Detection of TCP and MQTT-Based DoS/DDoS Attacks on MUD IoT Networks
Round 1
Reviewer 1 Report
Comments and Suggestions for AuthorsThe paper is well-written with high quality and well-organized. The topic is of great value to researchers and engineers in IoT-based applications. However, I have the following concerns about the paper and questions for the authors:
(1) The authors are encouraged to evaluate the proposed method on well-known IoT datasets. More comprehensive evaluation results are supportive of the effectiveness and correctness of the designed method.
(2) The testbed is too simple to represent real IoT applications, especially when authors aim to detect DoS/DDoS attacks that typically involve thousands of sensors or terminal devices.
(3) Two threshold values, including the detection of TCP-based DoS/DDoS attacks against ‘max_packet’, and the detection of MQTT CONNECT attack against ‘min_time’, should be fully evaluated in experiments. More discussions would be helpful to understand more advanced DoS/DDoS attacks in IoT.
Author Response
We would like to thank you for your suggestion on journal revision. The response list for each suggestion is in the attached file.
Author Response File: Author Response.pdf
Reviewer 2 Report
Comments and Suggestions for AuthorsThe manuscript discusses the MUD-based Internet of Things network security protection mechanism. Based on the technical limitations of MUD standards, this paper systematically analyzes the security threats faced by TCP and MQTT protocols in the Internet of Things environment, focuses on the innovative design of network Behavior Analysis (NBA) system, including core modules such as session grouping algorithm and dynamic threshold detection technology, and evaluates the detection performance of the system against various DoS/DDoS attacks in detail. In general, the manuscript has a good structure, is easy to understand, and the research ideas are clear. The research results can provide important technical support for improving the level of Internet of Things network security protection, and help to promote the improvement and optimization of the Internet of Things security system.
- Specific terms in the manuscript (such as "NBA system "and "EPA framework") were not given clear definitions or background descriptions when they first appeared, making it difficult to understand their specific connotations and their correlation with MUD accurately. To further improve the academic rigor and readability of the manuscript, it is suggested that the author define and explain the proper nouns in the introduction.
- The experimental part of the manuscript is only completed in the test environment, without considering the interference factors in the real scene. It is suggested that the author further explore the practical application scenarios, analyze the challenges that the algorithm proposed by the author may encounter in the real environment, and provide corresponding solutions.
- In the conclusion part, the author only mentions that future research will expand support for UDP protocol, but other improvement directions are unclear. It is suggested that the author appropriately add future key research directions and point out to improve the prospectivity of the manuscript.
- Although the language part of the manuscript is detailed, it may be better to display some contents in the form of pictures. For example, in "5. Evaluation", the evaluation results are displayed in the form of bar charts, line charts or pie charts to provide clearer visual evidence.
- Some of the references in the manuscript are relatively old, so it is suggested that the author should strengthen the follow-up of the latest relevant research progress and results, and increase the number of references in the past three years.
Author Response
We would like to thank you for your suggestion on journal revision. The response list for each suggestion is in the attached file.
Author Response File: Author Response.pdf
Reviewer 3 Report
Comments and Suggestions for AuthorsThe paper is overall well-written and organized and addresses an interesting topic. I have a few suggestions to improve the quality of the paper before publication:
-The main observation is in section 5.2 Detection accuracy evaluation: why did authors decide not to use standard metrics, such as false positive/negative rates, sensitivity/specificity etc? Could authors also provide these metrics?
- Section 2.1.1 Overview of MUD could be a little longer, since it's a vertical topic, and readers may not know the functioning.
- Actually, depending on the risk assessment, cybersecurity monitoring may be not needed for the specific application, and an Access Control List such as in the MUD may be enough. Take for example an IoT use case such as in DOI 10.1109/ACCESS.2024.3492316. While this does not affect the contribution of the paper, I think a discussion on this point would enhance the quality of the paper.
Author Response
We would like to thank you for your suggestion on journal revision. The response list for each suggestion is in the attached file.
Author Response File: Author Response.pdf
Round 2
Reviewer 1 Report
Comments and Suggestions for AuthorsThank you very much for the revisions that are carefully provided. I have no further questions about this paper and suggest the paper be accepted as it is. The contributions of this paper are helpful to the development of security in IoT.
Author Response
Thank you for your kind response.
Reviewer 2 Report
Comments and Suggestions for AuthorsThe size and font of the pictures in the manuscript part should be consistent. The size and font in Figure 5 and Figure 6 should be consistent with other pictures. Please thoroughly check the formatting requirements of all images in the manuscript and make any necessary adjustments.
Comments for author File: Comments.pdf
Author Response
Thank you for your kind response. I have changed the font type and size of every figure in the manuscript to be more consistent.
Reviewer 3 Report
Comments and Suggestions for AuthorsThe authors addressed my concerns. I have no further comments.
Author Response
Thank you for your kind response.