Nothing Special   »   [go: up one dir, main page]

Next Article in Journal
Novelty in Intelligent Controlled Oscillations in Smart Structures
Previous Article in Journal
Parallelization of the Bison Algorithm Applied to Data Classification
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Article
Peer-Review Record

Fast Algorithm for Cyber-Attack Estimation and Attack Path Extraction Using Attack Graphs with AND/OR Nodes

Algorithms 2024, 17(11), 504; https://doi.org/10.3390/a17110504
by Eugene Levner 1,* and Dmitry Tsadikovich 2
Reviewer 1: Anonymous
Reviewer 2:
Algorithms 2024, 17(11), 504; https://doi.org/10.3390/a17110504
Submission received: 11 September 2024 / Revised: 28 October 2024 / Accepted: 31 October 2024 / Published: 4 November 2024
(This article belongs to the Section Algorithms for Multidisciplinary Applications)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

I like this paper that the solution is really easy to deploy, but existing issue is the authors need to compare their approach with knowledge-graph based methods.

Comments on the Quality of English Language

I like this paper that the solution is really easy to deploy, but existing issue is the authors need to compare their approach with knowledge-graph based methods. In addition, the paper might be too theoretic for audience in this domain, I recommend putting the proofs in a dedicated Appendix section.

Author Response

We present the revised manuscript in which, for the reviewers’ convenience, the main changes and improvements are marked in blue.

Here, we respond to all the comments/suggestions by Reviewer 1, one by one.

The reviewer 1 wrote:   

1.1 I like this paper that the solution is really easy to deploy, but existing issue is the authors need to compare their approach with knowledge-graph based methods.

1.2. I recommend putting the proofs in a dedicated Appendix section.

 

 

Our answer.  We are grateful to Reviewer 1 for this comment.

1.1. In Section 2, page 6-7, lines 285-321,  we added a comparison of the proposed algorithm with the knowledge graph-based algorithms.

1.2. We placed the proof of Claim 1 in Appendix C.

Reviewer 2 Report

Comments and Suggestions for Authors

1.  The abstract is too short. It's needed to answer  the following questions:

1) What is the problem and in what area?

2) What is generally being done to solve the problem?

3) What does the article suggest? 

4) What is the “highlight” of the approach (main idea)?

5) Has the approach been tried and how?

6) What results does the proposed solution achieve?

2) How is the length of the path calculated with and without taking into account the weights?

3) Clearly explain how all the parameters in Fig. 2-5 and Table 1-3 were obtained, and what they mean.

4) Fig. 5 - why nodes may be unavailable, explain.

6) Conclusions are too long, they need to be formulated more clearly, emphasizing the originality of the research.

Author Response

We present the revised  paper in which, for the reviewers' convenience, the main changes and improvements are marked in blue.

Here, we respond to all the comments/suggestions by Reviewer 2, one by one.

The Reviewer 2 wrote:

 

Reviewer 2:

The Reviewer 2 wrote:2.1: The abstract is too short. It's needed to answer the following questions:

1) What is the problem and in what area?

2) What is generally being done to solve the problem?

3) What does the article suggest? 

4) What is the "highlight" of the approach (main idea)?

5) Has the approach been tried and how?

6) What results does the proposed solution achieve?

Our answer: We agree with this comment and thank Reviewer 2 for it. In the revised version, the abstract has been significantly changed. Following this suggestion of the Reviewer, we addressed all the questions raised above (page 1, lines 8-21). In addition, we strictly followed the journal's requirement regarding the size of the Abstract, which should be about 200 words; the revised Abstract is 205 words.

The Reviewer 2 wrote: 2.2: How is the length of the path calculated with and without taking into account the weights?

Our answer 2.2: We agree with this comment and thank Reviewer 2 for this comment. In the revised version,  we added a much more detailed explanations of the path-length computations in which we used the tables and the  explanations of computed values in the tables with the help of the times on nodes and edges.

First of all, we explained that the weights in our paper mean the times (durations ) on nodes denoted and the times (durations) on edges denoted . 

Specifically, the explanations for the steps of the algorithm on the weighted graphs are given in Tables 1,2,3,5 and 8 in Sections 4 and 5. Explanations for the unweighted graphs are given in  Section 1, page 4, 175-178 and Section 4, p.14, lines 503-525; and Table 4, Fig. 5, respectively. In these explanations, we provided Tables 1-5,8 with computations of the Algorithm step-by-step and added detailed explanations of computations in these tables.   

The Reviewer 2 wrote 2.3: Clearly explain how all the parameters in Fig. 2-5 and Table 1-3 were obtained, and what they mean.

