Towards Intelligent Threat Detection in 6G Networks Using Deep Autoencoders
Round 1
Reviewer 1 Report (Previous Reviewer 1)
Comments and Suggestions for AuthorsThank you for the revision and response. While the manuscript has improved, the following key issues still require further clarification:
1. Insufficient explanation of originality. The system’s lightweight design is noted, but the overall DAE-based architecture remains similar to existing work. The authors should clearly state what is novel, such as in network structure, feature processing, or training strategy.
2. Lack of detail in comparisons with advanced models. Table 8 adds CNN-LSTM and Transformer results, but without structural or training details. This limits the fairness and transparency of the comparisons.
3. Weak connection to practical 6G application. Although 6G-related modules like IRS and MEC are mentioned, the experiments rely on older datasets. The authors should discuss how the method could be adapted to realistic or simulated 6G environments.
Author Response
Thank you for the revision and response. While the manuscript has improved, the following key issues still require further clarification:
- Insufficient explanation of originality. The system’s lightweight design is noted, but the overall DAE-based architecture remains similar to existing work. The authors should clearly state what is novel, such as in network structure, feature processing, or training strategy.
Response: Thank you for your insightful observation. We have addressed this point by explicitly clarifying the originality of our work in the revised manuscript. While our system leverages a deep autoencoder (DAE), its novelty lies in three main aspects: (1) a lightweight and empirically optimized DAE structure specifically tailored for high-dimensional 6G traffic data; (2) a hybrid feature processing pipeline that combines statistical analysis with DAE-extracted latent features to enhance detection precision; and (3) a two-phase training strategy unsupervised pretraining followed by supervised fine-tuning with early stopping which improves generalization and reduces overfitting on imbalanced traffic classes. These contributions distinguish our approach from conventional DAE-based IDS frameworks.
Please note that the explanation above was briefly clarified (within the paper) in response to the other reviewer’s comments.
- Lack of detail in comparisons with advanced models. Table 8 adds CNN-LSTM and Transformer results, but without structural or training details. This limits the fairness and transparency of the comparisons.
Response: We have added two relevant references, i.e., Bamber et al. (2024) and Altunay & Albayrak (2022) [33 and 32]—and included detailed information regarding their model architectures, feature selection techniques, and evaluation metrics in Table 8 to enhance the clarity, fairness, and transparency of the comparisons.
- Weak connection to practical 6G application. Although 6G-related modules like IRS and MEC are mentioned, the experiments rely on older datasets. The authors should discuss how the method could be adapted to realistic or simulated 6G environments.
Response: We appreciate the reviewer’s thoughtful comment. Due to the scarcity of 6G resources, the practical implications of 6G are still under consideration (anticipations/expectations).
While the current experimental validation uses the CSE-CIC-IDS2018 dataset due to the limited availability of publicly labeled 6G-specific datasets (or standardized simulators) available to apply. We agree that bridging the gap to practical 6G scenarios is essential (to the best of the authors’ knowledge). To address this, we have added a discussion in the revised manuscript explaining how our proposed system can be adapted to realistic 6G environments. Specifically, the lightweight DAE architecture is well-suited for deployment at the network edge, including in MEC-enabled base stations. Its modular design allows integration with IRS-assisted communication frameworks by processing real-time, high-frequency data streams. Furthermore, the training strategy is compatible with evolving datasets and can be retrained incrementally as 6G traffic profiles emerge, making the system scalable and upgradable for next-generation applications.
The authors suggest a part of the 6G expected environmental scenarios. Furthermore, more thorough (e.g., real-time based) studies are planned as future directions.
Reviewer 2 Report (Previous Reviewer 3)
Comments and Suggestions for AuthorsThe paper is now acceptable for publication, most of my recommendations have been accepted and implemented in the manuscript.
Author Response
Thank you for your valuable improvements
Reviewer 3 Report (Previous Reviewer 4)
Comments and Suggestions for Authors1- The abstract does not explain why two deep autoencoders are used or how they differ from a single autoencoder. It mentions “machine learning theory” in vague terms.
2- The abstract does not clearly state what is new in the approach compared to prior work.
3- The title says “deep autoencoders”, but the abstract only mentions “a deep autoencoder (DAE).”
