Next Article in Journal
Zero-Shot 3D Reconstruction of Industrial Assets: A Completion-to-Reconstruction Framework Trained on Synthetic Data
Previous Article in Journal
Modelling and Simulation of a New π-Gate AlGaN/GaN HEMT with High Voltage Withstand and High RF Performance
Previous Article in Special Issue
A Personalized Multimodal Federated Learning Framework for Skin Cancer Diagnosis
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 15
10.3390/electronics14152946
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Machine-Learning-Based Framework for Detection and Recommendation in Response to Cyberattacks in Critical Energy Infrastructures

Electronics 2025, 14(15), 2946; https://doi.org/10.3390/electronics14152946
by Raul Rabadan, Ayaz Hussain, Ester Simó, Eva Rodriguez * and Xavi Masip-Bruin *
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Electronics 2025, 14(15), 2946; https://doi.org/10.3390/electronics14152946
Submission received: 9 June 2025 / Revised: 21 July 2025 / Accepted: 22 July 2025 / Published: 24 July 2025
(This article belongs to the Special Issue Multimodal Learning and Transfer Learning)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The article represents a significant contribution to the field of cybersecurity for critical energy infrastructure, with a focus on attack forecasting and detection using machine learning methods, particularly LSTM. The paper discusses the system architecture, application scenario, evaluation methods, and results. However, despite its strong practical orientation and well-structured architecture, the work has a number of methodological and structural shortcomings.

Nevertheless, the article has several drawbacks:

  1. The use of an LSTM with only one neuron and a single dense layer, without analyzing alternative architectures (e.g., GRU, CNN, Transformer), appears overly simplistic and insufficiently justified.

  2. The decision to forgo using MAE/MSE is justified solely by the scale of the data. However, MAPE also has issues when dealing with small values. There is no cross-validation using other metrics.

  3. Only False Data Injection (FDI) is considered as a threat. There is no discussion of DoS attacks, spoofing, replay attacks, etc., despite the term "framework" being used in the title.

  4. The attacks are artificially simulated. There is no description of how realistically the data mimics actual incidents, posing a risk of overfitting on synthetic anomalies.

  5. Redundant phrases and wording (e.g., "types of the types of attacks" on page 2).

  6. Some references are cited in the text, while others appear only in the reference list.

  7. There are no graphs showing examples of anomalies, forecasts, or comparisons between real and predicted values.

  8. Figures 4–6 are mentioned, but the images themselves are not analyzed or explained in the text.

  9. The text is sometimes redundant: the same concepts and phrases are repeated in multiple sections (e.g., the description of AMI or DLMS).

  10. The “Features Storage” section is almost entirely duplicated—once in the framework description and again in the use-case discussion.

Author Response

Dear Reviewer,

We appreciate your detailed and constructive comments, which have allowed us to significantly improve the quality of our manuscript. Below, we present our point-by-point responses to the 10 additional comments you provided. All modifications have been incorporated into the revised manuscript accordingly.

 

Reviewer Comment 1

“The use of an LSTM with only one neuron and a single dense layer, without analyzing alternative architectures (e.g., GRU, CNN, Transformer), appears overly simplistic and insufficiently justified.”

Response:

We appreciate the feedback on the architecture used. In the revised version of the manuscript (section 4.2 Predictive Modeling), the justification for using a simple architecture based on a single LSTM unit and a dense layer has been expanded. This choice was deliberately made to validate the feasibility of the overall approach, minimizing resource consumption on the devices running the models. We recognize that more complex architectures (such as GRUs, CNNs, or Transformers) may offer better results in some contexts. However, as this work focused on validating the entire framework in a power-critical environment with processing constraints, we prioritized simplicity for this initial phase.

 

 

Reviewer Comment 2

“The decision to forgo using MAE/MSE is justified solely by the scale of the data. However, MAPE also has issues when dealing with small values. There is no cross-validation using other metrics.

Response:

We greatly appreciate this comment. In the revised version of the manuscript, we have expanded the evaluation of the model's performance by including several additional metrics in Table 2 (Section 5 Results and Evaluation): Mean Absolute Error (MAE), Mean Squared Error (MSE), and Relative MAE (%), along with MAPE. These metrics allow for a richer comparison between sensors with different scales and levels of variability, mitigating the limitations of MAPE, especially in the case of small values.

