All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
Congratulations! I am writing to inform you that your manuscript - An intelligent anomaly detection system for IoT using a hybrid metaheuristic evolutionary strategy - has been Accepted for publication.
[# PeerJ Staff Note - this decision was reviewed and approved by Shawn Gomez, a PeerJ Section Editor covering this Section #]
The author addressed carefully all the comments and suggestions.
The author addressed carefully all the comments and suggestions.
The author addressed carefully all the comments and suggestions.
The author addressed carefully all the comments and suggestions.
N/A
N/A
N/A
n/A
**PeerJ Staff Note:** Please ensure that all review, editorial, and staff comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
**Language Note:** The review process has identified that the English language must be improved. PeerJ can provide language editing services - please contact us at [email protected] for pricing (be sure to provide your manuscript number and title). Alternatively, you should make your own arrangements to improve the language quality and provide details in your response letter. – PeerJ Staff
1. Avoid defining an acronym more than once in the manuscript. For example, "IoT" and "Whale Optimization Algorithm" are defined multiple times.
2. Define all acronyms upon their first use (e.g., Whale Optimization Algorithm, DDoS, DNS, MITM).
3. Maintain consistent capitalization when defining acronyms. Acceptable styles include capitalizing the first letter of each word or using lowercase letters throughout. Choose one style and apply it consistently. For instance, in lines 19–20, all words are in lowercase, whereas in line 20, the first letter is capitalized.
4. The abstract claims that the proposed model can detect all types of malicious activities in the evaluated datasets. If that is not accurate, please clarify which specific attack types the model targets.
5. Instead of stating "famous datasets," explicitly name the datasets used for model evaluation. Similarly, mention the evaluation metrics employed.
6. Summarize the key results of the proposed method in the abstract, and compare them briefly with those from other related works.
7. The manuscript requires extensive English language editing. Numerous sentences are grammatically incorrect or unclear. I strongly recommend professional proofreading to improve clarity and readability.
8. Include more in-text citations to support claims and analyses. For example, in line 43: “75 billion connected devices by 2025,” and another in line 48: “66% of industrial manufacturers experienced incidents in the past two years.”
9. Some definitions are inaccurate. For instance, the definition of "confidentiality" in lines 58–59 is more relevant to "integrity." Likewise, the explanation for "integrity" does not reflect its correct meaning and lacks depth.
10. Revise Section 1.2 to be more focused and aligned with the paper’s scope.
11. Expand the Introduction and Background to discuss IDS techniques (including their pros and cons), IoT architecture and layers, and introduce concepts like metaheuristic evolutionary strategies and WOA.
12. Clearly express the paper’s contributions. What makes this study unique or innovative?
13. Once an acronym is introduced, consistently use the abbreviated form. Do not alternate between full terms and abbreviations. For example, "intrusion detection system" is written in full in line 55 after being abbreviated elsewhere.
14. Based on Figure 5, specify which attacks your work aims to detect.
15. In line 117, Table 1 is referenced prematurely. First, provide a thorough review of related works, then summarize them in a table. Clearly explain how each related work addresses the problems outlined earlier, highlighting their limitations and how your work overcomes them.
---
16. Expand the Related Work section using a proper format. Include more recent literature (2022–2025). For each paper, answer:
1. What was done?
2. What issue(s) were addressed?
3. Which domain or application?
4. What methodology and evaluation strategy were used?
5. What metrics were used, and what were the findings/limitations?
6. What datasets/tools were used?
7. Why are existing methods insufficient for your problem?
8. Classify related works and summarize them in a comparison table with keywords such as dataset, methodology, metrics, attack types, and key findings. Table 1 is too condensed.
---
17. Add the computational complexity (e.g., O(n)) of the proposed method and compare it to others.
18. The manuscript does not clearly explain how this work advances the current state of the art.
19. The paper appears to be extracted from an MS/PhD thesis. Rewrite the manuscript in a formal academic style. For example, avoid phrases like “In the below chapter…” (line 125) or “This thesis…” (line 297).
20. Clearly state the types of malicious activities your model is designed to detect. If unspecified, readers may assume it must detect all attacks present in the datasets used.
21. Move some details in methodology (e.g., Lines 126–127 describing the aim) earlier in the manuscript.
22. Figure 3.1 is missing (Line 130). Ensure all referenced figures exist and are included in the supplemental files.
23. Inconsistency: It is unclear whether the study uses ML, DL, or both. Line 127 references ML, while lines 136–137 mention both. Be consistent.
24. You initially claim to evaluate on multiple datasets, including unseen data, but only IoTID20 is discussed. CIC-IDS2017 is mentioned in line 182 for the first time without prior context.
25. For the pseudocode, define all symbols/letters used. Provide a table listing each variable and its meaning.
26. Compare the datasets used in terms of publication year, attack types, size, number of features, real-world vs. simulated, etc.
27. Provide a detailed description of the system pipeline: dataset → preprocessing → feature selection → training/testing split → classification → output.
28. Describe how you addressed data imbalance. When mentioning SMOTE, specify whether oversampling or undersampling was used.
29. Explain every phase, formula, and equation. For example, WOA pseudocode (lines 149–173) and equations (lines 198–223) are not sufficiently explained.
30. Clarify what constitutes a "lightweight classifier." Describe the properties or thresholds used to classify a model as lightweight.
31. Present the formulas for accuracy, precision, recall, and F1 score. Explain what high/low values mean in the context of intrusion detection.
32. Check Table references: you cite Tables 2 and 3 for attack types, but you likely meant Tables 3 and 4.
33. If only one dataset was used, revise claims about evaluation on multiple datasets. Clearly state which dataset the results in Figures 8–13 correspond to.
34. Deepen the discussion of results. For instance, analyze why WOA outperforms ANN in detecting ARP Spoofing. Compare performance with recent studies. Include percentage differences and explain their implications.
35. Clarify all abbreviations (e.g., PR, RC, F1S) in Table 4.
36. Specify all hyperparameters (e.g., number of trees in RF, population size, and control parameters in WOA).
37. While SMOTE is mentioned, the impact of rebalancing is not shown. Include class distributions before/after balancing.
38. Table 5 shows very high accuracy (e.g., 100%) with no discussion on potential overfitting or generalization issues.
39. There is no benchmarking against other recent hybrid methods (e.g., PSO-SVM, GA-ANN). Add these comparisons.
40. Clearly discuss the limitations of the proposed model and outline directions for future research to address those limitations.
41. Many references are outdated (e.g., from 1987, 1995, 2005). Include more recent references, especially from the last 4 years.
42. Review more recent literature (2022–2025) to validate the originality of this work and compare your results with modern solutions.
43. Some figures are blurry. Use high-resolution formats (e.g., EPS) for better quality.
44. Reorganize the manuscript. Background content should either be a subsection of the Introduction or a separate section.
45. Explain each figure clearly. For example, what insights are you presenting in Figure 3?
46. The Conclusion should discuss the limitations of the proposed method (e.g., risk of overfitting, computational cost).
47. Standardize terminology. For instance, correct "methaueristic" to "metaheuristic," and "conformation" to "confirmation." Be consistent with terms like “Scan Host Port” vs “SHP”.
48. Clarify the use of "evolutionary," "metaheuristic," and "hybrid" — they are not synonymous.
49. Fix the title and headings: "methaueristic" should be "metaheuristic".
50. Reorganize the Methodology into clearer subsections:
1. Feature Selection
2. Hyperparameter Optimization
3. Classifier Integration
51. Ensure all figures are clearly referenced and described in the text.
52. Provide more extensive comparisons with other hybrid models such as GA-ANN, PSO-SVM, and DE-RF. Highlight what limitations your model addresses that previous models did not.
1. The manuscript's writing would benefit from a thorough professional proofreading.
2. Recent high-impact works in IoT security are underrepresented in the manuscript. To improve clarity, the authors are invited to include a more concise literature section focused on the gap this work addresses.
3. The figures (flowcharts, confusion matrices, accuracy plots) are appropriate, but their captions and descriptions are minimal; they should be more informative.
4. Some diagrams (like Figure 7) are too complex without enough explanation in the main text, and it was not mentioned at any point in the paper.
5. The model construction is well-documented, but there is insufficient discussion on data preprocessing choices.
6. Details like random seeds, hyperparameter ranges, and run-time settings are not deeply discussed in the manuscript.
7. The paper uses standard metrics (accuracy, precision, recall, F1-score) and confusion matrices, which are appropriate. However, no statistical significance testing or cross-validation is discussed, which weakens the robustness of the evaluation.
8. The results are presented using various classification settings, and the proposed WOA-RF strategy generally outperforms LR, SVM, and ANN baselines. Yet, the improvements, while numerically clear, are not critically analyzed. It is unclear how sensitive the method is to data imbalance or noise, the authors should consider analyzing this point.
9. The claims that the hybrid model “outperforms all existing methods” are too strong without a benchmark against state-of-the-art deep learning approaches (LSTM, CNN-GRU hybrids with attention). More rigorous comparisons and ablation studies would strengthen the conclusions.
10. The discussion of limitations is brief and largely absent from the main text. The authors mention "choice of attributes changes techniques" and "fitness function choice," but do not explicitly analyze model weaknesses or scalability issues.
- Improve language quality throughout to meet professional standards.
- Revise Figures to include more informative captions and ensure clarity of flowcharts.
no comment
no comment
no comment
The abstract should be more concise and clear. In the abstract section, discuss the parameters used and give the benchmarking of the proposed method with the latest ones and not the traditional ones
The Introduction section should better clarify the motivations for this research
Mention the contributions of the paper at the end of the Introduction section
The literature survey is poor. The authors have overlooked many recent papers. The latest papers, highlighting their challenges and drawbacks, need to be presented in tabular form. So, improve the table presented.
What are the limitations or restrictive assumptions behind the proposal?
What open research paths were identified by the authors from this study?
Any real-time data used for research findings?
How can the performance be improved for real-time applications?
What are the next steps to advance research findings?
What privacy aspects are required for the research?
Mention the future enhancement.
After revisions, I would like to see the manuscript again.
1.The manuscript does not clearly establish what gap in the existing literature this hybrid strategy addresses. How does this approach significantly improve existing anomaly detection techniques
2.Data and experimental setup not sufficient
3.Key evaluation metrics for anomaly detection are missing or incomplete:
Accuracy
Precision
Recall
F1-score
False Positive Rate (FPR)
Area Under the ROC Curve (AUC)
These must be reported and analyzed to support performance claims.
4.The paper does not discuss the time complexity, memory usage, or real-time applicability of the model
1.Data and experimental setup not sufficient
2.Key evaluation metrics for anomaly detection are missing or incomplete:
Accuracy
Precision
Recall
F1-score
False Positive Rate (FPR)
Area Under the ROC Curve (AUC)
These must be reported and analyzed to support performance claims.
3.The paper does not discuss the time complexity, memory usage, or real-time applicability of the model
The paper claims improvements but does not provide a rigorous comparative analysis with recent and relevant baseline models. Include performance comparisons with other anomaly detection methods like Autoencoders, LSTM, Isolation Forest, and existing hybrid metaheuristics
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.