Skip Content
You are currently on the new version of our website. Access the old version .
MDPIMDPI
Search all articles
by
  • Chengxiang Liu1,
  • Wei Xiong2,* and
  • Chao Guo1
  • et al.

Reviewer 1: Anonymous Reviewer 2: Anonymous

Round 1

Reviewer 1 Report

The manuscript presents the research on the nodes attacked invulnerability of SBIN based on complex network theory. The research is calculated and verified by the simulation results. The paper is well-written and easy to follow. This subject will be interesting for the readership of the journal. Nonetheless, there are several major aspects that require improvements:

 

1) Authors need to add a separate section in this paper - "Related Works".

2) In this case, it is necessary to further analyze the related papers, for example:

- C. Jiang, et al. Security in space information networks. IEEE Communications Magazine, 2015, 53 (8), 82-88.

- X. Wang, et al. Key issues of security in space-based information network review. International Conference on Cyberspace Technology (CCT 2014), 2014, pp. 1-6.

- J. Du, et al. Cooperative earth observation through complex space information networks. IEEE Wireless Communications, 2016, 23(2), 136-144.

- J. Du, et al. Resource Allocation in Space Multiaccess Systems. IEEE Transactions on Aerospace and Electronic Systems, 2017, 53 (2), 598-618.

- B. Zeng, et al. Design for the simulation of space based information network. Journal of Systems Engineering and Electronics, 2006, 17 (2), 443-449.

- etc.

3) Unfortunately, references 17 and 18 (WSN) are poorly suited for SBIN security analysis. You must delete these references or substantially prove their scalability in SBIN.

4) The presented research do not take into account the recommendations of the Consultative Committee for Space Data Systems (CCSDS), in particular RFC 4838 (Delay-Tolerant Networking Architecture).

5) In my opinion, the term "invulnerability" is not quite suitable for this research. I recommend using "classic" terms from the field of security systems.

Author Response

Response to Reviewer 1 Comments

Thanks for the reviewers’ time and effort in evaluating my paper. I appreciate your suggestions and valuable comments very much. They are much helpful for improving my paper. I have carefully revised this paper according to your comments. In the following I am going to explain how your comments have been taken into account in the revision. In addition, reviewer’s comments use the black font, and the responses to the comments use the red font. In the revised manuscript, the modified part is also in red font.

 

Point 1: Authors need to add a separate section in this paper - "Related Works".

Response 1: Thank you very much and we have added a separate section in this paper - "Related Works".

2. Related Works

As a significant method of research on complex giant systems, complex network theory highlights the topological characteristics of the system structure, which is an important basis to describe the whole network node abstraction and connection relation. Nowadays, the complex network theory has been widely used in the network characteristic analysis, structure optimization, vulnerability and invulnerability analysis of the Internet, traffic network, power network, communication network and optional network, which achieves a series of achievements[9–16].

At present, the network failure caused by node attack is a hot topic in research. Ding et al.[17]proposed a location-based similarity detection scheme using deployment knowledge in wireless sensor networks to solve network attacks that generate replication nodes due to unattended; In addition to focusing on the physical connection topology of SBIN, the study on the invulnerability of SBIN also needs to focus on the other network attributes such as degree distribution, betweenness, clustering coefficient and so on[18–20]. It is of great value to grasp these characteristics and rules. In particular, the hidden dangers in software or application programs put forward higher requirements and challenges for the information transmission of the whole network, and it is the key issue of current research to adopt different defense measures to realize vulnerability mining. When reading a lot of literature, this paper found that, In reference[21], different defense measures were explained in detail to evaluate the vulnerability in a web application, which can be used to identify the most challenging vulnerabilities in the field of web application. Zero-day is also a kind of vulnerabilities, which can pose critical threat to the software or application. However, zero-day is difficult to be detected through conventional signature-based defenses[22]. In reference[23,24], a framework was proposed to discover zero-day attacks and estimate the severity of identified zero-day vulnerability. In references[25,26], the frequencies of different vulnerabilities are measured to estimate the security risk-level, which can be used to automated and reasonable security management, based on the standard CVSS Risk Level Estimation Model. Quantitative Information Security Risk Assessment Model[27] were designed to enhance the security level of large open campus network, with reliable and repeatable risk analysis in realistic and affordable manner.

