Security Analysis for Smart Healthcare Systems
<p>IoMT System Architecture.</p> "> Figure 2
<p>Cyberattack effects on individuals.</p> "> Figure 3
<p>Cyberattack occurrences.</p> "> Figure 4
<p>IDS-integrated IoMT Network Architecture.</p> "> Figure 5
<p>Proposed Framework Architecture.</p> "> Figure 6
<p>(<b>a</b>) Dataset 1 Confusion Matrix and (<b>b</b>) Dataset 2 Confusion Matrix.</p> "> Figure 7
<p>(<b>a</b>) Dataset-1 AUC-ROC graph, (<b>b</b>) Dataset-1 AUC-PR graph, (<b>c</b>) Dataset-2 AUC-ROC graph, and (<b>d</b>) Dataset-2 AUC-PR graph.</p> ">
Abstract
:1. Introduction
- -
- Ensuring the integrity of medical data within the IoMT architecture by proposing an enhanced architecture and secure mechanism for data transmission.
- -
- Validating the results through two IoMT-related datasets by integrating them with an ensemble-powered IDS honeypot threat detection and mitigating system, ranging from biometrics collected from patients to network flow and attack patterns.
- -
- Developing an integrated intrusion detection and prevention system with machine learning that runs an ensemble method combining Logistic Regression and K-Nearest-Neighbor for an architecture that is scalable and deployable for IoMT network structures and is integrated with honeypot.
2. Related Work
3. Architecture of IoMT
- Layer 1: Devices and Instruments Layer, which deploys sensors and actuators to obtain and collect patients’ data. Three main variants are categorized according to their applications and functionality: stationary, wearable, and implantable.
- Medical examination instruments that are stationary, such as CT scans, MRI machines, and X-rays for imaging purposes [23]. Additionally, some of the surgical operations are performed with high-speed and low-latency connections [24] via a remote controller for operating robotic surgical instruments and apparatus, which outperform some operations done by hand in terms of precision and accuracy [25]. Medications and prescriptions that are accurately prescribed with the right dosage are capable of adapting based on the diagnosed medical condition and history of the patient and are dispensed accordingly [26].
- Surgically implanted devices inside the human body, or semi-invasive devices. An example would be a pacemaker, which regulates heart rate and rhythm by sending electrical pulses, or an insulin pump, which delivers insulin into the body through a computerized device with regulated doses at a specific preset time [27].
- Wearable sensors and noninvasive medical equipment transmit medical data through wired or wireless mediums to monitoring and analytical devices that are operated by the healthcare staff [28]. Wristbands, smartwatches, and Oxylink devices transmit medical reading data to be analyzed for detecting and determining abnormalities and harvesting collected data for research and studies. Such readings measure the heart rate, oxygen saturation, and blood pressure [29].
- Layer 2: Communication Network Layer, a bridging layer responsible for transmitting IoMT data from Layer 1 to Layer 3. Wireless transmission variant methods [30] are applicable based on the requirements of the device or type of data, such as short-range communication, which includes Radio Frequency Identification (RFID), used for logistics and inventory management, Near-Field Communication (NFC), such as tags that contain the Identification (ID) credentials of patients, Bluetooth (BT) devices, such as Oxylink, and Wireless Fidelity (WiFi) for remote patient monitoring [31].
- Layer 3: Application interface monitoring layer. The purpose of this layer is the aggregation and collection of different medical device readings and the conversion of the collected medical data into specific format standards that facilitate the interoperability and interaction of medical devices [32]. The main functions are detecting, predicting, tracking, and recording the patient data. Establishing a common standard would allow communication between different systems and devices to handle the data and implement encryption and authentication privileges for access to safeguard the confidentiality and sensitive data of patients. This layer also facilitates real-time monitoring of all medical equipment readings for any abrupt or slight occurrences of abnormalities and utilizes a friendly Graphical User Interface (GUI) design [33] for ease of use and access to live data that can be read and understood. Securing this layer is crucial, as there is a reliance on it for accessing medical records remotely from cloud servers or local servers from Layer 4 with smooth communication and a low-latency network. The network structure and architecture of the IoMT should establish and maintain secure and strict connection protocols for accessing information, which can be ensured by securing the servers and gateways and employing different encryption and defensive mechanisms.
