PONE-D-25-20493Application of the Improved Support Vector Machine Model for Cyberspace Vulnerability Prediction Technology from the Perspective of User Group Changes Based on Capital InfluxPLOS ONE

Dear Dr. Long,

Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process.

Please submit your revised manuscript by Jul 11 2025 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org . When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

Please include the following items when submitting your revised manuscript:

• A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols .

We look forward to receiving your revised manuscript.

Kind regards,

Pankaj Bhambri, Ph.D.

Academic Editor

PLOS ONE

Journal Requirements:

When submitting your revision, we need you to address these additional requirements.

1. Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at https://journals.plos.org/plosone/s/file?id=wjVg/PLOSOne_formatting_sample_main_body.pdf and https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf

2. PLOS requires an ORCID iD for the corresponding author in Editorial Manager on papers submitted after December 6th, 2016. Please ensure that you have an ORCID iD and that it is validated in Editorial Manager. To do this, go to ‘Update my Information’ (in the upper left-hand corner of the main menu), and click on the Fetch/Validate link next to the ORCID field. This will take you to the ORCID site and allow you to create a new iD or authenticate a pre-existing iD in Editorial Manager.

3. Please include captions for your Supporting Information files at the end of your manuscript, and update any in-text citations to match accordingly. Please see our Supporting Information guidelines for more information: http://journals.plos.org/plosone/s/supporting-information.

4. Please review your reference list to ensure that it is complete and correct. If you have cited papers that have been retracted, please include the rationale for doing so in the manuscript text, or remove these references and replace them with relevant current references. Any changes to the reference list should be mentioned in the rebuttal letter that accompanies your revised manuscript. If you need to cite a retracted article, indicate the article’s retracted status in the References list and also include a citation and full reference for the retraction notice.

Additional Editor Comments :

Minor Revisions are Required.

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: Partly

Reviewer #2: Yes

Reviewer #3: Yes

Reviewer #4: Yes

**********

2. Has the statistical analysis been performed appropriately and rigorously?

Reviewer #1: No

Reviewer #2: Yes

Reviewer #3: Yes

Reviewer #4: Yes

**********

3. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.

Reviewer #1: Yes

Reviewer #2: Yes

Reviewer #3: Yes

Reviewer #4: Yes

**********

4. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: No

Reviewer #2: Yes

Reviewer #3: Yes

Reviewer #4: Yes

**********

5. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)

Reviewer #1: The manuscript titled "Application of the Improved Support Vector Machine Model for Cyberspace Vulnerability Prediction Technology from the Perspective of User Group Changes Based on Capital Influx" presents a novel approach using a Threat-Aware Support Vector Machine (TASVM) model with adaptive kernel optimization to improve vulnerability prediction in cyberspace. The paper addresses a relevant and timely problem and demonstrates meaningful performance improvements over traditional SVM, decision tree, neural network, and random forest models.

However, several important concerns limit the manuscript’s readiness for publication in its current form:

1. Technical Soundness-

The proposed TASVM model integrates multiple dynamic kernel mechanisms to enhance adaptability to nonlinear attacks, which is a promising contribution. The use of CICIDS 2017 and UNSW-NB15 datasets is appropriate, and the experimental results are aligned with the study’s goals. However, the lack of detail in implementation (e.g., hyperparameter tuning strategies, exact kernel switching conditions, and code reproducibility) and no mention of model limitations in scalability and computation under real-time conditions reduce confidence in the system’s practical viability.

2. Statistical Analysis-

The manuscript does not include significance testing, confidence intervals, or variability measures (e.g., standard deviation across cross-validation folds). While average accuracy and other performance metrics are reported, the absence of statistical validation undermines the strength of the conclusions. This is a critical shortcoming that must be addressed to meet PLOS ONE's standards.

3. Language and Clarity-

Although the manuscript is generally intelligible, the writing includes numerous grammatical issues, awkward sentence constructions, and stylistic inconsistencies. These issues negatively impact readability and should be corrected through professional language editing.

4. Data Availability-

The authors appropriately use two public datasets and state that all data are available within the manuscript and supporting information, which meets the journal’s data availability requirement.