4- In the introduction: While the authors list contributions, it still feels generic: What exactly is innovative about the proposed IDS compared to other deep learning IDS frameworks published recently? How does using two DAEs differ from prior works?
5- While this background gives context, the authors don’t link it explicitly to: -Why deep autoencoders are necessary. -Why the CSE_CIC_IDS18 dataset was selected over CIC-IDS2017. - How your approach is better suited to 6G.
6- Section 4 includes some in inconsistent notation. For example, Algorithm 2: The authors write: “note: MLP and AE designs have the same structure.” But later, the authors say MLP uses supervised training only. - They define “DA” as Discriminant Analysis, but in other places they use “DA” for Deep Autoencoder. – The authors mix inconsistent hyperparameter notation: Wi, K, s, etc.
7- In Section 5:
Equation 13 should be: Precision = TP/(TP + FP)
Equation 14 (Detection Rate) is commonly called Recall; should be: Recall = TP/(TP + FN)
Equation (15) is wrong in notation: F1-Score= 2*(P*DR)/P*DR ; this simplifies incorrectly to 2.
Equation (15) should be: 2(Precision x Recall)/(Precision + Recall)
Comments on the Quality of English Language
Language Comments:
1- Several sentences are long, overly complex, or redundant: "The primary driving force behind upgrades of 6G is inherently integrated smart automations accompanying future communication systems, combined with emerging techniques (e.g., new networks) and artificial intelligence (AI)-based systems."
2- There are awkward constructions and missing articles: "6G-AI combination may contain potential disadvantages..." Better: "The combination of 6G and AI may have potential disadvantages...")
3- Many sentences are ungrammatical or awkward. Examples: "There is a critical need came into demand for AI-driven, self-adaptive IDS..." Better: "There is a critical need for AI-driven, self-adaptive IDS..."
4- In Section 4, many sentences are long, meandering, and hard to follow, e.g.: "Given that many modern IDSs rely on anomaly detection and employ six ML and DL (i.e., AE, and MLP) algorithms to identify anticipated data, several practical tools were developed previously."
Author Response
1. The abstract does not explain why two deep autoencoders are used or how they differ from a single autoencoder. It mentions “machine learning theory” in vague terms.
2. The abstract does not clearly state what is new in the approach compared to prior work.
Response (1 to 2): Done, thank you for your valuable feedback. We have revised the abstract to explicitly highlight the novelty of our proposed approach compared to prior work. Specifically, we clarified the use of a single deep autoencoder (DAE) integrated with statistical feature analysis to enhance detection performance in 6G scenarios, emphasizing its upgradability, adaptability to high-dimensional traffic, and superiority over existing ML/DL models.
3. The title says “deep autoencoders”, but the abstract only mentions “a deep autoencoder (DAE).”
Response: Following the review process, we have also revised the title to:
“Towards Intelligent Threat Detection in 6G Networks Using Deep Autoencoder”
4. In the introduction, while the authors list contributions, it still feels generic: What exactly is innovative about the proposed IDS compared to other deep learning IDS frameworks published recently? How does using two DAEs differ from prior works?
Response: Thank you for this valuable observation. We clarify that the proposed intrusion detection system is based on a single Deep Autoencoder (DAE) architecture, not two. The novelty of our work lies in how the DAE is optimized and tailored for 6G network environments, focusing on dimensionality reduction and reconstruction error to enhance anomaly detection capabilities. Unlike conventional models that may use shallow architectures or require manual feature engineering, our approach employs deep, unsupervised learning to automatically extract and encode essential patterns in high-dimensional network traffic data. This enables the system to detect both known and emerging threats, including subtle or low-frequency attacks. We have revised the introduction to better emphasize these points and clearly distinguish our method from previous deep learning-based IDS solutions.
5. While this background gives context, the authors don’t link it explicitly to: -Why deep autoencoders are necessary. -Why the CSE_CIC_IDS18 dataset was selected over CIC-IDS2017. - How your approach is better suited to 6G.
Response: We appreciate the reviewer’s insightful observation and have enhanced the manuscript to explicitly address these points.