- Layer 4: Data processing and storage layer, storing the data on local servers as well as utilizing remote services such as cloud servers for performing high computational analysis of collected medical data as it is more cost-effective and efficient compared to using local servers in terms of maintenance, security, redundancy, and scalability in the long run [34]. This layer serves as the backbone of the IoMT main system architecture, as there is a high demand for intensive computational requirements and big data analytics in the medical field, which would require an augmentation with AI technology to provide the best care and treatment procedures by accessing past medical histories of patients which have been harvested and collected in large amounts and shared across different cloud platforms [35]. Due to the access to cloud services, it is possible to apply parallel computing to provide the accelerated best course of action scenarios during diagnostics of cases, surgeries done manually or by robotics, synthesizing new drugs, and research and development [36].
4. IDS Architecture
- Signature-based type of detection, which requires predefined attack patterns and known exploits that are previously recorded and regularly updated through cloud security firms, aggregating the collected cyberattack occurrences from multiple IoT sectors and implementing them into the current IDS mechanism for better performance in detection [40].
- Anomaly-based type, which requires an in-depth examination of network interactions by integrating AI technology into the IDS, such as machine and deep learning algorithms for monitoring the system network activities by distinguishing normal network behavior and any deviations and anomalies that are in contrast to real-time generated network traffic, user activities, and system configurations. Anomaly-based systems are effective in the detection of zero-day attacks with no predefined signatures, as they rely on disturbances and abrupt normal patterns [41].
- Producing false positive feedback alerts due to failing to detect an anomaly of a cyberattack that is sophisticated in nature, as well as stealthy attacks. Continuously fine-tuning and validating the records of such alerts would scale up to improve the accuracy and precision of detection, thereby minimizing false alarms, which is achievable by utilizing AI methods [42].
- An IDS mechanism must be capable of adapting and scaling up with an expanding network structure while maintaining optimal performance. An IDS that is high-performing by design is capable of adjusting to new network traffic, a higher-density network, and an increased flow of data that is aggregated and transported. The IDS must also be designed to integrate with existing mechanisms for providing additional risk management and rapid response [43].
- Dataset 1: The WUSTL dataset [53] is from a test bed that was created by using the real-time Enhanced Healthcare Monitoring System (EHMS). It is used to train an IDS AI-based model to detect certain attacks that are recorded and tabulated in the dataset. The type of attack is mainly Man-In-The-Middle (MITM) [54], which consists of spoofing [55] and data injection attacks [56]. It contains flow network metrics in addition to patient biometrics. This dataset consists of 44 features, and the attacker patterns are labeled as 1, while the normal patterns are labeled as 0.
- Dataset 2: The IoT-Flock tool [57] was used to generate an IoT traffic network that consists of a normal and attack traffic network for malicious activity detection in healthcare environment setup [58]. Normal traffic contains patient and environment monitoring devices under normal conditions. The attacker traffic was generated after the normal traffic with multiple types of attacks, including a DDOS-type attack MQTT [59], a MQTT publish flood [60], brute force [61], and a SlowITE attack [62]. The dataset contains 52 features, with the attacks labeled as 1 in the attack dataset and normal traffic labeled as 0 in the dataset. Table 1 provides details about the datasets.
- Both datasets were created by capturing the network traffic in their respective environments as pcap files, which are network characteristics that will be used for analysis. For these files to be analyzed, they must be converted into CSV files, which is done by using a Python 3.12 script.
- Cleaning the data of irrelevant values in terms of handling and removing missing values, noise, errors, and any inconsistency. Data transformation is required for the classification algorithm to scale the features to a numerical range via binary encoding and ensure the consistency of selected features. Merging and combining multiple datasets of normal and attack samples to create a unified, comprehensive dataset for analysis.
- Normalization of data ensures that all features have similar scales, which assists the model in converging quicker during the training phase and prevents certain features from affecting others by dominating them.
