All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Congratulations! on the acceptance of your work. Check your manuscript carefully for typos before publication.
[# PeerJ Staff Note - this decision was reviewed and approved by Sedat Akleylek, a PeerJ Section Editor covering this Section #]
The authors improved the article, and just a point that is to reduce the use of "we" and "our".
'no comment'
'no comment'
Authors are advised to address the comments carefully recommended by the reviewers and resubmit the paper.
[# PeerJ Staff Note: Please ensure that all review comments are addressed in a rebuttal letter and any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate. It is a common mistake to address reviewer questions in the rebuttal letter but not in the revised manuscript. If a reviewer raised a question then your readers will probably have the same question so you should ensure that the manuscript can stand alone without the rebuttal letter. Directions on how to prepare a rebuttal letter can be found at: https://peerj.com/benefits/academic-rebuttal-letters/ #]
Basic Reporting
The aim of the article is to “developing new methods to detect malware”. The authors started the introduction by providing some classification of malware. At this point (line#36-39) it is recommended to provide a clear introduction to the reader what is your research scope and why it is considered as trend research. Avoid writ “other classes” as stated in (line#37) or “other related areas (line#39), it is recommended to specify the most related areas instead of generalized the research.
The citations must be mentioned at some sections, example (line#40-46) doesn’t mentioned any citations. At (line#47), what does it means “de facto”?. At (line#49) double check the reference and ensure it meets with the sentence that is written here. At (line#55), mentioned that the aim is to “propose a malware detection system”, while at the first paragraph mention “developing new method to detect malware”. I think the authors has to be more specific weather the aims is to propose an comprehensive system to detect the malware” or “to propose a method/sub-system to be used within a system that is already in use now days”.
The main objectives as listed (line#58-63), required to be fit with the final expected outcome from this research, while the points are the steps to perform the research.
The structure of the research is good to be illustrated as shown at (line#64-69), but it is recommended to avoid writing the quotation mark at the section name.
Related Work
It is better to name this part as “Literature Reviews”. The authors illustrate some relevant studies that are conducted on the scope of detecting malware in windows environment, but what is the research gap that was not yet covered by previous research? Also, what is the overall conclusion from the part (Related Work)? In general, the literature review must be improved.
Conclusion
Improve this part by including status of achiving the research objectives, the main research gap, and the future researches.
Method
Recommended to rename this part to be “Research Method”. At (line#123-124), required a references that support the approach.
No comment
The topic is interesting to be published with the results. It is required major english proofreading and more supporting updated literatures to enhanced the contents and the used approach.
The manuscript is well organized and structured. Good to read with no flaws in English or the way the research carried-out is presented.
Abstract is self-contained, perfect.
In the Introduction section, suggest to include (before line # 64) 'the research contributions made by the authors.' Must revise.
The Section, Related Work needs revision as follows:
1) Related work referred and cited should be recent, preferably less than 3 years. For e.g., Reference # 6, 12, 20, and 22 needs to be refreshed. Reference #22 is too old and it occurs to me as obsolete.
2) Related work should contribute rather than summarizing or listing who did what. For e.g., line #74 and 75 states, "The authors [22] classified malware by extracting least correlated features from portable executables. Likewise it goes the same for the entire section. The last two sentences of this Related Work section states (line# 119 - 121), "The study [27] focuses on malware type detection or classification of malware family instead of binary classification. The work [19] applies gradient boosting decision trees to detect malware in windows environment." and it ends there.
Related work should be organized by methods, or approaches, or idea, or theory etc. Should compare, contrast, that includes evaluating their pros and cons, then synthesize related work and the authors should make their own observation and their findings. All these are missing and must be included.
Observed no major concerns. Looks good.
In the section 'comparison with previous work'. Table 9 shows that the proposed work accuracy is 99.5% using Random Forest classifier. The existing works accuracy ranges from 98.3% to 98.7%. The improvisation in terms of accuracy of the proposed work when compared with the closest existing method is 0.8%. What "impact" this small percentage of improvisation the proposed method makes as an outcome of malware detection system? Is it worth while? Please include this discussion in the same section.
There are no additional comments except for the observations made above in this report that needs to be considered by the authors as revision.
Otherwise, the manuscript is good. The above revision suggested if considered would assist to strengthen the quality of this manuscript that the authors could be proud of when it gets published.
The paper titled "Windows malware detection based on static analysis with multiple features", is a novel writing as so far there are articles on windows malware detection but using multiple features set and creating novel data set for experiments has never seen before. The paper is clearly written in a good style and includes figures and tables wherever necessary.
The purpose of the paper has been very well stated in the abstract but needs clarification on the following:
Why this particular Portable Executable (PE) malware is chosen for this work?
The objectives mentioned in the paper are very appropriate and the discussion to prove that the objectives have been clearly attained is satisfactory.
In the discussion section, the research's strengths, limitations, and generality are adequately discussed compared to the other researcher's work discussed in the introduction and literature review sections. The authors have clearly acknowledged and identified the contributions of their research against previous researchers' work.
The authors adequately evaluated their work, and all claims are clearly articulated and supported by empirical experiments.
However, addressing the above comments would improve the quality of the paper. The overall work is good, novel and timely.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.