An Efficient Malware Detection Method Using a Hybrid ResNet-Transformer Network and IGOA-Based Wrapper Feature Selection
Round 1
Reviewer 1 Report
Comments and Suggestions for Authors- The paper proposes an efficient malware detection method using Hybrid ResNet Transformer Network and IGOA based Wrapper feature selection. However, the following comments should be addressed to further improve its quality.
- Please use uppercase when starting a new sentence (in the abstract). Examples are “…cybersecurity systems. in this…” …and is proposed. convolutional layers in ResNet50 model… “”
- In line 43, the statement “…widely used approaches are signature-based detection and known malware pattern detection” is confusing, as both refer to the same detection approach.
- Check the word “datas” line 81, “…within the datas of malware.’’
- The related works mentioned the classification of malware in Android, but there was no mention of Android in the introduction section.
- The reviewed papers are not critically analysed as the limitations of the papers are not clearly highlighted.
- The flowchart in Figure 1 is very confusing, as there are multiple start processes without the right flow (arrow direction).
- The ensemble learning convergence in Figure 5 should display the curve for both the training and validation data. Also, the convergence curve of the loss during training should be displayed.
- The values in the confusion matrix in Figure 6 are difficult to read as the texts are blurry.
- The ROC curve in Figure 7 should have the AUC values. Also, the different classes displayed in the curve are not explained in the text above the curve.
- Results of the evaluation metrics should be presented in a table.
- The discussion section should be more detailed.
- The authors claim that the proposed model reduces computational complexity, but there are no results to justify that.
- Also, the limitations of the model/study are not included.
- The future work is not included in the paper.
The quality of English must be improved.
Author Response
"Please see the attachment."
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsRegarding the experimental comparison and evaluation metrics, two critical issues need addressing:
1.Inadequate Comparison with State-of-the-Art Methods: The current comparison in Section 4.3.4 primarily focuses on generic models (e.g., Random Forest, Auto Encoder) but lacks engagement with the most relevant recent work in malware detection, particularly those utilizing hybrid CNN-Transformer architectures or advanced feature selection techniques. For example, omit comparisons with LGMal (which explicitly combines local and global features via CNN and GCN) or recent transformer-based models like C2ST. To strengthen the validity of your claims, you must include direct comparisons with these closely related methods, discussing why HRT-Net outperforms them in feature representation or detection accuracy.
2.Limited Evaluation Metrics: The results section overly emphasizes Accuracy (e.g., Table 2) while neglecting other critical metrics such as Precision, Recall, F1-score, and ROC-AUC, which are essential for comprehensively assessing model performance—especially in imbalanced datasets (common in malware classification). For instance, a high Accuracy could mask poor performance on minority classes. Expand the evaluation to include these metrics for all compared methods, and provide a detailed analysis of class-specific performance (e.g., via confusion matrices for each baseline model), as shown in your own confusion matrix (Figure 6).
Author Response
"Please see the attachment."
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsMost of the comments have been addressed. However, the computational complexity should have been practically measured in terms of the training/testing time and memory usage of the proposed model.
Author Response
"Please see the attachment."
Author Response File: Author Response.pdf