---
tags: 研究, 議事録
robots: noindex, nofollow
---
APNOMS 2020 査読者コメント
===
## APNOMS 2020 review type1 1
### 1: Originality and Contribution:: How contributory is the approach/topic presented in the paper?
Very Good - Significant contribution (4)
### 2: Relevance to Conference/Scope:: How relevant is the topic of this paper to APNOMS?
High (4)
### 3: Technical Content:: Is the paper technically sound and correct?
Very Good (4)
### 4: Paper Organization and Presentation:: What is the quality of organization and presentation of the paper?
Good (4)
### 5: Reference to related work:: Are References to related work adequate?
Good (4)
### 6: Overall Recommendation:: What is your overall recommendation for the paper?
Strong Accept - I have strong arguments in favour of acceptance (4)
### 7: Confidence in your review:: How comfortable are you in the review decision?
High (3)
### 8: Poster presentation acceptance:: If this paper happens to be rejected as a full paper, please inform your opinion on accepting it for a poster presentation and short paper (4 pages) publication.
Strong Accept - I have strong arguments in favor of accepting this work as a poster (4)
### 9: Summary of the paper:: Please give a short summary of the paper.
This paper proposes a simple port scan detection method based on the characteristics of Packet-In messages in an OpenFlow network. Experimental environment is built for performance evaluation in terms of CPU utilization, delay, the number of packets sent and received per second in the controller. Experimental results show that the proposed port scan detection method outperforms the traditional polling method.
### 10: Major strengths:: What are the major strengths of this paper?
This paper is well organized and presented.
The proposed port scan detection method is simple and efficient, as comparing to the legacy polling method.
Experimental environment is well explained in order to validate corresponding results.
### 11: Major weakness:: What are the major weakness of this paper?
The proposed port scan detection method applies the KNN method to detect the abnormality of flow rate. Applying KNN is an feasible solution but the most efficient one. How to determine the threshold of abnormality? Moreover, authors should consider and compare different abnormality detection methods.
The experimental network environment is setup on miniNet. Port Scan Tool should use common tools (such as Nmap, netcat, etc.) in order to validate the proposed method.
### 12: Additional comments for the authors to improve the paper:: Please input additional detailed comments below.
Please refer to the comments in 'Major strengths' and 'Major weakness'.
## APNOMS 2020 review type1 2
### 1: Originality and Contribution:: How contributory is the approach/topic presented in the paper?
Average - Small but clear contribution (3)
### 2: Relevance to Conference/Scope:: How relevant is the topic of this paper to APNOMS?
High (4)
### 3: Technical Content:: Is the paper technically sound and correct?
Average (3)
### 4: Paper Organization and Presentation:: What is the quality of organization and presentation of the paper?
Good (4)
### 5: Reference to related work:: Are References to related work adequate?
Average (3)
### 6: Overall Recommendation:: What is your overall recommendation for the paper?
Weak Accept - I will not fight strongly in favour of acceptance (3)
### 7: Confidence in your review:: How comfortable are you in the review decision?
High (3)
### 8: Poster presentation acceptance:: If this paper happens to be rejected as a full paper, please inform your opinion on accepting it for a poster presentation and short paper (4 pages) publication.
Strong Accept - I have strong arguments in favor of accepting this work as a poster (4)
### 9: Summary of the paper:: Please give a short summary of the paper.
This paper proposed an architecture for detecting a port scanning in SND networks. This paper detects port scaning attacks based on the characteristics of Packet-In messages in an OF network.
### 10: Major strengths:: What are the major strengths of this paper?
Good composition and legibility of the paper.
### 11: Major weakness:: What are the major weakness of this paper?
The description of the detection algorithm is insufficient.
### 12: Additional comments for the authors to improve the paper:: Please input additional detailed comments below.
In order to improve the research quality, condisering recent AI-based algorithms are needed.
## APNOMS 2020 review type1 3
### 1: Originality and Contribution:: How contributory is the approach/topic presented in the paper?
Average - Small but clear contribution (3)
### 2: Relevance to Conference/Scope:: How relevant is the topic of this paper to APNOMS?
High (4)
### 3: Technical Content:: Is the paper technically sound and correct?
Very Good (4)
### 4: Paper Organization and Presentation:: What is the quality of organization and presentation of the paper?
Good (4)
### 5: Reference to related work:: Are References to related work adequate?
Average (3)
### 6: Overall Recommendation:: What is your overall recommendation for the paper?
Weak Accept - I will not fight strongly in favour of acceptance (3)
### 7: Confidence in your review:: How comfortable are you in the review decision?
Medium (2)
### 8: Poster presentation acceptance:: If this paper happens to be rejected as a full paper, please inform your opinion on accepting it for a poster presentation and short paper (4 pages) publication.
Strong Accept - I have strong arguments in favor of accepting this work as a poster (4)
### 9: Summary of the paper:: Please give a short summary of the paper.
This paper proposes port scan detection method based on the characteristics of Packet-In messages in an OpenFlow network, and shows its effectiveness through the experiments.
### 10: Major strengths:: What are the major strengths of this paper?
The average delay from the occurrence of a port scan to detection in the proposed method is 6.18 seconds, which is considered to be short enough to prevent further damage.
### 11: Major weakness:: What are the major weakness of this paper?
To evaluate the practicality, it is necessary to conduct tests on the actual network and experiments with actual regular traffic.
### 12: Additional comments for the authors to improve the paper:: Please input additional detailed comments below.
It is necessary to consider a method that can detect slow port scans in combination with existing polling methods and Intrusion Detection and Protection Systems (IDS/IPS).
## まとめ
### 1-11: 短所
- KNNの閾値をどうやって決めるのか検討が必要
- 他の異常検出手法に浮いても検討が必要
- ポートスキャンには一般的なツール(Nmap, Netcat)等を使うべき
### 2-11: 短所
- 異常検出アルゴリズムについての説明が不足
### 2-12: 改善点
- より高度な機械学習アルゴリズムの使用を検討してみると良い
- 最終原稿の準備
- 9月の頭までに実際のトラフィックデータに対する分析
- 先行研究とどう比較するか
Sign in with Wallet
Connect another wallet