- Data reduction is implemented to improve the model efficiency by feature selection and identifying the relevant data that impact the outcome of the model by removing low variances among the features as they have less information. This is done via an iterative process such as recursive feature elimination, which begins with all features and removes the least impactful ones by using the Support Vector Machine (SVM) algorithm. The features selected to train and test the machine learning model for the two datasets are:
- -
- Dataset 1: [‘SrcLoad’,‘DstLoad’,‘SrcJitter’,‘DstJitter’,‘Dur’,‘Load’,‘Rate’]
- -
- Dataset 2: [‘frame.time_delta’,‘tcp.time_delta’,‘tcp.flags.ack’,‘tcp.flags.push’, ‘tcp.flags.reset’,‘mqtt.hdrflags’,‘mqtt.msgtype’,‘mqtt.qos’,‘mqtt.retain’,‘mqtt.ver’]
Algorithm 1: Integrated IDS and Honeypot with Ensemble Method using LR and KNN |
|
- Misconfigurations found in the firewall protocols create loopholes that grant the intruder access inside the network via overly permissive rules or incorrect settings, which are exploited by the attacker [65].
- Vulnerabilities in firewall rules are exploited by employing sophisticated attacks that target the applications or services via zero-day [66] attacks, as the firewall is not regularly maintained and updated and is incapable of blocking unknown threats and vulnerabilities.
- Using a signature-based approach, the IDS will cross-reference the activity of the network, compare it with historical datasets, and classify it as an attack. It then notifies the security personnel of this intrusion attempt and flags it as it enters the honeypot-emulated environment for further study of the intruder activity. The honeypot mechanism purposely mimics existing vulnerabilities for the intruder to latch on by actively monitoring the logs and activities in the simulated environment.
- Using an anomaly-based attack that deviates from the normal behavioral pattern of the network traffic and known cyberattacks. The AI-based IDS continuously monitors the activity of the network and keeps track of the normal patterns. If any abnormalities and disturbances in the honeypot occur, they get classified as anomalies by comparing them and cross-validating them with normal network behavior.
- LR advantages for IDS can be driven by its interpretability, as it can provide a clear understanding of the result of each feature on the prediction, especially when the data variables are approximately linear. In terms of resource management, it is computationally efficient for large datasets or real-time applications, fast and simple, as it can be adapted for online usage, and the model is updated incrementally as new data becomes available. Considerations and drawbacks of LR underperformance include the assumption that the relationship between the features is linear.
- The KNN algorithm is capable of capturing complex non-linear relationships in the dataset due to its distribution-free method of statistical analysis. Flexibility and adaptability to different types of data distributions do not require a specific decision boundary. KNN does not require an explicit training phase, which makes it versatile for implementation and continuous data updates. KNN is resource-intensive compared to LR, as it involves computing all the training samples and has high sensitivity when there is feature scaling.
- True Positive (TP): The number of normal samples that have been correctly classified as normal.
- True Negative (TN): The number of attack samples that have been correctly classified as an attack.
- False Positive (FP): The number of attack samples that have been classified as normal.
- False Negative (FN): The number of normal samples that have been detected as an attack.
5. Results and Discussion
- AUC-ROC
- Focus: Measures the model’s ability to distinguish between positive and negative classes at various classification thresholds.
- Curve: Plots the True Positive Rate (TPR) on the y-axis against the False Positive Rate (FPR) on the x-axis.
- -
- TPR (Recall): Proportion of positive cases correctly identified.
- -
- FPR (Fall-out): Proportion of negative cases incorrectly classified as positive.
- Interpretation:
- -
- A perfect model has an AUC-ROC of 1, indicating a perfect separation between classes at all thresholds.
- -
- An AUC-ROC of 0.5 represents random guessing.
- -
- Higher AUC-ROC signifies a better ability to differentiate classes across thresholds.
- AUC-PR
- Focus: Measures the model’s ability to rank positive cases correctly, considering both precision and recall.
- Curve: Plots the precision (proportion of predicted positives that are actually positive) on the y-axis against the recall on the x-axis.
- Interpretation:
- -
- A perfect model has an AUC-PR of 1, indicating that all predicted positives are true positives and the model ranks them correctly.
- -
- An AUC-PR of 0.5 suggests no better than the random ranking of positive cases.
- -
- Higher AUC-PR signifies better ability to identify true positives and prioritize them appropriately.
