Next Article in Journal
Addressing the Cybersecurity Skills Shortage in Lithuania: Policy Insights from the United Kingdom
Previous Article in Journal
Securing Generative AI Systems: Threat-Centric Architectures and the Impact of Divergent EU–US Governance Regimes
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JCP
Volume 6
Issue 1
10.3390/jcp6010028
Review Report
jcp-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

cyberSPADE: A Hierarchical Multi-Agent Architecture for Coordinated Cyberdefense

J. Cybersecur. Priv. 2026, 6(1), 28; https://doi.org/10.3390/jcp6010028
by Lucía Alba Torres 1,*, Miguel Rebollo 1, Javier Palanca 1 and Mario Aragonés Lozano 2
Reviewer 1: Anonymous
Reviewer 3: Anonymous
J. Cybersecur. Priv. 2026, 6(1), 28; https://doi.org/10.3390/jcp6010028
Submission received: 20 December 2025 / Revised: 31 January 2026 / Accepted: 2 February 2026 / Published: 8 February 2026
(This article belongs to the Section Security Engineering & Applications)

Round 1

Reviewer 1 Report

 This paper proposes a hierarchical multi-agent architecture for autonomous cyberdefense that addresses these limitations through structured inter-agent communication and distributed coordination.  Their findings provide initial evidence that communication-centric multi-agent architectures can significantly improve operational efficiency while enabling sophisticated coordination for adaptive cyberdefense scenarios.  It is suggested that the author modify Figures 1~3 into color images to enhance clarity. In addition, the authors should briefly introduce the key insights in these figures in their captions.

(1) It is suggested that the author modify Figures 1~3 into color images to enhance clarity.

(2)In addition, the authors should briefly introduce the key insights in these figures in their captions.

Author Response

Please see the attachment.

 

Author Response File: Author Response.pdf

Reviewer 2 Report

The English could be improved to more clearly express the research.

 

Minor issues include occasional overly long sentences and dense technical phrasing that may affect readability in some sections, particularly in the background and architecture descriptions.

Need review on Methods, The research design is appropriate and logically aligned with the research objectives. The architectural design, and communication protocols are described in substantial detail. However, certain methodological choices such as concurrency limits, scan-agent partitioning thresholds, and vulnerability database selection are not fully justified, which may affect reproducibility and interpretability of performance results.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Authors worked on a Smart Python Agent Development Environment to enhance transparency in security and cyberdefense. While commending authors efforts 1) Authors may want to redesign the architecture such that the conventional traditional detection framework could be easily compared with thier own architecture for better comparison of effectiveness and novelty


2) Authors architecture presented in Figure seems to have limited information in line with the topic especially at the missing layers labels

3) Excerpt of experimental results, details and performance are missing in the abstract section

4) Considering the evaluated system in Table 6. A simple benchmark of total detection time in traditional detection framework will go a long way to improve the quality of work done. This might be linked to enhance Figure 4 graphical presentation for clarity. 

5) Table 7 could be improved to include category/nature of scanned agents used for testing. 

6) Overall improvement on language and grammar construction need to be checked and more updated literature will be a good idea. 

 

Authors worked on a Smart Python Agent Development Environment to enhance transparency in security and cyberdefense. While commending authors efforts 1) Authors may want to redesign the architecture such that the conventional traditional detection framework could be easily compared with thier own architecture for better comparison of effectiveness and novelty


2) Authors architecture presented in Figure seems to have limited information in line with the topic especially at the missing layers labels

3) Excerpt of experimental results, details and performance are missing in the abstract section

4) Considering the evaluated system in Table 6. A simple benchmark of total detection time in traditional detection framework will go a long way to improve the quality of work done. This might be linked to enhance Figure 4 graphical presentation for clarity. 

5) Table 7 could be improved to include category/nature of scanned agents used for testing. 

6) Overall improvement on language and grammar construction need to be checked and more updated literature will be a good idea. 

 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 4 Report

Summary: Currently deployed multi-agent platforms for cyber-defense are limited with respect to real-time coordination and communication. This paper proposes a hierarchical multi-agent architecture for inter-agent communication and distributed defenses.

The architecture includes 1) a supervisor host that handles the strategic reasoning for system-wide deployment (monitor agent), and 2) an operational host that deploys local worker agents based on need (deployer agent). The architecture consists of various swarms based on need, including network/host defender, anomaly defender, forensic, and recovery swarms. These swarms have distinct purposes and operate based on commands from the monitor agent. This communication is also secured by establishing a secure channel.

The authors implement XMPP-based communication based on the aforementioned architecture and compare a network scanning agent against the monolithic Nmap tool. The network defender swarm substantially improves the detection time for port scanning compared to monolithic Nmap deployment in a localhost environment.

 

Comments:

The paper is well-written, and all components (supervisor, host agents, and various swarms) are clearly described. The authors also discuss the current research trajectory and motivate their work effectively.

However, the paper's main contribution, which appears to be a new XMPP-based communication protocol, requires a more in-depth explanation than existing work such as SPADE. Overall, the paper reads as an engineering effort and seems to be lacking scientific novelty. The authors could improve novelty by developing new detection methodologies and then implementing them with the proposed swarm. They could also frame this paper as a very specific testbed development, which would require them to compare their framework with those discussed in Table 1 in their experimental results. In its current state, the paper needs more scientific novelty.

Furthermore, the current experiments are lacking. Comparing distributed deployment with monolithic Nmap does not adequately demonstrate the improvements of the proposed communication protocol. Instead, comparing against actual distributed cyber-defense works in the literature on actual multi-VM deployments would provide more representative results.

The paper needs more scientific novelty as explained in major comments.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 4 Report

I thank the authors for revising the manuscript. The work is acceptable as an experiment framework/testbed. There is a need to add more discussion in Section 7.3 which clearly explains how the proposed work is comparable to existing work. This is currently missing in the manuscript.

Explained in major comments.

Author Response

We thank the reviewer for this comment. Section 7.3 has been substantially expanded to provide a clearer and more explicit discussion of how the proposed framework compares with existing multi-agent and distributed agent platforms from the literature.

Back to TopTop