Next Article in Journal
Learning History Using Virtual and Augmented Reality
Previous Article in Journal
Design of CAN Bus Communication Interfaces for Forestry Machines
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Computers
Volume 10
Issue 11
10.3390/computers10110145
Review Report
computers-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

In-Depth Analysis of Ransom Note Files

Computers 2021, 10(11), 145; https://doi.org/10.3390/computers10110145
by Yassine Lemmou 1,*,†, Jean-Louis Lanet 2,† and El Mamoun Souidi 1,†
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Computers 2021, 10(11), 145; https://doi.org/10.3390/computers10110145
Submission received: 22 September 2021 / Revised: 29 October 2021 / Accepted: 29 October 2021 / Published: 8 November 2021

Round 1

Reviewer 1 Report

The Authors conduct a thorough study of ransom note files with a view to reliably discern them from benign notes and thereby detect the presence of ransomware in a computer system. If ransom notes are saved before a user's files are illegally encrypted (which is a useful observation of the Authors'), this may lead to prevention of the ensuing file encryption. Otherwise, the very possibility of ransomware detection that is shown to compare favorably to existing tools, and/or of damage restriction to a small subset of file directories is an advantage. The datasets and repertoire of ransomware used in the research are comprehensive and their analysis using LSA and ML is methodologically correct, producing useful insights and valuable material for future analyses by the same and other researchers. Therefore I consider the paper as worthy of publication.

I have only minor comments:

  1. The reader could use a more convincing and elaborate description of a detection/prevention scenario than that in Section 4.2.
  2. The LSA analysis based on the filename features and word content seems quite effective, but a little discussion would be in order as to if/how the proposed approach is resilient to potentially more ingenious ransomware attacks, e.g., using extended paraphrasing or new communication channels with the victim, that may be invented in response to the announced detection technique – in other words, are we fighting past or future wars?
  3. The paper is generally well-written, but grammar mistakes are quite numerous and should be attended to.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report


This is an interesting work about ransomware detection proposed by the authors. However, the text needs improvements on the use of the English language and expressions used. I would recommend proof-reading from a native English-speaking person. Except from the use of the language, there are some expressions or sentences that I think they do not add any significance to the content. For example, lines 70-71: "This behavior can be useful for ShieldFS ransomware detector [5].", line 110: "Most of these ransomware are alive until the date of writing this paper."

- Abstract: Abstract should be expanded so that the interested reader understands the innovation of the proposed work. For example, the authors can provide brief details about "some approaches" they propose in the manuscript.

- Introduction: This section should be improved. The authors have a paragraph to introduce their motivation and the problem they address, and the rest of the section is referred to relevant work and background knowledge about ransom note files. I would recommend related work and background to be separate sections, while the introduction should introduce the manuscript by presenting the problem, highlighting the proposed solution and innovation, and finally outlining the rest of the paper. In the submitted version, the authors outline the rest of the paper in section 1.2, which is about ransom files, which is not appropriate.

- Related works section, although it outlines the main research directions, I would suggest enriching the related work with more recent work of emerging deep learning techniques in ransomware detection. Some work that should be included is: https://doi.org/10.1016/j.jisa.2020.102646, https://doi.org/10.1109/ACCESS.2020.3003785, https://doi.org/10.1109/ACIT49673.2020.9208974.

- Section 1.2: I noticed that the footnotes references do not actually work, e.g. at line 147.

- Line 234: "We used the Python API of Ransomware Tracker" it would be nice if a URL link with the documentation of this library is given.

- Line 629: Authors state that "We found that 3 and 6 are two optimal values for k.". It would be nice if the authors clarify more about how they managed to find the optimum values of the parameter k.

- Conclusions: I would suggest that no references to paper sections being part of the conclusions section. Also, more formal expressions are expected, e.g. "Actually". I also do not understand the meaning and rationale of the last sentence "we started increasing the effectiveness of DaD ransomware detection tool by checking the ransom files".

- Appendix: I would suggest that the appendix should be more structured. For example, the authors can put subsections or text describing the tables.

- References: There are some references that some information is missing e.g. the journal they have been published. These are [16], [17], [23]

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

After reading the Authors' response I conclude that most of my previous comments have been satisfactorily addressed and therefore I consider the paper fit for publication.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The authors have improved the manuscript according to the comments provided. However, I still think that the use of English language should be improved, either by the authors by proofreading the paper or by a native English speaker.

There are some expressions that need attention:

Abstract: Why "During the last four years" and not "During the last years"? Is there any specific reason for that?

Titles of sections: I would recommend "Related Works" to be changed to "Related Work", and also "Identify the Ransom Note Files" to "Identification of Ransom Note Files"

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Back to TopTop