- -
- Classification Threshold: Changing the decision threshold for classifying positive cases will affect both TPR and FPR, consequently impacting AUC-ROC.
- -
- Data Distribution: The underlying distribution of positive and negative classes can influence the difficulty of separation and thus the AUC values.
- -
- Model Complexity: Overly complex models might lead to overfitting, reducing generalization, and potentially lowering AUC on unseen data.
- -
- Class Imbalance: As mentioned earlier, class imbalance can significantly affect AUC-ROC, but might have less impact on AUC-PR.
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Acknowledgments
Conflicts of Interest
References
- Sathya, M.; Madhan, S.; Jayanthi, K. Internet of things (IoT) based health monitoring system and challenges. Int. J. Eng. Technol. 2018, 7, 175–178. [Google Scholar] [CrossRef]
- Das, S.; Siroky, G.P.; Lee, S.; Mehta, D.; Suri, R. Cybersecurity: The need for data and patient safety with cardiac implantable electronic devices. Heart Rhythm 2020, 18, 473–481. [Google Scholar] [CrossRef] [PubMed] [PubMed Central]
- Subrato, B.; Prajoy, P.; Rubaiyat, M.M.; Pinto, P. Applications and Challenges of Cloud Integrated IoMT. In Cognitive Internet of Medical Things for Smart Healthcare; Springer: Berlin/Heidelberg, Germany, 2020. [Google Scholar] [CrossRef]
- Adewole, K.S.; Akintola, A.; Jimoh, R.J.; Mabayoje, M.A.; Jimoh, M.K.; Hamza-Usman, F.E.; Balogun, A.O.; Sangaiah, A.K.; Ameen, O. Cloud-based IoMT framework for cardiovascular disease prediction and diagnosis in personalized E-health care. In Intelligent IoT Systems in Personalized Health Care; Academic Press: Cambridge, MA, USA, 2021; pp. 105–145. [Google Scholar]
- Wazid, M.; Das, A.K.; Rodrigues, J.J.P.C.; Shetty, S.; Park, Y. IoMT Malware Detection Approaches: Analysis and Research Challenges. IEEE Access 2019, 7, 182459–182476. [Google Scholar] [CrossRef]
- Mucchi, L.; Jayousi, S.; Martinelli, A.; Caputo, S.; Marcocci, P. An Overview of Security Threats, Solutions and Challenges in WBANs for Healthcare. In Proceedings of the 2019 13th International Symposium on Medical Information and Communication Technology (ISMICT), Oslo, Norway, 8–10 May 2019. [Google Scholar]
- Sharma, N.; Parveen Sultana, H.; Singh, R.; Patil, S. Secure Hash Authentication in IoT based Applications. Procedia Comput. Sci. 2018, 165, 328–335. [Google Scholar] [CrossRef]
- Mucchi, L.; Ronga, L.S.; Del Re, E. Physical Layer Cryptography and Cognitive Networks. Wirel. Pers. Commun. 2011, 58, 95–109. [Google Scholar] [CrossRef]
- Iwendi, C.; Kesavan, S.M.; Chang, C.; Kumaar, M.A.; Samiayya, D.; Durai, P.M.; Vincent, R.; Srinivasan, K.; Ganesh, H.A. Hybrid Framework for Intrusion Detection in Healthcare Systems Using Deep Learning. Front. Public Health 2022, 9, 824898. [Google Scholar]
- Occhipinti, A.; Rogers, L.; Angione, C. A pipeline and comparative study of 12 machine learning models for text classification. Expert Syst. Appl. 2022, 201, 117193. [Google Scholar] [CrossRef]
- Tiwari, D.; Bhati, B.S.; Nagpal, B.; Sankhwar, S.; Al-Turjman, F. An enhanced intelligent model: To protect marine IoT sensor environment using ensemble machine learning approach. Ocean Eng. 2021, 242, 110180. [Google Scholar] [CrossRef]
- Tyagi, P.; Manju Bargavi, S.K. Using Federated Artificial Intelligence System of Intrusion Detection for IoT Healthcare System Based on Blockchain. Int. J. Data Inform. Intell. Comput. 2023, 2, 1–10. [Google Scholar] [CrossRef]
- Gupta, K.; Sharma, D.K.; Datta Gupta, K.; Kumar, A. A tree classifier based network intrusion detection model for Internet of Medical Things. Comput. Electr. Eng. 2022, 102, 108158. [Google Scholar] [CrossRef]
- Argus Project. Available online: https://qosient.com/argus (accessed on 20 May 2024).
