Abstract
Cyber security plays an important role in the modern smart hospital environment. In these environments, one of the key assets brought to attention are the medical devices. Cyber threats relating to medical devices may affect patient safety, privacy, and hospital operations. As these devices are relatively closed on the technical level, possibilities to collect log information about security incidents are limited. At the same time, a wide variety of data is needed to create comprehensive situation awareness of the cyber operating environment. Aware of these challenges, one interesting solution to gather medical device related sensor data are the honeypots. In this paper, honeypot technology is studied to support the situation awareness in medical device networks. Especially detection capabilities of the honeypot systems are considered from the perspective of challenges in technical visibility relating to medical devices. These capabilities focus on the sensor data that honeypots can provide in different attack phases. As a conclusion these metrics are summarized in the construction model, which can be applied to healthcare environment.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alharam, A.K., El-madany, W.: Complexity of cyber security architecture for IoT healthcare industry: a comparative study. In: 2017 5th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), pp. 246–250 (2017). https://doi.org/10.1109/FiCloudW.2017.100
Sanders, C.: Intrusion Detection Honeypots: Detection through Deception (2020)
Djenna, A., Eddine Saïdouni, D.: Cyber attacks classification in IoT-based-healthcare infrastructure. In: 2018 2nd Cyber Security in Networking Conference (CSNet), pp. 1–4 (2018). https://doi.org/10.1109/CSNET.2018.8602974
Dogaru, D.I., Dumitrache, I.: Cyber security in healthcare networks. In: 2017 E-Health and Bioengineering Conference (EHB), pp. 414–417 (2017). https://doi.org/10.1109/EHB.2017.7995449
Engel, G.: Deconstructing the cyber kill chain. https://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/. Accessed 29 May 2021
European Commission: Medical Devices (2020). https://ec.europa.eu/growth/sectors/medical-devices_en. Accessed 7 Nov 2020
Fadlullah, Z.M., et al.: Combating against attacks on encrypted protocols. In: 2007 IEEE International Conference on Communications, pp. 1211–1216 (2007)
Fan, W., Du, Z., Fernández, D., Villagrá, V.A.: Enabling an anatomic view to investigate honeypot systems: a survey. IEEE Syst. J. 12(4), 3906–3919 (2018). https://doi.org/10.1109/JSYST.2017.2762161
Forescout Research Labs: Connected Medical Device Security (2020). https://www.forescout.com/connected-medical-device-security-report/. Accessed 1 Apr 2021
Forescout Technologies, Inc.: Putting Healthcare Security Under the Microscope (2019). https://www.forescout.com/company/resources/forescout-healthcare-report/. Accessed 20 Apr 2020
Fowler, C., Goffin, M., Hill, B., Lamourine, R., Sovern, A.: An introduction to MITRE shield. Technical report (2020)
Fraley, J.B., Cannady, J.: The promise of machine learning in cybersecurity. In: SoutheastCon 2017, pp. 1–6 (2017). https://doi.org/10.1109/SECON.2017.7925283
He, Y., Johnson, C.W.: Generic security cases for information system security in healthcare systems. In: 7th IET International Conference on System Safety, incorporating the Cyber Security Conference 2012, pp. 1–6 (2012). https://doi.org/10.1049/cp.2012.1507
Hutchins, E., Cloppert, M., Amin, R.: Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In: Leading Issues in Information Warfare and Security Research, vol. 1 (2011). Accessed 16 May 2021
Ihanus, J., Kokkonen, T.: Modelling medical devices with honeypots. In: NEW2AN/ruSMART -2020. LNCS, vol. 12525, pp. 295–306. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65726-0_26
Kovanen, T., David, G., Hämäläinen, T.: Survey: intrusion detection systems in encrypted traffic, pp. 281–293 (2016). https://doi.org/10.1007/978-3-319-46301-8-23
Lee, J., Kim, J., Kim, I., Han, K.: Cyber threat detection based on artificial neural networks using event profiles. IEEE Access 7, 165607–165626 (2019). https://doi.org/10.1109/ACCESS.2019.2953095
McMahon, E., Williams, R., El, M., Samtani, S., Patton, M.: Assessing medical device vulnerabilities on the Internet of Things, pp. 176–178 (2017). https://doi.org/10.1109/ISI.2017.8004903
Nawrocki, M., Wählisch, M., Schmidt, T.C., Keil, C., Schönfelder, J.: A survey on honeypot software and data analysis. CoRR abs/1608.06249 (2016). http://arxiv.org/abs/1608.06249
Palo Alto Networks: IoT Threat Report (2020). https://unit42.paloaltonetworks.com/ iot-threat-report-2020/. Accessed 3 May 2020
Rajamäki, J., Nevmerzhitskaya, J., Virág, C.: Cybersecurity education and training in hospitals: proactive resilience educational framework (prosilience ef). In: 2018 IEEE Global Engineering Education Conference (EDUCON), pp. 2042–2046 (2018). https://doi.org/10.1109/EDUCON.2018.8363488
Spanakis, E.G., et al.: Cyber-attacks and threats for healthcare - a multi-layer thread analysis. In: 2020 42nd Annual International Conference of the IEEE Engineering in Medicine Biology Society (EMBC), pp. 5705–5708 (2020). https://doi.org/10.1109/EMBC44109.2020.9176698
Spitzner, L.: Honeypots: Tracking Hackers. Addison-Wesley Longman Publishing Co., Inc., USA (2002)
Strom, B.E., Applebaum, A., Miller, D.P., Nickels, K.C., Pennington, A.G., Thomas, C.B.: MITRE ATT&CKk: design and philosophy. Technical report (2018)
The European Union Agency for Network and Information Security (ENISA): Smart Hospitals, Security and Resilience for Smart Health Service and Infrastructures. Technical report (2016). https://doi.org/10.2824/28801
The MITRE Corporation: MITRE ATTCK (2021). https://attack.mitre.org. Accessed 4 May 2021
The MITRE Corporation: MITRE D3FEND (2021). https://d3fend.mitre.org. Accessed 7 Nov 2021
TrapX Security, Inc.: Anatomy of an Attack: Medjack (Medical Device Hijack) (2015). https://trapx.com/trapx-labs-report-anatomy-of-attack-medical-device-hijack-medjack/. Accessed 29 Apr 2020
U.S FDA: MAUDE Adverse Event Report: GE HEALTHCARE MACLAB (2013). https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfMAUDE/Detail.CFM?MDRFOI__ID=3239402. Accessed 21 May 2020
U.S FDA: MAUDE Adverse Event Report: MERGE HEALTHCARE MERGE HEMO PROGRAMMABLE DIAGNOSTIC COMPUTER (2016). https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/detail.cfm?mdrfoi__id=5487204. Accessed 21 May 2020
U.S FDA: Overview of Device Regulation, Medical Devices (2020). https://www.fda.gov/medical-devices/device-advice-comprehensive-regulatory-assistance/overview-device-regulation. Accessed 7 Nov 2020
Vectra: Healthcare’s legacy infrastructure of unmanaged devices exposes a vulnerable attack surface (2019). https://www.vectra.ai/download/spotlight-report-on-healthcare-2019#form-download. Accessed 16 May 2020
Xu, Y., Tran, D., Tian, Y., Alemzadeh, H.: Poster abstract: analysis of cyber-security vulnerabilities of interconnected medical devices. In: 2019 IEEE/ACM International Conference on Connected Health: Applications, Systems and Engineering Technologies (CHASE), pp. 23–24 (2019)
Zeng, W., Germanos, V.: Modelling hybrid cyber kill chain (2019)
Zhang, L., Thing, V.L.L.: Three decades of deception techniques in active cyber defense – retrospect and outlook (2021)
Acknowledgement
This research is partially funded by Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) -project of the Horizon 2020 SU-ICT-03-2018 program. The authors would like to thank Ms. Tuula Kotikoski for proofreading the manuscript.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ihanus, J., Kokkonen, T., Hämäläinen, T. (2022). Modelling Medical Devices with Honeypots: A Conceptual Framework. In: Rocha, A., Adeli, H., Dzemyda, G., Moreira, F. (eds) Information Systems and Technologies. WorldCIST 2022. Lecture Notes in Networks and Systems, vol 468. Springer, Cham. https://doi.org/10.1007/978-3-031-04826-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-031-04826-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04825-8
Online ISBN: 978-3-031-04826-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)