A Copula-Based Attack Prediction Model for Vehicle-to-Grid Networks
Round 1
Reviewer 1 Report
Dear Author/s, I find your study interesting and it was my pleasure to review it. The prediction method is well described and proposed and I find your work on the copula-based prediction method innovative. However, I would recommend its publication after a revision due to the comments as follows.
I feel like the theoretical background could be a bit more informative.
Please indicate the main goal of your paper in the introduction.
I feel that the inconsistent usage of many abbreviations in the text is making the paper very hard to read and understand. Please correct the usage of abbreviations, the first time you mention a term, it should be used a full term following an abbreviation within brackets, and then in the continuation one should either use only full terms or only abbreviations once it is introduced alongside the full term the first time, you should not mix and match full terms and abbreviations in the continuation. One of the examples within your paper include the usage of V2G abbreviation within an abstract and introduction, and then introducing the full term later on in the section 2 of the paper, following the usage of the abbreviation in the rest of the paper and then usage of only full term in the conclusion. The same is with IDS which is used as an abbreviation in the introduction, and then the full term is also in the section 2. Other examples include MitM, EV etc. Also, no matter how much some abbreviation is known, or the author/s believe it is known, one should always use the full term the first time it is mentioned (e.g. MSE, RMS, MAV, OSI etc.).
Please be clear when referring to ISO standards, e.g. it is not clear in section 2 that you refer to ISO standard. In addition, please provide a reference to that standard, although it is widely familiar, it still should be referenced if you call up on it in the text.
In section 2, you describe types of attacks, including denial of service, identify theft and rebound attack. However, later on (and in abstract) you refer to man in the middle, which is not described in section 2. Please describe all types of attacks that you refer to in the paper.
At the beginning of the section 3 you provide statistics for US investment in charging stations. What about other countries? I feel that maybe some other countries’ statistics could strengthen your point.
Please indicate the limitations of your study in the conclusion.
References should be formatted according to the Journal’s guidelines for authors (e.g. websites only have a link).
Author Response
Thank you for your interest in our article and thank you for the time you have taken to read it. We offer a point-by-point response to the comments.
| Comments | Corrections |
| I feel like the theoretical background could be a bit more informative. The comment is not clear | The comment is not clear |
| Please indicate the main goal of your paper in the introduction. |
Correction has been done paragraph 3 of the introduction (page 1) |
| I feel that the inconsistent usage of many abbreviations in the text is making the paper very hard to read and understand. Please correct the usage of abbreviations, the first time you mention a term, it should be used a full term following an abbreviation within brackets, and then in the continuation one should either use only full terms or only abbreviations once it is introduced alongside the full term the first time, you should not mix and match full terms and abbreviations in the continuation. One of the examples within your paper include the usage of V2G abbreviation within an abstract and introduction, and then introducing the full term later on in the section 2 of the paper, following the usage of the abbreviation in the rest of the paper and then usage of only full term in the conclusion. The same is with IDS which is used as an abbreviation in the introduction, and then the full term is also in the section 2. Other examples include MitM, EV etc. Also, no matter how much some abbreviation is known, or the author/s believe it is known, one should always use the full term the first time it is mentioned (e.g. MSE, RMS, MAV, OSI etc.). |
Correction has been done
abstract(page 1), introduction (page1), paragraph 1(page 2), paragraph 6(page 2), |
| Please be clear when referring to ISO standards, e.g. it is not clear in section 2 that you refer to ISO standard. In addition, please provide a reference to that standard, although it is widely familiar, it still should be referenced if you call up on it in the text. |
Correction has been done paragraph 6(page 3), |
| In section 2, you describe types of attacks, including denial of service, identify theft and rebound attack. However, later on (and in abstract) you refer to man in the middle, which is not described in section 2. Please describe all types of attacks that you refer to in the paper. |
Correction has been done paragraph 6(page 2), |
| At the beginning of the section 3 you provide statistics for US investment in charging stations. What about other countries? I feel that maybe some other countries’ statistics could strengthen your point. |
Correction has been done Last paragraph (page 2), |
| Please indicate the limitations of your study in the conclusion. |
Correction has been done paragraph 3 of the conclusion (page 12) |
| References should be formatted according to the Journal’s guidelines for authors (e.g. websites only have a link) |
Correction has been done References have a link |
Author Response File: 
Author Response.pdf
Reviewer 2 Report
Basically, this is a good research which can arose interest to the technical readers. However, the following points are the weaknesses which must be addressed or even rectified before publication.
