Adaptive Volcano Support Vector Machine (AVSVM) for Efficient Malware Detection

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Summary: The authors proposed the Adaptive Volcano Support Vector Machine (AVSVM)—a novel classification model inspired by the dynamic behavior of volcanic eruptions—for the purpose of enhancing malware detection. The experiments were conducted on the UNSW-NB15 and KDD Cup 1999 datasets and shows results. The paper needs some major changes.

 

Major comments:

1. The introduction provides background, but could be more focused on the research gap. Explicitly identify what is missing in the current literature and how this paper addresses it.
2. The proposed method is lacking in Data sources, preprocessing steps, and justification of chosen methods.
3. Figures are not cited in the text (figures 2,3, etc).
4. The authors should add a table about Parameter settings, software/hardware environment (if simulations are used).
5. The authors compared AVSVM to Baseline Methods on both datasets, but there are no state-of-the-art method comparisons.
6. The quality of the flow chart can be improved for better visibility.
7. The language should be improved.

 

Comments on the Quality of English Language

The language should be improved.

Author Response

REVIEWER 1

Dear Reviewer,

Thank you for your thoughtful and constructive feedback on our manuscript. We sincerely appreciate the time and effort you dedicated to evaluating our work. Your comments have provided valuable insights that helped us significantly improve the clarity, completeness, and overall quality of the paper.

Sincerely,
Ahmed Essaa Abed Alowaidi
(On behalf of all authors)

1. “The introduction provides background, but could be more focused on the research gap. Explicitly identify what is missing in the current literature and how this paper addresses it.”
   Response:
   Thank you for this important suggestion. We have revised the latter portion of the Introduction section to more clearly articulate the existing research gaps in adaptive classification for malware detection. We now emphasize the lack of biologically inspired models that address dynamic decision boundary reshaping, margin instability, and class overlap—challenges that our proposed AVSVM directly addresses. These points are now explicitly stated and supported with citations to prior work.
2. “The proposed method is lacking in Data sources, preprocessing steps, and justification of chosen methods.”
   Response:
   We agree and have expanded Section 4.1 and 4.2 to include detailed descriptions of the data sources (KDD Cup 1999 and UNSW-NB15), including sample sizes, feature dimensions, class types, and attack categories. In Section 4.2, we have thoroughly described the preprocessing steps, including data cleaning, categorical encoding, normalization, standardization, and class balancing. Each step is justified in terms of its necessity for ensuring fair and stable training, especially in high-dimensional and imbalanced settings.
3. “Figures are not cited in the text (figures 2, 3, etc).”
   Response:
   We apologize for this oversight. We have reviewed the manuscript and ensured that all figures (Figures 2–10) are now explicitly cited and referenced in the main body of the text at appropriate locations to improve coherence and readability.
4. “The authors should add a table about Parameter settings, software/hardware environment (if simulations are used).”
   Response:
   We have now added Table 2 in Section 4 to describe the full simulation environment, including software libraries, hardware specifications, and baseline models used. Additionally, we included Table 4 to present the full hyperparameter ranges and final values selected for AVSVM and baseline methods, along with justification for each selection.
5. “The authors compared AVSVM to Baseline Methods on both datasets, but there are no state-of-the-art method comparisons.”
   Response:
   Thank you for raising this. In response, we have expanded the discussion in Section 5 and added Table 6, which compares AVSVM against several recent state-of-the-art models (e.g., PSO-Ensemble, GA-HDLAD, CNN-LSTM, AOA-DL, Federated IDS). We summarize their methodologies, key techniques, and limitations, highlighting how AVSVM addresses common issues like static architecture, poor generalization, and lack of margin adaptability.
6. “The quality of the flow chart can be improved for better visibility.”
   Response:
   We appreciate this suggestion. We have redrawn Figures 2 and 3 using a vector-based tool to ensure higher resolution and visual clarity. The revised versions now use consistent fonts, color schemes, and directional arrows for better readability and professional appearance.
7. “The language should be improved.”
   Response:
   We have conducted a comprehensive language revision of the entire manuscript to improve grammar, sentence structure, and clarity. Technical terms have been more precisely defined, passive voice has been reduced, and transitions between sections have been made smoother to enhance the overall academic tone.

 

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

This paper proposes a novel classifier called the Adaptive Volcano Support Vector Machine (AVSVM), which mimics the dynamic mechanisms of volcanic activity to overcome the limitations of conventional SVMs. AVSVM incorporates four biologically inspired mechanisms—pressure estimation, eruption-triggered kernel perturbation, lava flow operator, and a cooling schedule—to dynamically adjust the decision boundary. Experimental results show that AVSVM achieves superior accuracy and lower false positive rates compared to SVM, PSO-SVM, and CNN on the UNSW-NB15 and KDD Cup 1999 datasets, with statistically significant improvements. This study makes a significant contribution by introducing a biologically dynamic approach to the design of adaptive classifiers.

Line-by-Line Comments and Suggestions

(1) Line 245–254: “The proposed Adaptive Volcano SVM (AVSVM) enhances…”
→ The operational sequence and interdependence of components such as lava flow, eruption, and cooling are unclear. It would be helpful to add a more detailed explanation in Algorithm 1 regarding when and how each component is triggered.

(2) Line 289–299: In the definition of the lava flow operator, the paper lacks a description of how the gradient ∇𝑓(𝑥𝑖) is actually computed. There should also be a discussion on whether this gradient calculation is efficient, particularly for high-dimensional data.

