Next Article in Journal
A Blockchain-Based Method for Optimizing the Routing of High-Frequency Carbon-Trading Payment Channels
Next Article in Special Issue
Machine Learning-Based Intrusion Detection for Rare-Class Network Attacks
Previous Article in Journal
Phase-Shifted Energy Balance Control for Multilevel Inverters in Grid-Connected PV Systems
Previous Article in Special Issue
Securing a Smart Home with a Transformer-Based IoT Intrusion Detection System
 
 
Article
Peer-Review Record

Data Exfiltration Detection on Network Metadata with Autoencoders

Electronics 2023, 12(12), 2584; https://doi.org/10.3390/electronics12122584
by Daan Willems 1,*, Katharina Kohls 2, Bob van der Kamp 1 and Harald Vranken 2,3
Reviewer 1:
Reviewer 2:
Reviewer 3:
Reviewer 4: Anonymous
Electronics 2023, 12(12), 2584; https://doi.org/10.3390/electronics12122584
Submission received: 27 April 2023 / Revised: 25 May 2023 / Accepted: 2 June 2023 / Published: 8 June 2023
(This article belongs to the Special Issue Network Intrusion Detection Using Deep Learning)

Round 1

Reviewer 1 Report

The advantages of this publication are as follows:
1. The authors have developed, implemented, and evaluated the effectiveness of their own original product of intellectual labor. This product is a system of real-world data leakage detection. Real aggregated metadata of network sessions were considered as the data set.
2. The  performed monitoring system  showed that session metadata aggregation is an effective way to intercept traffic between two unique hosts. It was observed that aggregation significantly improves the detection of possible data leakage. Monitoring was performed over multiple sessions, based on DNS tunneling.
3. As elements of novelty, the use of autoencoders that are trained by unsupervised learning can be considered.
4. The work can be accepted for open printing after minor corrections.

Language is understandable, but some corrections and misprints should be checked

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 2 Report

This work esigned a Network Exfiltration Detection System (NEDS) to detect data exfiltration as occurring in ransomware attacks. Experimental results show that aggregation significantly increases detection performance of exfiltration that happens over longer time, most notably DNS tunnels. The paper appears to have certain results and can achieve good results. However, there are many issues that need further elaboration by the author.

1.The author uses the idea of aggregation to manipulate different inputs using the AE model, which can easily cause confusion for readers. Why not input these inputs simultaneously into the AE model or other networks?

2.The author only describes the experimental results of proposed method, and does not compare with the existing SOTA method, so it is difficult to reflect the progressiveness of the algorithm mentioned in the article.

3.What is the threshold checker? The author needs to elaborate in detail.

4.There are many excellent deep learning models available, why did you choose the AE model?

5.There are many formatting issues in the article that require further editing. For example, the first formula does not have a number.

There are many formatting issues in the article that require further editing. For example, the first formula does not have a number.

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 3 Report

Review for Manuscript ID 2395702

 

In this paper, they designed a Network Exfiltration Detection System (NEDS) to detect data exfiltration as occurring in ransomware attacks. However, I think that major revisions are required prior to publish this manuscript. To this end, the reviewer has the following comments:

 

 

1. The experimental conditions and system parameters are not given, and this is necessary for evaluating the effect of the method.

 

2. There is no equivalence comparison between experiment and practical application.

 

3. The application conditions of the approach are not given, and this is necessary for evaluating the effect of the method.  

 

4. The authors have not provided the references for most of the equations.

 

5. The quality of figures needs to be improved, and the size of font is very small.

 

6. There are no horizontal or vertical coordinates in the figure, such as Figure 6.

English needs to be revised and improved

Author Response

We improved the figures, but they are not marked specifically. All other changes are marked

Please see the attachment for the response.

Author Response File: Author Response.pdf

Reviewer 4 Report

I have following observations and recommendations.

1. Research contributions are not inline with research motivation and comparison with baseline works, please revise.

2. Detailed description of the dataset is missing.

3. Related work needs improvement, enrich it with the following:

    (i)      APMSA: Adversarial Perturbation Against Model Stealing Attacks. IEEE Transactions on Information Forensics and Security, 18. doi: 10.1109/TIFS.2023.3246766

(ii)        Dynamic event-triggered security control for networked control systems with cyber-attacks: A model predictive control approach. Information Sciences, 612, 384-398. doi: https://doi.org/10.1016/j.ins.2022.08.093

(iii) Improving Physical Layer Security of Uplink NOMA via Energy Harvesting Jammers. IEEE transactions on information forensics and security, 16, 786-799. doi: 10.1109/TIFS.2020.3023277

(iv) H∞ Consensus for Multiagent-Based Supply Chain Systems Under Switching Topology and Uncertain Demands. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 50(12), 4905-4918. doi: 10.1109/TSMC.2018.2884510

4. Authors are advised to perform detailed complexity analysis, i.e. time complexity, space complexity etc.

 

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 3 Report

All work is fine

Back to TopTop