- Boukela, L.; Zhang, G.; Bouzefrane, S.; Zhou, J. An outlier ensemble for unsupervised anomaly detection in honeypots data. Intell. Data Anal. 2020, 24, 743–758. [Google Scholar] [CrossRef]
- Shi, L.; Li, Y.; Liu, T.; Liu, J.; Shan, B.; Chen, H. Dynamic Distributed Honeypot Based on Blockchain. IEEE Access 2019, 7, 72234–72246. [Google Scholar] [CrossRef]
- Alamro, H.; Marzouk, R.; Alruwais, N.; Negm, N.; Aljameel, S.S.; Khalid, M.; Hamza, M.A.; Alsaid, M.I. Modeling of Blockchain Assisted Intrusion Detection on IoT Healthcare System Using Ant Lion Optimizer with Hybrid Deep Learning. IEEE Access 2023, 11, 82199–82207. [Google Scholar] [CrossRef]
- Available online: https://research.unsw.edu.au/projects/toniot-datasets (accessed on 20 May 2024).
- Available online: https://www.unb.ca/cic/datasets/ids-2017.html (accessed on 20 May 2024).
- Lee, J.; Cha, H.; Rathore, S.; Park, J. M-IDM: A Multi-Classification Based Intrusion Detection Model in Healthcare IoT. Comput. Mater. Contin. 2021, 67, 1537–1553. [Google Scholar] [CrossRef]
- Alrashdi, I.; Alqazzaz, A.; Alharthi, R.; Aloufi, E.; Zohdy, M.A.; Ming, H. FBAD: Fog-based Attack Detection for IoT Healthcare in Smart Cities. In Proceedings of the 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, 10–12 October 2019; pp. 0515–0522. [Google Scholar] [CrossRef]
- Alotaibi, Y.; Ilyas, M. Ensemble-Learning Framework for Intrusion Detection to Enhance Internet of Things’ Devices Security. Sensors 2023, 23, 5568. [Google Scholar] [CrossRef] [PubMed]
- Sujith, A.; Sajja, G.S.; Mahalakshmi, V.; Nuhmani, S.; Prasanalakshmi, B. Systematic review of smart health monitoring using deep learning and Artificial intelligence. Neurosci. Inform. 2022, 2, 100028. [Google Scholar] [CrossRef]
- Pandav, K.; Te, A.G.; Tomer, N.; Nair, S.S.; Tewari, A.K. Leveraging 5G technology for robotic surgery and cancer care. Cancer Rep. 2022, 5, e1595. [Google Scholar] [CrossRef] [PubMed]
- Peters, B.S.; Armijo, P.R.; Krause, C.; Choudhury, S.A.; Oleynikov, D. Review of emerging surgical robotic technology. Surg. Endosc. 2018, 32, 1636–1655. [Google Scholar] [CrossRef] [PubMed]
- Guerrero Ulloa, G.; Hornos, M.; Rodríguez-Domínguez, C.; Fernández-Coello, M. IoT-Based Smart Medicine Dispenser to Control and Supervise Medication Intake. In Proceedings of the Intelligent Environments 2020: Workshop Proceedings of the 16th International Conference on Intelligent Environments, Madrid, Spain, 20–23 July 2020. [Google Scholar] [CrossRef]
- Hu, X.; Yin, W.; Du, F.; Zhang, C.; Xiao, P.; Li, G. Biomedical applications and challenges of in-body implantable antenna for implantable medical devices: A review. AEU Int. J. Electron. Commun. 2023, 174, 155053. [Google Scholar] [CrossRef]
- Gaobotse, G.; Mbunge, E.; Batani, J.; Muchemwa, B. Non-invasive smart implants in healthcare: Redefining healthcare services delivery through sensors and emerging digital health technologies. Sens. Int. 2021, 3, 100156. [Google Scholar] [CrossRef]
- Ahamed, B.; Sellamuthu, S.; Karri, P.N.; Srinivas, I.V.; Mohammed Zabeeulla, A.; Ashok Kumar, M. Design of an energy-efficient IOT device-assisted wearable sensor platform for healthcare data management. Meas. Sens. 2023, 30, 100928. [Google Scholar] [CrossRef]