- Necessity of Deep Autoencoders:
Deep Autoencoders (DAEs) are particularly well-suited for intrusion detection in complex environments like 6G because they effectively capture the underlying structure of high-dimensional and heterogeneous network data without requiring labeled examples. Unlike traditional machine learning methods that depend heavily on feature engineering and labeled datasets, DAEs leverage unsupervised representation learning to detect subtle anomalies by minimizing reconstruction error. This capability is crucial for identifying both known and novel attacks, including zero-day threats, which are increasingly prevalent in dynamic and rapidly evolving 6G networks.
- Selection of the CSE_CIC_IDS18 Dataset:
The CSE_CIC_IDS18 dataset was chosen over CIC-IDS2017 due to its enhanced comprehensiveness and data quality. It incorporates more recent attack scenarios reflective of modern threats, provides a larger volume of samples with a wider variety of attack types, and is curated to reduce duplicated and uncertain data entries. Additionally, the dataset includes detailed statistical features collected over forward and backward directions, allowing the model to learn richer representations of network traffic. These characteristics make it a more reliable and relevant benchmark for evaluating intrusion detection systems designed for next-generation networks like 6G.
- Suitability of the Proposed Approach for 6G:
The proposed deep autoencoder-based IDS aligns well with the distinctive challenges of 6G, including ultra-dense connectivity, high data throughput, and diverse service requirements. Its unsupervised learning nature allows it to adapt to evolving attack patterns without the constant need for labeled data retraining. Furthermore, the model’s architecture supports efficient dimensionality reduction, enabling faster processing suitable for real-time monitoring in 6G environments where latency and computational efficiency are critical. By focusing on anomaly detection through reconstruction errors, the system maintains robustness against the heterogeneous and complex data characteristic of 6G traffic flows.
These clarifications have been incorporated into the revised background section to strengthen the logical connection between the context, methodology, and dataset selection.
6. Section 4 includes some in inconsistent notation. For example, Algorithm 2: The authors write: “note: MLP and AE designs have the same structure.” But later, the authors say MLP uses supervised training only. - They define “DA” as Discriminant Analysis, but in other places, they use “DA” for Deep Autoencoder. – The authors mix inconsistent hyperparameter notation: Wi, K, s, etc.
Response: We appreciate the reviewer’s careful reading and constructive feedback. To address these concerns, we have removed the ambiguity between the Deep Autoencoder and Discriminant Analysis by clearly using the term “DAE” exclusively for Deep Autoencoder and “DA” only for Discriminant Analysis (either Linear or Quadratic).
The statement regarding MLP and DAE having the “same structure” has been clarified. We now explicitly state that while the architectures may share similar layer dimensions, DAE includes an unsupervised pretraining phase, unlike the fully supervised MLP.
We have revised all hyperparameter notations (e.g., weights, bias, learning rate) to ensure consistency across the section. Clear variable names (e.g., W for weights, α for learning rate, etc.) are used uniformly and defined upon first use.
7. In Section 5:
Equation 13 should be: Precision = TP/(TP + FP)
Equation 14 (Detection Rate) is commonly called Recall; should be: Recall = TP/(TP + FN)
Equation (15) is wrong in notation: F1-Score= 2*(P*DR)/P*DR ; this simplifies incorrectly to 2.
Equation (15) should be: 2(Precision x Recall)/(Precision + Recall)
Response: Thank you for pointing out the inconsistencies in the metric equations. We acknowledge the misnotation and have corrected Equations (13), (14), and (15) accordingly to reflect the standard definitions of Precision, Recall, and F1-Score. These updates have been incorporated into Section 5 to ensure clarity and mathematical correctness.
Comments on the Quality of English Language Comments:
1. Several sentences are long, overly complex, or redundant:"The primary driving force behind upgrades of 6G is inherently integrated smart automations accompanying future communication systems, combined with emerging techniques (e.g., new networks) and artificial intelligence (AI)-based systems."
Response: Thank you for pointing this out. It was revised to improve clarity and conciseness.
2. There are awkward constructions and missing articles: "6G-AI combination may contain potential disadvantages..." Better: "The combination of 6G and AI may have potential disadvantages...")
3. Many sentences are ungrammatical or awkward. Examples: "There is a critical need came into demand for AI-driven, self-adaptive IDS..." Better: "There is a critical need for AI-driven, self-adaptive IDS..."
Response (2-3): We appreciate the reviewer’s suggestion. They were revised.
