Next Article in Journal
Prototype Design for Irradiance Estimation Using Closed-Form Models and an Optimized MPPT IC Algorithm
Next Article in Special Issue
Detection of Critical Links for Improving Network Resilience
Previous Article in Journal
F2SOD: A Federated Few-Shot Object Detection
Previous Article in Special Issue
Advanced Network and System Security Teaching
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 8
10.3390/electronics14081653
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Detection of TCP and MQTT-Based DoS/DDoS Attacks on MUD IoT Networks

Electronics 2025, 14(8), 1653; https://doi.org/10.3390/electronics14081653
by Nut Aroon *, Luke Kane, Vicky Liu and Yuefeng Li
Reviewer 1: Anonymous
Reviewer 2: Anonymous
Reviewer 3: Anonymous
Electronics 2025, 14(8), 1653; https://doi.org/10.3390/electronics14081653
Submission received: 21 March 2025 / Revised: 15 April 2025 / Accepted: 17 April 2025 / Published: 19 April 2025
(This article belongs to the Special Issue Network and Information Security)

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The paper is well-written with high quality and well-organized. The topic is of great value to researchers and engineers in IoT-based applications. However, I have the following concerns about the paper and questions for the authors:

(1) The authors are encouraged to evaluate the proposed method on well-known IoT datasets. More comprehensive evaluation results are supportive of the effectiveness and correctness of the designed method.

(2) The testbed is too simple to represent real IoT applications, especially when authors aim to detect DoS/DDoS attacks that typically involve thousands of sensors or terminal devices.

(3) Two threshold values, including the detection of TCP-based DoS/DDoS attacks against ‘max_packet’, and the detection of MQTT CONNECT attack against ‘min_time’, should be fully evaluated in experiments. More discussions would be helpful to understand more advanced DoS/DDoS attacks in IoT.

Author Response

We would like to thank you for your suggestion on journal revision. The response list for each suggestion is in the attached file.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The manuscript discusses the MUD-based Internet of Things network security protection mechanism. Based on the technical limitations of MUD standards, this paper systematically analyzes the security threats faced by TCP and MQTT protocols in the Internet of Things environment, focuses on the innovative design of network Behavior Analysis (NBA) system, including core modules such as session grouping algorithm and dynamic threshold detection technology, and evaluates the detection performance of the system against various DoS/DDoS attacks in detail. In general, the manuscript has a good structure, is easy to understand, and the research ideas are clear. The research results can provide important technical support for improving the level of Internet of Things network security protection, and help to promote the improvement and optimization of the Internet of Things security system.

 

  1. Specific terms in the manuscript (such as "NBA system "and "EPA framework") were not given clear definitions or background descriptions when they first appeared, making it difficult to understand their specific connotations and their correlation with MUD accurately. To further improve the academic rigor and readability of the manuscript, it is suggested that the author define and explain the proper nouns in the introduction.
  2. The experimental part of the manuscript is only completed in the test environment, without considering the interference factors in the real scene. It is suggested that the author further explore the practical application scenarios, analyze the challenges that the algorithm proposed by the author may encounter in the real environment, and provide corresponding solutions.
  3. In the conclusion part, the author only mentions that future research will expand support for UDP protocol, but other improvement directions are unclear. It is suggested that the author appropriately add future key research directions and point out to improve the prospectivity of the manuscript.
  4. Although the language part of the manuscript is detailed, it may be better to display some contents in the form of pictures. For example, in "5. Evaluation", the evaluation results are displayed in the form of bar charts, line charts or pie charts to provide clearer visual evidence.
  5. Some of the references in the manuscript are relatively old, so it is suggested that the author should strengthen the follow-up of the latest relevant research progress and results, and increase the number of references in the past three years.

Author Response

We would like to thank you for your suggestion on journal revision. The response list for each suggestion is in the attached file.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

The paper is overall well-written and organized and addresses an interesting topic. I have a few suggestions to improve the quality of the paper before publication:
-The main observation is in section 5.2 Detection accuracy evaluation: why did authors decide not to use standard metrics, such as false positive/negative rates, sensitivity/specificity etc? Could authors also provide these metrics?
- Section 2.1.1 Overview of MUD could be a little longer, since it's a vertical topic, and readers may not know the functioning.
- Actually, depending on the risk assessment, cybersecurity monitoring may be not needed for the specific application, and an Access Control List such as in the MUD may be enough. Take for example an IoT use case such as in DOI 10.1109/ACCESS.2024.3492316. While this does not affect the contribution of the paper, I think a discussion on this point would enhance the quality of the paper.

Author Response

We would like to thank you for your suggestion on journal revision. The response list for each suggestion is in the attached file.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

     Thank you very much for the revisions that are carefully provided. I have no further questions about this paper and suggest the paper be accepted as it is. The contributions of this paper are helpful to the development of security in IoT. 

Author Response

Thank you for your kind response.

Reviewer 2 Report

Comments and Suggestions for Authors

The size and font of the pictures in the manuscript part should be consistent. The size and font in Figure 5 and Figure 6 should be consistent with other pictures. Please thoroughly check the formatting requirements of all images in the manuscript and make any necessary adjustments.

Comments for author File: Comments.pdf

Author Response

Thank you for your kind response. I have changed the font type and size of every figure in the manuscript to be more consistent.

Reviewer 3 Report

Comments and Suggestions for Authors

The authors addressed my concerns. I have no further comments.

Author Response

Thank you for your kind response.

Back to TopTop