1) The authors have mentioned that this research's inspiration came from intrusion detection system (IDS) and then they have focused on anomaly-based IDS in their subsequent research. This is a good approach because anomaly-based is much better than signature-based but the authors have forgotten about the outer layer, i.e. network-based (NIDS) or host-based (HIDS) which has not mentioned at all. Both of them can co-exist although they have advantages and disadvantages, e.g. NIDS is usually not susceptible to direct attack but it cannot analyze encrypted packets while HIDS can handle encrypted traffic but susceptible to direct attack. In other words, HIDS and NIDS are very different in detection and protection. Thus, which one have the authors selected to consider in the research?
2) I agree that DoS is quite harmful but it is not difficult to prevent or detect. Rather, DDoS is more difficult because it makes of millions of DoS attacks against a single victim, i.e. many-to-one attack while DoS is just one-to-one attack. Should the authors focus on DDos instead of DoS?
3) There are some typos or format needed to be brushed-up. For example, in page 2, in the sentence of "According to the 15118-1....", should the authors add "ISO" in front of '15118-1'? This is a kind of respect to the ISO which creates this standards. The other issue is quite strange in in-text citation, e.g. in page 4, in the sentence of "In [10}, Petros Toupas and al. ", would it be better to rewrite as "In [10], Petros et al." or "In [10], Petros and others".
4) Just for curiosity, why the short form for "charging station" is "se"? Should it be "cs"?
Author Response
Thank you for your interest in our article and thank you for the time you have taken to read it. We offer a point-by-point response to the comments.
| Comments | Corrections |
| The authors have mentioned that this research's inspiration came from intrusion detection system (IDS) and then they have focused on anomaly-based IDS in their subsequent research. This is a good approach because anomaly-based is much better than signature-based but the authors have forgotten about the outer layer, i.e. network-based (NIDS) or host-based (HIDS) which has not mentioned at all. Both of them can co-exist although they have advantages and disadvantages, e.g. NIDS is usually not susceptible to direct attack but it cannot analyze encrypted packets while HIDS can handle encrypted traffic but susceptible to direct attack. In other words, HIDS and NIDS are very different in detection and protection. Thus, which one have the authors selected to consider in the research? |
To design an IDS, two approaches are used: host-based IDS (HIDS) and network-based IDS (NIDS). In our paper, we use a NIDS approach.
|
| I agree that DoS is quite harmful but it is not difficult to prevent or detect. Rather, DDoS is more difficult because it makes of millions of DoS attacks against a single victim, i.e. many-to-one attack while DoS is just one-to-one attack. Should the authors focus on DDos instead of DoS? | DDoS and DoS are dangerous attacks. It is important to find solutions to protect against both. Our model protects against DoS and man-in-the-middle attacks. Currently, the proposed model does not consider DDoS attacks but precisely this DDOS attack will be part of our future study. |
| There are some typos or format needed to be brushed-up. For example, in page 2, in the sentence of "According to the 15118-1....", should the authors add "ISO" in front of '15118-1'? This is a kind of respect to the ISO which creates this standards. The other issue is quite strange in in-text citation, e.g. in page 4, in the sentence of "In [10}, Petros Toupas and al. ", would it be better to rewrite as "In [10], Petros et al." or "In [10], Petros and others". |
Correction has been done paragraph 6 (page 3) |
| Just for curiosity, why the short form for "charging station" is "se"? Should it be "cs"? |
Correction has been done paragraph 6 (page 3) |
Author Response File: Author Response.pdf
Reviewer 3 Report
The topic is interesting. The usefulness of the work is for people creating vehicle-to-grid networks.
The title should not contain abbreviations (e.g. V2G).
Present and past tense are mixed. The work should be given in Present tense (or Present Perfect tense); passive voice - where possible.
We propose a model -> A model is proposed
We generated a database -> A database is generated
Our model has... -> The created model has...
