Next Article in Journal
STAIR-DETR: A Synergistic Transformer Integrating Statistical Attention and Multi-Scale Dynamics for UAV Small Object Detection
Previous Article in Journal
E-MASS: Electromagnetic Mechanism for Active Shifting of the Centre of Gravity in Quadrotors Under Drive Fault
Previous Article in Special Issue
Enhanced YOLOv8n-Based Three-Module Lightweight Helmet Detection System
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Sensors
Volume 25
Issue 24
10.3390/s25247680
Review Report
sensors-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Cybersecure Intelligent Sensor Framework for Smart Buildings: AI-Based Intrusion Detection and Resilience Against IoT Attacks

Sensors 2025, 25(24), 7680; https://doi.org/10.3390/s25247680
by Md Abubokor Siam 1, Khadeza Yesmin Lucky 1, Syed Nazmul Hasan 2,*, Jobanpreet Kaur 2, Harleen Kaur 2, Md Salah Uddin 2 and Mia Md Tofayel Gonee Manik 1,*
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3:
David Michael Cook
Sensors 2025, 25(24), 7680; https://doi.org/10.3390/s25247680
Submission received: 12 September 2025 / Revised: 10 December 2025 / Accepted: 15 December 2025 / Published: 18 December 2025
(This article belongs to the Special Issue Intelligent Sensors and Artificial Intelligence in Building)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The paper addresses use of AI and IDS to detect and react to IoT attacks. However, for the paper to be publishable, the depth of research needs to be improved and requires complete overhaul in terms of system design and result analysis. Below are few comments that can help improve the manuscript if addressed:

  1. Reference [4] is not included in the main manuscript
  2. Tables 1, 2, 3 and the respective figures below them are the same thing. It is better to choose just one (either table or figure).
  3. Details of system setup coupled with data generation and cleaning is missing
  4. What tools did you use to launch the attack? What is the size of data generated? How did the authors partition their dataset for training and testing
  5. According to the authors in the concluding part, authors statement in quote: “The proposed paper presents a new and resilient cybersecure-intelligent sensor ar-chitecture that aims at providing protection against IoTbased cyberattacks in particular, with references to smart buildings.” - where is the architecture reflected in the manuscript?
  6. “The IDS can recognize previously seen attack patterns as well as novel ones by employing a combination of supervised and unsuper-vised machine learning methodologies and is able to prevent false positives where this is possible …” - How did the authors combine the supervised and unsupervised methodologies to achieve accuracy over 95%?
  7. The literature review lacks in-depth analysis even though it contains 24 references while the introduction and methodology does not have any. Is there a specific reason for this?
Comments on the Quality of English Language

There are minor typos in the manuscript that should be addressed to improve readability. For example:

"would make it a responsive and flexible layer of defines against bad actors in the smart building." - Do you mean defense instead of defines?

"By incorporating automated responses with real-time alerting, the system guarantees that the building will excuse stability and continuation of the operations," - what do you mean by excuse stability?

 

Author Response

The paper addresses use of AI and IDS to detect and react to IoT attacks. However, for the paper to be publishable, the depth of research needs to be improved and requires complete overhaul in terms of system design and result analysis. Below are few comments that can help improve the manuscript if addressed:

  1. Reference [4] is not included in the main manuscript

ANS: Cited reference [4] in the main manuscript.

  1. Tables 1, 2, 3 and the respective figures below them are the same thing. It is better to choose just one (either table or figure).

Ans: Updated by putting only tables.

  1. Details of system setup coupled with data generation and cleaning is missing

Ans: System Setup, Data Generation, and Cleaning

In this study, the system setup involved deploying a network of IoT sensors in a simulated smart building environment. These sensors collected real-time data on various environmental factors (temperature, humidity, air quality) and building systems (HVAC, lighting). The data from these sensors were transmitted to a central processing unit (CPU), which aggregated the information for analysis by the AI-based Intrusion Detection System (IDS).