 

Regarding cross-validation, we fully understand the concern raised. Since our approach is based on prediction models trained on time series, we opted for a sequential 70/30 split, without random shuffling, to respect the chronological structure of the data. We considered strategies such as walk-forward validation or TimeSeriesSplit to be more appropriate for this type of problem. However, since the system trains an independent model for each of the 40 sensors, applying multiple validation iterations would have incurred considerable computational cost. For this reason, we prioritized evaluation on a diverse set of sensors with heterogeneous behaviors, allowing for cross-validation that, while not a substitute for formal temporal cross-validation, provides reasonable evidence of model generalization across different contexts.

 

Reviewer Comment 3

“Only False Data Injection (FDI) is considered as a threat. There is no discussion of DoS attacks, spoofing, replay attacks, etc., despite the term "framework" being used in the title.”

Response:

We appreciate the reviewer’s comment. We refer to our system as a framework in the sense that it is composed of multiple functional components—specifically, attack detection, analysis, and recommendation modules—integrated into a modular architecture. Although our experimental validation focuses on false data injection (FDI) attacks, this modular design allows for future extensions to address other types of cyberattacks.

 

 

Reviewer Comment 4

“The attacks are artificially simulated. There is no description of how realistically the data mimics actual incidents, posing a risk of overfitting on synthetic anomalies.”

Response:

We thank the reviewer for this important observation. We would like to clarify that while the anomalies were synthetically injected, the data itself was collected from a realistic energy infrastructure testbed that replicates actual Advanced Metering Infrastructure (AMI) deployments. As described in Section 4, the smart meters communicated with the AMI Headend over 4G/5G using the DLMS/COSEM protocol, and all data was acquired using real-time mechanisms within a controlled but operationally realistic environment. The anomaly injection was performed post-hoc on this real time-series data by emulating realistic attack patterns observed in literature and industry scenarios. We would like to emphasize that this work is part of a European research project focused on cyberattack detection in energy systems, and the testbed setup reflects real-world infrastructure constraints and behavior.

 

 

Reviewer Comment 5

“Redundant phrases and wording (e.g., "types of the types of attacks" on page 2).”

Response:

Thank you for pointing this out. We have corrected the specific phrase mentioned and carefully reviewed the overall manuscript to eliminate unnecessary redundancies and repetitions.

 

 

 

Reviewer Comment 6

“Some references are cited in the text, while others appear only in the reference list.”

Response:

 

We appreciate the reviewer’s observation. We have corrected the inconsistencies and ensured that all references are now properly cited in the text.

 

 

 

Reviewer Comment 7

“There are no graphs showing examples of anomalies, forecasts, or comparisons between real and predicted values.”

Response:

We thank the reviewer for this important observation. In the revised manuscript, we have addressed this point by including Figures 7 and 8, which provide clear visual examples of: the actual vs. predicted values for selected sensors, the corresponding prediction errors, and the statistical thresholds (based on Tukey’s fences) used to flag anomalies.

The graphs illustrate how anomalies (including zeroing attacks and sudden changes) cause deviations beyond the defined thresholds, allowing the system to correctly detect abnormal behavior. To support these visualizations, we have also added a descriptive explanation in the text (Section 5 Results and evaluation), detailing the behavior of the selected time series and how the system reacts to injected anomalies and natural variations.

We believe these visualizations provide valuable insight into the functioning and effectiveness of the forecasting and detection components of our framework.

 

 

 

Reviewer Comment 8

“Figures 4–6 are mentioned, but the images themselves are not analyzed or explained in the text.”

Response:

We thank the reviewer for this valuable observation. In the revised manuscript, we have addressed this issue by expanding the corresponding sections to include a clear explanation and analysis of Figures 4 to 6.

By integrating this information into the main text, we aim to ensure that each figure contributes meaningfully to the reader’s understanding of the proposed framework.

 

 

 

Reviewer Comment 9

“The text is sometimes redundant: the same concepts and phrases are repeated in multiple sections (e.g., the description of AMI or DLMS).”

Response:

We thank the reviewer for this valuable observation. In the revised manuscript, we have carefully reviewed and edited the text to remove redundant phrases and repeated explanations. In particular, we have streamlined the references to core concepts such as Advanced Metering (AMI) and DLMS/COSEM, ensuring that they are introduced only once and referenced concisely thereafter. This has improved the clarity and readability of the manuscript, while avoiding unnecessary repetition.

 

 

Reviewer Comment 10

“The “Features Storage” section is almost entirely duplicated—once in the framework description and again in the use-case discussion.”

