PONE-D-24-51339HCAP: Hybridized Cyber Attack Prediction Model to handle the cyber-attacks in the Healthcare ApplicationsPLOS ONE

Dear Dr. Alsayaydeh,

Thank you for submitting your manuscript to PLOS ONE. After careful consideration, we feel that it has merit but does not fully meet PLOS ONE’s publication criteria as it currently stands. Therefore, we invite you to submit a revised version of the manuscript that addresses the points raised during the review process.

Please submit your revised manuscript by Mar 23 2025 11:59PM. If you will need more time than this to complete your revisions, please reply to this message or contact the journal office at plosone@plos.org . When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

Please include the following items when submitting your revised manuscript:

• A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols .

We look forward to receiving your revised manuscript.

Kind regards,

mamoona humayun

Academic Editor

PLOS ONE

Journal Requirements:

When submitting your revision, we need you to address these additional requirements.

1. Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at

https://journals.plos.org/plosone/s/file?id=wjVg/PLOSOne_formatting_sample_main_body.pdf and

https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf

2. Please note that PLOS ONE has specific guidelines on code sharing for submissions in which author-generated code underpins the findings in the manuscript. In these cases, all author-generated code must be made available without restrictions upon publication of the work. Please review our guidelines at https://journals.plos.org/plosone/s/materials-and-software-sharing#loc-sharing-code and ensure that your code is shared in a way that follows best practice and facilitates reproducibility and reuse.

3. When completing the data availability statement of the submission form, you indicated that you will make your data available on acceptance. We strongly recommend all authors decide on a data sharing plan before acceptance, as the process can be lengthy and hold up publication timelines. Please note that, though access restrictions are acceptable now, your entire data will need to be made freely accessible if your manuscript is accepted for publication. This policy applies to all data except where public deposition would breach compliance with the protocol approved by your research ethics board. If you are unable to adhere to our open data policy, please kindly revise your statement to explain your reasoning and we will seek the editor's input on an exemption. Please be assured that, once you have provided your new statement, the assessment of your exemption will not hold up the peer review process.

4. We note that Figures 1 and 2 in your submission contain copyrighted images. All PLOS content is published under the Creative Commons Attribution License (CC BY 4.0), which means that the manuscript, images, and Supporting Information files will be freely available online, and any third party is permitted to access, download, copy, distribute, and use these materials in any way, even commercially, with proper attribution. For more information, see our copyright guidelines: http://journals.plos.org/plosone/s/licenses-and-copyright.

We require you to either (1) present written permission from the copyright holder to publish these figures specifically under the CC BY 4.0 license, or (2) remove the figures from your submission:

1. You may seek permission from the original copyright holder of Figures 1 and 2 to publish the content specifically under the CC BY 4.0 license.

We recommend that you contact the original copyright holder with the Content Permission Form (http://journals.plos.org/plosone/s/file?id=7c09/content-permission-form.pdf) and the following text:

“I request permission for the open-access journal PLOS ONE to publish XXX under the Creative Commons Attribution License (CCAL) CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/). Please be aware that this license allows unrestricted use and distribution, even commercially, by third parties. Please reply and provide explicit written permission to publish XXX under a CC BY license and complete the attached form.”

Please upload the completed Content Permission Form or other proof of granted permissions as an "Other" file with your submission.

In the figure caption of the copyrighted figure, please include the following text: “Reprinted from [ref] under a CC BY license, with permission from [name of publisher], original copyright [original copyright year].”

2. If you are unable to obtain permission from the original copyright holder to publish these figures under the CC BY 4.0 license or if the copyright holder’s requirements are incompatible with the CC BY 4.0 license, please either i) remove the figure or ii) supply a replacement figure that complies with the CC BY 4.0 license. Please check copyright information on all replacement figures and update the figure caption with source information. If applicable, please specify in the figure caption text when a figure is similar but not identical to the original image and is therefore for illustrative purposes only.

Additional Editor Comments:

Dear Authors,

Thank you for submitting your manuscript, "HCAP: Hybridized Cyber Attack Prediction Model to Handle Cyber-Attacks in Healthcare Applications." Your article has been reviewed with great interest. Based on the feedback from the reviewers, one has recommended major revisions, and the other has suggested minor revisions.