Furthermore, the main research methods of the invulnerability of SBIN consist of two parts: the selection of measure index and the generation of attack mode[28,29]. In the traditional method, the invulnerability of the network under different topologies is analyzed by deducing and analyzing the measure indexes. This method often ignores the physical connection characteristics of the whole network, making the results of theoretical analysis meaningless for the actual network evolution. Therefore, based on the improved tree attack strategy, this paper will analyze the invulnerability technology of SBIN.

After analyzing the influence of different attack strategies on the invulnerability of SBIN, this paper further studies the optimization of invulnerability. Based on reading related literature, it was found that a complex network destructiveness simulation optimization algorithm based on TABU search is proposed by Tian[30] to continuously optimize the target function with natural connectivity as the parameter, so as to improve the network invulnerability. The security issues in space information networks have been well surveyed[31,32], from the points of secure handoff, secure transmission control, key management, and secure routing, and a space network security mechanism was proposed to deal with these above security threats. Aiming at the cooperative transmission for space-based networks, many scholars have gone deep into the researches of the network architecture, protocols and routing strategy and routing algorithm. Based on the SOS structure and some other protocols, networking technologies and coordination mechanisms were fully researched to improve the cooperative transmission for Earth observation[33]. And in reference[34], a kind of multiple access communication systems with a GEO and a LEO satellite as relays was designed, based on the resource allocation protocol. Wang[35] improves the dynamic intrusion of complex networks by optimizing load priority prevention strategy index. Chen[36] proposes a new nondestructive measurement index, which is used as the object function of the optimized and improved particle swarm algorithm to ensure the smooth operation of railway transportation. Four typical capability allocation strategies are proposed by Li[37] to improve the dynamic resistance of complex networks and effectively prevent cascading failures of complex networks under limited resources. Based on lots of relevant researches, this paper makes an in-depth study on the problem of invulnerability optimization of SBIN.

 

Point 2: In this case, it is necessary to further analyze the related papers, for example:

- C. Jiang, et al. Security in space information networks. IEEE Communications Magazine, 2015, 53 (8), 82-88.

- X. Wang, et al. Key issues of security in space-based information network review. International Conference on Cyberspace Technology (CCT 2014), 2014, pp. 1-6.

- J. Du, et al. Cooperative earth observation through complex space information networks. IEEE Wireless Communications, 2016, 23(2), 136-144.

- J. Du, et al. Resource Allocation in Space Multiaccess Systems. IEEE Transactions on Aerospace and Electronic Systems, 2017, 53 (2), 598-618.

- B. Zeng, et al. Design for the simulation of space based information network. Journal of Systems Engineering and Electronics, 2006, 17 (2), 443-449.

Response 2: Thank you for your suggestion and we have cited the relevant references you listed, and they are very helpful to the improvement of the paper.

The security issues in space information networks have been well surveyed[31,32], from the points of secure handoff, secure transmission control, key management, and secure routing, and a space network security mechanism was proposed to deal with these above security threats. Aiming at the cooperative transmission for space-based networks, many scholars have gone deep into the researches of the network architecture, protocols and routing strategy and routing algorithm. Based on the SOS structure and some other protocols, networking technologies and coordination mechanisms were fully researched to improve the cooperative transmission for Earth observation[33]. And in reference[34], a kind of multiple access communication systems with a GEO and a LEO satellite as relays was designed, based on the resource allocation protocol.

 

Point 3: Unfortunately, references 17 and 18 (WSN) are poorly suited for SBIN security analysis. You must delete these references or substantially prove their scalability in SBIN.

 

Response 3: Thank you for your suggestion and we have deleted these references.

 

Point 4: The presented research do not take into account the recommendations of the Consultative Committee for Space Data Systems (CCSDS), in particular RFC 4838 (Delay-Tolerant Networking Architecture).