Response:

We thank the reviewer for highlighting this redundancy. In the revised manuscript, we have carefully reviewed and edited the content related to the Features Storage component. The detailed explanation is now retained only in the framework description, while the use-case discussion refers to it more briefly and avoids repeating the same content. This change improves the overall coherence and eliminates unnecessary duplication.

 

 

 

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The article claims to propose a new framework for detecting and responding to attacks in IoT energy infrastructures. However, while it addresses a relevant and important topic, it lacks an original contribution. The lack of a detailed evaluation limits the impact and usefulness of the article in this field. My comments are as follows:

First, the use of LSTM for prediction, combined with Tukey fences for anomaly detection, is neither innovative nor justified in the context of smart meter security. These techniques have been extensively studied in previous work, and the article provides little explanation as to why this combination would offer superior performance over existing approaches.

Furthermore, the article proposes a two-part framework, but the explanation lacks depth. The response and adaptation module, essential for real-world deployment, is glossed over, without any significant technical details or robustness evidence. What exactly are the proposed "potential countermeasures"? How are they selected or implemented?

Additionally, the evaluation section is unconvincing. Although the authors claim that the system has "demonstrated consistent reliability" and "effectively identified anomalies," no quantitative results or benchmarks are mentioned.

Finally, the article suffers from grammatical issues, for instance in the abstract section,  phrases like “system’s ability” followed by “system’s” again suggest poor editing and a lack of rigor in presentation.

Author Response

Dear Reviewer,

We appreciate your detailed and constructive comments, which have allowed us to significantly improve the quality of our manuscript. Below, we present our point-by-point responses to the 10 additional comments you provided. All modifications have been incorporated into the revised manuscript accordingly.

Reviewer Comment 1

“First, the use of LSTM for prediction, combined with Tukey fences for anomaly detection, is neither innovative nor justified in the context of smart meter security. These techniques have been extensively studied in previous work, and the article provides little explanation as to why this combination would offer superior performance over existing approaches.”

Response:

We thank the reviewer for this important observation. We have revised the manuscript (see Sections 3.2 and 4.3) to clarify that, while both techniques are known, their combination was deliberately chosen for its efficiency, interpretability, and low resource requirements. This is particularly important in real-world deployments such as smart meter gateways, where complex models are not practical. The proposed integration offers a lightweight and effective anomaly detection solution tailored to critical energy infrastructures.

 

 

Reviewer Comment 2

“Furthermore, the article proposes a two-part framework, but the explanation lacks depth. The response and adaptation module, essential for real-world deployment, is glossed over, without any significant technical details or robustness evidence. What exactly are the proposed "potential countermeasures"? How are they selected or implemented?”

Response:

We appreciate this comment, which allowed us to strengthen a critical part of our proposal. In the revised version of the article, we have expanded the explanation of the response and recommendation module (section 3.3). We now detail how this module interprets the anomalies detected in real time and generates mitigation recommendations based on the MITRE ATT&CK framework, mapping each attack type to specific tactics and techniques.

In particular, we include Table 1, which summarizes the simulated attacks (in this case, False Data Injection), their associated techniques, and the specific suggested actions, such as command validation, data consistency checks, or network allowlists. We also explain how these countermeasures are selected and adapted to the context of the monitored infrastructure.

 

 

 

Reviewer Comment 3

“Additionally, the evaluation section is unconvincing. Although the authors claim that the system has "demonstrated consistent reliability" and "effectively identified anomalies," no quantitative results or benchmarks are mentioned.

Response:

We thank the reviewer for this valuable observation. In the revised version of the manuscript, we have substantially expanded the evaluation section (see Section 5 – Results and Evaluation) to include detailed quantitative results. Specifically, we now report multiple error metrics—MAPE, Relative MAE (%), MAE, and MSE—for each sensor, as shown in Table 2. These metrics allow for a richer comparison between sensors with different scales and levels of variability. To complement this analysis, we have added Figures 7 and 8, which provide clear visual examples of: the actual vs. predicted values for selected sensors, the corresponding prediction errors, and the statistical thresholds (based on Tukey’s fences) used to flag anomalies. The graphs illustrate how anomalies (including zeroing attacks and sudden changes) cause deviations beyond the defined thresholds, allowing the system to correctly detect abnormal behavior. We have also added a descriptive explanation in the text, detailing the behavior of the selected time series and how the system reacts to injected anomalies and natural variations.

