Next Article in Journal
Quantum Phonon Transport in Nanomaterials: Combining Atomistic with Non-Equilibrium Green’s Function Techniques
Next Article in Special Issue
Secure Service Composition with Quantitative Information Flow Evaluation in Mobile Computing Environments
Previous Article in Journal
Altered Causal Coupling Pathways within the Central-Autonomic-Network in Patients Suffering from Schizophrenia
Previous Article in Special Issue
The Secret Key Capacity of a Class of Noisy Channels with Correlated Sources
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Entropy
Volume 21
Issue 8
10.3390/e21080734
Review Report
entropy-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Anomalies Detection and Proactive Defence of Routers Based on Multiple Information Learning

Entropy 2019, 21(8), 734; https://doi.org/10.3390/e21080734
by Teng Li 1,*, Jianfeng Ma 1, Yulong Shen 2 and Qingqi Pei 3
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Entropy 2019, 21(8), 734; https://doi.org/10.3390/e21080734
Submission received: 31 May 2019 / Revised: 29 June 2019 / Accepted: 22 July 2019 / Published: 26 July 2019
(This article belongs to the Special Issue Information-Theoretic Security II)

Round 1

Reviewer 1 Report

Summary. The manuscript presents a model to detect anomalies detection in a network environment. The idea is to utilize multiple sources of data and more specifically log files to train a detection model and thus be able to detect future attacks before their occurrences.

 

Evaluation. The idea presented in this paper (i.e., learning from multiple sources) is not novel. The exact machine learning algorithms used in this paper is not clear either. It seems the idea discussed in this paper is not exactly a machine learning approach. Rather it is a data mining approach based on cluster analysis and more specifically based on DBSCAN algorithm. In simple words, it seems the entire idea is to capture log files from various sources, cluster them and then use the clustering to predict the future events in terms of being malicious attacks or benign. Along this line, there is not much novelty presented in this paper and it is just reporting the experiments conducted in this paper.

 

There are several other concerns, as follows:

1)   it is not clear whether the training datasets are labeled or not.

2)   It is not clear how different types of attacks are generated by admin.

3)   It is not clear how “balanced” datasets (equal number of attacks and normal datasets) are generated.  

4)   The use of “control flow graph and analysis” is inappropriate in this context. Control flow is for the control of execution of a given program. However, in here the use of log data looks more like “data flow analysis” than execution. Therefore, it seems data flow analysis should be used.

5)   The creation and use of Table 3 is not clear.

6)   Table 4 has 5 columns, the description has 7 columns.

7)   How Table 4 and 5 have been produced?

8)   In formula 2, what are those I_{i}s?

9)   Figure 6 needs explanation.

10)                  Section 4.4, formulas 5 – 6 are not used.,


Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The english of the paper is often very hard to read and to understand, in a couple of points you seems to write the opposite of what you mean.


Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

The new version is much more clear and easy to understand. 

Congratulations for the hard work.

Comments for author File: Comments.pdf

Back to TopTop