In [17] authors have proposed mathematical methods in order to fight against DoS-type attacks in the VANET network. These are "Root Mean Square", "Means Absolute Value methods", "Mean Squared Error" and "Logistic Regression Model".
Please, revise. Some of the elements are mathematical methods.
Page 5: let Y be a binary variable taking values 0 and 1, and let
X = (X1, . . . , Xd) be a vector of explanatory variables.
Some idea of the covariates should be given in part 4. The presentation of the model in part 4 should be precised. Other authors/researchers have to be able to test the proposed model with their data.
we obtains an equation. Poor English language. Some ego centrism.
we present our process. Please, revise.
The simulations were carried out -> The simulations are carried out
I mark some of the places in the document. Check for the word "we". We do this... We do that... Please, focus on the results - using Present Perfect Tense or Present tense with passive voice. These recommendations are taken from Oxford dictionaries, the section concerning academic writing.
Section 5. The fields (columns) of the database should be given.
The initial assumption for the use of 5 axis should be given. Some results are presented (fig. 3), but without the assumptions.
Fig. 4 shows a complete mess of variables with different time periods. If theses variables are put in one equation for predicting an attack, it is not OK from statistics perspective.
Presenting the results (section/part 6) without clear presentation of the covariates is not OK.
Author Response
Thank you for your interest in our article and thank you for the time you have taken to read it. We offer a point-by-point response to the comments.
| Comments | Corrections |
| The title should not contain abbreviations (e.g. V2G). |
Correction has been done (page 1) |
| We propose a model -> A model is proposed |
Correction has been done Abstract (page1) |
| We generated a database -> A database is generated |
Correction has been done Abstract (page1) |
| Our model has... -> The created model has... |
Correction has been done Abstract (page1) |
|
In [17] authors have proposed mathematical methods in order to fight against DoS-type attacks in the VANET network. These are "Root Mean Square", "Means Absolute Value methods", "Mean Squared Error" and "Logistic Regression Model". Please, revise. Some of the elements are mathematical methods. |
observations not clear |
|
Page 5: let Y be a binary variable taking values 0 and 1, and let Some idea of the covariates should be given in part 4. The presentation of the model in part 4 should be precised. Other authors/researchers have to be able to test the proposed model with their data. |
In section 4, our model was presented clearly and precisely. The proposed summary can help a researcher with mathematical notions to reproduce the model. For more details, the reader can be referred to the paper Mesfioui and al [18]. |
| we obtains an equation. Poor English language. Some ego centrism. |
Correction has been done paragraph 1(page 7) |
| we present our process. Please, revise. |
Correction has been done paragraph 3 of introduction(page 1) |
| The simulations were carried out -> The simulations are carried out |
Correction has been done paragraph 4(page 7) |
| I mark some of the places in the document. Check for the word "we". We do this... We do that... Please, focus on the results - using Present Perfect Tense or Present tense with passive voice. These recommendations are taken from Oxford dictionaries, the section concerning academic writing. | Correction has been done in the whole document |
| Section 5. The fields (columns) of the database should be given. |
paragraph 5(page 8) In the paper, we add a paragraph describes the columns of the database : « CICFlowMeter is recognized for its ability to generate datasets (database) relating to In view of the number of columns, we judged not to include it. In the paper we presented the significant variables. |
| The initial assumption for the use of 5 axis should be given. Some results are presented (fig. 3), but without the assumptions. |
We did not make any assumptions about the number of axis. The TANAGRA software has generated the number of axis automatically. TANAGRA stops at axis 5 because from axis 5, there is no correlation between the variables and the axis (if we look closely at the figure 3). |
| Fig. 4 shows a complete mess of variables with different time periods. If theses variables are put in one equation for predicting an attack, it is not OK from statistics perspective. | it is OK from statistics perspective if these variables have been transformed into discrete variables. This actually what has been done under TANAGRA. |
| Presenting the results (section/part 6) without clear presentation of the covariates is not OK | Section 6 presents the results from the prediction of the variable ATT(attack). We have chosen to present the prediction results of the ATT variable in confusion matrices. Confusion matrices are used to evaluate models. No need to quote variables here. |
Author Response File: Author Response.pdf
Round 2
Reviewer 3 Report
The authors have made appropriate corrections according to the reviewers' comments. The paper may be published in this form.