We believe these additions offer a more comprehensive and transparent assessment of the framework’s forecasting and detection performance.

 

 

Reviewer Comment 4

“Finally, the article suffers from grammatical issues, for instance in the abstract section, phrases like “system’s ability” followed by “system’s” again suggest poor editing and a lack of rigor in presentation.”

Response:

We thank the reviewer for pointing this out. We have carefully reviewed and revised the abstract and the entire manuscript to correct grammatical issues and improve overall clarity and readability. 

 

We hope the revised manuscript addresses all your concerns satisfactorily. Thank you once again for your time and valuable feedback.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The paper is generally well-written and organized, but there are some major issues to be solved before publication:
-The title seems a little misleading, since it refers generically to Critical Energy Infrastructures, but the paper seems to focus only on smart metering infrastructure.
-The state of the art is very limited, there are far more work on the topic, and also relevant surveys/reviews, such as DOI 10.1109/ACCESS.2025.3537410
-The section "Attack Response and Recommendation" is very limited. It is ok to include in the paper only generic recommendations to take, but in this case the authors should avoid to claim Response and Recommendation as a contribution of the paper in the title/introduction; otherwise, this section must be strenghtened.

Author Response

Dear Reviewer,

We appreciate your detailed and constructive comments, which have allowed us to significantly improve the quality of our manuscript. Below, we present our point-by-point responses to the 10 additional comments you provided. All modifications have been incorporated into the revised manuscript accordingly.

 

Reviewer Comment 1

“The title seems a little misleading, since it refers generically to Critical Energy Infrastructures, but the paper seems to focus only on smart metering infrastructure.”

Response:

We thank the reviewer for this insightful comment. We agree that the current work specifically targets the smart metering infrastructure within the broader context of Critical Energy Infrastructures. To clarify this focus, we have updated the abstract, introduction, and Section 4 to explicitly emphasize that the proposed framework is applied and validated in a smart metering scenario, particularly within an Advanced Metering Infrastructure (AMI) system. These changes aim to ensure that readers clearly understand the scope and application domain of our work.

Although we decided to keep the original title to highlight the general applicability of the framework to Critical Energy Infrastructures, we believe that the updated content now clearly reflects the specific focus of the paper on smart metering systems. Nevertheless, we are open to changing the title if the editor considers it appropriate.

 

Reviewer Comment 2

“The state of the art is very limited, there are far more work on the topic, and also relevant surveys/reviews, such as DOI 10.1109/ACCESS.2025.3537410.

Response:

We thank the reviewer for the helpful comment. In response, we have expanded the Related Work section to include additional recent and relevant surveys (references [12], [13], and [14]) that provide a broader view of the literature on cybersecurity in smart grids and ML-based detection approaches.

 

 

Reviewer Comment 3

“The section "Attack Response and Recommendation" is very limited. It is ok to include in the paper only generic recommendations to take, but in this case the authors should avoid to claim Response and Recommendation as a contribution of the paper in the title/introduction; otherwise, this section must be strengthened.”

Response:

We thank the reviewer for this valuable feedback. In response, we have strengthened Section 3.3 (Attack Response and Recommendation) in the revised version of the manuscript. We now provide a clearer explanation of how the module interprets detected anomalies in real time and generates mitigation actions using the MITRE ATT&CK framework, mapping threats to specific tactics and techniques.

Table 1 has been added to summarize the simulated attacks (e.g., False Data Injection), the related tactics, and the recommended countermeasures, such as command validation, consistency checks, and network allowlists. Furthermore, we describe how these actions are selected and enforced in practice, using a real use case (with pfSense) to illustrate the implementation. We believe this strengthens the contribution and addresses the reviewer’s concern.

 

We hope the revised manuscript addresses all your concerns satisfactorily. Thank you once again for your time and valuable feedback.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

The authors have responded to all comments in a consistent and thorough manner. The remaining shortcomings are not critical:

  1. Limited attack scenarios. Only FDI is still considered. It would be advisable to elaborate more clearly on future plans for extending the framework, at least in the conclusion.

  2. Automation of response. The discussion on possible automatic integration into decision-making systems is minimal.

Author Response

Dear Reviewer,

We appreciate your detailed and constructive comments, which have allowed us to improve the quality of our manuscript significantly. Below, we present our point-by-point responses to the two additional comments you provided. All modifications have been incorporated into the revised manuscript accordingly.