4. In Section 4, many sentences are long, meandering, and hard to follow, e.g.: "Given that many modern IDSs rely on anomaly detection and employ six ML and DL (i.e., AE, and MLP) algorithms to identify anticipated data, several practical tools were developed previously."
Response: Thank you for highlighting this issue. It was revised for clarity and conciseness.
Other corrections were made for the entire manuscript.
Round 2
Reviewer 3 Report (Previous Reviewer 4)
Comments and Suggestions for AuthorsI think Equation (16) should be corrected to Accuracy= (Tp+Tn)/(Tp+Fp+ Tn+Fn)
Author Response
Response to Reviewer 3
Comments and Suggestions for Authors
Please note that:
- Some of the comments conflict with those of other reviewers; therefore, they were revised according to the esteemed reviewers' valuable comments.
- The sections mentioned by the reviewer (in the assessment) were revised and improved.
- I think Equation (16) should be corrected to Accuracy = (Tp+Tn)/(Tp+Fp+ Tn+Fn).
Response: I appreciate your observation. We have reviewed Equation (16) and made the necessary corrections as suggested. The updated equation now accurately reflects the standard formula for accuracy:
Accuracy = (Tp + Tn) / (Tp + Fp + Tn + Fn).
This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsThis manuscript proposes an intrusion detection system (IDS) for 6G networks by integrating Deep Autoencoders (DAE) with statistical analysis techniques. While the topic is timely and relevant, the paper currently lacks sufficient originality, comparative rigor, and technical depth. The main concerns are outlined below:
- The proposed use of DAE with the SCE-CIC-IDS2018 dataset and comparison with several conventional classifiers follows a well-trodden path. Similar methodological pipeline like data preprocessing, feature extraction, DAE-based detection, have been widely explored in recent literature. Thus, the work does not offer substantial innovation in either model design or application scope.
- The comparative experiments are limited in scope, focusing mainly on accuracy and F1 scores. Important evaluation metrics such as false positive/negative rates, training time, and model complexity are largely missing. Furthermore, comparisons are made only against conventional ML/DL classifiers, with no benchmarking against more advanced or recent models.
- The description of the experimental setup lacks clarity regarding hyperparameter configurations, regularization methods, number of epochs, and training strategy. Moreover, there is no availability of code or detailed implementation guidance, making the results difficult to reproduce. Including a model diagram, pseudocode, or GitHub repository would significantly enhance transparency.
- The paper does not provide sufficient theoretical support for the superiority of DAE in high-dimensional and imbalanced data scenarios. A more rigorous discussion or analysis, such as error bounds, model capacity considerations, or convergence behavior, would strengthen the scientific merit of the work.
- Several sections of the paper contain repeated or verbose explanations, which detract from readability and reduce overall clarity. The manuscript would benefit from tighter organization and more concise technical writing.
Reviewer 2 Report
Comments and Suggestions for AuthorsThe submitted manuscript is partially relevant to the theme of the special issue – the studied methods are well known and widely applied, even in more complex scenarios. See, e.g., https://doi.org/10.1038/s41598-025-88243-6
The challenge of security 6G networks is of practical importance, and the research question is well formulated. However, it is not properly pursued in the manuscript.
Thus, the link of the study to threat detection in 6G networks is rather thin, if at all existent, and the title and the abstract would mislead prospective readers. My conclusion is based on two main premises:
- The architecture, presented in Figure 3, is general and relevant to any network allowing wireless access, and
- The used dataset CSE-CIC-IDS2018 is well known and widely used in comparative studies, but does not include any of the 6G relevant threats as presented by the authors at the bottom of p. 3 of the manuscript.
Specific remark: The “most recent reference” [27], according to the authors, does not deal with intrusion detection, but other issues in 6G networks.
Comments on the Quality of English LanguageThe use of English is acceptable, but on several occasions the sentence structure and conjugations are too clumsy. Examples:
- “6G network components will critically require to be thoroughly tested to identify and mitigate potential weaknesses that malicious activists might exploit. Hence, the impactful complexity of security procedures critically matters.” (lines 38-40)
- “restricted computing complexity” (line 59)
- “procedural time” (line 67)
Reviewer 3 Report
Comments and Suggestions for AuthorsThis paper addresses the development of an intrusion detection system (IDS) for future 6G networks using deep autoencoders (DAE). The topic is timely and relevant given the growing security challenges in next generation wireless communication systems. The paper uses a modern dataset and combines traditional data processing methods with deep learning, providing a detailed experimental approach and comparison with alternative models.
Positive aspects of the work include a well defined methodology, the use of relevant evaluation metrics, and achieved results (accuracy up to 86%, AUC 0.91) that demonstrate the superiority of the proposed solution compared to other models.
However, the paper has several weaknesses that should be addressed before publication:
- Careful proofreading and editing are needed to eliminate grammatical and stylistic errors.
- A more detailed explanation of statistical validation is missing (e.g., use of k-fold crossvalidation).
- Terminological inconsistency (DAE/AE) may confuse the reader.
- The original scientific contribution in relation to previous work should be more clearly highlighted.
The conclusion is properly formulated, but it would be helpful to include more specific directions for future work, such as real world deployment and testing on other contemporary datasets.
Reviewer 4 Report
Comments and Suggestions for Authors1- The abstract mentions statistical analysis, ML optimization, and deep autoencoders, but doesn’t explain how they are combined or the role each plays in the system pipeline.
2- In the abstract: Phrases like “foreseen challenges”, “modern 6G-structured networks”, and “intelligent DL techniques” are non-specific and overgeneralized.
3- The abstract is flawed by weak justification of novelty; claims like “upgradeable IDS” and “improves performance” are made without clarifying what is new or how it is different from state-of-the-art approaches.
4- In the Introduction, references are mentioned ([1–4], [5–11]) without contextualizing what each group of citations supports.
5- In Section 2, the claim that “this work attains exceptional performance” is not supported with direct evidence or fair comparison in the text (especially given your system reaches 86% vs. others >95%).
6- In Section 3, citations are missing; for example, the claim about THz, IRS, etc., increasing the attack surface in 6G could use stronger referencing beyond "[25]".
7- In Section 4, Min-max normalization equation is incorrect; should be: x’=(x – x_min)/(x_max- x_min)
8- In Section 4, Why features with >80% zeros are excluded: explain rationale (sparsity, lack of significance).
9- In Section 5, Equation formatting and definitions are unclear or incorrect in places. Equations (13) and (14) are incorrect.
10- Section 5 doesn’t include actual results (e.g., numeric values of accuracy, DR, etc.).
11- In Section 5, no discussion on why DAE is chosen over others or how its performance differs across classes.
12- In Section 6, the authors state DAE achieves "best average F1-score of 82%" but earlier show F1-scores for different classes with higher or lower values. The averaging method is unclear.
13- In Section 6, ROC is explained only in the binary context. No ROC or AUC metrics are shown for multi-class classification.
Comments on the Quality of English Language1- The abstract is flawed by poor grammar and inconsistent style; sentence fragments (“That encompasses dealing with various threats…”), tense inconsistencies (“This paper introduced…”), and repeated transitions (“Hence… Thus…”) make the abstract stylistically weak.
2- In the Introduction, Grammatical Errors such as “6G network components will critically require to be thoroughly tested” (incorrect structure) and inconsistent use of passive voice.
3- In section 2, many sentences are grammatically incorrect or awkward (e.g., "Besides, it took a long time in the training part"; "That model achieved high performance...").
4- In section 2, Acronyms like “FS” (feature selection) and “IDSS” are not consistently introduced or explained.
5- In Section 2, Several sentences are grammatically incorrect or overly wordy. Phrasing such as "a critical need came into demand" should be corrected to "there is a critical need."
6- In Section 3, descriptions of datasets like KDD_Cup99 and NSL_KDD are overly verbose and repeat known information.
7- In Section 4, Frequent misuse of grammar and punctuation impairs readability. Example: Original: “System accuracy is significantly affected by the unbalanced dataset…”; Better: “System accuracy is significantly influenced by class imbalance in the dataset…
8- In Section 4, avoid informal expressions like “Do the following,” and replace with formal alternatives like “Apply the following steps.”
9- In Section 6, Some wording is informal or unclear (e.g., "AE-driven classifier excels with other approaches"; "reaches 86% accuracy" without context).
