Reviews and Comments on Paper 674
Paper information
| Paper #674: Román Posadas, Carlos Mex-Perera, Raúl Monroy and Juan Arturo Nolazco Flores. A New Hybrid Grammar-Based Session Folding/HMM method for Detecting Masqueraders |
| Abstract: This paper focuses on the study of a new method for detecting masqueraders in computer systems. The main feature of such masqueraders is that they have knowledge about the behavior profile of legitimate users. The dataset provided by Schonlau et al [4] (SEA) has been modified for including synthetic sessions created by masqueraders using the behavior profile of the users intented to impersonate. It is proposed an hybrid method for detection of masqueraders based on the compression of the users sessions and Hidden Markov Models. The performance of the proposed method is evaluated using ROC curves and compared against other known methods. As is shown in results of the experiments, the proposed detection mechanism is the best of the methods here considered. (file) |
Summary of received reviews and comments
Reviews superseded by other reviews are shown in the grey color in the table.
| confidence | score | ||||
| Review 1 | 2 | 2 | |||
| Review 2 | 2 | 3 | |||
| Review 3 | 1 | 2 | |||
Reviews and Comments
Review 1
| PC member: | |
| Overall rating: | 2 (accept: I will argue for this paper) |
| Confidence: | 2 |
| Relevance: Is this paper relevant for this conference? | 2 (accept (I will argue for this paper)) |
| Soundness: Is this paper technically sound and complete? | 2 (accept (I will argue for this paper)) |
| Are the claims sufficiently supported by experimental/theoretical results? | 2 (accept (I will argue for this paper)) |
| Significance: Are the results/ideas interesting for other AI researchers? | 2 (accept (I will argue for this paper)) |
| Originality: Are the results or ideas novel and previously unknown? | 1 (weak accept (vote accept but don't mind rejecting)) |
| Readability: Is the paper well-organized and easy to understand? | 2 (accept (I will argue for this paper)) |
| Language: Is the paper written in correct English and style? | 2 (accept (I will argue for this paper)) |
| Format: Is the paper correctly and consistently formatted? | 2 (accept (I will argue for this paper)) |
| Review: | CONTRIBUTION OF THE PAPER: THe paper brings a novel grammar-based detection approach for detecting MAsqueraders. It represents quite an interesting contribtuion in the field of computer security. POSITIVE ASPECTS: A good idea verified on an interesting (benchmark) set of data with a fair evaluation of the results. NEGATIVE ASPECTS: The nature of the used data should be explained in more detail. CHANGES TO IMPROVE THE PAPER: Explain the nature of the data. FURTHER COMMENTS: ITEMS BELOW ARE JUSTIFICATION OF THE SCORES IF NEGATIVE: (1) IS THIS PAPER RELEVANT FOR THIS CONFERENCE? (2) IS THIS PAPER TECHNICALLY SOUND AND COMPLETE? (3) ARE THE CLAIMS SUFFICIENTLY SUPPORTED BY EXPERIMENTAL OR THEORETICAL RESULTS? (4) ARE THE RESULTS/IDEAS INTERESTING FOR OTHER AI RESEARCHERS? (5) ARE THE RESULTS OR IDEAS NOVEL AND PREVIOUSLY UNKNOWN? (6) IS THE PAPER WELL-ORGANIZED AND EASY TO UNDERSTAND? (7) IS THE PAPER WRITTEN IN CORRECT ENGLISH AND STYLE? (8) IS THE PAPER CORRECTLY AND CONSISTENTLY FORMATTED? |
| PC only: | |
| Time: | Jul 14, 12:34 |
Review 2
| PC member: | |
| Reviewer: | |
| Overall rating: | 3 (strong accept) |
| Confidence: | 2 |
| Relevance: Is this paper relevant for this conference? | 3 (strong accept) |
| Soundness: Is this paper technically sound and complete? | 2 (accept (I will argue for this paper)) |
| Are the claims sufficiently supported by experimental/theoretical results? | 3 (strong accept) |