Our answer 2.3: We thank the Reviewer for this insightful comment. In the revised version, everywhere when needed, we indicated that the times on nodes and arcs, i.e., , and , in all Figures 2 to 8 are given in minutes. All parameters were obtained from the CVSS (Common Vulnerability Scoring System (ref. [49]).

The Reviewer 2 wrote 2.4: Fig. 5 - why nodes may be unavailable, explain.

Our answer 2.4: We thank the Reviewer for this comment. We agree that Fig.5 in the initial manuscript was vague and misleading. By this reason, in the revised version, we deleted this Fig.5, without any harm to the remaining text.

The Reviewer 2 wrote 2.5: Conclusions are too long, they need to be formulated more clearly, emphasizing the originality of the research.

 Our answer 2.5: We agree and are thankful for this comment. We made the  Conclusion shorter and clearer and emphasized the paper's originality.

Reviewer 3 Report

Comments and Suggestions for Authors

1.     Organize the paper based on following format: Introduction, literature review, proposed method, results and discussion, conclusion. Clarify the terms like “hostile attack” and “vulnerability analysis”, which lacks precise definition in the introduction.

2.     The figures present in the manuscript lacks clear labelling and detailed description. For instance, figures 2(b) and 3(b) are not clearly labeled and lacks depth analysis.

3.     Define how does the proposed algorithm differ computationally from existing algorithm in handling cyclic attack graphs, especially compared to Dijktra-type algorithms?

4.     What is the reason behind the choice of AND/OR nodes for the model? What is the role of Bayesian inference in your approach? You have mentioned these probabilistic model but didn’t explained how it is relevant to your method.

5.     The author mentioned cycles in attack graphs as potential problem in the model. Explain clearly, under what circumstances a cycle would be problematic. Include detailed experimental results and explain how the proposed algorithm resolved this cycles.

6.     The column headings of the tables presented in the paper is unclear. Provide clear critical analysis for the table’s content.

7.     Expand the discussion on how node and edge weights (representing attack times) are integrated into the algorithm. Provide examples of how weights affect attack path extraction.

8.     Add more recent and relevant studies from 2022 to 2024 to show and analyze the advancement in this field.

Comments on the Quality of English Language

A careful proofreading is required to correct minor spelling and grammatical errors throughout the manuscript.

Author Response

We thank the anonymous Reviewer 3 for his/her valuable comments and insightful feedback. We carefully addressed all the questions to provide thorough answers to the raised queries. Please note that all the edited/additional text is marked in blue in the revised version. 

  

The reviewer wrote 3.1: Organize the paper based on following format: Introduction, literature review, proposed method, results and discussion, conclusion. Clarify the terms like "hostile attack" and "vulnerability analysis", which lacks precise definition in the introduction.

Our answer  3.1 We agree with this comment. We changed the paper format according to the suggestion of Reviewer 3. Also, we re-named Section 2 to “A Literature Review”. In answer to this comment, we clarified the terms “hostile attack” and “vulnerability analysis”in the Appendix A and added several new terms Table A1 in the Appendix A, clarifying other key terms used in this paper.

Comment3.2: The figures present in the manuscript lacks clear labelling and detailed description. For instance, figures 2(b) and 3(b) are not clearly labelled and lacks depth analysis.

Our answer3.2: Thank you for this insightful comment. We improved labelling of all Figures, the descriptions and explanations to all numerical examples and Figures (lines 409-460, 479-486, 503-544 in the revised version). 

Comment 3.3: Define how does the proposed algorithm differ computationally from existing algorithm in handling cyclic attack graphs, especially compared to Dijktra-type algorithms?

Our answer 3.3 Thank you for this insightful comment . We clarified this issue in the revised version in Section 2 ( lines 240-262). Also, we indicated that the proposed algorithm resembles the Dijkstra algorithm when it processes the OR nodes and it is distinct from Dikstra’s algorithm when it works with AND nodes on a cycle (lines 216-234 and 377-380).   

Comment 3.4: What is the reason behind the choice of AND/OR nodes for the model? What is the role of Bayesian inference in your approach? You have mentioned these probabilistic model but didn't explained how it is relevant to your method.

Our answer 3.4:  Thank you for this insightful comment. We clarified this issue in the revised version in Section 2 (lines 216-234, 240-262 ).  

We agree that the mentioning of the Bayesian inference is misleading, not relevant and is not needed. We removed the mentioning of Bayesian inference from the revised version. 

 Comment 3.5. The author mentioned cycles in attack graphs as potential problem in the model. Explain clearly, under what circumstances a cycle would be problematic. Include detailed experimental results and explain how the proposed algorithm resolved this cycles.