We kindly request you to address the concerns raised by both reviewers and submit the revised manuscript along with a detailed rebuttal document within 21 days. Please ensure that all comments and suggestions are thoroughly addressed to improve the quality and clarity of your work.

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. Is the manuscript technically sound, and do the data support the conclusions?

The manuscript must describe a technically sound piece of scientific research with data that supports the conclusions. Experiments must have been conducted rigorously, with appropriate controls, replication, and sample sizes. The conclusions must be drawn appropriately based on the data presented.

Reviewer #1: No

Reviewer #2: Yes

**********

2. Has the statistical analysis been performed appropriately and rigorously?

Reviewer #1: I Don't Know

Reviewer #2: No

**********

3. Have the authors made all data underlying the findings in their manuscript fully available?

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.

Reviewer #1: No

Reviewer #2: No

**********

4. Is the manuscript presented in an intelligible fashion and written in standard English?

PLOS ONE does not copyedit accepted manuscripts, so the language in submitted articles must be clear, correct, and unambiguous. Any typographical or grammatical errors should be corrected at revision, so please note any specific errors here.

Reviewer #1: Yes

Reviewer #2: Yes

**********

5. Review Comments to the Author

Please use the space provided to explain your answers to the questions above. You may also include additional comments for the author, including concerns about dual publication, research ethics, or publication ethics. (Please upload your review as an attachment if it exceeds 20,000 characters)

Reviewer #1: Hybridized Cyber Attack Prediction Model to handle the cyber-attacks in the Healthcare Applications

Title: the title is effective and coveys the focus of study. It can be simplified to replace longer phrases.

Abstract:

The abstract logical sequence is fine. It focuses on problem and proposed solution along with accuracy and relevant parameters. However, improvement is required for more clarity. void redundant commas—"interconnected healthcare devices, and communication networks" should be "interconnected healthcare devices and communication networks. “Improving the security and resilience of healthcare data" could be clarified and made more concise. Rephrase "different metrics such as false positive rate, false negative rates, improved accuracy, precision, recall and minimum computational efficiency" for better flow. The abstract is dense, making it harder to digest for readers unfamiliar with the topic. Consider splitting longer sentences into smaller, focused statements.

Introduction

The introduction is clear w.r.t objectives. It clearly outlines the challenges of existing models and contribution list is also clear. However, grammar mistakes are found at Line 47: "Quality of security and privacy healthcare data concerns" should be rephrased to "Concerns over the quality of security and privacy in healthcare data." Line 55: "A service-reliant authentication approach has been shown to enhance" should specify how it is relevant to IoMT healthcare. Repetition of sentences contextually in line 46, 48, 53, 75). Some references are mentioned without integrating them into the narrative (e.g., Line 55). Contribution 4 (Lines 91–92) overlaps conceptually with Contribution 1 (Lines 85–86). You have explored existing literature to find this problem, which is a contribution. This can be mentioned in contribution list. The term "Machine Learning" (ML) has not been defined in the text before the abbreviation "ML" is used. Rewrite the novelty of your research solution by adding impact and clarity.

Literature review

The entire literature review should be revised to maintain consistency by using the past tense throughout. The literature review can be further strengthened by incorporating additional relevant studies and analyzing their methodologies in greater detail. The concluding paragraph of the literature review lacks coherence and clarity. It is essential to specify how the effectiveness of existing models is being measured. Furthermore, the term "better" should be clearly defined—better in what terms (e.g., accuracy, computational efficiency, robustness)? A more structured and precise conclusion is necessary to provide a cohesive summary of the reviewed literature.

Dataset Collection

While the dataset is adequate for experiment, relying on it limits the generalizability across diverse clinical scenarios. Include dataset from different sources can enhance applicability.

feature extraction

you have used PC-RFE that keeps feature importance remains static across the dataset, which might not hold in dynamic IoMT environments where data patterns and feature relevance can change over time.

Feature Set Analysis and Reduction Using Lion-Optimized Recurrent Networks was explained. But Lion is itself computationally expensive. Dropout and early stopping can be used to improve model. Class imbalance is not addressed. Use mathematical notations or flowchart to describe line 287 onwards. Give details of • Number of hidden layers and neurons.

• Learning rate.

• Dropout rate.

• Batch size.

• Activation functions.

Format Table 2 to standard algorithm format.

• Remove the repeated statement about 30% improvement and integrate it more effectively into one point.

