in Table 6, only research works before 2019 is studies. It is better the authors include research papers published in 2020, 2021, 2022, and potentially 2023.

As per your kind suggestion I have added recent literature survey as well which can be seen in introduction, Table 5 and Table 6 also. We have added the research papers published in 2021 and 2022 at various locations.

 

2. Second, there are typos. For example, in Appendix B, "algori3999thms" -> "algorithms".

To check the typos, we have used Grammarly.

 

Author Response File: Author Response.pdf