Comment on Haiba & Rafalia (2026): Unsupervised TTL-Based Deep Learning for Anomaly Detection in SIM-Tagged Network Traffic

Related Work Reviewed

Unsupervised TTL-Based Deep Learning for Anomaly Detection in SIM-Tagged Network Traffic

Haiba, B., & Rafalia, N. (2026). Unsupervised TTL-Based Deep Learning for Anomaly Detection in SIM-Tagged Network Traffic. Computers, 15(2), 107.

DOI: https://doi.org/10.3390/computers15020107

Abstract

Many errors and inconsistencies exist in the above paper. Several of them directly impact the interpretation of the reported results and the credibility of the claimed SIM-level deployment relevance.

Findings

1. First Error: Threshold Equivalence Fallacy. In Algorithm 1 (step 15) in [1], it is stated: "Select τ* as the τ_α (quantile benign buffer) for deployment; τ* diagnostic only on the validation PR curve." The parameter τ* is defined as the F1-optimal threshold obtained from the validation precision-recall curve, which is label-dependent. The parameter τ_α is defined as a quantile-based threshold computed from benign-only scores in the target environment, which is label-free. These two thresholds are conceptually different. Equating τ* with τ_α is mathematically and procedurally incorrect.
2. Second Error: Architecture Mismatch. In Figure 2 in [1], the encoder and decoder are presented as: Encoder: n → 64 → 32 → 16 → 8 Decoder: 8 → 16 → 32 → 64 → n This architecture corresponds to a dense autoencoder. However, in Section 3.3 in [1], the proposed model is described as: Conv1D(64) → Conv1D(64) → LSTM(64) → Dense(32) → Dense(8) These two model definitions are not equivalent.
3. Third Error: Inconsistent Evaluation Metrics. In Table 4 in [1], the One-Class SVM reports: Precision = 0.77 Recall = 0.94 Accuracy = 0.750 The anomaly ratio is reported as 1-10% in Section 3.2 in [1]. With such class imbalance, the reported accuracy values are inconsistent with the given precision and recall. Either the anomaly proportion, or the accuracy calculation, is incorrect.
4. Fourth Error: Contradictory Deployment Claim. In Table 5 in [1], the recall at FAR = 1% for TDAE is reported as 0.000. This means that at a 1% false-alarm rate, the model detects no anomalies. However, the abstract claims strong deployment capability with PR-AUC ≈ 0.93. The operational performance contradicts the deployment claim.
5. Fifth Error: Invalid Logical Inference. In Section 4.2 in [1], it is stated that PR-AUC ≈ 0.5 in the reverse transfer direction confirms the absence of data leakage. A collapse to random performance does not prove absence of leakage. Random behaviour can result from distribution mismatch or model instability. The logical inference is invalid.
6. Sixth Error: SIM Identity Fabrication. In Section 3.2 in [1], the synthetic identity is defined as: SIM_tag = hash(device_id) mod N_SIM The identities are therefore derived from device identifiers and not from real SIMs. Consequently, the study does not validate actual SIM-level behaviour, although the title and abstract claim SIM-level anomaly detection.
7. Seventh Error: Unexplained Non-Monotonic Robustness. In Table 7 in [1], the PR-AUC under contaminated training data shows non-monotonic behaviour: γ = 0.00 → PR-AUC = 0.916 γ = 0.01 → PR-AUC = 0.729 γ = 0.05 → PR-AUC = 0.743 γ = 0.10 → PR-AUC = 0.845 No statistical justification or variance analysis is provided. The strong drop at 1% and recovery at 10% are not explained rigorously.

About this Audit

This open peer-review record is part of the post-publication audit series by Nitiraj V. Kulkarni, documenting reproducibility, methodology, and integrity concerns in published research. Browse all audits.