• Provide more insight into how LSTM networks analyze communication frequency patterns to detect MITM attacks, and how PC-RFE contributes to more precise feature selection.

• Give more detail on what attack characteristics are identified and how the system distinguishes between legitimate and abnormal traffic.

• Include a brief comparison or reference to the performance of existing models to substantiate the claim of outperforming them.

The term detection probability is used, but it isn't fully clear whether this refers to the likelihood of an attack being detected or the likelihood of a certain behavior being classified as normal or an attack.

While the sub-plots in Fig. 5 are mentioned, there is no further explanation of how they are constructed or how the four sub-plots are compared to each other. For instance, how does the probability for DDoS compare with MITM or spoofing attacks over time? A comparison or discussion of trends among these attacks would add value to the explanation

Table 4. accuracy should be presented in percentage. Compare your work with models that have worked on same dataset as yours.

Results

The passage does not explain how prediction accuracy is evaluated or how the comparison is conducted across different models. It’s important to clarify whether the models were trained on the same datasets or under identical conditions. This would ensure the fairness of the comparison.

Fig. 6 and Fig. 7 are not explained well.

Conclusion

The Conclusion makes general claims about improved accuracy and efficiency but does not reference specific numbers or findings from the research that validate these statements. Instead of saying “significantly improves,” quantify the improvement with a percentage. Streamline the content to avoid repetition. For instance, you could consolidate the sentences discussing false positives, false negatives, and improved accuracy into one concise point. Future work is missing.

Reviewer #2: The manuscript contains grammatical errors and instances of improperly structured English. It is recommended to thoroughly proofread and edit the text to enhance its clarity and readability. The literature review requires substantial revision for consistency, particularly in maintaining the use of the past tense throughout. Additionally, more studies should be included to provide a comprehensive and detailed review of the existing literature. It is suggested that the review be thematically organized to enhance coherence and logical flow. Furthermore, the literature review does not have a proper conclusion, which leads to ambiguity in the problem statement. Ensure the literature review is concluded effectively to clearly outline the research gap.

The term "effectiveness" is frequently used in the paper but lacks a clear definition. You must explicitly state how effectiveness has been measured.

Provide a clear link or reference from where the dataset utilized in the study can be accessed.

The paper mentions the use of Lion-Optimized Recurrent Networks, which are computationally intensive. However, in the literature review, it is noted that existing techniques are computationally expensive. This apparent contradiction needs to be addressed with a justification for the choice of methodology.

To strengthen the study, compare your findings with existing studies that have used the same dataset. This will allow for clear statistical comparisons and enhance the credibility of the research.

In Table 4, the accuracy of some studies is reported as percentages, while others are not. Consistency is crucial; it is recommended to use percentages uniformly across the table.

The conclusion makes broad claims regarding improved accuracy and efficiency. Instead of general statements, use specific metrics to quantify the improvements, to provide a clearer picture of the study's contributions.

By addressing these issues, the quality and impact of the paper can be significantly improved.

**********

6. PLOS authors have the option to publish the peer review history of their article (what does this mean? ). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our Privacy Policy .

Reviewer #1: No

Reviewer #2: No

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/ . PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org . Please note that Supporting Information files do not need this step.

HCAP: Hybrid Cyber Attack Prediction Model for Securing Healthcare Applications

PONE-D-24-51339R1

Dear Dr. Jamil Abedalrahim Jamil Alsayaydeh,

We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements.

Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication.

An invoice will be generated when your article is formally accepted. Please note, if your institution has a publishing partnership with PLOS and your article meets the relevant criteria, all or part of your publication costs will be covered. Please make sure your user information is up-to-date by logging into Editorial Manager at Editorial Manager®  and clicking the ‘Update My Information' link at the top of the page. If you have any questions relating to publication charges, please contact our Author Billing department directly at authorbilling@plos.org.

If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org.

Kind regards,

mamoona humayun

Academic Editor

PLOS ONE

Additional Editor Comments (optional):

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

If the authors have adequately addressed your comments raised in a previous round of review and you feel that this manuscript is now acceptable for publication, you may indicate that here to bypass the “Comments to the Author” section, enter your conflict of interest statement in the “Confidential to Editor” section, and submit your "Accept" recommendation.

Reviewer #1: All comments have been addressed

Reviewer #2: All comments have been addressed