Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation
The Internet of Things has transformed the healthcare sector through the introduction of the Internet of Medical Things (IoMT) technology. However, IoMT networks remain vulnerable to a wide range of threats due to their resource-constrained characteristics and heterogeneity. Therefore, novel securit...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10909110/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850251538330550272 |
|---|---|
| author | Georgios Zachos Georgios Mantas Kyriakos Porfyrakis Joaquim Manuel Camoes Sobral de Bastos Jonathan Rodriguez |
| author_facet | Georgios Zachos Georgios Mantas Kyriakos Porfyrakis Joaquim Manuel Camoes Sobral de Bastos Jonathan Rodriguez |
| author_sort | Georgios Zachos |
| collection | DOAJ |
| description | The Internet of Things has transformed the healthcare sector through the introduction of the Internet of Medical Things (IoMT) technology. However, IoMT networks remain vulnerable to a wide range of threats due to their resource-constrained characteristics and heterogeneity. Therefore, novel security mechanisms such as accurate and efficient Anomaly-based Intrusion Detection Systems (AIDSs), taking into consideration the inherent limitations of the IoMT networks, are necessary to be developed before IoMT networks reach their full potential in the market. This paper is an extension of our previous works and presents a new and refined design of a hybrid AIDS for IoMT networks. Furthermore, we provide implementation details on Raspberry Pi devices and performance evaluation results that demonstrate the efficacy of our approach. For its detection purposes, the AIDS employs Novelty detection and Outlier detection algorithms as these types of ML algorithms can detect both known and unknown types of attacks. Then, we tuned the hyperparameters of various Novelty Detection and Outlier Detection ML algorithms and evaluated their performance. Afterwards, the best performing ML algorithms (i.e., OCSVM, LOF, G_KDE, PW_KDE, B_GMM, MCD and IsoForest) are selected to be integrated into the AIDS deployed on an IoT/IoMT testbed. In addition, we evaluated the performance of the deployed AIDS during runtime, and the runtime evaluation results indicate: (i) a strong detection performance for some of the integrated ML algorithms, and (ii) a low computational cost (i.e., less than 1 % cpu usage) of the AIDS for all integrated ML algorithms. |
| format | Article |
| id | doaj-art-da12a6725acd49a1b67f57d5730a8f7e |
| institution | OA Journals |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-da12a6725acd49a1b67f57d5730a8f7e2025-08-20T01:57:52ZengIEEEIEEE Access2169-35362025-01-0113419944202810.1109/ACCESS.2025.354757210909110Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms EvaluationGeorgios Zachos0https://orcid.org/0000-0001-9130-4605Georgios Mantas1https://orcid.org/0000-0002-8074-0417Kyriakos Porfyrakis2https://orcid.org/0000-0003-1364-0261Joaquim Manuel Camoes Sobral de Bastos3https://orcid.org/0000-0001-8182-5087Jonathan Rodriguez4https://orcid.org/0000-0001-9829-0955Instituto de Telecomunicações, Aveiro, PortugalInstituto de Telecomunicações, Aveiro, PortugalFaculty of Engineering and Science, University of Greenwich, Chatham Maritime, U.K.Instituto de Telecomunicações, Aveiro, PortugalInstituto de Telecomunicações, Aveiro, PortugalThe Internet of Things has transformed the healthcare sector through the introduction of the Internet of Medical Things (IoMT) technology. However, IoMT networks remain vulnerable to a wide range of threats due to their resource-constrained characteristics and heterogeneity. Therefore, novel security mechanisms such as accurate and efficient Anomaly-based Intrusion Detection Systems (AIDSs), taking into consideration the inherent limitations of the IoMT networks, are necessary to be developed before IoMT networks reach their full potential in the market. This paper is an extension of our previous works and presents a new and refined design of a hybrid AIDS for IoMT networks. Furthermore, we provide implementation details on Raspberry Pi devices and performance evaluation results that demonstrate the efficacy of our approach. For its detection purposes, the AIDS employs Novelty detection and Outlier detection algorithms as these types of ML algorithms can detect both known and unknown types of attacks. Then, we tuned the hyperparameters of various Novelty Detection and Outlier Detection ML algorithms and evaluated their performance. Afterwards, the best performing ML algorithms (i.e., OCSVM, LOF, G_KDE, PW_KDE, B_GMM, MCD and IsoForest) are selected to be integrated into the AIDS deployed on an IoT/IoMT testbed. In addition, we evaluated the performance of the deployed AIDS during runtime, and the runtime evaluation results indicate: (i) a strong detection performance for some of the integrated ML algorithms, and (ii) a low computational cost (i.e., less than 1 % cpu usage) of the AIDS for all integrated ML algorithms.https://ieeexplore.ieee.org/document/10909110/Anomaly-based intrusion detectiondataset generationInternet of Medical Things (IoMT)intrusion detection system (IDS)machine learning algorithmsnovelty detection algorithms |
| spellingShingle | Georgios Zachos Georgios Mantas Kyriakos Porfyrakis Joaquim Manuel Camoes Sobral de Bastos Jonathan Rodriguez Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation IEEE Access Anomaly-based intrusion detection dataset generation Internet of Medical Things (IoMT) intrusion detection system (IDS) machine learning algorithms novelty detection algorithms |
| title | Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation |
| title_full | Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation |
| title_fullStr | Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation |
| title_full_unstemmed | Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation |
| title_short | Anomaly-Based Intrusion Detection for IoMT Networks: Design, Implementation, Dataset Generation, and ML Algorithms Evaluation |
| title_sort | anomaly based intrusion detection for iomt networks design implementation dataset generation and ml algorithms evaluation |
| topic | Anomaly-based intrusion detection dataset generation Internet of Medical Things (IoMT) intrusion detection system (IDS) machine learning algorithms novelty detection algorithms |
| url | https://ieeexplore.ieee.org/document/10909110/ |
| work_keys_str_mv | AT georgioszachos anomalybasedintrusiondetectionforiomtnetworksdesignimplementationdatasetgenerationandmlalgorithmsevaluation AT georgiosmantas anomalybasedintrusiondetectionforiomtnetworksdesignimplementationdatasetgenerationandmlalgorithmsevaluation AT kyriakosporfyrakis anomalybasedintrusiondetectionforiomtnetworksdesignimplementationdatasetgenerationandmlalgorithmsevaluation AT joaquimmanuelcamoessobraldebastos anomalybasedintrusiondetectionforiomtnetworksdesignimplementationdatasetgenerationandmlalgorithmsevaluation AT jonathanrodriguez anomalybasedintrusiondetectionforiomtnetworksdesignimplementationdatasetgenerationandmlalgorithmsevaluation |