Next Article in Journal
Impact of Coal Mining on the Moisture Movement in a Vadose Zone in Open-Pit Mine Areas
Previous Article in Journal
Exploring Strategic Directions of Pandemic Crisis Management: A Text Analysis of World Economic Forum COVID-19 Reports
Previous Article in Special Issue
Design of a Secure Energy Trading Model Based on a Blockchain
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sustainability
Volume 13
Issue 8
10.3390/su13084124
Review Report
sustainability-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Intelligent Access Control Design for Security Context Awareness in Smart Grid

Sustainability 2021, 13(8), 4124; https://doi.org/10.3390/su13084124
by Hyoungju Kim 1 and Junho Choi 2,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Sustainability 2021, 13(8), 4124; https://doi.org/10.3390/su13084124
Submission received: 8 February 2021 / Revised: 3 April 2021 / Accepted: 5 April 2021 / Published: 7 April 2021
(This article belongs to the Special Issue Human-Centric Urban Services)

Round 1

Reviewer 1 Report

This paper proposes an intelligent access control framework to understand the security context for the intelligent security management of the power system.

The main objectives are clearly stated, as well as the justification and added value of the paper.

The theory that support the study is well described.

The literature review is extensive and recent.

The data and the methods are adequately described.

The results are presented and are adequately summarized in the conclusions.

This paper maybe considered for publication in its present form.

Author Response

Please see the attachment.

Author Response File: Author Response.doc

Reviewer 2 Report

References are generally OK. However, I would expect more references to support the work.

Some paragraphs are not at all clear, it is difficult to understand what the authors want to transmit. ( Ex:  Physical attacks  are attack that use vulnerabilities in the source code and an attack using SQL injection, buffer overflow, etc “, “ The intelligent access control framework for security context awareness provides a security mechanism suitable for applications or systems based on security context awareness technology in power systems”, “ The intelligent access control framework comprises a security context information collection and an analysis engine that provide security context information collection and analysis as well as integration functions, in addition to an access control module that provides security policy configuration and management functions based on security context awareness.”, “When it is identified as a new attack pattern after comparing and analyzing it with the security attack pattern by collecting information regarding the security attack for all access requested by each system of the power system, this information is notified to each agent for an optimized intelligent access control policy to be automatically generated.”

 

The term “intelligent” is excessively used in Introduction.

 

Some ideas are repeatedly brought into attention without a justified need. (“malicious code infection, and information leakage”).

 

Some paragraphs are repeated, probably by mistake. In Introduction we have “ Structural attacks are attacks that use vulnerabilities in the architecture design of a system, such as attacks using protocols, authentication procedures, and weaknesses in system modularization. Physical attacks  are attack that use vulnerabilities in the source code and an attack using SQL injection,  buffer overflow, etc. In addition, external attacks include attacks using Trojan horses, viruses, and worms”. In 3.3 we have, again “Structural attacks are attacks that use vulnerabilities in the architecture design of the system, such as attacks using weaknesses in protocols, authentication procedures, and system modularization. Physical attacks are attacks that use vulnerabilities in the source code, such as attacks using SQL injection and buffer overflow. External attacks are attacks that use programs other than the target of attack, such as attacks using Trojan horses, viruses, and worms”

 

Figure 3 seems to be incomplete

Definitions for accuracy, precision, and recall are mathematically correct, but the text is somehow ambiguous. Ex.: “Accuracy, precision, and recall were used to evaluate the accuracy of the inference and the response to attacks”

More details about Datasets (Table 3) should be provided.

I am not sure that PID 3145 for the second process from table 4 is correct, please verify the previous process ID.

Again, I recommend revision for English, it is hard to understand “Whether the intelligent access control model has appropriately authorized access when detecting malicious codes was determined to verify the inference accuracy of the security context ontology-based access control.”

The authors should explain the improvement of Correct authorization rate form Table 5 with the increase of Number of malicious behaviors

I fail to understand line 3 form Table 7. According to my calculations we have: 212-207-4-7 = -6  (minus six) TN (True Negative) …….

Formula (1) introduced ACCURACY. In lines 291 and 292 the authors state: “Precision, recall, and F-measure, which is the sum of precision and recall, were used to evaluate accuracy”. I think this has to be explained, I could not find the accuracy in the paper.

The Conclusions are not well supported by experimental results. The simulation context is not well described.

The paper is written without much care for details and specific terminology.

Author Response

Please see the attachment.

Author Response File: Author Response.doc

Reviewer 3 Report

The authors described a very complex intelligent access control framework of the security context awareness service, enabling collaboration with smart grid environment. Although the topic is very interesting, the paper shows some weaknesses:

  • The state of art should be improved.
  • The system is based on (between other things) rule-based inference, but this part of system is not enough described, how many rules, or if they are complex semantic rules with parts based on parameters or several parts with different options... I need a number or something which shows the complexity of this rule-based inference part. It should be serveral rules to cover all possible cases.
  • Has the authors defined rules for the man-in-the-middle attack? Could it be tested with this framework?
  • The simulation is not clear, has the authors simulated the entire network and communications or only generated a dataset? Lack of description of generation of dataset, Is it random based? or is it based on real cases?

Strengths:

  • Good structure of paper
  • Interesting topic
  • Involves security topics related to smart grids.

Author Response

Please see the attachment.

Author Response File: Author Response.doc

Round 2

Reviewer 2 Report

For this second round, I updated only the opinions related to improvements made by the authors.

Most recommendations were implemented, I only have one concern related to Table 4. The authors should explain why we have two processes with the same PID (3145).

Overall, the paper was seriously improved since version 1. 

 

Author Response

Please see the attachment.

Author Response File: Author Response.doc

Back to TopTop