Dear Dr. Singh,

plosone@plos.org . When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

• A rebuttal letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If you would like to make changes to your financial disclosure, please include your updated statement in your cover letter. Guidelines for resubmitting your figure files are available below the reviewer comments at the end of this letter.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols ..

We look forward to receiving your revised manuscript.

Kind regards,

Ayei Egu Ibor, PhD

Academic Editor

PLOS ONE

Journal Requirements:

1. When submitting your revision, we need you to address these additional requirements.

Please ensure that your manuscript meets PLOS ONE's style requirements, including those for file naming. The PLOS ONE style templates can be found at

https://journals.plos.org/plosone/s/file?id=wjVg/PLOSOne_formatting_sample_main_body.pdf and

https://journals.plos.org/plosone/s/file?id=ba62/PLOSOne_formatting_sample_title_authors_affiliations.pdf

2. Please note that PLOS ONE has specific guidelines on code sharing for submissions in which author-generated code underpins the findings in the manuscript. In these cases, we expect all author-generated code to be made available without restrictions upon publication of the work. Please review our guidelines at https://journals.plos.org/plosone/s/materials-and-software-sharing#loc-sharing-code and ensure that your code is shared in a way that follows best practice and facilitates reproducibility and reuse.

3. We note that the grant information you provided in the ‘Funding Information’ and ‘Financial Disclosure’ sections do not match.

When you resubmit, please ensure that you provide the correct grant numbers for the awards you received for your study in the ‘Funding Information’ section.

4. Thank you for stating the following financial disclosure: [Manipal Institute of Technology Bengaluru, MAHE Bengaluru Campus].

Please state what role the funders took in the study.  If the funders had no role, please state: ""The funders had no role in study design, data collection and analysis, decision to publish, or preparation of the manuscript.""

If this statement is not correct you must amend it as needed.

Please include this amended Role of Funder statement in your cover letter; we will change the online submission form on your behalf.

5. Please provide a complete Data Availability Statement in the submission form, ensuring you include all necessary access information or a reason for why you are unable to make your data freely accessible. If your research concerns only data provided within your submission, please write "All data are in the manuscript and/or supporting information files" as your Data Availability Statement.

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

1. Is the manuscript technically sound, and do the data support the conclusions?

Reviewer #1: Yes

Reviewer #2: Yes

**********

2. Has the statistical analysis been performed appropriately and rigorously? -->?>

Reviewer #1: Yes

Reviewer #2: I Don't Know

**********

3. Have the authors made all data underlying the findings in their manuscript fully available??>

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.-->

Reviewer #1: Yes

Reviewer #2: No

**********

4. Is the manuscript presented in an intelligible fashion and written in standard English??>

Reviewer #1: Yes

Reviewer #2: Yes

**********

Reviewer #1: Clarify the Novelty – Clearly articulate how CMGODE improves upon existing bio-inspired anomaly detection methods.

Expand Literature Review – Include a discussion on recent advancements in deep learning-based IDS for IoT security.

Dataset Preprocessing Details – Specify data cleaning, feature selection techniques, and normalization steps applied to BoT-IoT and UNSW-NB15 datasets.

Computational Efficiency – Provide runtime benchmarks on different hardware (e.g., IoT edge devices vs. high-performance servers).

Statistical Validation – Include statistical significance tests (e.g., t-test, ANOVA) to validate performance improvements.

Model Generalization – Discuss cross-network applicability and how the model performs under real-world traffic variations.

Real-Time Feasibility – Address latency concerns and resource consumption for real-time anomaly detection in IoT environments.

Comparison with DL-Based Methods – Benchmark performance against LSTM, CNN, and Transformer-based intrusion detection approaches.

Parameter Optimization Clarity – Provide insights on optimal parameter tuning for CMGODE and how it prevents local optima trapping.

Improve Figures & Tables – Ensure captions are self-explanatory, and unify redundant tables to enhance readability.

False Alarm Rate Analysis – Provide a deeper breakdown of False Positives and False Negatives in the detection results.

Adversarial Attack Resilience – Discuss the model’s robustness against adversarial threats and evasion attacks.

Future Work Directions – Expand on potential hybrid approaches (e.g., DL + Evolutionary Algorithms) for enhanced detection.

These refinements will enhance the clarity, impact, and applicability of the study.