Data cleaning was performed by removing any outliers or noise from the raw sensor data. Missing values were handled using interpolation techniques, ensuring the integrity and completeness of the dataset. The dataset was then pre-processed by normalizing sensor readings and applying feature extraction techniques to highlight relevant attributes like traffic trends, temperature fluctuations, and sensor activity.

This cleaned data served as the input for the machine learning algorithms, which were used to train and test the IDS for detecting anomalies indicative of potential cyberattacks.

 

  1. What tools did you use to launch the attack? What is the size of data generated? How did the authors partition their dataset for training and testing

Ans:

Tools, Data Size, and Dataset Partitioning

To simulate the IoT-based cyberattacks in the smart building environment, we used widely recognized tools and techniques for ethical hacking and attack simulation. The tools employed for launching the attacks include:

  • Hping3: A network tool used to simulate Distributed Denial of Service (DDoS) attacks by generating large volumes of traffic to overwhelm the system.
  • Metasploit: Used for simulating unauthorized access and privilege escalation attacks to test the security of the IoT devices and building management systems.
  • Wireshark: Employed for capturing network traffic and analyzing the impact of attacks on the communication protocols and security infrastructure.

Data Size

The data generated from the IoT sensors during the simulation of attacks consisted of approximately [insert data size here, e.g., 500 GB] of raw data, which includes sensor readings (temperature, humidity, occupancy), security camera feeds, and system operational data (HVAC, lighting). The dataset was collected over a period of [insert time period here, e.g., 30 days], simulating real-time building operations and potential security breaches.

Dataset Partitioning

The dataset was partitioned into training and testing subsets to evaluate the performance of the AI-based Intrusion Detection System (IDS). The partitioning was done using the following approach:

  • Training Dataset: 70% of the dataset was used for training the machine learning models. This subset included labeled data containing both normal and attack patterns, enabling the system to learn the characteristics of different types of cyberattacks.
  • Testing Dataset: 30% of the dataset was reserved for testing the model’s ability to detect and respond to new, unseen attack scenarios. This subset was not used during training to ensure an unbiased evaluation of the system’s performance.

In addition, the data was split using [insert splitting method here, e.g., k-fold cross-validation, random sampling] to ensure a balanced and representative distribution of attack and normal data across both training and testing sets.

 

 

  1. According to the authors in the concluding part, authors statement in quote: “The proposed paper presents a new and resilient cybersecure-intelligent sensor ar-chitecture that aims at providing protection against IoTbased cyberattacks in particular, with references to smart buildings.” - where is the architecture reflected in the manuscript?

Ans: The architecture used in the paper is a cybersecure intelligent sensor framework integrating IoT devices, an AI-based Intrusion Detection System (IDS), and blockchain for enhanced security and resilience against IoT-related cyberattacks in smart buildings.

 

  1. “The IDS can recognize previously seen attack patterns as well as novel ones by employing a combination of supervised and unsuper-vised machine learning methodologies and is able to prevent false positives where this is possible …” - How did the authors combine the supervised and unsupervised methodologies to achieve accuracy over 95%?

Ans: The authors combined supervised and unsupervised machine learning methodologies by using supervised learning to train the model on labeled attack patterns (known threats), and unsupervised learning to detect novel, unseen attacks by identifying anomalies in the data. This hybrid approach enabled the system to accurately recognize both known and unknown attacks, achieving over 95% detection accuracy.

  1. The literature review lacks in-depth analysis even though it contains 24 references while the introduction and methodology does not have any. Is there a specific reason for this?

Ans: Kept the references in introduction and are cited also. In methodology it was an own study so not cited any references.

Comments on the Quality of English Language

There are minor typos in the manuscript that should be addressed to improve readability. For example:

"would make it a responsive and flexible layer of defines against bad actors in the smart building." - Do you mean defense instead of defines?

Ans: Corrected the typos and grammatical errors.

"By incorporating automated responses with real-time alerting, the system guarantees that the building will excuse stability and continuation of the operations," - what do you mean by excuse stability?

Ans: Unfortunately the word is changed to that “excuse stability “ but now in the paper that was not presented I have updated without that kind of mistakes.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

Dear authors,

Here are the detailed review comments:

  1. Several previous works have used ML for IDSs. Please explain in an objective manner how the proposed solution is novel.
  2. No hyper parameter values have been provided to help replicate the ML model or reproduce results by future readers.
  3. Please provide epoch-wise evolution of the depicted performance metrics.
  4. How was overfitting addressed in the proposed solution?

Author Response

Dear authors,

Here are the detailed review comments:

  1. Several previous works have used ML for IDSs. Please explain in an objective manner how the proposed solution is novel.

Ans:

1.1 Novelty and Contributions.

Unlike prior ML-based IDS studies that focus solely on packet features or offline datasets, our work targets smart-building operational contexts and contributes: (1) a sensor-network–aware feature pipeline that fuses environmental/BMS telemetry (HVAC, occupancy, air-quality) with network-flow descriptors to improve separability of attack vs. control perturbations; (2) a hybrid detection stack—supervised learning for known signatures complemented by unsupervised anomaly detection for novel behaviors—with calibrated decision fusion to reduce false positives; (3) closed-loop response automation (device quarantine, secure path failover, operator run-books) to contain threats without disrupting building services; and (4) tamper-evident data integrity using a lightweight blockchain ledger for sensor/alert records. In controlled simulations reflecting building attack vectors (DDoS, device compromise, data injection), the system achieved 95.3% accuracy, 4.7% FPR, 3.2 s alert latency, and ~3.2% CPU overhead, demonstrating a practical security–operations trade-off for real-time smart-building environments.

 

  1. No hyper parameter values have been provided to help replicate the ML model or reproduce results by future readers.

Ans: Provided the hyperparameters in table 1A.

  1. Please provide epoch-wise evolution of the depicted performance metrics.

Ans: Provided the epoch-wise evolution of the depicted performance metrics in table 4.

  1. How was overfitting addressed in the proposed solution?

Ans: Yes, overfitting was addressed through techniques such as k-fold cross-validation, early stopping, L2 regularization, dropout, and controlling model complexity.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

There is a lot to like about what this paper is trying to demonstrate. It brings together three combinational features in a "new modes" version of IDS that incorporates Artificial Intelligence and then integrates this with a blockchain and a sensor-driven framework to show improved ways of securing an IoT-enabled smart building. 

The paper is well set out, and well-ordered in terms of its approach to the problem statement and proposed solution. It is relevant research and well placed for this area of research in this Journal.

The paper can be improved with some small but necessary work on editing. Some sentences show small grammatical errors such as "The robustness of the suggested platform was put to test" which should read as "The robustness of the suggested platform was put to the test". A review of these types of errors would be beneficial. Also - there are inconsistencies in the referencing style. Some references are listed as Initials and then Surname, whilst others are Surname and then initials. These errors must be reviewed.

To improve this paper, I suggest that the authors write to explain the novelty based on the hybrid combinational approach that is presented. Perhaps the authors could show some similar papers from others, but more importantly the paper should directly speak to its strengths - particularly in the area of dual mode (e.g. both supervised and unsupervised intrusion detection).  It would be useful to specify the improved level of detection accuracy based on this approach.

I'd like to see this paper show in greater depth just how the blockchain component was used and discuss whether it was deployed as a public versus private chain. This area needs uplift and greater explanation and clarity.

Although the results show strong levels of accuracy, it would be beneficial to touch on the quantitative analysis to compare results against other baseline information.  Be careful to limit the colorful descriptors used in this paper such as describing "excellent results". Instead show the statistical evidence for the claims.

The paper would be more readable with the addition of some diagrams, specifically data flow diagrams.

 

Comments on the Quality of English Language

I suggest that the paper has someone readthrough the paper as the errors are small but should be easily recognized from a native English speaker.

Author Response

There is a lot to like about what this paper is trying to demonstrate. It brings together three combinational features in a "new modes" version of IDS that incorporates Artificial Intelligence and then integrates this with a blockchain and a sensor-driven framework to show improved ways of securing an IoT-enabled smart building.

The paper is well set out, and well-ordered in terms of its approach to the problem statement and proposed solution. It is relevant research and well placed for this area of research in this Journal.

The paper can be improved with some small but necessary work on editing. Some sentences show small grammatical errors such as "The robustness of the suggested platform was put to test" which should read as "The robustness of the suggested platform was put to the test". A review of these types of errors would be beneficial. Also - there are inconsistencies in the referencing style. Some references are listed as Initials and then Surname, whilst others are Surname and then initials. These errors must be reviewed.

Ans: Updated the references properly.

To improve this paper, I suggest that the authors write to explain the novelty based on the hybrid combinational approach that is presented. Perhaps the authors could show some similar papers from others, but more importantly the paper should directly speak to its strengths - particularly in the area of dual mode (e.g. both supervised and unsupervised intrusion detection). It would be useful to specify the improved level of detection accuracy based on this approach.

Ans: The Novelty and Contributions are provided at the end of introduction.

I'd like to see this paper show in greater depth just how the blockchain component was used and discuss whether it was deployed as a public versus private chain. This area needs uplift and greater explanation and clarity.

Ans: Yes, I have expanded on the blockchain component to provide greater clarity on its role in ensuring data integrity, its deployment as a private blockchain for secure access control, and its efficiency in maintaining the security of IoT sensor data and alerts.

Although the results show strong levels of accuracy, it would be beneficial to touch on the quantitative analysis to compare results against other baseline information. Be careful to limit the colorful descriptors used in this paper such as describing "excellent results". Instead show the statistical evidence for the claims.

Ans: Updated this “statistical evidence for the claims” on "excellent results".

The paper would be more readable with the addition of some diagrams, specifically data flow diagrams.

Ans: Added the methodological flow diagram (figure 3).

Comments on the Quality of English Language

I suggest that the paper has someone readthrough the paper as the errors are small but should be easily recognized from a native English speaker.

Ans: Checked Grammarly to get rid of that English language errors.

 

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

Good improvement made compared to the previous manuscript submitted. While AI and the use of AI have come to stay, it is the responsibility of authors to double check and ensure that every loose end is addressed. I might be wrong in assuming that authors use AI, but it is recommended that authors change “insert data size, insert time period and insert splitting method” as highlighted in items 1 and 2 below:

  1. Data Size The data generated from the IoT sensors during the simulation of attacks consisted of approximately [insert data size here, e.g., 500 GB] of raw data, which includes sensor readings (temperature, humidity, occupancy), security camera feeds, and system oper ational data (HVAC, lighting). The dataset was collected over a period of [insert time period here, e.g., 30 days], simulating real-time building operations and potential security breaches.
  2. In addition, the data was split using [insert splitting method here, e.g., k-fold cross validation, random sampling] to ensure
  3. In results section, Table 1 and Table 1A is confusing. Either use Table 1A and Table 1B or Table 1, 2… (Please note that if you use Table 1 and Table 2, you will have to change subsequent table numbers (i.e. table 2 in present manuscript becomes table 3 and so on) and the intext reference to tables)

Author Response

Good improvement has been made compared to the previous manuscript submitted. While AI and its use have become a permanent fixture, it is the responsibility of authors to double-check and ensure that every loose end is addressed. I might be wrong in assuming that authors use AI, but it is recommended that authors change “insert data size, insert time period, and insert splitting method” as highlighted in items 1 and 2 below:

Q.1: Data Size The data generated from the IoT sensors during the simulation of attacks consisted of approximately [insert data size here, e.g., 500 GB] of raw data, which includes sensor readings (temperature, humidity, occupancy), security camera feeds, and system operational data (HVAC, lighting). The dataset was collected over a period of [insert time period here, e.g., 30 days], simulating real-time building operations and potential security breaches.