- Sethia, D.; Gupta, D.; Saran, H. Smart health record management with secure NFC-enabled mobile devices. Smart Health 2019, 13, 100063. [Google Scholar] [CrossRef]
- Guntur, S.R.; Gorrepati, R.R.; Dirisala, V.R. Internet of Medical Things. In Remote Healthcare and Health Monitoring Perspective; CRC Press: Boca Raton, FI, USA, 2018. [Google Scholar] [CrossRef]
- Tian, S.; Yang, W.; Grange JM, L.; Wang, P.; Huang, W.; Ye, Z. Smart healthcare: Making medical care more intelligent. Glob. Health J. 2019, 3, 62–65. [Google Scholar] [CrossRef]
- Kakhi, K.; Alizadehsani, R.; Kabir, H.D.; Khosravi, A.; Nahavandi, S.; Acharya, U.R. The internet of medical things and artificial intelligence: Trends, challenges, and opportunities. Biocybern. Biomed. Eng. 2022, 42, 749–771. [Google Scholar] [CrossRef]
- Aminizadeh, S.; Heidari, A.; Toumaj, S.; Darbandi, M.; Navimipour, N.J.; Rezaei, M.; Talebi, S.; Azad, P.; Unal, M. The applications of machine learning techniques in medical data processing based on distributed computing and the Internet of Things. Comput. Methods Programs Biomed. 2023, 241, 107745. [Google Scholar] [CrossRef]
- Veeraiah, V.; KO, T.; Talukdar, V.; Islam, S.; Ajagekar, S.S.; Yellapragada, R.K. Deep Learning-Based Classification for Healthcare-Based IoT System for Efficient Diagnosis. Int. J. Intell. Syst. Appli 2023, 11, 165–174. [Google Scholar]
- Eeraiah, V.; Thejaswini, K.; Talukdar, V.; Islam, S.; Ajagekar, S.; Yellapragada, R.K. Parallel Computing for Efficient and Intelligent Industrial Internet of Health Things: An Overview. Complexity 2021, 2021, 6636898. [Google Scholar] [CrossRef]
- Healthcare Data Breach Statistics. HIPAA J. 2023. Available online: https://www.hipaajournal.com/healthcare-data-breach-statistics/ (accessed on 20 May 2024).
- Portela, D.; Nogueira-Leite, D.; Almeida, R.; Cruz-Correia, R. Economic Impact of a Hospital Cyberattack in a National Health System: Descriptive Case Study. JMIR Form Res. 2023, 7, e41738. [Google Scholar] [CrossRef] [PubMed] [PubMed Central]
- Adejimi, A.O.; Sodiya, A.S.; Ojesanmi, O.A.; Falana, O.J.; Tinubu, C.O. A dynamic intrusion detection system for critical information infrastructure. Sci. Afr. 2023, 21, e01817. [Google Scholar] [CrossRef]
- Shah, S.N.; Singh, P. Signature-Based Network Intrusion Detection System Using SNORT And WINPCAP. Int. J. Eng. Res. Technol. 2012, 1, 1–17. [Google Scholar]
- Jyothsna, V.; Prasad, K.M. Anomaly-Based Intrusion Detection System. In Computer and Network Security; IntechOpen: London, UK, 2019. [Google Scholar] [CrossRef]
- da Silveira Lopes, R.; Duarte, J.C.; Goldschmidt, R.R. False Positive Identification in Intrusion Detection Using XAI. IEEE Lat. Am. Trans. 2023, 21, 745–751. [Google Scholar] [CrossRef]
- Xia, Z.; Tan, J.; Gu, K.; Li, X.; Jia, W. IDS Intelligent Configuration Scheme Against Advanced Adaptive Attacks. IEEE Trans. Netw. Sci. Eng. 2021, 8, 995–1008. [Google Scholar] [CrossRef]
- Wang, P. Research on firewall technology and its application in computer network security strategy. Front. Comput. Intell. Syst. 2022, 2, 42–46. [Google Scholar] [CrossRef]