Reviewer #2: The authors consider a modified bio-inspired algorithm called CMGODE anomaly intrusion detection system to handle sensitive information for effective operation. The proposed method modifies the fundamental GOA algorithm in three ways. Specifically, it avoids trapping in local minima and fails to consider exploration searchability. To address this, hybridizing the GOA algorithm with the Differential Evolution (DE) algorithm is integrated to enhance detection accuracy. Initially, the algorithm combines the concept of chaos to improve its exploitation abilities. After that, a multi-population strategy for variety and global search capabilities is integrated. Finally, the method incorporates DE into an improvement mechanism for solution quality.

However, the current version has the following shortcomings.

1) The chaotic initialization described in Eq. (12) and multi-population strategy are inadequately justified. Why was the logistic map chosen over other chaotic systems? How does the division into sub-populations prevent local optima?

2) Eq. (16) combines feature count, FPR, and TPR, but the weights for these terms are not specified. This raises concerns about bias toward feature reduction at the expense of detection accuracy.

3) The BoT-IoT and UNSW-NB15 datasets are widely used, but the authors employ only 10% of BoT-IoT for training. No justification is provided for this arbitrary subsetting, risking under representation of attack diversity.

4) The claimed superiority over GA, PSO, etc., lacks statistical validation. Tables 2--4 report average metrics without variance, making it impossible to assess robustness.

5) I suggest the authors should open their experiments in open platforms such as github, so that other researchers can compare their work with other ones.

6) While the proposed method achieves low FPR as shown in Table 4, the impact of such FPR in IoT contexts is not discussed.

7) Some variables such as \( ul_d, ll_d \) in Eq. (1) are not defined before their usage. Please check all variables throughout the whole paper.

8) Some fresh and important references closely related to the current work are missing. I think discussing the following works is beneficial for the readers.

- Yu S, Zhai R, Shen Y, Wu G, Zhang H, Yu S, et al. Deep Q-Network-based open-set intrusion detection solution for industrial Internet of Things. IEEE Internet of Things Journal. 2024;11(7):12536-50. http://doi.org/10.1109/JIOT.2023.3333903

- Shen S, Cai C, Li Z, Shen Y, Wu G, Yu S. Deep Q-Network-based heuristic intrusion detection against edge-based SIoT zero-day attacks. Applied Soft Computing. 2024; 150:111080.

- Yu S, Wang X, Shen Y, Wu G, Yu S, Shen S. Novel intrusion detection strategies with optimal hyper parameters for industrial Internet of Things based on stochastic games and double deep Q-networks. Ieee Internet of Things Journal. 2024;11(17):29132-45. http://doi.org/10.1109/JIOT.2024.3406386

- Shen S, Xie L, Zhang Y, Wu G, Zhang H, Yu S. Joint differential game and double deep Q-networks for suppressing malware spread in industrial Internet of Things. IEEE Transactions On Information Forensics and Security. 2023;18:5302-15. http://doi.org/10.1109/TIFS.2023.3307956

**********

what does this mean? ). If published, this will include your full peer review and any attached files.). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our For information about this choice, including consent withdrawal, please see our Privacy Policy .-->

Reviewer #1: No

Reviewer #2: No

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

While revising your submission, please upload your figure files to the Preflight Analysis and Conversion Engine (PACE) digital diagnostic tool, https://pacev2.apexcovantage.com/ . PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at . PACE helps ensure that figures meet PLOS requirements. To use PACE, you must first register as a user. Registration is free. Then, login and navigate to the UPLOAD tab, where you will find detailed instructions on how to use the tool. If you encounter any issues or have any questions when using PACE, please email PLOS at figures@plos.org . Please note that Supporting Information files do not need this step.. Please note that Supporting Information files do not need this step.

Dear Dr. Singh,

plosone@plos.org . When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

• A letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols ..

We look forward to receiving your revised manuscript.

Kind regards,

Vincent Omollo Nyangaresi, Ph.D

Academic Editor

PLOS One

Journal Requirements:

If the reviewer comments include a recommendation to cite specific previously published works, please review and evaluate these publications to determine whether they are relevant and should be cited. There is no requirement to cite these works unless the editor has indicated otherwise.

Please review your reference list to ensure that it is complete and correct. If you have cited papers that have been retracted, please include the rationale for doing so in the manuscript text, or remove these references and replace them with relevant current references. Any changes to the reference list should be mentioned in the rebuttal letter that accompanies your revised manuscript. If you need to cite a retracted article, indicate the article’s retracted status in the References list and also include a citation and full reference for the retraction notice.

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

Reviewer #1: All comments have been addressed

Reviewer #2: All comments have been addressed

**********

2. Is the manuscript technically sound, and do the data support the conclusions??>

Reviewer #1: Yes

Reviewer #2: Yes

**********

3. Has the statistical analysis been performed appropriately and rigorously? -->?>

Reviewer #1: Yes

Reviewer #2: Yes

**********

4. Have the authors made all data underlying the findings in their manuscript fully available??>

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.-->

Reviewer #1: Yes

Reviewer #2: (No Response)

**********

5. Is the manuscript presented in an intelligible fashion and written in standard English??>

Reviewer #1: Yes

Reviewer #2: (No Response)

**********

Reviewer #1: The revised manuscript shows clear and commendable improvement over the original submission. The authors have systematically addressed all prior reviewer comments with well-documented changes:

A new novelty section was added (Section 1.1), effectively highlighting the contribution of CMGODE.

The literature review now includes recent work on deep learning-based IDS systems.

The methodology and algorithm (chaotic multi-population GOA with DE) are thoroughly explained with mathematical detail, parameter settings, and motivation for design choices (e.g., use of the logistic map, sub-populations, DE steps).

Statistical tests (Friedman test, Holm, and Li post hoc tests) are included and interpreted properly.

The manuscript also now discusses model generalization, real-time feasibility, adversarial robustness, and false alarm rates — all critical for intrusion detection in IoT environments.

Response tables and revised figures have been improved in structure and clarity.

Minor issues remain only at the language level. A light editorial review for grammar and phrasing will enhance the manuscript’s clarity. Additionally, please add explicit links to the public datasets (BoT-IoT and UNSW-NB15) in the Data Availability Statement for full transparency.

Overall, this is a strong and timely contribution to IoT anomaly detection and metaheuristic optimization research. I recommend acceptance with minor revisions (language and dataset URL clarity).

Reviewer #2: (No Response)

**********

what does this mean? ). If published, this will include your full peer review and any attached files.). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our For information about this choice, including consent withdrawal, please see our Privacy Policy .-->

Reviewer #1: No

Reviewer #2: No

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

To ensure your figures meet our technical requirements, please review our figure guidelines: https://journals.plos.org/plosone/s/figures

You may also use PLOS’s free figure tool, NAAS, to help you prepare publication quality figures: https://journals.plos.org/plosone/s/figures#loc-tools-for-figure-preparation.

NAAS will assess whether your figures meet our technical requirements by comparing each figure against our figure specifications.

Dear Dr. Singh,

plosone@plos.org . When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.. When you're ready to submit your revision, log on to https://www.editorialmanager.com/pone/ and select the 'Submissions Needing Revision' folder to locate your manuscript file.

• A letter that responds to each point raised by the academic editor and reviewer(s). You should upload this letter as a separate file labeled 'Response to Reviewers'.
• A marked-up copy of your manuscript that highlights changes made to the original version. You should upload this as a separate file labeled 'Revised Manuscript with Track Changes'.
• An unmarked version of your revised paper without tracked changes. You should upload this as a separate file labeled 'Manuscript'.

If applicable, we recommend that you deposit your laboratory protocols in protocols.io to enhance the reproducibility of your results. Protocols.io assigns your protocol its own identifier (DOI) so that it can be cited independently in the future. For instructions see: https://journals.plos.org/plosone/s/submission-guidelines#loc-laboratory-protocols . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at . Additionally, PLOS ONE offers an option for publishing peer-reviewed Lab Protocol articles, which describe protocols hosted on protocols.io. Read more information on sharing protocols at https://plos.org/protocols?utm_medium=editorial-email&utm_source=authorletters&utm_campaign=protocols ..

We look forward to receiving your revised manuscript.

Kind regards,

Vincent Omollo Nyangaresi, Ph.D

Academic Editor

PLOS One

Journal Requirements:

If the reviewer comments include a recommendation to cite specific previously published works, please review and evaluate these publications to determine whether they are relevant and should be cited. There is no requirement to cite these works unless the editor has indicated otherwise.

Please review your reference list to ensure that it is complete and correct. If you have cited papers that have been retracted, please include the rationale for doing so in the manuscript text, or remove these references and replace them with relevant current references. Any changes to the reference list should be mentioned in the rebuttal letter that accompanies your revised manuscript. If you need to cite a retracted article, indicate the article’s retracted status in the References list and also include a citation and full reference for the retraction notice.

[Note: HTML markup is below. Please do not edit.]

Reviewers' comments:

Reviewer's Responses to Questions

Comments to the Author

Reviewer #1: All comments have been addressed

**********

2. Is the manuscript technically sound, and do the data support the conclusions??>

Reviewer #1: Yes

**********

3. Has the statistical analysis been performed appropriately and rigorously? -->?>

Reviewer #1: Yes

**********

4. Have the authors made all data underlying the findings in their manuscript fully available??>

The PLOS Data policy requires authors to make all data underlying the findings described in their manuscript fully available without restriction, with rare exception (please refer to the Data Availability Statement in the manuscript PDF file). The data should be provided as part of the manuscript or its supporting information, or deposited to a public repository. For example, in addition to summary statistics, the data points behind means, medians and variance measures should be available. If there are restrictions on publicly sharing data—e.g. participant privacy or use of data from a third party—those must be specified.-->

Reviewer #1: Yes

**********

5. Is the manuscript presented in an intelligible fashion and written in standard English??>

Reviewer #1: Yes

**********

Reviewer #1: The revised manuscript demonstrates a substantial and commendable improvement over the original submission. The authors have carefully addressed prior reviewer concerns and significantly strengthened the manuscript in several key areas:

Novelty: Section 1.1 now clearly articulates the novelty of the CMGODE algorithm, justifying the use of chaos theory and multi-population strategies in the context of intrusion detection.

Methodology: The proposed algorithm is thoroughly explained with mathematical formulations, flowcharts (see Figures 1 and 2, pages 16 and 22), and pseudocode, enhancing reproducibility.

Experimental Rigor: Use of BoT-IoT and UNSW-NB15 datasets, comprehensive pre-processing, and comparison against multiple algorithms strengthen the empirical foundation.

Statistical Validation: Inclusion of statistical hypothesis testing (e.g., Friedman test) supports the significance of the findings.

Practical Considerations: Discussion on generalization, adversarial robustness, false alarm rates, and real-time feasibility is a major strength.

Recommendations:

Ensure the manuscript undergoes final copyediting for minor language issues.

Consider summarizing key experimental findings in a visual table in the conclusion section for quicker reference by readers.

Once these minor editorial issues are addressed, I believe this manuscript is suitable for publication.

**********

what does this mean? ). If published, this will include your full peer review and any attached files.). If published, this will include your full peer review and any attached files.

If you choose “no”, your identity will remain anonymous but your review may still be made public.

Do you want your identity to be public for this peer review? For information about this choice, including consent withdrawal, please see our For information about this choice, including consent withdrawal, please see our Privacy Policy .-->

Reviewer #1: No

**********

[NOTE: If reviewer comments were submitted as an attachment file, they will be attached to this email and accessible via the submission site. Please log into your account, locate the manuscript record, and check for the action link "View Attachments". If this link does not appear, there are no attachment files.]

To ensure your figures meet our technical requirements, please review our figure guidelines: https://journals.plos.org/plosone/s/figures

You may also use PLOS’s free figure tool, NAAS, to help you prepare publication quality figures: https://journals.plos.org/plosone/s/figures#loc-tools-for-figure-preparation.

NAAS will assess whether your figures meet our technical requirements by comparing each figure against our figure specifications.

Safeguarding Against External Intrusions Utilizing Adaptive Bio-Inspired Multi-Population Anomaly Detection for IoT Network

PONE-D-25-05218R3

Dear Dr. Singh,

We’re pleased to inform you that your manuscript has been judged scientifically suitable for publication and will be formally accepted for publication once it meets all outstanding technical requirements.

Within one week, you’ll receive an e-mail detailing the required amendments. When these have been addressed, you’ll receive a formal acceptance letter and your manuscript will be scheduled for publication.

An invoice will be generated when your article is formally accepted. Please note, if your institution has a publishing partnership with PLOS and your article meets the relevant criteria, all or part of your publication costs will be covered. Please make sure your user information is up-to-date by logging into Editorial Manager at Editorial Manager®  and clicking the ‘Update My Information' link at the top of the page. For questions related to billing, please contact  and clicking the ‘Update My Information' link at the top of the page. For questions related to billing, please contact billing support ..

If your institution or institutions have a press office, please notify them about your upcoming paper to help maximize its impact. If they’ll be preparing press materials, please inform our press team as soon as possible -- no later than 48 hours after receiving the formal acceptance. Your manuscript will remain under strict press embargo until 2 pm Eastern Time on the date of publication. For more information, please contact onepress@plos.org.

Kind regards,

Vincent Omollo Nyangaresi, Ph.D

Academic Editor

PLOS One

Additional Editor Comments (optional):

Reviewers' comments: