Using Feature Selection Enhancement to Evaluate Attack Detection in the Internet of Things Environment

Round 1

Reviewer 1 Report

1.    Feature selection is a technique strongly linked to supervised classification machine learning. Therefore, the authors should emphasize the supervised classification machine learning technique much more in both the Abstract and the Introduction, as long as this is the automated learning technique to evaluate attack detection in 2 the Internet of Things environment.

2.    There is no reference to Figure 1 in the Introduction section.

3.    I think the Related Works or Background section should be improved, discussing much more the state of the art of Intrusion Detection System (IDS) based on machine learning techniques.

4.    I think the Related Works section is a little confusing. Perhaps it would be worth dividing it into subsections, each addressing key aspects of the background, such as Internet of Things, Intrusion Detection System based on Machine Learning Techniques, and Feature Selection Techniques. This last technique should be much more emphasized and explained in the work.

5.    In section 3. Proposed Methodology, phase C. Feature Selection Stage, the expressions or formulas of the metrics or measures used in the Filter, Wrapper, and Embedded methods should be provided, since this entire section tends to be too theoretical.

6.    The methodological approach proposed in section 3. Proposed Methodology constitutes the steps or activities that are commonly executed in data mining tasks, during the data preparation and cleaning phase. On the other hand, the Filter, Wrapper, and Embedded methods have been widely disseminated in the specialized literature as appropriate techniques for feature selection. Therefore, the authors should justify what is the novelty of the proposed work, beyond the use of data mining and feature selection techniques that are widely used and widespread.

7.    The machine learning model on which the Intrusion Detection System is based must be presented and discussed. This aspect is poorly treated in the work.

8.    I think that in section 4. Experimental Results and Discussion, the following opening paragraph is typical of the Material and Method section and not of this section titled "Experimental Results and Discussion":

"This paper introduces an improved feature selection methodology aimed at achieving high accuracy while utilizing a reduced number of features. The focus on a lower feature count is particularly relevant for wireless networks, which often have resource constraints. In this section, we present a hybrid feature selection approach designed to enhance the performance of intrusion detection system (IDS) classification..."

9.    Likewise, the description of the Insdn Dataset should be part of the Material and Method section.

10. The Results and Discussion section is poor, the confusion matrices produced by the machine learning models used in the Intrusion Detection System should be provided and discussed.

11. On page 9, Table 1. Distribution of the Samples Insdn Dataset, does not really correspond to the INSND dataset described in the preceding paragraph, since it is described exactly as:

“The dataset consists of a total of 343,889 data records with 84 features. Of these, 127,828 records correspond to ordinary traffic, while 216,061 records correspond to attack traffic…”

I wonder, shouldn't instances that correspond to ordinary traffic represent a class?

12. It is not clear on page 10 how performance evaluation metrics, commonly used for 2x2 confusion matrices, are applied to a 6x6 or 7x7 confusion matrix, in the latter case considering ordinary traffic as a class. The definition of True Positive, False Positive, True Negative, and False Negative does not allow us to understand which classes (according to their acronym in Table 1) are being taken into consideration, which generates a lot of confusion and ambiguity. Shouldn't the "Ordinary Traffic" class have been previously identified?

13. The Samples Insdn dataset is strongly unbalanced, note the poor representation of classes 5 and 6 (minority classes) compared to the strong representation of classes 1 to 4. If this problem is not corrected before generating the machine learning model, the results of the generalization of the model could be very biased or erroneous.

Author Response

Dear Reviewer,

Thank you for your insightful comments and suggestions regarding our Manuscript ID: electronics-2923352. We appreciate the time you have taken to review our work and offer constructive feedback. Kindly check the attached file in which we address each of your comments in detail.

Regards,

Khawlah

Author Response File: Author Response.pdf

Reviewer 2 Report

Cybersecurity in IoT is a true challenge with the continuous spreading of such systems.

Due to their low computational resources, IoT are prone to fall easily victim of cyberattacks.

Use of machine learning algorithms to detect and stop such attacks might be a solution only if a special selection of methods is used at different stages to cope with the limited resources of IoT systems.

The paper takes it into account by a proper selection of the methods in order to obtain a small number of features while maintaining a very high accuracy detection rate of the most common types of cyberattacks.

Still, it is not clear in which conditions the time of 0.8599 seconds in Table 2 was obtained and if these conditions are the same as or similar to those used in related work.

A new section of deployment and monitoring should be added to support the results presented in the paper.

Author Response

Dear Reviewer,

Thank you for your insightful comments and suggestions regarding our Manuscript ID: electronics-2923352. We appreciate the time you have taken to review our work and offer constructive feedback. Kindly check the attached file in which we address each of your comments in detail.

Regards,

Khawlah

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

My comments and observations have been fully addressed by the authors.