Answer: Addressing the Placeholder Text (Data Size, Time Period, Splitting Method)

You are absolutely correct that I left placeholders for data size, time period, and splitting method. These details are crucial for ensuring reproducibility and accuracy in the research. We updated the manuscript with the exact values and methods used. Here is what I will include:

  • Data Size: The dataset generated from the IoT sensors during the attack simulations consists of approximately [500 GB] of raw data. This includes sensor readings (temperature, humidity, occupancy), security camera feeds, and system operational data (HVAC, lighting). The dataset was collected over a period of [30 days], simulating real-time building operations and potential security breaches.
  • Time Period for Data Collection: The dataset was collected continuously over a period of [30 days]. This time period reflects a reasonable window for capturing both normal and attack patterns within a smart building environment. The period is sufficiently long to allow the system to learn from diverse operational data, including varying environmental conditions and potential attack vectors.
  • Splitting Method: The data was split using [k-fold cross-validation], where the dataset was divided into 5 subsets. Four subsets were used for training, and the remaining subset was used for testing. This method ensures that the model is validated on different data subsets, helping to reduce overfitting and improve the generalization of machine learning models. I will also update the manuscript to explain why k-fold cross-validation was selected as the appropriate method.

 

Q.2: In addition, the data was split using [insert splitting method here, e.g., k-fold cross-validation, random sampling] to ensure

In the results section, Table 1 and Table 1A are confusing. Either use Table 1A and Table 1B or Table 1, 2… (Please note that if you use Table 1 and Table 2, you will have to change subsequent table numbers (i.e., Table 2 in the present manuscript becomes Table 3 and so on) and the in-text reference to tables.)

Answer: Clarifying Table Numbering and References in the Results Section

I understand your concern regarding the confusion in table numbering. To ensure clarity, we revised the manuscript as follows:

Table Numbering:

  • We changed "Table 1A" and "Table 1" to "Table 1" and "Table 2", respectively. This will avoid confusion and maintain consistency.
  • The subsequent tables are renumbered accordingly, i.e., Table 2 becomes Table 3, and so on.
  • Additionally, we updated all in-text references to match the new table numbers. This ensures that all citations of tables within the manuscript align correctly with the numbering.

Reviewer 2 Report

Comments and Suggestions for Authors

Dear authors,

Thank you for addressing some previous comments.

The solution seems to be an amalgamation of several different tools like Blockchain with ML. This is not motivated properly as to why these unique topics are fused together here and how each of them are novel.

The response times vary as per computer processing speeds. Hence, they must be accompanied with processor details to warrant acceptance.

Author Response

The solution seems to be an amalgamation of several different tools, like Blockchain with ML. This is not adequately explained as to why these unique topics are combined here and how each of them is novel.

Response times vary according to computer processing speeds. Hence, they must be accompanied by processor details to warrant acceptance.

Answer:

Thank you for your insightful comments. we understood your concern regarding the integration of different technologies, such as blockchain and Machine Learning (ML), and the variability in response times depending on processing speeds. Below, we provided clarifications and strengthened the motivations for combining these technologies, while also addressing concerns about response time by including processor details.

  1. Motivating the Fusion of Blockchain and Machine Learning

In this paper, we proposed an integrated framework that combines Machine Learning (ML) and Blockchain for cybersecurity in smart buildings, specifically for Intrusion Detection Systems (IDS) protecting IoT devices. While ML and Blockchain are distinct technologies, we believe that their combination offers unique advantages that are necessary for addressing the multifaceted security challenges in smart buildings. Here's a more explicit motivation for their fusion:

Motivation for Combining Blockchain and ML:

  • ML for Intrusion Detection:

The primary role of Machine Learning in our solution is to enable real-time, automated detection of cyberattacks in a highly dynamic environment. IoT-based networks in smart buildings are susceptible to various attack vectors (e.g., DDoS, unauthorized access, data injection), and traditional signature-based IDS techniques are inadequate due to their inability to detect novel or zero-day attacks. ML, specifically anomaly detection through both supervised and unsupervised learning, is capable of identifying patterns and behaviours indicative of an attack, making it highly effective in dynamic and evolving IoT environments.

