Overall statement ​or summary of the article and its findings in your own words

The authors proposed a collaborative threat hunting platform that can preserve privacy of its participants, share relevant evidence with each other to detect attacks promptly. This was done by utilising a middleware that would be placed at the gateways of smart homes.

Overall ​strengths​ of the article and what ​impact​ it might have in your field

The authors suggested an interesting and worthy research direction of which privacy can be preserved whilst threat hunting activities are being conducted. There are certainly opportunities for a privacy preserving threat hunting operation.

Specific comments on ​weaknesses​ of the article and what could be done to improve it

Major points in the article which needs clarification, refinement, reanalysis, rewrites and/or additional information and suggestions for what could be done to improve the article.:

1. The clarity of topic was hindered by a lack of citing relevant scientific sources and contradictory statements. The authors made several claims (pages 3 and 4) but they were not backed up. In addition, the authors also contradicted themselves on page 5 as they asserted that cybersecurity vendors tend to promote their own definitions of threat hunting, but proceeded to adopt a vendor's definition of threat hunting without further justification as to why they chose to. The authors should consider justifying why they adopted a vendor's definition of threat hunting.
2. The research question appears to be justified as privacy preserving threat hunting benefit users. However, further justification could be made as to what privacy standards or benchmark the research strives towards or fulfil, such as the General Data Protection Regulation (GDPR) or other international privacy laws.
3. There was no code repository with respect to the middleware that was used in the experiments, nor were there clear documentation of the experimental steps. As such, there was not enough detail to allow a replication of the study. The authors could showcase their middleware and the datasets used, and allow reviewers an opportunity to reproduce their work.
4. Section 4 was too ambiguous, and the section name does not seem to accurately reflect what the authors are trying to portray. The authors should give a clearer explanation as to how the adversary model is relevant in the research.
5. Based on the information provided, the internal and external validity of the study could not be determined, nor could the reliability of the methods be ascertained. The authors should consider adding an additional section explaining the methods they have chosen, and justify their choice.
6. Section 6 did not adequately explain the relevance of 54 threat services and the 30 IoT devices. This posed a great challenge in understanding how they could be linked to an IPTV network. The authors could provide greater clarity by stating the relationship between the IPTV data, threat services and IoT devices.
7. Section 6 should also be expanded to explain clearly the significance of the results. The authors did not justify why they chose to utilise precision and recall metrics, nor do they explain how the plots on the graph was derived. Additionally, this section was too short to derive any statistically significant or practically meaningful results.

Minor points like figures/tables not being mentioned in the text, a missing reference, typos, and other inconsistencies.:

1. The introduction written by the authors contain multiple grammatical errors and impacted the ease of readability. In addition, acronyms such as IoT was mentioned on page 2, but was only written in full on page 3. The authors should consider highlighting the terms first before acronyms are used in the paper.
2. The entire references section should be checked and missing information such as conference/journal names , year of publication, or any other relevant details be filled in. Reference numbers 1, 3, 4, 6, 8, 9, 10, 11, 13, 14, 16 and 20 should be checked.
3. The paper and abstract had multiple grammatical and sentence structure errors, and should be carefully reviewed. In particular, the abstract is clouded by an enthusiastic effort to use bombastic words, which affected the clarity of the aims that the authors have set out to address.
4. The authors should consider the use of diagrams to present some of their architectural designs or concepts.