All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Reviewers are satisfied with the revisions and I concur to accept this manuscript.
[# PeerJ Staff Note - this decision was reviewed and approved by Vicente Alarcon-Aquino, a PeerJ Section Editor covering this Section #]
None.
None.
None.
None.
The authors have addressed some of the concerns. However, one reviewer still has major concerns that concerns have not been fully addressed. The authors should address all the concerns (especially those from this reviewer) and make a point-to-point response to all concerns with revised parts being marked in different color.
**PeerJ Staff Note:** Please ensure that all review, editorial, and staff comments from the previous revision are addressed in a response letter and any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
None.
Most of the concerns in this part haven't been addressed well.
None.
None.
I appreciate authors’ efforts in conducting response to deal with my questions. The authors have basically addressed the points raised by this Reviewer in the revised version.
Recommendation: After formatted, considered for Acceptation.
no comment
no comment
The reviewers have substantial concerns about this manuscript. The authors should provide point-to-point responses to address all the concerns and provide a revised manuscript with the revised parts marked via Tracked Changes
1 The review of related work is not sufficiently thorough and not sufficiently specific. The authors should cite the latest references and distinguish their works from others.
1 There are quite a few oversampling techniques, why did the authors only adopt SMOTE?
2 Since the data size is not big, why did the authors use the simple train-test split rather than other techniques such as cross-validation?
3 The authors should compare their methods to other published methods.
4 Statistical testing is missing.
5 How did the authors pick the optimized hyperparameter setting? Is there any comparison analysis?
6 There is lacking novelty in this paper. The authors should further improve it.
'no comment'
1 I suggest that the Discussion section should be improved to better reflect the quality of the work.
This paper provides a clear overview of the research topic and the proposed method. However, it would be helpful to include more specific details about the challenges of imbalanced datasets in intrusion detection systems. The use of SMOTE (Synthetic Minority Oversampling Technique) to generate synthetic tabular data for balancing imbalanced datasets is a relevant and well-established approach. However, it would be beneficial to provide a brief explanation of how SMOTE works and its advantages in this context.
The mention of using three boosting-based machine learning algorithms (LightGBM, XGBoost, and CatBoost) adds credibility to the study. However, it would be helpful to provide some rationale for choosing these specific algorithms and explain why they are suitable for this task.
The results indicating that using SMOTE improves the content accuracy of the LightGBM and XGBoost algorithms, as well as better predicting computational processes, are valuable findings. However, it would be beneficial to provide more specific details about the performance metrics used and how the improvement was measured.
The comparison of the proposed method with previous studies attempting to solve the imbalanced IDS dataset problem is important for demonstrating the effectiveness of the approach. However, it would be helpful to provide references to these previous studies and briefly discuss the differences in their methodologies.
The description of the proposed method in the "Proposed Method" section is clear and provides a step-by-step explanation of the workflow. Including a flowchart (Figure 1) enhances the understanding of the methodology.
The conclusions highlight the benefits of using SMOTE in improving the capabilities of tree-boosting methods and better predicting computational processes. However, it would be helpful to provide more insights into the specific challenges faced in each IDS dataset and discuss potential future directions for improvement.
Overall, the paper presents a novel method (STB) for dealing with imbalanced datasets in intrusion detection systems and provides valuable insights into the effectiveness of using SMOTE and boosting-based algorithms. However, some additional clarification and elaboration in certain sections would enhance the quality and impact of the paper.
no comment
no comment
Chinese characters should not appear in the paper. Typography and formatting need improvement.
The result display is too simple. In the experimental part, the form is used throughout.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.