Review Reports

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This paper proposes a diffusion model based synthetic data generation method combined with differential privacy for IoT intrusion detection systems. The topic is timely and relevant, and the pipeline is systematically described. The experimental results show that the proposed system balances data utility and privacy preservation effectively. However, the manuscript lacks sufficient novelty, rigorous validation, and real-world applicability.

1. The methodological contribution is limited. The integration of diffusion models with differential privacy is largely a direct combination of existing techniques without substantial algorithmic innovation, theoretical modeling, or novel privacy-preserving mechanisms.
2. The evaluation relies on the MQTT-IoT-IDS2020 dataset, which restricts the generalizability of the results. More validation or experiments on real-world IoT deployments are necessary to strengthen the claims.
3. The privacy evaluation metrics are insufficient. Stronger adversarial settings such as membership inference and re-identification attacks should be included to provide a more comprehensive privacy assessment.
4. The trade-off between utility and privacy is not analyzed deeply enough. While multiple metrics are reported, the paper lacks a systematic theoretical discussion or practical justification of acceptable ranges for deployment.
5. Comparisons with state-of-the-art alternatives are missing, especially recent approaches using large language models for tabular data generation or advanced differential privacy mechanisms, leaving the position of this work in the current literature unclear.
6. The manuscript suffers from redundancy and overlong explanations, particularly in the methodology and experimental sections. The writing should be streamlined to highlight the core contributions more clearly.

Author Response

That's a very helpful comment. For more details, please check the file.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

•  

  • This paper discusses a privacy-preserving synthetic data generation model based on a tabular diffusion framework that incorporates Differential Privacy (DP).

   

  • Authors could provide a comparison between their proposed IoT-IDS with the other current intrusion detection methods such as deep learning-based intrusion detection models to clarify the distinction of this study more extensively.

   

  • This paper considered an attack scenario, but it needs to be described in more detail about this attack type. In addition, authors can discuss how the proposed model can be effective on the other types of attacks. It would be better to add one more section related to attack scenario and potential of other attack types of scenarios that can be addressed with the proposed method.

   

  • Related work needs to be extended and explained in more detail, in this regard, authors may use more related references including IoT related or Intrusion detection publications.

   

   

  • Moreover, authors could refer to more recent publications.

Author Response

That's a very helpful comment. For more details, please check the file.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The manuscript presents the proposal of a pipeline that employs diffusion models to generate a synthetic dataset for an IoT network and subsequently applies Differential Privacy (DP). By using three diffusion models (TabDDPM, TabSyn, and TabDiff), specialised in tabular data, the pipeline mitigates the limitations of conventional Generative Adversarial Networks (GANs) and generates data highly similar to real data. In addition, it applies the Utility-Privacy trade-off in Differential Privacy (UP-DP) to protect privacy without significantly reducing utility. For this reason, the subject matter addressed in this article is considered relevant to the field of study, particularly in relation to the leakage of sensitive information in IoT network datasets.

The writing and organisation of the manuscript are clearly structured and well articulated.

The main contributions of this work, compared with other published material, are: A) The proposal of a tabular diffusion pipeline specialised in IoT-IDS (Internet of Things – Intrusion Detection System). This pipeline simultaneously manages mixed-type features (numerical and categorical) and preserves and enhances uncommon types of attacks. B) The design of a DP combination strategy. The synthetic data generated from the diffusion model are compared and analysed after applying various DP methods (Laplace/Exponential/Piecewise/UP-DP) to determine the most effective. C) The establishment of an integrated evaluation metric to quantify the balance between utility and privacy. Distributional similarity (e.g., KST, JSD, Wasserstein) and SDV fidelity are adopted as utility metrics, while DisclosureProtection and attribute inference are used as a privacy metric.

After reviewing the manuscript, the following observations are made:

• In general, the methodology of the work is not clear; it is necessary to describe in detail the methodology of the study, outlining each of its phases or stages in order to achieve the stated objectives, addressing the subject matter in a clear and comprehensible manner, and supporting the information with pertinent and updated sources.
• On line 23, correct the word “DisclosureProtection”.
• On line 100, the acronym SDV is presented; its meaning should be specified from its first appearance. This situation should be verified for each acronym and abbreviation used throughout the manuscript (e.g., IDS is not defined).
• Table 4 is neither mentioned nor described in the text.
• The discussion presented in the manuscript requires strengthening by taking into account the results obtained and the findings presented in other related works (supported by recent and pertinent sources).
• The conclusions are considered consistent with the evidence and arguments presented, and the main research question posed is clearly addressed; however, it is necessary to expand the future perspectives (derived from the subject matter addressed throughout the manuscript) in the conclusions section.
• As several abbreviations and acronyms are used throughout the manuscript, it is suggested to include an abbreviations section.
• The references presented throughout the manuscript are considered pertinent and support the information discussed.

Author Response

That's a very helpful comment. For more details, please check the file.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

I appreciate the authors’ careful revisions in response to the previous comments, which have clearly improved the manuscript. However, the method is still only validated on the MQTT-IoT-IDS2020 dataset, which limits the generalizability of the results. I recommend including at least one additional IoT dataset to more convincingly demonstrate the robustness and applicability of the method.

Author Response

That's a very helpful comment. For more details, please check the file.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

In this latest version of the manuscript, it is considered that the observations identified in the first version have been adequately addressed. The methodology has been adjusted favourably, approaching the subject matter with greater clarity and comprehensibility. The discussion has been updated appropriately, becoming clearer and more pertinent. The conclusions have been revised in accordance with the work developed; likewise, the perspectives derived from the study are clearly conveyed. Please consider the following detail identified:

• Some paragraphs are not in justified format; this issue should be corrected.

Author Response

That's a very helpful comment. For more details, please check the file.

Author Response File: Author Response.pdf