Abstract
Integrating mobile computing technologies and human health activities using IoMT devices can accelerate biomedical discovery and improve the efficiency of healthcare research and delivery. However, the quality of the collected health data is critical for the success of these efforts. In this paper, a hybrid intrusion detection system is proposed to identify cyberattacks in real time on medical devices. The system combines a logistic regression-based detector using network traffic features with a gradient-boosted tree-based detector using medical sensor features. Evaluation of the system using a publicly available dataset shows an accuracy score of 95.4% using only 11 features, compared to the current best accuracy of 92.98% achieved by artificial neural networks using 40 features. Additionally, by combining the decisions of the two individual detection systems, the number of attacks detected is increased from 111 to 305 out of a total of 423 attack instances, improving the sensitivity score and addressing the challenge of effectively and efficiently integrating different detection technologies in a hybrid intrusion detection system. To the best of the authors’ knowledge, this is the first attempt to combine multiple misuse detection models in a hybrid system to secure both IoMT devices and their networking equipment across the entire healthcare spectrum of the IoMT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Anand, A., Rani, S., Anand, D., Aljahdali, H.M., Kerr, D.: An efficient CNN-based deep learning model to detect malware attacks (CNN-DMA) in 5G-IoT healthcare applications. Sensors 21(19), 6346 (2021)
How connected medical devices are transforming health care (2018). https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Life-Sciences-Health-Care/gx-lshc-medtech-iomt-brochure.pdf. Accessed 23 Nov 2022
Chen, H.C.: Smart health and wellbeing [trends & controversies]. IEEE Intell. Syst. 26(5), 78–90 (2011)
Connectivity Standards Alliance. https://csa-iot.org/. Accessed 23 Nov 2022
Bhagwat, P.: Bluetooth: technology for short-range wireless apps. IEEE Internet Comput. 5(3), 96–103 (2001). https://doi.org/10.1109/4236.935183
Wi-Fi Alliance. https://www.wi-fi.org/. Accessed 23 Nov 2022
Filkins, B.: Health Care Cyberthreat Report: Widespread Compromises Detected, Compliance Nightmare on Horizon. SANS Institute (2014)
Li, C.X., Raghunathan, A., Jha, N.K.: Hijacking an insulin pump: security attacks and defenses for a diabetes therapy system. In: 2011 IEEE 13th International Conference on e-Health Networking, Applications and Services, pp. 150–156 (2011). https://doi.org/10.1109/HEALTH.2011.6026732
Halperin, D., et al.: Pacemakers and implantable cardiac defibrillators: software radio attacks and zero-power defences. In: 2008 IEEE Symposium on Security and Privacy, pp. 129–142 (2008). https://doi.org/10.1109/SP.2008.31
Medical devices hit by ransomware for the first time in us hospitals. https://www.forbes.com/sites/thomasbrewster/2017/05/17/wannacry-ransomware-hit-real-medical-devices/?sh=67f42679425c. Accessed 23 Nov 2022
Sehatbakhsh, N., Alam, M., Nazari, A., Zajic, A., Prvulovic, M.: Syndrome: spectral analysis for anomaly detection on medical IoT and embedded devices. In: 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 1–8 (2018). https://doi.org/10.1109/HST.2018.8383884
Gope, P., Hwang, T.: BSN-care: a secure IoT-based modern healthcare system using body sensor network. IEEE Sens. J. 16(5), 1368–1376 (2016). https://doi.org/10.1109/JSEN.2015.2502401
Lu, W.: Detecting malicious attacks using principal component analysis in medical cyber-physical systems. In: Traore, I., Woungang, I., Saad, S. (eds.) Artificial Intelligence for Cyber-Physical Systems Hardening, vol. 2, pp. 203–215. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-16237-4_9
Ghorbani, A.A., Lu, W., Tavallaee, M.: Network attacks. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 1–25. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_1. ISBN-10: 0387887709
Ghorbani, A.A., Lu, W., Tavallaee, M.: Theoretical foundation of detection. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 73–114. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_4. ISBN-10: 0387887709
Garant, D., Lu, W.: Mining botnet behaviors on the large-scale web application community. In: Proceedings of 27th IEEE International Conference on Advanced Information Networking and Applications, Barcelona, Spain, 25–28 March 2013 (2013)
Ghorbani, A.A., Lu, W., Tavallaee, M.: Detection approaches. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 27–53. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_2. ISBN-10: 0387887709
Lu, W., Ghorbani, A.A.: Bots behaviors vs. human behaviors on large-scale communication networks (extended abstract). In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 415–416. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87403-4_33
Lu, W., Miller, M., Xue, L.: Detecting command and control channel of botnets in cloud. In: Traore, I., Woungang, I., Awad, A. (eds.) ISDDC 2017. LNCS, vol. 10618, pp. 55–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69155-8_4. ISBN 978-3-319-69154-1
Lu, W., Ghorbani, A.A.: Botnets detection based on IRC-community. In: 2008 IEEE Global Telecommunications Conference, IEEE GLOBECOM 2008, pp. 1–5 (2008). https://doi.org/10.1109/GLOCOM.2008.ECP.398
Lu, W., Mercaldo, N., Tellier, C.: Characterizing command and control channel of mongoose bots over TOR. In: Woungang, I., Dhurandher, S.K. (eds.) WIDECOM 2020. LNDECT, vol. 51, pp. 23–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44372-6_2
Tavallaee, M., Lu, W., Ghorbani, A.: Online classification of network flows. In: Proceedings of the 7th Annual Conference on Communication Networks and Services Research (CNSR 2009), Moncton, New Brunswick, Canada, 11–13 May 2009, pp. 78–85 (2009)
Lu, W., Xue, L.: A heuristic-based co-clustering algorithm for the internet traffic classification. In: 2014 28th International Conference on Advanced Information Networking and Applications Workshops, pp. 49–54 (2014). https://doi.org/10.1109/WAINA.2014.16
Lu, W.: An Unsupervised Anomaly Detection Framework for Multiple-connection-Based Network Intrusions. Ottawa Library and Archives Canada (2007). ISBN 9780494147795
Lu, W., Traore, I.: A new unsupervised anomaly detection framework for detecting network attacks in real-time. In: Desmedt, Y.G., Wang, H., Yi, M., Li, Y. (eds.) Cryptology and Network Security, pp. 96–109. Springer, Heidelberg (2005). https://doi.org/10.1007/11599371_9. ISBN 978-3-540-32298-6
Lu, W., Traore, I.: An unsupervised approach for detecting DDoS attacks based on traffic based metrics. In: Proceedings of IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM 2005), Victoria, B.C., pp. 462–465 (2005)
Lu, W., Traore, I.: Determining the optimal number of clusters using a new evolutionary algorithm. In: Proceedings of IEEE International Conference on Tools with Artificial Intelligence (ICTAI 2005), Hongkong, pp. 712–713 (2005)
Lu, W., Tong, H.: Detecting network anomalies using CUSUM and EM clustering. In: Cai, Z., Li, Z., Kang, Z., Liu, Y. (eds.) ISICA 2009. LNCS, vol. 5821, pp. 297–308. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-04843-2_32. ISBN 978-3-642-04843-2
Lu, W., Traore, I.: Unsupervised anomaly detection using an evolutionary extension of K-means algorithm. Int. J. Inf. Comput. Secur. 2(2), 107 (2008). https://doi.org/10.1504/IJICS.2008.018513
Lu, W., Traore, I.: A new evolutionary algorithm for determining the optimal number of clusters. In: Proceedings of IEEE International Conference on Computational Intelligence for Modeling, Control and Automation (CIMCA 2005), vol. 1, pp. 648–653 (2005)
WUSTL EHMS Dataset. https://www.cse.wustl.edu/~jain/ehms/index.html. Accessed 23 Nov 2022
WUSTL EHMS Clean. https://unh.box.com/s/qja9cnmvtbyr0ctsw6p6fx8y8vr2z8oo. Accessed 23 Nov 2022
Ghorbani, A.A., Lu, W., Tavallaee, M.: Data collection. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 55–71. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_3. ISBN-10: 0387887709
Ghorbani, A.A., Lu, W., Tavallaee, M.: Evaluation criteria. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 161–183. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_7. ISBN-10: 0387887709
Nunley, K., Lu, W.: Detecting network intrusions using a confidence-based reward system. In: 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 175–180 (2018). https://doi.org/10.1109/WAINA.2018.00083
Ghorbani, A.A., Lu, W., Tavallaee, M.: Architecture and implementation. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 115–127. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_5. ISBN-10: 0387887709
Ghorbani, A.A., Lu, W., Tavallaee, M.: Intrusion response. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 185–198. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_8. ISBN-10: 0387887709
Ghorbani, A.A., Lu, W., Tavallaee, M.: Alert management and correlation. In: Ghorbani, A.A., Lu, W., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention. ADIS, vol. 47, pp. 129–160. Springer, Boston (2010). https://doi.org/10.1007/978-0-387-88771-5_6. ISBN-10: 0387887709
Acknowledgments
This research is supported by New Hampshire - INBRE through an Institutional Development Award (IDeA), P20GM103506, from the National Institute of General Medical Sciences of the NIH.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Lu, W. (2023). Applied Machine Learning for Securing the Internet of Medical Things in Healthcare. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2023. Lecture Notes in Networks and Systems, vol 654. Springer, Cham. https://doi.org/10.1007/978-3-031-28451-9_35
Download citation
DOI: https://doi.org/10.1007/978-3-031-28451-9_35
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-28450-2
Online ISBN: 978-3-031-28451-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)