Ontology-Based Knowledge Representation in the IoT Cybersecurity System

This manuscript presents an 'Application Report' that focuses on the use of Semantic Web technologies in the field of IoT cybersecurity. The paper addresses the importance and relevance of this application through well-structured discussions. The authors successfully demonstrate the potential impact of ontology-based knowledge representation in enhancing the cybersecurity of IoT systems.

The clarity and readability of the paper are commendable. The key ideas regarding the application of Semantic Web technologies are effectively conveyed to the reader. The paper presents convincing evidence of the quality and impact of the described application, supported by relevant references and conceptual frameworks.

The data file provided by the authors under the "Long-term stable URL for resources" has been assessed. The provided resources are well-organized and appear to be complete for the replication of experiments. The README file enhances the accessibility and understandability of the data artifacts.

The chosen repository for the data file is appropriate for long-term repository discoverability. The authors have made adequate efforts to ensure the completeness of the provided data artifacts.

In conclusion, this 'Application Report' provides a comprehensive overview of the use of Semantic Web technologies in IoT cybersecurity. The manuscript is well-structured, clear, and impactful. The authors have successfully met the criteria outlined for the review of this application. It is recommended that the paper be accepted with minor revisions.

The paper presents an application for cybersecurity among citizens in the IoT domain, which relies on monitoring IoT devices in the vicinity of mobile devices hosting the application. An ontology is presented that models aspects relating to device characteristics and knowledge extracted from assessing and grouping the scanned devices. The application is quite interesting, but the justification for using Semantic Web technologies is not clear, as the application appears to be a closed system.

Paper overall is well-written, but the data (i.e. ontology) needs to be reviewed. Ontology annotations are quite minimal, which makes it harder to follow.

Ontology:
Datatype properties need to be better classified. There are too many direct sub-properties under each "Level" which should be added further down the hierarchy. Please refer to Ontology Development 101: A Guide to Creating Your First Ontology (subsection on "How many is too many and how few are too few?").

An example approach would be:

hasLevel1Score
hasCveCvssTotalScore
hasEcCouncilAttack
hasPhaseDetectedClearingTracks
hasPhaseDetectedGainingAccess
...
hasGdpr
hasBiometricDataBreachProbability
hasCrossBorderProcessingProbability
...

N.B: this is just an example.

The ontology does not reuse any vocabulary form other ontologies, which indicates there is not much effort towards interoperability.

Section 6: what are the characteristics that represent a granule? are they defined?

Line 40: (Grammar) "you can use the free OntoMetrics tool...". Please change to either "we used..." or "...was used".

In section 5, please provide a discussion or reflection on the metrics used to evaluate the ontology, not just stating them. Are there any concerns or possible improvements, or suggestions on how to evolve the ontology? What impact do these metrics have on the system when it comes to storage and querying?

Overall, what are the benefits of converting information to SW specifically for the application, sine it appears to be a closed system? This needs to be clear in the paper.