5. Additional Suggestions-

Include significance testing (e.g., t-tests or ANOVA) to statistically validate model improvements. Add variability metrics (e.g., standard deviation, confidence intervals) for reported performance scores. Clarify how the attack-aware factor (αc) and skewness threshold (θ) are calculated and adjusted. Provide runtime benchmarks or discuss deployment feasibility for real-time systems. Improve figures for clarity, and ensure all abbreviations are defined on first use. Submit the manuscript for professional language editing.

Reviewer #2: Thank you to the Author and Editor(s) for this opportunity to provide feedback.

This Original Submission is well-written in both standard and scientific English, well-organized, and its data are largely unproblematic; its original contribution to scholarly research is also evident. I do not have any concerns about its equations or statistical explanations.

In the real world, organized cyberattacks are rarely categoric or unidimensional, often integrating approaches by disdaining loss, following the path of least resistance and concentrating efforts. I wonder if the Author thinks it is pertinent to include a more detailed comparison of how the AKS mechanism is mobilized against multidimensional attacks, since this would be the best representation of feasibility and the project is designed in-itself for performance.

In real-world applications, the SVM property of “insufficient processing capability of high-dimensional nonlinear data” poses a problem for advanced computation requirements. How does the Author propose to circumvent clear obstacles to implementation? For example, would parameter adjustment, parameter refinement and kernel function switching be feasible simultaneous yet separate processes at larger scales for consumers? I propose the Author include some text about implementation potential, especially since past reviewers seemed primarily skeptical due to an inherent supposition of novel computation leading to restricted implementation.

In terms of capital influx some form of concomitance or proposed simultaneity is certain, being that cyberthreat acting which is not directly strategic in terms of impact (DDoS, Ransomware) is nevertheless perpetrated in real-time (Phishing). However, Figure 7 likely also represents user response to critical frontend impacts of cyberthreat intrusion or intrusion detection since resource-intensive data collection, response and prevention processes as well as backend measures drive exponential bottleneck changes to user experience causing a greater number of attempted logins, varying user response to load times, etc. Should some mention of this be made in the limitations, in the form of identifying that trade-offs may be certain?

Reviewer #3: 1. In order to improve clarity and focus, consider a revised version title like “Enhanced SVM-Based Model for Predicting Cyberspace Vulnerabilities: Analyzing the Role of User Group Dynamics and Capital Influx”

2. Some sentences are dense and hard to follow (e.g., “by integrating the dynamics of user behavior change with the logic of platform capital expansion”). Try to simplify language and use more direct phrasing without diluting the academic tone.

3. Terms like “prediction efficiency” and “platform capital expansion” may be vague or open to multiple interpretations. Thus, replace these with more conventional terms like computational efficiency or platform scaling due to investment.

4. Eliminate redundancy, especially in the description of TASVM's innovation. Avoid restating the same contributions multiple times.

Reviewer #4: - Comparative analysis of literature review is missing need to add along with their results readings

- In the discussion and conclusion section, no numerical results reading was discussed.

- when dealing with attack risk not seen any category of attack basis on severity or risk of attack to deal woth it on priority.

- indicator of compromise role in the attack detection and risk of attack is totally neglected in the said study, can be a major factor and need to discussed and find from true positive attacks.

**********

6. PLOS authors have the option to publish the peer review history of their article (what does this mean? ). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy .

Reviewer #1: No

Reviewer #2: Yes:  Paul-André Betito, HBA*, MSW, RSW

Reviewer #3: No

Reviewer #4: No

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/ . PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org . Please note that Supporting Information files do not need this step.

Enhanced SVM-Based Model for Predicting Cyberspace Vulnerabilities: Analyzing the Role of User Group Dynamics and Capital Influx

PONE-D-25-20493R1

Dear Dr. Long,

We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements.

Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication.

An invoice will be generated when your article is formally accepted. Please note, if your institution has a publishing partnership with PLOS and your article meets the relevant criteria, all or part of your publication costs will be covered. Please make sure your user information is up-to-date by logging into Editorial Manager at Editorial Manager®  and clicking the ‘Update My Information' link at the top of the page. If you have any questions relating to publication charges, please contact our Author Billing department directly at authorbilling@plos.org.

If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org.

Kind regards,

Pankaj Bhambri, Ph.D.

Academic Editor

PLOS ONE

Additional Editor Comments (optional):

Reviewers' comments: