The Next Generation Cognitive Security Operations Center: Adaptive Analytic Lambda Architecture for Efficient Defense against Adversarial Attacks

Round 1

Reviewer 1 Report

The proposal introduces a novel Adaptive Lambda Architecture based on machine learning enablers for analysing mixture batch and streaming data focusing on a pair of popular solutions: Extreme learning Machines (ELM) and k-NN classifiers. Although the submission is interesting, it presents deficiencies that must be solved prior to its acceptance, being the need for a document reorganization, the first of them. The following points out some suggested modifications:

Overall the writing is not bad. However, there are several grammar/spelling issues that should be fixed.

The introduction does not clearly presents the motivation and the document contents; It must enumerate the main research contributions, and must be shorted, in this way moving most of the specific discussions to the “Related Works” section.

The Section Relates works should include a Table that summarizes the reviewed literature regarding Lambda Architectures applied to INFOSEC/COMSEC

The framework design methodology should be explicitly indicated, highlighting its primary/secondary goals, requirements/assumptions, limitations, null/alternative hypothesis of the research, etc.

Section 4 "methodology" seems to only describe well-known ML algorithms, not a Methodology itself. 

There are so much unnecessary auto-citations.

Author Response

Dear Reviewer

We deeply appreciate the time and effort you have spent in reviewing our manuscript. Your comments are very helpful for revising and improving our paper much further. We are providing the answers to your comments below.

Cordially

Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, Lazaros Iliadis

1)      Overall the writing is not bad. However, there are several grammar/spelling issues that should be fixed.

Ans.1 We have rearranged the entire paper and have improved the usage of the English language of the entire manuscript. The paper reads much better now. Thank you for the remarks and for the careful reading.

2)      The introduction does not clearly present the motivation and the document contents; It must enumerate the main research contributions and must be shorted, in this way moving most of the specific discussions to the “Related Works” section to clearly presents the motivation and the main research contributions of the paper.

Ans.2 Thank you for this constructive comment. We have rearranged the Introduction section and we have moved some discussions to the “Related Works” section so that the main research contributions and the motivation of the paper to represent more clearly. Now the paper is self-consistent.

3)      The Section Relates works should include a Table that summarizes the reviewed literature regarding Lambda Architectures applied to INFOSEC/COMSEC.

Ans.3 We have added detailed information that summarizes the reviewed literature regarding Lambda Architectures applied to INFOSEC/COMSEC in the “Related Works” section and we have discussed the literature review thoroughly. Thank you for this comment.

4)      The framework design methodology should be explicitly indicated, highlighting its primary/secondary goals, requirements/assumptions, limitations, null/alternative hypothesis of the research, etc.

Ans.4 Thank you for the remarks and for the careful reading. We have rearranged the entire paper and have improved a lot the methodology and the work presented has improved to a level acceptable for the readership and the scientific standing of this journal.

5)      Section 4 "methodology" seems to only describe well-known ML algorithms, not a Methodology itself.

Ans5. Implementing model is based on the optimal usage and the combination of reliable algorithms, which create a complete machine learning framework in order to solve a real and extremely complex cybersecurity problem. The proposed method is a meta-algorithmic approach that combines two sophisticated machine learning techniques into one architecture model in order to decrease variance, bias and finally improve the accuracy of the prediction. Also, the proposed lambda framework that can analyze a mixture of batch and streaming data produces more stable models, as the overall behavior of multiple models is less noisy than a corresponding single one and offer generalization. In machine learning, generalization denotes to the aptitude of a model to be effective across a variety of inputs. Specifically, the proposed method has the ability to fit unseen patterns like zero-days malware or adversarial attacks. For this point of view, the proposed methodology is a major innovation that significantly improves the performance of the SOC/NOC, against sophisticated attacks. In addition, scientifically, the originality and contribution of the paper are described in the new section 7.1 “Innovation”.

6)      There are so much unnecessary auto-citations.

Ans.6 We would like to thank the reviewer for this comment that gives us the chance to clarify things further. This study has emerged after extensive and long-term research about the network forensics process with cyber-security methodologies and specifically about the network traffic analysis, demystification of malware traffic and encrypted traffic identification. We believe it is necessary to cite all these approaches.  

Reviewer 2 Report

The authors study a security operation center and propose an active security strategy that adopts a method including ingenuity, data analysis, processing and supporting decision-making to face with a variability of cyber hazards. The authors introduce a \lamda Architecture Network Flow Forensics Framework to deal with adversarial attacks. The paper is overall written in a very verbose manner with too many buzz words rather than clear contribution and fundamental theoretical background. The authors mix together too many notions that are catchy words nowadays, such as cyber, security, data analysis, network flow, machine learning, cognitive cybersecurity, etc. without really dealing with all those buzzwords in their analysis. Moreover, the introduction (Section 1) is too long with a very general discussion and without practically explaining what is the real problem that the authors address, what is its practical meaning, and where it can be applied. The provided literature review is non-existing. The authors cite a set of papers without examining or explaining what other researchers have already done in the literature. I doubt that the research works [16]-[24] (9 papers!) and [25]-[31] (7 papers!) are proposing exactly the same research thrusts. The paper lacks theoretical background, as none of the proposed methods are new or proposed by the authors, rather than they already exist in the literature. My main concern also is that this research work is not a good fit to the topics of the journal. Overall, a very poorly written paper and proposed research. The authors should rewrite the manuscript via showing at the beginning which are their contributions, what is the research gap that they try to fill, what has already been done in the literature and justify why the proposed research is novel and where it can be applied. None of those questions is currently addressed in the manuscript. 

Author Response

Dear Reviewer

We deeply appreciate the time and effort you have spent in reviewing our manuscript. Your comments are very helpful for revising and improving our paper much further. We are providing the answers to your comments below.

Cordially

Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, Lazaros Iliadis

    

1) The paper is overall written in a very verbose manner with too many buzz words rather than clear contribution and fundamental theoretical background. The authors mix together too many notions that are catchy words nowadays, such as cyber, security, data analysis, network flow, machine learning, cognitive cybersecurity, etc. without really dealing with all those buzzwords in their analysis.

Ans1. We would like to thank the reviewer for this comment that gives us the chance to clarify things further. The paper is an applied research paper that deals with solving practical problems such as a critical cybersecurity issue. The proposed framework implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming data, using two accurate novel computational intelligence algorithms. According to the scope of the Journal that is something highly significant and of particular value.

2)      Moreover, the introduction (Section 1) is too long with a very general discussion and without practically explaining what is the real problem that the authors address, what is its practical meaning, and where it can be applied.

Thank you for this helpful comment. We have rearranged the Introduction section and we have transferred some discussions to the “Related Works” section so that the main research contributions and the motivation of the paper to represent more clearly. Now the paper is self-consistent.

3)      The provided literature review is non-existing. The authors cite a set of papers without examining or explaining what other researchers have already done in the literature. I doubt that the research works [16]-[24] (9 papers!) and [25]-[31] (7 papers!) are proposing exactly the same research thrusts.

Thank you for this constructive comment. We have rearranged the “Related Works” section of the paper and we have discussed the literature review thoroughly. Also, we have added detailed information that summarizes the reviewed literature regarding Lambda Architectures applied to INFOSEC/COMSEC. 

4)      The paper lacks theoretical background, as none of the proposed methods are new or proposed by the authors, rather than they already exist in the literature.

We have rearranged the entire paper and have improved a lot the presentation and the background of the entire manuscript and the work presented has improved to a level acceptable for the readership and the scientific standing of this journal. In addition, scientifically, the originality and contribution of the paper are described in the new section 7.1 “Innovation”.

5)      My main concern also is that this research work is not a good fit to the topics of the journal.

Ans5. The paper is an applied research paper that deals with a practical real cybersecurity problem. Applied research is the practical application of science. It accesses and uses accumulated theories, knowledge, methods, and techniques, for a specific purpose. According to the scope and the aims of the Journal that is something highly significant and of particular value. Thank you for this valuable comment.

6)      Overall, a very poorly written paper and proposed research. The authors should rewrite the manuscript via showing at the beginning which are their contributions, what is the research gap that they try to fill, what has already been done in the literature and justify why the proposed research is novel and where it can be applied. None of those questions is currently addressed in the manuscript.

Ans6. Thank you for the remarks and for the careful reading. We have rearranged the entire paper and have improved a lot the presentation of the entire manuscript and the work presented has improved to a level acceptable for the readership and the scientific standing of this journal. Now the paper is self-consistent.

Reviewer 3 Report

This manuscript proposed a new intelligent Cognitive Computing SOC to face in real time cyber security incidents with minimal human intervention. Besides, machine learning techniques were employed to analyse the batch data and examine the patterns from the real-time streams. The experimental results proved that It is a forensics tool for big data that can enhance the automate defense strategies of the SOCs to effectively respond to the threats facing their environments. Overall, the topic of this article is interesting and the paper is well structured and written. I suggest that it can be published in BDCC if the authors can well address the following comments:

1. Figure 2 is not clear. Please redraw this figure.

2. The authors should provide more details of the developed machine learning models. For example, ELM, ANN and SVM. How are model parameters defined and selected?

3. I want to know whether the machine learning model will be over-fitted. How can the authors avoid this phenomenon in the model training.

4. There are several typos that affect the quality of manuscript. Please revise them.

Author Response

Dear Reviewer

We deeply appreciate the time and effort you have spent in reviewing our manuscript. Your comments are very helpful for revising and improving our paper much further. We are providing the answers to your comments below.

Cordially

Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, Lazaros Iliadis

1)      Figure 2 is not clear. Please redraw this figure.

Ans.1 We have redrawn the figure. The depiction of the proposed model reads much better now. Thank you for this helpful comment.

2)      The authors should provide more details of the developed machine learning models. For example, ELM, ANN and SVM. How are model parameters defined and selected?

Ans2. Thank you for the helpful comment. The architectures, hyper-parameter settings, and training techniques are presented and discussed thoroughly in the 4 “Methodology” section.

3)      I want to know whether the machine learning model will be over-fitted. How can the authors avoid this phenomenon in the model training.

Ans3. This is a very interesting comment. The 10-fold cross validation that is employed to measure performance indices it is a substantiation about the validity of the method. Also, we have presented the most well know classification performance metrics to prove that the proposed models avoid overfitting.    

4)      There are several typos that affect the quality of manuscript. Please revise them.

Ans.4 We have rearranged the entire paper and have improved the usage of the English language of the entire manuscript. Thank you for the remarks and for the careful reading.

Reviewer 4 Report

Please see attached file.

Comments for author File: Comments.pdf

Author Response

Dear Reviewer

We deeply appreciate the time and effort you have spent in reviewing our manuscript. Your comments are very helpful for revising and improving our paper much further. We are providing the answers to your comments below.

Cordially

Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, Lazaros Iliadis

1)      One minor issue is that probably authors should add some subsections in section 3 in order to cluster the corresponding text. For example, 3.1 could be Network forensics, 3.2 Batch processing, 3.3 Stream Processing, etc.

Ans.1 Thank you for this helpful comment. We have rearranged the section 3 in 4 parts: 3.1 Network forensics, 3.2 Batch Processing, 3.3 Stream Processing and 3.4 The Proposed Approach.

2)      What is more, I think that the technical content could be enriched with use of the resulting pseudocode of the proposed schema.

Ans.2 The overall process is presented in Algorithm 1 below.

3)      Furthermore, it will be much advised for the authors to provide details regarding the system infrastructure, e.g. in what experiments is WEKA employed (or any other tool for classification measures, etc)?

Ans.3 We would like to thank the reviewer for this comment that gives us the chance to clarify things further. In all simulations, the testing hardware and software conditions are listed as follows: Laptop Intel-i7 2.4G CPU, 16G DDR3 RAM, Ubuntu 18.04 LTS, Anaconda Python Data Science Platform, TensorFlow Python environment, Python Scikit-learn package. We have added details about hardware and software simulation environment in the “Result” section.

4)      Authors could also add a table regarding the datasets characteristic instead of the paragraph that lies in page 11. This way, readers could better appreciate the different aspects that each concrete dataset has. Also, a link for the datasets could also be included. Perhaps authors could report the structure of the survey results.

Ans.4 Thank you for the remarks. The full list of the 30 data features is detailed in Table 1. Also, there are references for the way in which produced the data features.

5)      Regarding section 6, it is much advised for authors to add two different subsections; the first one for the classification performance and the second for Kappa statistic.

Ans.5 We have rearranged the “Result” section of the paper in two parts: 6.1 Batch Data Classification Performance and 6.2 Streaming Data Classification Performance. The results read much better now. Thank you for this constructive comment.

6)      Some minor spell checks:

a.       - Line 113 The analysis of very large volume of data is time-consuming

b.       - Line 347 The detailed extraction process [47] that includes the appropriate features, which can identify

c.       - Line 351 dataset that contained 30 independent

d.       - Line 407 The following tables 7, 8, 9, 10 and 11 present the results

Ans.4 Thank you for the careful reading. We have rearranged the entire paper and have improved the usage of the English language of the entire manuscript. 

Round 2

Reviewer 2 Report

The authors have NOT addressed the comments of the previous review round. The changes are minimal and not really addressing the comments raised by the reviewer. The answer to the reviewer's comments is vague and includes too general statements. The authors should revisit the previous review and address sufficiently the comments. However, based on the reviewer's judgment, this paper is of very low quality to be published in this journal and does not provide any scientific contribution to the readers.

Author Response

Dear Reviewer

We would like to thank you for reviewing our manuscript and for the positive and helpful comments regarding our manuscript. We have revised the manuscript taking into account all the comments to improve the readability of the research paper. We believe these changes have strengthened the rationale and importance of our study.

May this Christmas end the present year on a cheerful note and make way for a fresh and bright New Year. Here’s wishing you a Merry Christmas and a Happy New Year!

Cordially

Konstantinos Demertzis, Nikos Tziritas, Panayiotis Kikiras, Salvador Llopis Sanchez, Lazaros Iliadis

Reviewer

The authors have NOT addressed the comments of the previous review round. The changes are minimal and not really addressing the comments raised by the reviewer. The answer to the reviewer's comments is vague and includes too general statements. The authors should revisit the previous review and address sufficiently the comments. However, based on the reviewer's judgment, this paper is of very low quality to be published in this journal and does not provide any scientific contribution to the readers.

We have provided a point-by-point response to all the comments below.

1)      The paper is overall written in a very verbose manner with too many buzz words rather than clear contribution and fundamental theoretical background. The authors mix together too many notions that are catchy words nowadays, such as cyber, security, data analysis, network flow, machine learning, cognitive cybersecurity, etc. without really dealing with all those buzzwords in their analysis.

Ans1. We appreciate the reviewer’s constructive suggestion which will help to clarify the goal of the manuscript and avoid confusion from the readers. The paper is an applied research paper that deals with solving practical real problems such as a critical cybersecurity issue. The proposed data analysis framework implements the Lambda machine learning architecture that can analyze a mixture of batch and streaming network flow data, using two accurate novel computational intelligence algorithms to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification for efficient defense against adversarial attacks. In machine learning models, the training and test data are expected to be produced from the identical although probably unidentified distribution that means to be very sensitive to the slight changes in the input or a series of specific transformations.  Most of those sensitivities under certain circumstances may lead to altering the behavior of the machine learning algorithms. Specifically, security of machine learning systems are vulnerable to crafted adversarial examples, which may be imperceptible to the human eye, but can lead the model to misclassify the output. In recent times, different types of adversaries based on their threat model leverage these vulnerabilities to compromise a machine learning system where adversaries have high incentives. An Adversarial Attack is an attempt to malicious operates the input data or manipulating specific weaknesses of machine learning procedures to compromise the entire security system. Hence, it is extremely important to provide robustness to machine learning algorithms against these adversaries. The proposed implementation follows a reactive cyber security strategy for dealing with adversarial attacks as it combines training of two counter diametrically opposite classifiers to detect incoming contrasts and to discard them.

Unlike other single traffic analysis methods that have been presented in the past, the λ-NF3 is an effective and accurate network framework that offers intelligent network flow forensics methods, aiming to be used by the Next Generation Cognitive Security Operations Centers. The basic innovation of the proposed methodology is the combination for the first time in a hybrid machine learning framework two sophisticated algorithms. The proposed system was tested and evaluated on real-world datasets of high complexity, that emerged after extensive research about the network behavior. The markable results of the real data experiments that we have presented in section 6. “Results” and the generalization of the system meaningfully support the proposed methodology, although the degree of difficulty and realism that has been added has formed extremely multifactorial questions of exhaustive examination and reproduction. To conclude the proposed intelligence-driven method, with the hopeful outcomes that have emerged, creates a reliable advanced application for the tactic of improved cybersecurity infrastructures. According to the scope of the Journal that is something highly significant and of particular value.

2)      Moreover, the introduction (Section 1) is too long with a very general discussion and without practically explaining what is the real problem that the authors address, what is its practical meaning, and where it can be applied.

Thank you for this helpful comment. We have rearranged the Introduction section as you can see in the manuscript and we have transferred some discussions to the “Related Works” section so that the main research contributions and the motivation of the paper to represent more clearly. As you suggested, we have explained thoroughly the real problem that dealing the manuscript, what is its practical meaning, and where it can be applied. Specifically, we added in the introduction the following paragraph that summarizes the suggested points:

“This paper proposes the development of an innovative λ-Architecture Network Flow Forensics Framework (λ-NF3) to Network Traffic Analysis, Demystification of Malware Traffic and Encrypted Traffic Identification for efficient defense against adversarial attacks. Unlike other single traffic analysis methods that have been presented in the past [4] [5] [6], The λ-NF3 is an effective and accurate network administration system that offers intelligent network flow forensics methods, aiming to be used by the NGC2SOCs that can work without the need of human experience and the opinion of experts in order to evaluate and minimize potential cyber threats. Also, a basic innovation of the proposed methodology is the combination for the first time in a hybrid machine learning framework two sophisticated algorithms. The proposed framework employs a specific version of the Lambda architecture combines Extreme Learning Machine with Gaussian Radial Basis Function kernel (ELM/GRBFK) for the batch data classification and KNN Classifier with Self Adjusting Memory (SAM/k-NN) in order to investigate real-time data streams. Lambda architecture was chosen, as in multifactorial problems of high complexity of large data sets such as the one under consideration, the outcomes of the estimation are multi-variable, especially with respect to analysis and integration of network data flows. This implementation follows a reactive cyber security strategy for dealing with adversarial attacks as it combines training of two counter diametrically opposite classifiers to detect incoming contrasts and to discard them. Also, it important to highlighted that the proposed novel scheme offers high learning speed, ease of execution, minimal human involvement, and minimum computational power and resources”. Now we believe the paper is self-consistent.

3)      The provided literature review is non-existing. The authors cite a set of papers without examining or explaining what other researchers have already done in the literature. I doubt that the research works [16]-[24] (9 papers!) and [25]-[31] (7 papers!) are proposing exactly the same research thrusts.

Thank you for this constructive comment. We have rearranged the “Related Works” section of the paper and we have discussed the literature review thoroughly. Also, we have added detailed information that summarizes the reviewed literature regarding Lambda Architectures applied to INFOSEC/COMSEC. The [16]-[24] are auto-citations. This study has emerged after extensive and long-term research about the network forensics process with cyber-security methodologies and specifically about the network traffic analysis, demystification of malware traffic and encrypted traffic identification. The proposed study summarizes some of the most important suggestions and improvements to all our prior research. We believe it is necessary to cite all these approaches. Also, we have explained thoroughly the [25]-[31] papers as follows: “Significant work has been done using various machine learning methods in various domains such as the [25] study that demonstrated that vulnerabilities can be predicted using an SVM model based on a set of code metrics for a specific Android application. The classification model exhibits good performance in terms of both accuracy and precision. But this study applied to a limited pool of applications and a few numbers of Android versions. Also, Shabtai et al. [26] propose a heuristic approach to static analysis of Android applications based on matching suspicious applications with the predefined malware models. Static models are built from Android capabilities and Android Framework API call chains used by the application. All the analysis steps and model construction are fully automated. But the proposed method has smaller detection coverage with randomly chosen malware models. In addition, in the [27] the authors propose an analyzing inter-application communication tool that detects application communication vulnerabilities. The proposed model can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users. The authors analyzed 20 applications and found 34 exploitable vulnerabilities; 12 of the 20 applications have at least one vulnerability. This shows that applications can be vulnerable to attack and that developers should take precautions to protect themselves from these attacks. Burguera et al. [28] propose a behavior-based and the Glodek at al. [29] permissions-based malware detection system, however, the classification performance of both studies are severely affected by limited supervised information and unknown applications. On the other hand, Zhang et al. [30], a new method to tackle the problem of unknown applications in the crucial situation of a small supervised training set. The proposed method possesses the superior capability of detecting unknown flows generated by unknown applications and utilizing the correlation information among real-world network traffic to boost the classification performance. A theoretical analysis is provided to confirm the performance benefit of the proposed method. Moreover, the comprehensive performance evaluation conducted on two real-world network traffic datasets shows that the proposed scheme outperforms the existing methods in the critical network environment. Malware attacks are increasingly popular attack vectors in online crime. As trends and anecdotal evidence show, preventing these attacks, regardless of their opportunistic or targeted nature, has proven difficult: intrusions happen, and devices get compromised, even at security-conscious organizations. Therefore, an alternative line of work has focused on detecting and disrupting the individual steps that follow an initial compromise and that are essential for the successful progression of the attack. A number of approaches and techniques have been proposed to identify the Command & Control (C2) channel that a compromised system establishes to communicate with its controller. The success of C2 detection approaches depends on collecting relevant network traffic. As traffic volumes increase this is proving increasingly difficult. Gardiner et al. [31], analyses current approaches of ISP-scale network measurement from the perspective of C2 detection and discuss a number of weaknesses that affect current techniques and provide suggestions for their improvement.”

