Next Article in Journal
Testbed Emulator of Satellite-to-Ground FSO Downlink Affected by Atmospheric Seeing Including Scintillations and Clouds
Previous Article in Journal
CondNAS: Neural Architecture Search for Conditional CNNs
 
 
Article
Peer-Review Record

Security Ontology Structure for Formalization of Security Document Knowledge

Electronics 2022, 11(7), 1103; https://doi.org/10.3390/electronics11071103
by Simona RamanauskaitÄ— 1,*, Anatoly Shein 2, Antanas ÄŒenys 3 and Justinas Rastenis 3
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Electronics 2022, 11(7), 1103; https://doi.org/10.3390/electronics11071103
Submission received: 13 March 2022 / Revised: 28 March 2022 / Accepted: 29 March 2022 / Published: 31 March 2022
(This article belongs to the Topic Cyber Security and Critical Infrastructures)

Round 1

Reviewer 1 Report

The article further develops the ideas for automated knowledge generation related to cybersecurity management. Synthesis of documents is needed for proactive research of the capabilities of cyber adversaries, investigation of security incidents, creation of documentation for compliance with security standards of the environments of specific organizations. Contributes to increasing the possibilities for threat intelligence by aggregating information from diverse sources. 

In addition, the question answered by this study is not clearly stated. In my perception, the article answers the question of whether there is a way to systematically formalize different sources of information in order to organize in an accessible way the knowledge of cyber security and at the same time generate new knowledge. The text does not make clear the differences and added value compared to existing research. Given the workload of security teams, such technology was extremely useful. I dare say this from the standpoint of my long practice in the field of cybersecurity in creating large cyber security systems. Since this problem area is exactly mine, I see many applications of such an idea. I wrote some of them in the comment in the review form. I believe that the conclusions correspond to the statements about the possibilities of the proposed ontology.  

Out of protocol and only for editors. It seems that the authors have no real idea of the deep problems in the practice of cybersecurity, but at the same time, I think they are on the right track.
  Detail comments:

There is a figure outside the text borders;

Last page needs text editing;

 

 

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

This paper proposes a new security ontology structure to provide linking of the concepts to original data sources. The proposed structure was validated by presenting some numerical results of its application and directions of usage of such an ontology structure. This paper can be further improved by addressing the following comments.
1. Explanation of figures 2 and 3 is missing. Authors need to interpret the information in the corresponding figures in context.
2. Please use vector figures (especially fig. 3) to avoid quality loss.
3. The experimental part of Section 4.1 lacks evaluation metrics and reference samples to measure the reliability of the proposed ontology. For example N-gram or Recall etc. In addition, the experimental results are obviously insufficient.
4. Authors should seriously consider the innovative nature of the Security Ontology Structure described in Section 3. What is the meaning of traversing the keywords in the atomic sentence? Is energy consumption considered? Are you considering a more efficient processing method?
5. In general, the authors should reduce the general description and propose a more specific approach. In addition, the amount of data for experimental comparison should be expanded as much as possible. More comparison methods also need to be seriously considered.

Author Response

Please see the attachment,

Author Response File: Author Response.pdf

Reviewer 3 Report

A security ontology is specially constructed to enable TAPIO tool to automatically ingest data from a wide range of data sources. Data sources are usually available in several unstructured sources including text, images, graphs, documents, webpages and others. The authors in this paper tries to suggest a security ontology structure to formalize the security document knowledge. The idea is interesting, however, the paper can be improved by addressing several major concerns such as:

  • The paper seems more like a review paper, not an article. I suggest to change the type of this manuscript to review article since experimental/simulation part is missed (or even might not  applicable)
  • The novelty of this paper is unclear. Since cybersecurity ontology is not a novel topic. The paper lacks to provide summarized contribution of the authors.
  • An overview of security ontology with clarification examples (Use visual examples) is crucial section in this paper, and can be presented after the introduction section. 
  • The correlation of  cyber security ontology with cyber attack trees/security surface analysis. An example can be discussed on this regard to emphasize the role of cyber security ontology in the cybersecurity/attacks analysis.
  • A subsection for the potential cyber security ontology tools that can be used to formalize the security document knowledge/Extraction. 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

This manuscript is much better compared with the last version.

Reviewer 3 Report

The majority of my comments have been addressed by the authors. Thanks, i would accept the paper

Back to TopTop