Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation

Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation

The Internet of Things has transformed the healthcare sector through the introduction of the Internet of Medical Things (IoMT) technology. However, IoMT networks remain vulnerable to a wide range of threats due to their resource-constrained characteristics and heterogeneity. Therefore, novel securit...

Full description

Saved in:
Bibliographic Details
Main Authors: Georgios Zachos, Georgios Mantas, Kyriakos Porfyrakis, Joaquim Manuel Camoes Sobral de Bastos, Jonathan Rodriguez
Format: Article
Language:English
Published: IEEE 2025-01-01
Series:IEEE Access
Subjects:
Anomaly-based intrusion detection
dataset generation
Internet of Medical Things (IoMT)
intrusion detection system (IDS)
machine learning algorithms
novelty detection algorithms
Online Access:https://ieeexplore.ieee.org/document/10909110/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The Internet of Things has transformed the healthcare sector through the introduction of the Internet of Medical Things (IoMT) technology. However, IoMT networks remain vulnerable to a wide range of threats due to their resource-constrained characteristics and heterogeneity. Therefore, novel security mechanisms such as accurate and efficient Anomaly-based Intrusion Detection Systems (AIDSs), taking into consideration the inherent limitations of the IoMT networks, are necessary to be developed before IoMT networks reach their full potential in the market. This paper is an extension of our previous works and presents a new and refined design of a hybrid AIDS for IoMT networks. Furthermore, we provide implementation details on Raspberry Pi devices and performance evaluation results that demonstrate the efficacy of our approach. For its detection purposes, the AIDS employs Novelty detection and Outlier detection algorithms as these types of ML algorithms can detect both known and unknown types of attacks. Then, we tuned the hyperparameters of various Novelty Detection and Outlier Detection ML algorithms and evaluated their performance. Afterwards, the best performing ML algorithms (i.e., OCSVM, LOF, G_KDE, PW_KDE, B_GMM, MCD and IsoForest) are selected to be integrated into the AIDS deployed on an IoT/IoMT testbed. In addition, we evaluated the performance of the deployed AIDS during runtime, and the runtime evaluation results indicate: (i) a strong detection performance for some of the integrated ML algorithms, and (ii) a low computational cost (i.e., less than 1 % cpu usage) of the AIDS for all integrated ML algorithms.
ISSN:2169-3536

Similar Items