Our answer 3.5. Thank you for this insightful comment. We explained the above issues and added the required changes in sections 2 (lines 235-262). In addition, in answer to this suggestion of the Reviewer, in section 4 we add an example 5 illustrating the problematic cyclic situation when the proposed algorithm is unable to detect a attack path due to the cycle (lines 526-542).  

Comment 3.6. The column headings of the tables presented in the paper is unclear. Provide clear critical analysis for the table's content.

Our answer R3.6:  We added the explanations to column headings and to their contents everywhere in the paper.

Comment 3.7: Expand the discussion on how node and edge weights (representing attack times) are integrated into the algorithm. Provide examples of how weights affect attack path extraction.

Our answer 3.7: We agree with this comment and thank Reviewer 3 for this comment.   In the revised version,  we added a much more detailed explanations of the path-length computations in which we used the tables and the  explanations of computed values in the tables with the help of the times on nodes and edges. First of all, we explained that the weights in our paper mean the times (durations ) on nodes denoted and the times (durations) on edges denoted . 

Specifically, the explanations for the steps of the algorithm on the weighted graphs are given in Tables 1,2,3,5 and 8 in Sections 4 and 5. Explanations for the unweighted graphs are given in  Section 1, page 4, lines 175-178 and Section 4, p.14, lines 503-525; and Table 4, Fig. 5, respectively. In these explanations, we provided Tables 1-5,8 with computations of the Algorithm step-by-step and added detailed explanations of computations in these tables. Additionally, the impact of the weights on the extracted attack path is illustrated through a comparative analysis between Example 1 and Example 2.

Comment 3.8. Add more recent and relevant studies from 2022 to 2024 to show and analyze the advancement in this field.

Our answer R3.8: The literature survey was enhanced by including recent studies in the field. See, for instance, the new sources [43]-[44], [46], among others.  Totally revised paper contains 50 items, among them 2 items dated 2021 and 15 items dated 2022-2024.

Comment 3.9: A careful proofreading is required to correct minor spelling and grammatical errors throughout the manuscript.

Our answer 3.9: Done by an English native editor.

 

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

In the section Conclusions, it's better to add what problems were not solved using previous algorithms. This is the first result of the research.

Author Response

We sincerely thank anonymous Reviewer 2 for his/her comments. We have addressed the question in detail and responded to it here.

Reviewer 2:

Comment 2.1: In the section Conclusions, it's better to add what problems were not solved using previous algorithms. This is the first result of the research.

Our answer 2.1:  Following the recommendation of Reviewer 2, we expanded the  beginning of the Conclusion section and  emphasized that the main goal of the paper is to develop a fast and efficient (polynomial time) exact algorithm for solving the attack path extraction problem. We clarified that only heuristic and approximation algorithms for this problem were currently known.

Reviewer 3 Report

Comments and Suggestions for Authors

The current version of the paper appears to have been updated according to the previous reviewer comments. However, before final acceptance, consider the following minor improvements for further polish the revision.

·       While the author improved figures labeling and captions, double check it and add brief references within the text explaining what each figure represents.

·       Though author already performed proofreading, consider to perform a final proofreading that should focus on sentence structure, and transitions between sections could be improved for broader understanding.

The revised paper is much improved according to previous comments and ready for acceptance with minor changes.

Comments on the Quality of English Language

The quality of the English language in the document is generally good, but final proofreading required to improve the sentence formation for broader understanding.

Author Response

We sincerely thank anonymous Reviewer 3 for his/her comments.  

Reviewer 3 wrote:

The current version of the paper appears to have been updated according to the previous reviewer comments. However, before final acceptance, consider the following minor improvements for further polish the revision.

Comment 3.1: While the author improved figures labeling and captions, double check it and add brief references within the text explaining what each figure represents.

Our answer 3.1: Following the recommendations of Reviewer 3, in the revised version, we double checked figures’ labelling and captions and added brief explanations to each  figure in the text. In the revised version they are marked in blue.

Comment 3.2: Though author already performed proofreading, consider to perform a final proofreading that should focus on sentence structure, and transitions between sections could be improved for broader understanding.

Our answer 3.2: We conducted the final proofreading by an English native editor and changed the sentences’ structure where the editor recommended. We added the linking sentences in the text in the revised manuscript to make the transition between sections smoother.

Comment 3.3: The quality of the English language in the document is generally good, but final proofreading required to improve the sentence formation for broader understanding.

Our answer 3.3: We conducted the final proofreading by an English native editor and changed a  sentence’s structure where the editor recommended.

 Comment 3.4. The revised paper is much improved according to previous comments and ready for acceptance with minor changes.

Our answer 3.4. We sincerely thank anonymous Reviewer 3 for this  comment and his/her recommendations, which helped improve the presentation of the paper.

Back to TopTop