Ontology for Cross-Site-Scripting (XSS) Attack in Cybersecurity
Round 1
Reviewer 1 Report
The area of cybersecurity and the XSS vulnerability is a very popular and important area of research and it is represented by a very rich literature positions and researches thus authors don’t refer to the valid and latest research articles (the latest reference is dated 2019), the authors have provided almost 9 pages that describes XSS attacks. This part of the articles is summarized by the authors
"In the previous chapters we have seen few simple examples of how the vulnerabilities can be detected by an attacker, and how he can exploit them by inserting some payloads to jeopardize a system"
The question is why authors focus on such a simple aspects while the research is focused on the cybersecurity ontology that is seen as more innovative.
The most important part of article related to ontology is described on only 4 pages out of 18. So it seems that authors hasn’t put relevant importance to the research itself and also the model definition doesn’t provide relevant feedback how to use that apart from : "this model is a 2-way descriptive in such a way that, it tells the administrator what will be next if the negative steps are taken and in creating a website or onto an existing website, and in managing the back-end side (server). At the same time, if proper implementation is considered, then the system is at low risk." The statement given mitigates the importance of the research "In summary, we have seen the importance of ontology to be implemented within the cybersecurity area." So the question is what in reality authors wanted to say ?
In Conclusion there is: “The research showed that more than 7/9 attacks are being deployed at the application layer and more than 8/9 applications are vulnerable to the attacks”
Correctly it should be “According to authors ontology “more than 7/9 attacks are being deployed….”
The article is inconsistent with the publication policy in respectable publishing houses, e.g.
- pictures 3 and 4 are not in the indicated source (11. Shashank, G.; Gupta. B. B. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Springer, ……)
- articles section titles without capital letter. e.g. 2. different types of XSS and procedures to detect"
It’s strongly recommended to clearly define the scope of stated research on the XSS ontology and its goals ( thesis) and the output of such research, to make the article more clear and user friendly for the readers. It is also essential to track the proper citation sources within the article including the latest publications
Author Response
Please see the attachment
Author Response File: Author Response.pdf
Reviewer 2 Report
1) Abstract has to be concise. It is too long.
2) Identify the limitations of the existing works that motivated current research.
3) List out the main contributions of the current work.
4) Some of the recent and relevant works such as the following can be discussed in the paper: A systematic review on clone node detection in static wireless sensor networks, An adaptive multi-layer botnet detection technique using machine learning classifiers, Image-Based malware classification using ensemble of CNN architectures (IMCEC).
5) Discuss about the future scope of the current work.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
There is no proper linkage/reference between given literature positions and citations within the article body. Currently literature reference is indicated as [?] to be corrected