 

Reviewer Comment 1

Limited attack scenarios. Only FDI is still considered. It would be advisable to elaborate more clearly on future plans for extending the framework, at least in the conclusion”

Response:

Thank you for your observation. In response, we have clarified our future plans in Section 6 of the revised manuscript. We now explicitly mention that the current framework focuses on FDI attacks and outline our intention to extend it to cover other types of cyber threats such as denial-of-service, spoofing, and replay attacks. This addition addresses your suggestion and clarifies the planned direction of our work.

 

Reviewer Comment 2

Automation of response. The discussion on possible automatic integration into decision-making systems is minimal”

Response:

More details about the automation of the response and integration are being added to section 4.4. Attack Response and Recommendation. The following information is added in the updated version of the paper:

The pfSense firewall rules can be managed and updated using its REST API, which helps in creating and automating new firewall rules and updating existing rules. In the case of energy use, this automation is achieved through the REST API of the firewall. The proposed system sends alert messages to the Kafka topics. A Kafka consumer constantly reads these messages from the Kafka topics, and based on the recommended actions, it triggers the pfSense API to block the offending IP addresses or perform the traffic filtering. The authenticity of communication can also be enforced by defining policies based on MAC/IP-based communications. Network allow listing can be done through a list of whitelisted IP addresses.  When the system detects a malicious IP address attempting to inject false data, an alert is sent to Kafka. From there, the consumer will trigger the firewall API to block that IP address, thereby minimizing the damage caused by the adversary.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

- The contributions should be clearly separated and more concisely presented in bullet format ‎early in the paper. 
- The paper should include a discussion on both its significance and limitations. 
- At the end of the related work section, the authors are advised to incorporate a detailed ‎table summarizing the methods used, key outcomes, and limitations of previous studies. 
‎- Incorporating relevant and recent academic sources in the related works could ‎strengthen your paper's validity and give readers more context and background. ‎‎ 
- The authors should carefully proofread the paper to improve its readability and address ‎‎formatting issues throughout the paper. ‎
‎- Update the references section to include articles from 2024-2025.‎
- The results section is underdeveloped and would benefit from the inclusion of more ‎evaluation metrics to strengthen the credibility of the findings. 
- The Results Discussion is brief and could be expanded as it is the basis of the ‎contribution of this article.‎

Author Response

Dear Reviewer,

We appreciate your detailed and constructive comments, which have allowed us to improve the quality of our manuscript significantly. Below, we present our point-by-point responses to the eight additional comments you provided. All modifications have been incorporated into the revised manuscript accordingly.

 

Reviewer Comment 1

“The contributions should be clearly separated and more concisely presented in bullet format ‎early in the paper”

Response:

Thank you for the comment. To clearly highlight the main contributions of the paper, we have added at the end of the Introduction section a concise bullet-point list summarizing our main contributions.

 

 

Reviewer Comment 2

“The paper should include a discussion on both its significance and limitations”
Response:

Thank you for your comment. We’ve revised the manuscript to include a brief discussion covering both the significance and limitations of our work. In Section 5, we highlight the practical value of the framework, especially in real-world environments with limited resources. In Section 6, we note that the current version focuses mainly on FDI attacks and mention that future work will address other types of threats. We hope these updates meet your suggestion and make the paper clearer.

 

 

Reviewer Comment 3

“At the end of the related work section, the authors are advised to incorporate a detailed ‎table summarizing the methods used, key outcomes, and limitations of previous studies”

Response:

Thank you for the valuable suggestion. In response, we have added a comprehensive table at the end of the Related Work section. This table summarizes the key aspects of previous studies, including the application scenarios, types of attacks addressed, machine learning or deep learning models employed, key outcomes, and any noted limitations. We believe this addition improves the clarity and completeness of the comparative analysis.

 

 

Reviewer Comment 4

“Incorporating relevant and recent academic sources in the related works could ‎strengthen your paper's validity and give readers more context and background‎‎ ”
Response:

Thank you for the insightful suggestion. In response, we have added a new reference from 2025 “). Real-time implementation of IoT-enabled cyberattack detection system in advanced metering infrastructure using machine learning technique”. This reference complements the recent related works and strengthens the validity and relevance of the Related Works section.

