Machine Learning-Based Cyber Intrusion Detection System for Internet of Medical Things Attacks in Healthcare Environments

Introduction And Backgrounds

Sensors, the cloud, and many more advanced technologies give a new aspect to the healthcare system. Advancements in the area of wireless data collection through sensors, data storage, internet, and communication link patients who are far from healthcare professionals. Remote monitoring systems enabled the communication link between doctors and patients using various types of gadgets such as smart watches, smartphones, laptops, and many more devices. These devices are known as the internet of things (IoT). If these devices are integrated for medical purposes, then it becomes the internet of medical things (IoMT) (Razdan & Sharma, 2021). IoMT reduces the visit of the patient and medical professionals can collect the data of patients through the internet. Patient details are represented as a medical record in a digital format than paper which also knows as electronic health records (Dimitrov, 2016) (EHR). Wireless communication is used between the patient and server repository to locate the EHR details. EHR data should be secured from intruders and attacks while transmitted over communication channels through the internet. As IoMT architecture (Toghuj & Turab, 2022) shown in Fig 1 where three layers named application, network, and perception, represent the flow of data from sensors/actuators to cloud/server. These layers performed the following operations on medical data: processed, analyzed, and stored.

Figure 1.

IoMT architecture

To do the computational statistical analysis, machine learning (ML) helped to predict intrusion detection for cyber security (Davenport & Kalakota, 2019a). The most promising technique is to manage issues of security in healthcare systems for attacks (Abouelmehdi et al., 2018). L comprises the rules and methods that can be applied to large amounts of data to find the prediction behavior and pattern of cyber security attacks. It is necessary to migrate to a run-time approach to detect intrusion when the changing patterns in network behavior (Tgavalekos et al., 2018). ML broadly splits into supervised, unsupervised, and semi-supervised learning. As supervised learning works with labeled data whereas unsupervised is used for unlabeled data and semi-supervised used for labeled and less unlabeled data (Singh et al., 2017). Supervised learning works on training and testing data (Rawat et al., 2022). ML helps to save valuable time and minimize damages due to cyber-attacks (Sarker et al., 2020). Existing classification models (Pérez-Ortiz et al., 2016) uch as Naïve Bayes (NB), decision tree (DT), support vector machine (SVM), random forest (RF), K-Nearest Neighbor (K-NN), stochastic gradient (SG), and many more are helpful to be applied on a large dataset. Some regression models (Dasgupta et al., 2011) (Negi et al., 2022) are also considered for the same dataset such as logistic, linear, lasso, ridge, decision tree, and more.

ML models can also be helpful to detect the intrusion raised when IoMT devices send their data to a server. The availability of suspicious attacks between medical devices and servers (Hireche et al., 2022) hows that noise data is appended with original data. The existence of ML models in an IoMT environment based on a detection system can help to predict cyber-attacks. The capability of ML is managing cyber-attack issues using a type of healthcare sensor (Kumar & Lee, 2011). Healthcare system has a gateway for data collection, and monitoring the network traffic need to support cyber-attacks detection system computer (Hady et al., 2020). The server is located last to store the sensed data from various sources. As the dataset has network traffic related and patient data. For predicting cyber-attacks in healthcare, various ML techniques are applied to network and patient data and evaluate the measurements metric. The following purposes are there in healthcare using ML (Davenport & Kalakota, 2019b):