The thesis deals with the possibility of detecting abnormal behaviour of network devices based on the analysis of conducted noise spectra on the power line using PLC modems. The student implemented a laboratory measurement setup, performed experimental measurements on several router platforms and subsequently applied machine learning methods for classification of individual operational states.

I positively evaluate mainly the experimental part of the thesis and the amount of laboratory measurements performed. The student assembled the measurement topology, collected data under different operating conditions including simulated DDoS attacks and created a dataset for further processing. Considerable effort was devoted to the preparation and stabilisation of the laboratory measurement setup and to the measurement campaign itself. I also appreciate the effort to apply machine learning methods and compare several classification models.

However, the thesis exhibits a number of technical and methodological shortcomings. The experimental part appears more as an integration of individual components into a functional demonstrator than as a systematically conducted research activity with detailed control of influencing factors and deeper interpretation of the obtained results. In particular, the analysis of network traffic, interpretation of measured phenomena and discussion of ML model behaviour remain rather superficial.

A significant issue of the thesis is the achieved classification performance when generalising to previously unseen devices. After eliminating leakage between training and testing datasets, the classification accuracy drops close to the level of random classification. Although the student correctly identified this issue, the thesis does not provide a deeper analysis or a more robust approach to solving the problem.

The thesis also has weaker formal and language quality. The text contains a larger number of stylistic and grammatical issues, inconsistencies in terminology and several formal inaccuracies.

Despite the above-mentioned shortcomings, the student demonstrated the ability to independently perform experimental measurements and create a functional laboratory infrastructure. Therefore, I recommend the thesis for defence and evaluate it with the grade D/68 points. Points proposed by supervisor: 68

This master thesis deals with the analysis of conducted noise spectrum variations on power lines for the indirect detection of irregular behaviour of network devices. The topic is interesting and relatively original, since it attempts to use broadband PLC modems not only as communication devices but also as sensing devices for side-channel monitoring of routers and their power supplies. A positive aspect of the thesis is that the author assembled a laboratory measurement setup, performed measurements on several router and power-adapter combinations, and considered normal operation as well as DDoS-related attack scenarios. This required a considerable amount of time, and after an arranged meeting with the student, I understood that she provided the data and code separately. Unfortunately, this is not mentioned or referred to in the thesis. The thesis lacks a comprehensive literature review. There is no sufficient comparison with the literature, no discussion of what models or methods are commonly used in similar scenarios, except for a general CNN briefly mentioned in one sentence, and no clear overview of state-of-the-art detection techniques.
The thesis has several substantial weaknesses. The description of the experimental data is not sufficiently detailed. Although the measurement procedure mentions periodic snapshot export, the thesis does not clearly summarize the total amount of data, the number of samples per router, adapter, class and attack type, the duration of individual measurements, or the exact balance of the dataset. The reader therefore has difficulty assessing whether the dataset is large and representative enough for the machine-learning evaluation. Similarly, the attack scenarios are introduced, but the practical parameters of the generated traffic and their relation to the measured router load are not documented in sufficient detail.
A major methodological issue is the evaluation of the classifiers. The initial high classification accuracy is later shown to be largely caused by the presence of measurements from the same devices in both the training and testing data, which is expected if all data were merged together. The revised group-based partitioning is a more realistic evaluation strategy, but under this evaluation the achieved performance is low. The reported accuracies of around 50% and low F1 scores indicate that the trained models do not reliably generalize to previously unseen router hardware. In this case, a random guess would achieve a similar level of accuracy. In particular, some models strongly favour one class and fail to detect a large portion of actual attack samples. This substantially weakens the practical claim of a functional anomaly detection system. This finding supports the core idea presented before the introduction of the classification task: each router produces a different fingerprint, and therefore it is not straightforward to train a classifier on one device and apply inference to another, different device. I am missing a suitable machine-learning approach to this problem, or at least the testing of device-specific models.
The work would also benefit from a deeper analysis of why the models underperform. The discussion correctly identifies router-specific and adapter-specific fingerprints as an important limitation, but the thesis does not sufficiently explore possible solutions, such as per-device normalization, leave-one-device-out validation, per-attack classification, feature ablation, comparison with baselines, alternative spectral representations, or a more systematic hyperparameter and feature-selection study. The mRMR method, encoders, and PCA are introduced but never addressed or mentioned again. The thesis also does not convincingly demonstrate the detection of three distinct anomaly types, as described in the assignment, since the final classification is presented mainly as a binary normal-versus-attack problem.
The formal quality of the thesis is below the expected level for a master’s thesis. The text contains many typographical, grammatical, and stylistic problems. There are repeated citation formatting issues, missing spaces before citations, inconsistent punctuation, repeated citations in the same paragraph, missing punctuation after figure and table captions, and inconsistent terminology. Some figures and tables are not sufficiently discussed in the text, some figures appear before they are referred to, and several plot labels are too small for comfortable reading. The text also contains awkward sentence constructions and missing commas, which reduce readability. The thesis would require careful proofreading and formatting revision.
Overall, the thesis documents a real experimental attempt and contains useful observations about device-dependent conducted-noise signatures. Nevertheless, the fulfilment of the assignment is only partial. The measurement prototype is demonstrated, but the detection capability is not convincingly proven under realistic cross-device evaluation. I recommend the thesis for defence, but with significant reservations regarding methodological depth, result interpretation, and formal presentation. Considering the experimental effort, but also the weak generalization results and formal shortcomings, I evaluate the thesis as borderline sufficient, depending on the defence performance: 50/E. Topics for thesis defence:

1. Why were the three DDoS attack types not evaluated as separate classes, given that the assignment requires detection of at least three types of network-related anomaly?
2. How can the proposed method distinguish attack-induced spectral changes from router-specific and adapter-specific spectral fingerprints?
3. What changes in the measurement setup or feature extraction pipeline would you propose to improve generalization to previously unseen routers?
4. Which measured result best supports the claim that router workload, rather than only the power adapter type, affects the conducted noise spectrum?

Points proposed by reviewer: 50