 

 

Reviewer Comment 5

“The authors should carefully proofread the paper to improve its readability and address ‎‎formatting issues throughout the paper.‎”

Response:

Thank you for your helpful comment. We revised the manuscript to improve its readability. We corrected grammatical errors, rephrased unclear sentences, and refined the text's flow. We also addressed formatting issues. These changes have made the paper clearer and easier to read.

 

 

Reviewer Comment 6

‎“Update the references section to include articles from 2024-2025.‎ ”

Response:

Thank you for your feedback. The References section has been updated and it includes several recent articles published in 2024 and 2025, ensuring that the manuscript reflects the latest advancements in the field.

 

 

Reviewer Comment 7

“The results section is underdeveloped and would benefit from the inclusion of more ‎evaluation metrics to strengthen the credibility of the findings.”

Response:

Thank you for this valuable observation. We have expanded Section 5 to include additional evaluation metrics (MAPE, Relative MAE, MAE, and MSE) reported across multiple sensors in Table 4. We also added Figures 7 and 8 to visually illustrate the forecasting performance and anomaly detection process.

As the system operates without predefined labels, we clarified that classification metrics (e.g., precision, recall) were not applicable. Instead, we rely on prediction errors and statistical thresholds to assess anomalies. We believe this strengthens the evaluation and addresses the reviewer’s concern.

 

 

 

Reviewer Comment 8

“The Results Discussion is brief and could be expanded as it is the basis of the ‎contribution of this article.‎”

Response:

We appreciate this valuable observation. In the revised manuscript, we have expanded the final part of Section 5 (Results and Evaluation) to provide a more in-depth discussion of the findings and their implications. Specifically, we added a concluding paragraph that analyzes the strengths and trade-offs of the proposed framework in light of the reported results. This expanded analysis reinforces the credibility and relevance of our contribution, as requested, by directly connecting the empirical results with the overall value of the proposed framework in the context of cybersecurity for critical energy infrastructures.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The authors addressed my concerns.

Author Response

Dear reviewer,

Thanks for your final comments.

Sincerely,

Eva Rodriguez

On behalf of all co-authors

 

Round 3

Reviewer 2 Report

Comments and Suggestions for Authors

There is some room for improvement. When you do these, it will become ‎acceptable.‎‎
- The abstract (what you are going to do) & conclusions (what you have done) are ‎not sharp, rewrite it.
- I think, the similar work has been done by many people, which has to be referenced, ‎i.e., the base papers from where the work has started has to be written (The base ‎paper is not mentioned or cited).
- I would like to see your paper in table 1 compared with the papers in the table.

- There is lot of spelling mistakes & grammatical errors, which has to be corrected ‎using spell check & by other means such as Grammarly check.

Author Response

Dear Reviewer,

We appreciate your detailed and constructive comments, which have allowed us to improve the quality of our manuscript significantly. Below, we present our point-by-point responses to the four additional comments you provided. All modifications have been incorporated into the revised manuscript accordingly.

 

Reviewer Comment 1

“The abstract (what you are going to do) & conclusions (what you have done) are not sharp, rewrite it”

 

Response:

Thank you for your helpful comment. We have revised both the abstract and the conclusions to make them more focused and concise. We believe this improves the clarity and impact of the manuscript.

 

Reviewer Comment 2

“I think, the similar work has been done by many people, which has to be referenced, ‎i.e., the base papers from where the work has started has to be written (The base ‎paper is not mentioned or cited).”

Response:

We appreciate this valuable observation. We have added references to key base papers, including foundational works such as Malhotra et al. on LSTM-based anomaly detection and Liu et al. on false data injection attacks in smart grids, to better contextualize our contribution.

 

Reviewer Comment 3

“I would like to see your paper in table 1 compared with the papers in the table.”

 

Response:

Thank you for your helpful comment. We have included our work in the comparison table and provided a detailed discussion comparing our approach with existing state-of-the-art methods in Section 2.

 

Reviewer Comment 4

“There is lot of spelling mistakes & grammatical errors, which has to be corrected ‎using spell check & by other means such as Grammarly check.”

Response:

Thank you for your comment. We carefully revised the entire manuscript for spelling and grammar using Grammarly and manual proofreading. Typos, grammatical inconsistencies, and style issues were corrected to ensure the text meets academic writing standards.

 

 

 

 

 

 

We hope the revised manuscript addresses all your concerns satisfactorily. Thank you once again for your time and valuable feedback.

 

Sincerely,

Eva Rodriguez

On behalf of all co-authors

 

Author Response File: Author Response.pdf

Back to TopTop