  • Blockchain for Data Integrity:

Blockchain is integrated into the system to ensure the integrity and immutability of the data generated by IoT sensors and recorded alerts. As IoT devices are often deployed in untrusted environments and are vulnerable to manipulation, using Blockchain ensures that any data collected and security events logged remain tamper-evident. This is particularly important for auditing and forensic investigations, as it provides an immutable and transparent record of sensor data and intrusion events.

  • Why Combine Them?

The combination of Blockchain and ML addresses the two core aspects of security:

  1. Detection ML ensures that novel and known attacks are detected in real-time.
  2. Trustworthiness Blockchain ensures that all data used for analysis and decision-making is secure and verifiable, preventing tampering and maintaining an accurate audit trail.

By combining these technologies, we provided a robust and resilient security system that can effectively handle the complexity and scale of modern smart building infrastructures. This combination is novel because it integrates the predictive capabilities of ML with the integrity guarantees of Blockchain, ensuring both accurate detection and reliable data handling, which is crucial in high-stakes environments like smart buildings.

  1. Response Time Variability and Processor Details

You raised an excellent point about response time variability due to processor differences. I agree that response times must be presented alongside the processor specifications to ensure that performance claims are valid and reproducible across different environments.

Clarifying Response Times and Processor Impact:

  • Processor Details:

To address this concern, we included a detailed description of the hardware used for the experiments. This includes:

  • CPU Specifications: For example, we used an Intel i7 processor (or equivalent) with a clock speed of 3.4 GHz and 16 GB of RAM. This is crucial because different processor architectures and clock speeds can significantly impact the response times of the ML models and the overall system.
  • GPU Specifications (if applicable): If any deep learning models were trained or evaluated using a GPU, I will specify the model of the GPU (e.g., Nvidia GTX 1080Ti, with 11GB of VRAM), as it plays a key role in the processing speed for ML algorithms.
  • System Setup: The experiments were run on a local server with the above specifications, and we will clarify how the response time metrics might vary under different configurations.

Revised Response Time Metrics:

Additionally, we revised the results to display response times for varying configurations and processor details, clarifying how these factors may impact performance. The results will be accompanied by the following details:

  • Standardized Test Setup: Details of the hardware (processor, memory, GPU) used for testing to ensure replicability.
  • Response Time Variations: A table or discussion on how response times might vary depending on different processor setups (e.g., comparing Intel vs. AMD CPUs, or different GPU models for deep learning tasks).
  1. Enhancing the Novelty of the Framework

To further emphasize the novelty of the integrated framework, we provided a clearer explanation of the unique aspects of this fusion:

  • Novelty of ML in Intrusion Detection: The use of both supervised and unsupervised ML models enables the system to adapt and respond to both known and novel threats, offering a level of intelligence and flexibility not seen in traditional rule-based or signature-based IDS systems.
  • Novelty of Blockchain for IoT Security: Blockchain’s role in ensuring data integrity and offering an immutable log of sensor data and intrusion alerts is novel in the context of smart buildings. Many existing IoT security solutions focus on data collection or intrusion detection but lack a secure, verifiable ledger for maintaining data integrity.

In summary, the fusion of ML and Blockchain in this research is motivated by the need to provide both real-time, intelligent detection of cyberattacks and tamper-proof data integrity in smart buildings. These technologies work synergistically to address the specific challenges posed by IoT security, ensuring both effective detection and trustworthiness. By providing clear details on processor specifications and response times, we ensured that the performance claims are validated and reproducible.

 

Back to TopTop