Response 4: Respect of experts, we are very recognized you put forward point 4 revisions, in this article, the author mainly aims at the network structure and static of SBIN invulnerability, while you mentioned time tolerance network architecture is the analysis of the dynamic invulnerability. We are considering and studying the dynamic invulnerability, and build a reasonable objective function on the concrete analysis and optimization, especially for the dynamic invulnerability due to the edge of some nodes destroyed. The cascading failure problem will be taken consider into thorough understanding of the content of the research. The research results will provide theoretical support for the construction of a more stable SBIN. We hope you can continue to give valuable suggestions to the team. Thank you!

 

Point 5: In my opinion, the term "invulnerability" is not quite suitable for this research. I recommend using "classic" terms from the field of security systems.

 

Response 5: Respect of experts, we agree with your valuable fifth point, at the same time, we believe that the invulnerability analysis of the SBIN is also a classic problem of network security field. We first use complex network theory to build the whole network model, and then we choose the appropriate measure to analyze SBIN, finally, through constructing the reasonable optimization methods, we optimize the invulnerability of SBIN. The results of the entire study have been a theoretical support of network security and it also lay a solid foundation for subsequent research. At the same time, this project is also supported by relevant funds. Therefore, we want to continue to use the term "invulnerability" to analyze this paper, and we hope that respected experts can give us support!

 


Reviewer 2 Report

The paper has carried out the research on the nodes attacked invulnerability of space-based information network (SBIN) based on complex network theory. Obviously it has merit, but its quality can be improved. Two constructive comments are the following ones: 

1) More technical analysis with high quality arguments is required in Section titled "4 Invulnerability optimization model of SBIN". Please analyze more the optimization methods of invulnerability in SBIN.

2) The “flow” of the ideas presented in the paper must be improved.

3) The authors may cite the following framework that adopts a probabilistic approach for identification of the zero-day attack path and further to rank the severity of identified zero-day vulnerability.

Singh U. et al. (2019) A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications (Elsevier), Volume 46, June 2019, pp. 164-172.

Author Response

Response to Reviewer 2 Comments

Thanks for the reviewers’ time and effort in evaluating my paper. I appreciate your suggestions and valuable comments very much. They are much helpful for improving my paper. I have carefully revised this paper according to your comments. In the following I am going to explain how your comments have been taken into account in the revision. In addition, reviewer’s comments use the black font, and the responses to the comments use the red font. In the revised manuscript, the modified part is also in red font.

 

Point 1: More technical analysis with high quality arguments is required in Section titled "4 Invulnerability optimization model of SBIN". Please analyze more the optimization methods of invulnerability in SBIN.

Response 1: Thank you very much and we have added a separate section in this paper - "Related Works". In this section, we analyze the optimization methods of invulnerability in SBIN.

 

2. Related Works

As a significant method of research on complex giant systems, complex network theory highlights the topological characteristics of the system structure, which is an important basis to describe the whole network node abstraction and connection relation. Nowadays, the complex network theory has been widely used in the network characteristic analysis, structure optimization, vulnerability and invulnerability analysis of the Internet, traffic network, power network, communication network and optional network, which achieves a series of achievements[9–16].

At present, the network failure caused by node attack is a hot topic in research. Ding et al.[17]proposed a location-based similarity detection scheme using deployment knowledge in wireless sensor networks to solve network attacks that generate replication nodes due to unattended; In addition to focusing on the physical connection topology of SBIN, the study on the invulnerability of SBIN also needs to focus on the other network attributes such as degree distribution, betweenness, clustering coefficient and so on[18–20]. It is of great value to grasp these characteristics and rules. In particular, the hidden dangers in software or application programs put forward higher requirements and challenges for the information transmission of the whole network, and it is the key issue of current research to adopt different defense measures to realize vulnerability mining. When reading a lot of literature, this paper found that, In reference[21], different defense measures were explained in detail to evaluate the vulnerability in a web application, which can be used to identify the most challenging vulnerabilities in the field of web application. Zero-day is also a kind of vulnerabilities, which can pose critical threat to the software or application. However, zero-day is difficult to be detected through conventional signature-based defenses[22]. In reference[23,24], a framework was proposed to discover zero-day attacks and estimate the severity of identified zero-day vulnerability. In references[25,26], the frequencies of different vulnerabilities are measured to estimate the security risk-level, which can be used to automated and reasonable security management, based on the standard CVSS Risk Level Estimation Model. Quantitative Information Security Risk Assessment Model[27] were designed to enhance the security level of large open campus network, with reliable and repeatable risk analysis in realistic and affordable manner.