4)      The paper lacks theoretical background, as none of the proposed methods are new or proposed by the authors, rather than they already exist in the literature.

We have rearranged the entire paper and have improved a lot the presentation and the background of the entire manuscript and the work presented has improved to a level acceptable for the readership and the scientific standing of this journal. Specifically, implementing model is based on the optimal usage and the combination of reliable algorithms, which create a complete machine learning framework in order to solve a real and extremely complex cybersecurity problem. The proposed method is a meta-algorithmic approach that combines two sophisticated machine learning techniques into one architecture model in order to decrease variance, bias and finally improve the accuracy of the prediction. Also, the proposed lambda framework that can analyze a mixture of batch and streaming data produces more stable models, as the overall behavior of multiple models is less noisy than a corresponding single one and offer generalization. In machine learning, generalization denotes to the aptitude of a model to be effective across a variety of inputs. The proposed method has the ability to fit unseen patterns like adversarial attacks or zero-days malware. For this point of view, the proposed methodology is a major innovation that significantly improves the performance of the SOC/NOC, against sophisticated attacks. Also, the architectures, hyper-parameter settings, and training techniques are presented and discussed thoroughly in the 4 “Methodology” section. we rearranged the “Description of the Proposed Framework” in 4 parts: 3.1 Network forensics, 3.2 Batch Processing, 3.3 Stream Processing and 3.4 The proposed Approach in order clarify further the background of the study. In addition, we have enriched the technical background content with use of the resulting pseudocode to the proposed methodology schema. We have added details about hardware and software simulation environment in the “Result” section. Moreover, the full list of the 30 data features is detailed in Table 1 and we have added references for the way in which produced the data features. Finally, scientifically, the originality and contribution of the paper are described in section 7.1 “Innovation”.

5)      My main concern also is that this research work is not a good fit to the topics of the journal.

Ans5. The paper is an applied research paper that deals with a practical real cybersecurity problem. Applied research is the practical application of science. It accesses and uses accumulated theories, knowledge, methods, and other most know techniques, for a specific purpose. Applied research is contrasted with pure research (basic research) in a discussion about research ideals, methodologies, programs, and projects. Also applied research deals with solving practical problems such as into consideration and generally employs empirical methodologies. Since applied research has a provisional close-to-the-problem and close-to-the-data orientation, it may also use a more provisional conceptual framework such as working hypotheses or pillar questions. We strongly believe that applied research that solves a real problem it is a very interesting approach that has particular value to the scientific community. Also, according to the scope and the aims of the Journal that is something highly significant and of particular value.

6)      Overall, a very poorly written paper and proposed research. The authors should rewrite the manuscript via showing at the beginning which are their contributions, what is the research gap that they try to fill, what has already been done in the literature and justify why the proposed research is novel and where it can be applied. None of those questions is currently addressed in the manuscript.

Ans6. Thank you for the remarks and for the careful reading. We have rearranged the entire paper almost 60% and have improved a lot the presentation, the background and the discussion of the entire manuscript and the work presented has improved to a level acceptable for the readership and the scientific standing of this journal. All sections have rearranged and rewrite according to the reviewer’s comments and suggestions. Specifically, we have rearranged the introduction section and now includes which are their contributions, what is the research gap that we try to fill. Also, in the related review section, we have discussed thoroughly what has already been done in the literature. Finally, we have clarified further why the proposed research is novel and where it can be applied. Now the paper is self-consistent.

Round 3

Reviewer 2 Report

The authors have addressed the reviewer's comments. The manuscript is of average quality and contribution to the research community.