| Significance: Are the results/ideas interesting for other AI researchers? | 3 (strong accept) |
| Originality: Are the results or ideas novel and previously unknown? | 2 (accept (I will argue for this paper)) |
| Readability: Is the paper well-organized and easy to understand? | 2 (accept (I will argue for this paper)) |
| Language: Is the paper written in correct English and style? | 3 (strong accept) |
| Format: Is the paper correctly and consistently formatted? | 3 (strong accept) |
| Review: | CONTRIBUTION OF THE PAPER:A new grammar-based method for detecting intruders in computer systems is suggested POSITIVE ASPECTS:The problem of detecting intruders is vital and interesting today. NEGATIVE ASPECTS: The wording HMM in the title is somewhat confusing and misleading (though it is explained in the body of the paper). CHANGES TO IMPROVE THE PAPER: To change/edit the title FURTHER COMMENTS: None ITEMS BELOW ARE JUSTIFICATION OF THE SCORES IF NEGATIVE: (1) IS THIS PAPER RELEVANT FOR THIS CONFERENCE? (2) IS THIS PAPER TECHNICALLY SOUND AND COMPLETE? (3) ARE THE CLAIMS SUFFICIENTLY SUPPORTED BY EXPERIMENTAL OR THEORETICAL RESULTS? (4) ARE THE RESULTS/IDEAS INTERESTING FOR OTHER AI RESEARCHERS? (5) ARE THE RESULTS OR IDEAS NOVEL AND PREVIOUSLY UNKNOWN? (6) IS THE PAPER WELL-ORGANIZED AND EASY TO UNDERSTAND? (7) IS THE PAPER WRITTEN IN CORRECT ENGLISH AND STYLE? (8) IS THE PAPER CORRECTLY AND CONSISTENTLY FORMATTED? |
| PC only: | The authors are not hidden in the elctronic submission. |
| Time: | Jul 15, 19:45 |
Review 3
| PC member: | |
| Reviewer: | |
| Overall rating: | 2 (accept: I will argue for this paper) |
| Confidence: | 1 |
| Relevance: Is this paper relevant for this conference? | 2 (accept (I will argue for this paper)) |
| Soundness: Is this paper technically sound and complete? | 2 (accept (I will argue for this paper)) |
| Are the claims sufficiently supported by experimental/theoretical results? | 1 (weak accept (vote accept but don't mind rejecting)) |
| Significance: Are the results/ideas interesting for other AI researchers? | 2 (accept (I will argue for this paper)) |
| Originality: Are the results or ideas novel and previously unknown? | 2 (accept (I will argue for this paper)) |
| Readability: Is the paper well-organized and easy to understand? | 2 (accept (I will argue for this paper)) |
| Language: Is the paper written in correct English and style? | 1 (weak accept (vote accept but don't mind rejecting)) |
| Format: Is the paper correctly and consistently formatted? | 1 (weak accept (vote accept but don't mind rejecting)) |
| Review: | CONTRIBUTION OF THE PAPER: The authors present the performance of an hybrid method that detects command-frequency based masquerade sessions in UNIX-like systems POSITIVE ASPECTS: They claim their system outperforms the best global profiles methods in SEA datasets and local profiles NEGATIVE ASPECTS: The authors omit a related work section and comparison with specific related systems CHANGES TO IMPROVE THE PAPER: FURTHER COMMENTS: ITEMS BELOW ARE JUSTIFICATION OF THE SCORES IF NEGATIVE: (1) IS THIS PAPER RELEVANT FOR THIS CONFERENCE? Yes (2) IS THIS PAPER TECHNICALLY SOUND AND COMPLETE? Yes (3) ARE THE CLAIMS SUFFICIENTLY SUPPORTED BY EXPERIMENTAL OR THEORETICAL RESULTS? Yes (4) ARE THE RESULTS/IDEAS INTERESTING FOR OTHER AI RESEARCHERS? Yes (5) ARE THE RESULTS OR IDEAS NOVEL AND PREVIOUSLY UNKNOWN? Some (6) IS THE PAPER WELL-ORGANIZED AND EASY TO UNDERSTAND? Lacks a related work section and comparisons (7) IS THE PAPER WRITTEN IN CORRECT ENGLISH AND STYLE? Yes (8) IS THE PAPER CORRECTLY AND CONSISTENTLY FORMATTED? Yes |
| PC only: | I know the autors who work for my own university, but I don't have conflict of interests |
| Time: | Jul 18, 03:07 |