Magnets to Adversaries—An Analysis of the Attacks on Public Cloud Servers
Round 1
Reviewer 1 Report
Comments and Suggestions for Authors1. It is necessary to increase the quality of the figures.
2. Line 416, the "-" is incorrect. in this article:
Author Response
Please see the attachment
Author Response File: 
Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsThe manuscript presents very important research results of cybercriminal activities in the cloud environment of four big worldwide active cloud service providers. The attackers' activities are recorded and analysed using targeted honeypots. The manuscript not only describes the motives of the attackers, but also explains the different types of honeypots and their types of use in a very understandable way. This gives the reader a very good idea of the meaning and use of honeypots.
Chapter 3 describes the analysis results in detail and well understandable of a monitoring period of 70 days and gives a good impression of the intensity of cyber-attacks to cloud environments worldwide.
And finally, the manuscript provides in the chapter 4 and 5 a list of hints to improve system security derived from the research findings.
The manuscript is a very good presentation of cyber dangers in the cloud environment, written in an easy-to-understand manner. A good scientific work in general.
I would like to cite the following comments:
Figure 4: The figures of the geographic distribution of the adversaries should be displayed enlarged and with a better resolution.
Adversary / Attacker: The term “adversary” is used throughout the entire manuscript, except in the first section of Chapter 4.2 the term “attacker” is used. Both forms are correct, but is the use of the terms intentionally inconsistent?
Date of research data generation / References:
The research data was created about a year and a half ago, which is a bit confusing, but was clearly highlighted in the manuscript. Links in the references are sometimes incorrect or no longer valid as they also date from this time. In most cases, the inserted line break rendered the URL addresses invalid; This should be corrected in the final version. Here are two examples:
Reference [2]:
Incorrect link: https://aws.amazon.com/compliance/shared-responsibilitymodel/
Correct link: https://aws.amazon.com/compliance/shared-responsibility-model/
Reference [11]:
The access to this content has expired.
The links must be updated before publication of the manuscript.
The manuscript is written in a well readable and understandable manner.
From my point of view, the manuscript can be released for publication after a minor revision.
Author Response
Please see the attachment
Author Response File: Author Response.pdf
Reviewer 3 Report
Comments and Suggestions for AuthorsThe authors have built a honeypot system and ran it on four cloud providers for a period of 70 days. They used the attack information to derive attackers TTPs. The following comments are made to help improve this paper.
The references section show that a relatively small number of papers are referred to, and the paper lacks a related work section. An analysis of related academic papers is needed to explain the context of the research in this paper.
This paper lacks a statement of contribution.
This paper lacks a methodology section.
Has the author's honeypot code been made publicly accessible?
The paper does not reference or develop any theory. This is a basic requirement for an academic paper.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 4 Report
Comments and Suggestions for AuthorsMagnets to Adversaries – Analysis of the Attacks on Public Cloud Servers
This study designed a robust honeypot model that provides information on adversary behavior across multiple cloud platforms.
It is an interesting piece of work that was scientifically conducted and presented. All the same, the issue being addressed has existing knowledge domiciled in the field of deception technique. But in all, I commend the authors for their efforts and would advice they make efforts in addressing some of the minor issues provided below.
Line 110 - "honey pot" should be consistent.
Line 150 "Research from A. Barth et al" citation should be consistent.
I will suggest the authors work on the references. It does not at the moment follow any known standard.
Comments on the Quality of English Language
The use of English language and the presentation is fine but requires very minor editing to make for consistency.
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Reviewer 5 Report
Comments and Suggestions for AuthorsThe paper addresses an issue of significant importance, that is the identification and analysis of attacks by using a Honeypot.
My opinion is that the real novelty is the presentation and analysis of data that the honeypot collected, instead of proposing a framework for the protection of such servers. In this sense, I would highlight the novelty in respect in the state of the art. I suggest to divide the introduction and the State of the art in two different sections.
The result section can be more detailed, including more statistics and details on the attacks, that can be of interest for the readers.
The discussion section is not appropriate. The section only does trivial considerations (such as "cloud service providers are a magnet for adversaries") and gives common sense advices, that are present in a huge number of guidelines. Authors should also refer to existing guidelines in the discussion section.
Comments on the Quality of English LanguageOverall good
Author Response
Please see the attachment.
Author Response File: Author Response.pdf
Round 2
Reviewer 3 Report
Comments and Suggestions for AuthorsThe paper has improved following the last round of review, and I now recommend accept for publication.
Reviewer 5 Report
Comments and Suggestions for AuthorsAuthors have followed most of my advices. Overall, the quality of the paper is improved. There are several issues regarding formatting (images partialy hidden and so on), that should be solved before the final version.
