SAGMAD—A Signature Agnostic Malware Detection System Based on Binary Visualisation and Fuzzy Sets

Round 1

Reviewer 1 Report

The authors propose a fast binary visualisation method that uses Fuzzy Set theory and the H-indexing space filling curve to assign different colour tones on a byte, allowing it to be influenced by neighbouring byte values while preserving optimal locality indexing.

The idea is interesting and well presented, however, I suggest two alternative ways of improving the paper:

a) transform it into a letter, in compliance with the actual lack of terms of comparison and definitive results

b) add comparisons to other techniques and discuss flaws and merit of the suggested approach.

Author Response

We thank the reviewer for the valuable comments. Attached please find our response and corrections.

Author Response File: Author Response.pdf

Reviewer 2 Report

The paper proposes a new method for visualization of malware data based on the Fuzzy Set theory and the H-indexing space filling curve. The method is used for malware recognition in computers and networks. The results of the experiments on the malware dataset are presented.

Comments:

1. Abstract: Mention the dataset used for experimental validation and summarize the main numerical results from the experiments.
2. The introduction is rather shallow and not supported by references (there is not a single reference in the entire section). The motivation for suggesting a new method should be stated and the novelty formulated.
3. The overview of the related works on malware recognition is rather short and is based on some very outdated works. You should discuss the most recent papers in this quite rapidly evolving research field. I suggest to include more recent works (no older than 2-3 years from now), such as, for example, “Image‐based malware classification using vgg19 network and spatial convolutional attention”; “An efficient densenet‐based deep learning model for malware detection”; “Hybrid malware classification method using segmentation-based fractal texture analysis and deep convolution neural network features”; and other recently published works. Presenting a summarizing table of works discussed would increase the value of such an overview. The limitations of previous works should be discussed and used as a motivation for your study.
4. Figure 1 is very informal. Use a more formal diagram to represent the workflow of your methodology.
5. Section 3.3: the description of fuzzy set theory could be shortened by providing the references to the relevant literature. Instead, focus on your own novelty and contribution.
6. Figure 3 is confusing. What is the meaning of the 3D plot on the right side of the figure. The description of the figure should be improved.
7. Explain in more detail how data preprocessing is performed. Specifically, how do you deal with categorical data in the datasets?
8. How did you select the hyper-parameter values (such as batch size, learning rate, etc) for the training of your deep learning models? An ablation study may be required to support.
9. How do you avoid/prevent overfitting during the training of neural network models? More details about training should be provided.
10. Present and discuss the confusion matrices.
11. Compare your results with the results of other authors achieved on the same dataset. Present as a table.
12. Discuss the limitations of the proposed methodology.

 

Author Response

We thank the reviewer for the valuable comments. Attached please find our response and corrections.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

-

Reviewer 2 Report

The manuscript has been well revised. I have no further comments.