Next Article in Journal
Optimal Siting of EV Fleet Charging Station Considering EV Mobility and Microgrid Formation for Enhanced Grid Resilience
Next Article in Special Issue
E-MQTT: End-to-End Synchronous and Asynchronous Communication Mechanisms in MQTT Protocol
Previous Article in Journal
Temporal and Spatial Analysis of Deformation Monitoring of the Ming Great Wall in Shanxi Province through InSAR
Previous Article in Special Issue
Impact of Traditional and Embedded Image Denoising on CNN-Based Deep Learning
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 22
10.3390/app132212180
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Vulnerability Exploitation Risk Assessment Based on Offensive Security Approach

Appl. Sci. 2023, 13(22), 12180; https://doi.org/10.3390/app132212180
by Seong-Su Yoon 1, Do-Yeon Kim 1, Ka-Kyung Kim 1 and Ieck-Chae Euom 2,*
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Reviewer 4:
Muhammad Tanveer
Reviewer 5: Anonymous
Appl. Sci. 2023, 13(22), 12180; https://doi.org/10.3390/app132212180
Submission received: 7 October 2023 / Revised: 28 October 2023 / Accepted: 6 November 2023 / Published: 9 November 2023
(This article belongs to the Special Issue IoT in Smart Cities and Homes)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

1. Short forms such as 'don't ' should not be used in formal academic writing.  Such terms should be written in full,  for example,  'do '.

2. In in-text citations, surname of authors is sufficient. The initials of their names are not needed.

3. The results were not well discussed. Each finding should be discussed. The implications of each finding should be highlighted. 

4. Authors should also indicate how their findings compare and/or contrast the findings of prior related studies. 

5. The contributions of the study findings to theory and practice should be indicated. 

6. The limitations of the study were not provided 

7. The directions for further studies based on the limitations of the study were not stated 

8. The methodology of the study was not stated. 

Comments on the Quality of English Language

Minor revision is required 

Author Response

Please see the attachment

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

In your manuscript, I have following concerns:

1. Abstract of the article is written more generically. It must address the introduction, problem statement and then connect the proposed technique with problem statement.

2. What is the motivation of using proposed model?

3. There are some strange sentences in the paper. The authors should revise the use of English and secure the quality of the presentation.

4. The introduction is 'verbose' meaning that performs a kind of literature review failing, at the end, to depict the open research questions and how these are managed by the the current work. In my opinion, such a discussion could be incorporated into a separate section being extended to holistically cover the research subject.

5. Make all figures symmetric. They all are in different sizes (i.e., width), try to make figures of same width to improve the visual impact of article.

Comments on the Quality of English Language

English needs minor revision

Author Response

Please see the attachment

Author Response File: Author Response.docx

Reviewer 3 Report

Comments and Suggestions for Authors

In the present scholarly article, the authors have introduced a novel method for the assessment of exploit risk, which encompasses a triad of pivotal parameters, namely exploit chain risk, exploit code availability, and exploit usage probability. This innovative approach has been elaborated upon and subjected to empirical scrutiny via a pertinent case study. Nevertheless, certain refinements are recommended to augment the overall quality of the paper:

- The frequent deployment of the "X" and "O" symbols in this scientific exposition may potentially hinder the readability of the manuscript. Hence, it is advisable for the authors to employ the unambiguous terms "Yes" or "No" to facilitate comprehension for the readers.

- The preponderance of web-based references throughout the paper could diminish its scholarly standing, as the research question under consideration may not warrant an exhaustive range of publications in recent years.

In order to enhance the clarity and verifiability of the research presented, the - authors ought to provide a more comprehensive elucidation of the "CVE-2023-36844" case study, as no citations to corroborating sources were included.

- To fortify the rigor of the article's evaluation, it is recommended that the authors undertake a comparative analysis with the most current scholarship in the field, elucidating the strengths and weaknesses of their work in relation to the existing body of literature.

Comments on the Quality of English Language

English is good enough.

Author Response

Please see the attachment

Author Response File: Author Response.docx

Reviewer 4 Report

Comments and Suggestions for Authors

Here are a few suggestions to improve the quality of the paper:

 

The abstract of the paper does not provide a complete insight into its objectives.

 

Notations and abbreviations in the paper lack proper definitions. Consistently define these terms.

 

Elaborate on the concepts of CVSS baseline scores and the temporal aspect.

 

Enumerate the primary contributions of the paper related to IoT or IIoT.

 

The quality of the figures is subpar. Make efforts to enhance the visual quality of the paper.

 

Provide explanations for terms like "base metric group" and "threat metric group."

 

Replace the term "this chapter" with "this paper."

The conclusion should be oriented towards scientific discoveries and requires revision.

What is the methodology used to calculate the priority and weight in Table-3?

 

Comments on the Quality of English Language

NA

 

 

Author Response

Please see the attachment

Author Response File: Author Response.docx

Reviewer 5 Report

Comments and Suggestions for Authors

This work is aimed at addressing the limitation of the current general vulnerability assessment framework in that it does not consider weaponization after vulnerability discovery and does not adequately reflect the possibility of exploitation in the real environment.  From an offensive security perspective, this work proposes three metrics:  exploit chain risk, exploit code availability, and exploit usage probability to calculate an exploit risk score. There are some minor comments need to be addressed.

1, To validate the contribution of each metric, ablation studies should be conducted to verify the performance of alternative combinations of the proposed three metrics, i.e., any two of them, or one of them.

2, It's better to discuss the relationship between the task this work is addressing and the adversarial attack, especially that with impercetible perturbations to the original signal [1].

[1] Perceptual Attacks of No-Reference Image Quality Models with Human-in-the-Loop. Advances in Neural Information Processing Systems, 2022.

Author Response

Please see the attachment

Author Response File: Author Response.docx

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

The revised manuscript is satisfactory 

Reviewer 3 Report

Comments and Suggestions for Authors

All my comments have been taken into account. The authors have tried to answered and added sufficient data for solve my concerns.

Therefore, I suggest the paper should be accepted for publication from this form.

Comments on the Quality of English Language

English is good for publishing

Reviewer 4 Report

Comments and Suggestions for Authors

Na

Back to TopTop