Next Article in Journal
Research on the Quantitative Assessment Method of HVDC Transmission Line Failure Risk during Wildfire Disaster
Next Article in Special Issue
Enhancing Cyber-Threat Intelligence in the Arab World: Leveraging IoC and MISP Integration
Previous Article in Journal
Detection of Dangerous Human Behavior by Using Optical Flow and Hybrid Deep Learning
Previous Article in Special Issue
Advanced Algorithmic Approaches for Scam Profile Detection on Instagram
 
 
Article
Peer-Review Record

To (US)Be or Not to (US)Be: Discovering Malicious USB Peripherals through Neural Network-Driven Power Analysis

Electronics 2024, 13(11), 2117; https://doi.org/10.3390/electronics13112117
by Koffi Anderson Koffi 1, Christos Smiliotopoulos 2, Constantinos Kolias 1,* and Georgios Kambourakis 2
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3:
Reviewer 4: Anonymous
Electronics 2024, 13(11), 2117; https://doi.org/10.3390/electronics13112117
Submission received: 8 April 2024 / Revised: 10 May 2024 / Accepted: 15 May 2024 / Published: 29 May 2024
(This article belongs to the Special Issue Cyber Attacks: Threats and Security Solutions)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Minor Concerns:

Some references lack sufficient details, particularly [2], [15] through [22].

 

Major Concerns:

1. It appears that the experiment primarily involved traditional USB devices like keyboards and mice, indicating compatibility primarily with desktop computers. Given the declining prevalence of desktops globally, how does this affect the framework's applicability?

2. Considering the possibility of the host's USB devices being compromised with malware, would the proposed solution remain effective?

3. In the context of Windows-based environments, Microsoft's Active Directory seems crucial for USB authentication. I recommend citing the recent work* in this regard, which discusses this aspect through an offline assessment.

 

 Suggestion:

It would be beneficial to include a section titled "Limitations of the Study" to address the above concerns comprehensively and outline avenues for future research.

 

*Ebad, S.A. Lessons learned from offline assessment of security-critical systems: the case of Microsoft's Active Directory. International Journal of Systems Assurance Engineering and Management, 13, 535–545 (2022).

Author Response

All answers are included in the attached file. 

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

This paper proposes a deep-learning based framework for USB defense. Autoencoder, CNN&LSTM, and attention mechanism are used. The research topic of USB defence is interesting and significant. The overall quality of this paper is good. However, the methodology is not clearly presented and some choice of the deep learning models are not justified. Below are detailed comments:

 

Major:

(1) The choice of each deep learning components are not justified. Why autoencoder, CNN&LSTM, and attention mechanism are used? The author only give an general introduction of those components (e.g., comparing LSTM with RNN). The author should center around the problem of USB defense on those component selection. 

(2) Seems that the data is only temporal. Why CNN is used?

(3) The methodology is not clearly presented. For example, what's the detail of attention  mechanism? Only text is presented in current manuscript.

(4) How is the label obtained?

(5) In results, apart from quantitative comparison, more visualization should be presented. For example, what's the visual difference between the normal and abnormal signals.

(6) Figure 5 is unclear. What does it mean by "Core architecture using in the Autoencoder and DL model"?

 

Minor 

Typo: Figure 4 caption "feature features ".

Comments on the Quality of English Language

The paper is readable. There are some typos that needed to be fixed.

Author Response

All answers are included in the attached file. 

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The reviewer's comments are attached on the file. 

Please, check the attached file.

Comments for author File: Comments.pdf

Comments on the Quality of English Language

English editing is acceptable.

Author Response

All answers are included in the attached file. 

Author Response File: Author Response.pdf

Reviewer 4 Report

Comments and Suggestions for Authors

The article presents an interesting novel work proposing a USB authentication system designed to identify and possibly block heterogeneous USB-based attacks directly from the physical layer. The solution relies on analyzing USB power consumption patterns and achieving a perfect F1-Score.

 

One thing that can enhance the scientific soundness of this paper further is adding a comparative analysis section, which identifies gaps in the current literature that the paper addresses. Authors can compare methodologies and demonstrate the robustness of the research in comparison to existing solutions, to highlight credibility.

Author Response

All answers are included in the attached file. 

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

All of my comments have been addressed.

Reviewer 3 Report

Comments and Suggestions for Authors

Overall contents is okay for publication but it might have formatting issues. Please, make sure to proofread and resolve formatting issues (including re-arranging figures and tables) before publications.

Comments on the Quality of English Language

See the above comments.

Back to TopTop