(3) Line 365–381: Although hyperparameter tuning is said to be performed using grid search, there is no detailed explanation of how the complex combination of parameters (α, β, θ, λ, η) was practically tuned. Additionally, the computational cost and stability of the tuning process are not discussed.

(4) Line 589–603: The ablation study describes the impact of removing each component only with numerical values. Including visualizations (e.g., trends in F1-score) or generalizing the findings across different datasets would greatly enhance the persuasiveness of the results.

(5) Line 617–622: The paper mentions potential applicability of the proposed model in online learning or concept drift environments, but does not present any scenarios or preprocessing pipelines. Providing preliminary experiments or simulations would strengthen the connection to future research directions and increase the practical value of the work.

Author Response

REVIEWER 2

Dear Reviewer,

We sincerely thank you for your insightful and constructive comments on our manuscript. Your detailed line-by-line feedback has been extremely valuable in helping us refine both the technical clarity and practical depth of the work. We appreciate your recognition of the study’s contribution and have addressed each of your points carefully in the revised manuscript.

Best regards,
Ahmed Essaa Abed Alowaidi
(On behalf of all authors)

 

(1) Line 245–254: “The proposed Adaptive Volcano SVM (AVSVM) enhances…”
→ The operational sequence and interdependence of components such as lava flow, eruption, and cooling are unclear. It would be helpful to add a more detailed explanation in Algorithm 1 regarding when and how each component is triggered.

Response:
Thank you for this valuable observation. We have now revised Algorithm 1 to explicitly clarify the operational sequence and interdependencies among the components. In particular:

• Pressure monitoring is executed first in each iteration.
• If the pressure exceeds the eruption threshold, the eruption mechanism is triggered.
• Following any eruption, the lava flow operator refines the decision boundary.
• At the end of each iteration, the cooling schedule updates the eruption intensity.

These changes are reflected in both the algorithm block and in the explanatory paragraph below it (Lines 254–265) to ensure procedural transparency.

 

(2) Line 289–299: In the definition of the lava flow operator, the paper lacks a description of how the gradient ∇?(??) is actually computed. There should also be a discussion on whether this gradient calculation is efficient, particularly for high-dimensional data.

Response:
We agree with your observation. In response, we have expanded the explanation following Equation (18) to explicitly define how the gradient of the decision function ∇?(??) is derived, particularly for the RBF kernel. The new content explains that:

• The gradient is computed analytically and only for support vectors.
• For the RBF kernel, ∇?(??) involves simple operations (subtraction, scalar multiplication, exponential), which are computationally tractable.

We have also added a paragraph analyzing the computational complexity, showing that the per-iteration cost of lava flow adjustment is acceptable even in high-dimensional spaces.

 

(3) Line 365–381: Although hyperparameter tuning is said to be performed using grid search, there is no detailed explanation of how the complex combination of parameters (α, β, θ, λ, η) was practically tuned. Additionally, the computational cost and stability of the tuning process are not discussed.

Response:
Thank you for pointing this out. We have now added a detailed explanation in Section 4.3, describing our two-stage tuning approach:

1. A coarse grid search to narrow down promising parameter regions.
2. A refined grid search around the top configurations using 5-fold cross-validation.

Additionally, we now explicitly discuss the runtime and convergence behavior across folds. We clarify that although AVSVM introduces more hyperparameters, its computational overhead remains moderate due to lightweight operations and early convergence. These updates address both the parameter complexity and the runtime stability concerns.

 

(4) Line 589–603: The ablation study describes the impact of removing each component only with numerical values. Including visualizations (e.g., trends in F1-score) or generalizing the findings across different datasets would greatly enhance the persuasiveness of the results.

Response:
We appreciate this suggestion. We have now added Figure 10b, which visually plots the F1-score trends across ablation variants. This graphical view complements the numerical comparisons already present and makes the contribution of each AVSVM component clearer. In addition, we have added a sentence indicating that the ablation trends were consistent across both KDD and UNSW-NB15 datasets, with only minor deviations, further reinforcing generalizability.

 

(5) Line 617–622: The paper mentions potential applicability of the proposed model in online learning or concept drift environments, but does not present any scenarios or preprocessing pipelines. Providing preliminary experiments or simulations would strengthen the connection to future research directions and increase the practical value of the work.

Response:
Thank you for highlighting this gap. While a full online AVSVM implementation is beyond the current scope, we have added a paragraph in the Discussion and Future Work section that outlines a proposed preliminary pipeline for online deployment:

• Incremental support vector update mechanism.
• Streaming batch preprocessing using reservoir sampling.
• Real-time pressure monitoring triggers for margin reshaping.

We also added a remark that this will be explored in future iterations of the AVSVM framework with streaming malware datasets.

 

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

The authors significantly improved as per the comments. There are no further comments. The paper can be accepted in the present form.

Reviewer 2 Report

Comments and Suggestions for Authors

The authors have significantly improved the manuscript in response to the previous reviewer comments. The revised version provides clearer algorithmic details, enhanced mathematical explanations, and stronger experimental validation. Notably, the operational flow of the AVSVM algorithm is now explicitly described, the gradient computations are justified in terms of efficiency, and a meaningful ablation study with visualizations has been added.

The proposed AVSVM model introduces a biologically inspired, adaptive classification framework that is both original and highly relevant to the field of intelligent malware detection. The manuscript now meets the standards for scientific clarity, methodological soundness, and practical relevance.

I believe the paper is suitable for publication in its current form, and I recommend acceptance.