Furthermore, the main research methods of the invulnerability of SBIN consist of two parts: the selection of measure index and the generation of attack mode[28,29]. In the traditional method, the invulnerability of the network under different topologies is analyzed by deducing and analyzing the measure indexes. This method often ignores the physical connection characteristics of the whole network, making the results of theoretical analysis meaningless for the actual network evolution. Therefore, based on the improved tree attack strategy, this paper will analyze the invulnerability technology of SBIN.

After analyzing the influence of different attack strategies on the invulnerability of SBIN, this paper further studies the optimization of invulnerability. Based on reading related literature, it was found that a complex network destructiveness simulation optimization algorithm based on TABU search is proposed by Tian[30] to continuously optimize the target function with natural connectivity as the parameter, so as to improve the network invulnerability. The security issues in space information networks have been well surveyed[31,32], from the points of secure handoff, secure transmission control, key management, and secure routing, and a space network security mechanism was proposed to deal with these above security threats. Aiming at the cooperative transmission for space-based networks, many scholars have gone deep into the researches of the network architecture, protocols and routing strategy and routing algorithm. Based on the SOS structure and some other protocols, networking technologies and coordination mechanisms were fully researched to improve the cooperative transmission for Earth observation[33]. And in reference[34], a kind of multiple access communication systems with a GEO and a LEO satellite as relays was designed, based on the resource allocation protocol. Wang[35] improves the dynamic intrusion of complex networks by optimizing load priority prevention strategy index. Chen[36] proposes a new nondestructive measurement index, which is used as the object function of the optimized and improved particle swarm algorithm to ensure the smooth operation of railway transportation. Four typical capability allocation strategies are proposed by Li[37] to improve the dynamic resistance of complex networks and effectively prevent cascading failures of complex networks under limited resources. Based on lots of relevant researches, this paper makes an in-depth study on the problem of invulnerability optimization of SBIN.

 

Point 2: The “flow” of the ideas presented in the paper must be improved.

 

Response 2: Thank you very much for improving this comment. To further illustrate the structure of the whole article, we have added the “relevant work” section. In the second part of the related work, we have analyzed of the complex network theory firstly, and then we have analyzed the network fault, especially the zero day vulnerability was elaborated in depth, in turn, we have studied the invulnerability of the model construction and measurement index selection, and finally we have studied the optimization methods of invulnerability of the relevant analysis. The whole flow is progressive and hierarchical.

 

Point 3: The authors may cite the following framework that adopts a probabilistic approach for identification of the zero-day attack path and further to rank the severity of identified zero-day vulnerability.

Singh U. et al. (2019) A framework for zero-day vulnerabilities detection and prioritization. Journal of Information Security and Applications (Elsevier), Volume 46, June 2019, pp. 164-172.

 

Response 3: Thank you for your suggestion and we have cited the relevant references you listed, and they are very helpful to the improvement of the paper.

 

In reference[21], different defense measures were explained in detail to evaluate the vulnerability in a web application, which can be used to identify the most challenging vulnerabilities in the field of web application. Zero-day is also a kind of vulnerabilities, which can pose critical threat to the software or application. However, zero-day is difficult to be detected through conventional signature-based defenses[22]. In reference[23,24], a framework was proposed to discover zero-day attacks and estimate the severity of identified zero-day vulnerability. In references[25,26], the frequencies of different vulnerabilities are measured to estimate the security risk-level, which can be used to automated and reasonable security management, based on the standard CVSS Risk Level Estimation Model. Quantitative Information Security Risk Assessment Model[27] were designed to enhance the security level of large open campus network, with reliable and repeatable risk analysis in realistic and affordable manner.


Round 2

Reviewer 1 Report

The authors convinced me and correctly considered all my comments. I have no other comments.

Author Response

Thanks for the reviewer’s time and effort in evaluating my paper. I appreciate your suggestion and valuable comment very much. It is much helpful for improving my paper.