- Pashaei, A.; Akbari, M.E.; Zolfy Lighvan, M.; Charmin, A. Early Intrusion Detection System using honeypot for industrial control networks. Results Eng. 2022, 16, 100576. [Google Scholar] [CrossRef]
- Maesschalck, S.; Giotsas, V.; Green, B.; Race, N. Don’t get stung, cover your ICS in honey: How do honeypots fit within industrial control system security. Comput. Secur. 2022, 114, 102598. [Google Scholar] [CrossRef]
- Wang, H.; He, H.; Zhang, W.; Liu, W.; Liu, P.; Javadpour, A. Using honeypots to model botnet attacks on the internet of medical things. Comput. Electr. Eng. 2022, 102, 108212. [Google Scholar] [CrossRef] [PubMed]
- Jawale, S.; Mehta, R.; Mahalingam, V.; Mehta, N. Intrusion Detection System using Virtual Honeypots. Int. J. Eng. Res. Appl. 2022, 275–279. [Google Scholar]
- Kulle, L. Intrusion Attack & Anomaly Detection in IoT Using Honeypots. Bachelor’s Thesis, Malmö Universitet/Teknik och Samhälle, Malmö, Sweden, 2020. [Google Scholar]
- Franco, J.; Aris, A.; Canberk, B.; Uluagac, A.S. A Survey of Honeypots and Honeynets for Internet of Things, Industrial Internet of Things, and Cyber-Physical Systems. IEEE Commun. Surv. Tutor. 2020, 23, 2351–2383. [Google Scholar] [CrossRef]
- Kandanaarachchi, S.; Ochiai, H.; Rao, A. Honeyboost: Boosting honeypot performance with data fusion and anomaly detection. Expert Syst. Appl. 2022, 201, 117073. [Google Scholar] [CrossRef]
- Zakaria, W.; Kiah, M.L. A review on artificial intelligence techniques for developing intelligent honeypot. In Proceedings of the 8th International Conference on Computing Technology and Information, Seoul, Republic of Korea, 24–26 April 2012. [Google Scholar]
- Hady, A.A.; Ghubaish, A.; Salman, T.; Unal, D.; Jain, R. Intrusion Detection System for Healthcare Systems Using Medical and Network Data: A Comparison Study. IEEE Access 2020, 8, 106576–106584. [Google Scholar] [CrossRef]
- Javeed, D.; Mohammed Badamasi, U. Man in the Middle Attacks: Analysis, Motivation and Prevention. Int. J. Comput. Netw. Commun. Secur. 2020, 8, 52–58. [Google Scholar] [CrossRef] [PubMed]
- Alkhalil, Z.; Hewage, C.; Nawaf, L.; Khan, I. Phishing Attacks: A Recent Comprehensive Study and a New Anatomy. Front. Comput. Sci. 2021, 3, 563060. [Google Scholar] [CrossRef]
- Lin, X.; An, D.; Cui, F.; Zhang, F. False data injection attack in smart grid: Attack model and reinforcement learning-based detection method. Front. Energy Res. 2023, 10, 1104989. [Google Scholar] [CrossRef]
- Ghazanfar, S.; Hussain, F.; Rehman, A.U.; Fayyaz, U.U.; Shahzad, F.; Shah, G.A. IoT-Flock: An Open-source Framework for IoT Traffic Generation. In Proceedings of the 2020 International Conference on Emerging Trends in Smart Technologies (ICETST), Karachi, Pakistan, 26–27 March 2020. [Google Scholar]
- Hussain, F.; Abbas, S.G.; Shah, G.A.; Pires, I.M.; Fayyaz, U.U.; Shahzad, F.; Garcia, N.M.; Zdravevski, E. A Framework for Malicious Traffic Detection in IoT Healthcare Environment. Sensors 2021, 21, 3025. [Google Scholar] [CrossRef] [PubMed]
- Alatram, A.; Sikos, L.F.; Johnstone, M.; Szewczyk, P.; Kang, J.J. DoS/DDoS-MQTT-IoT: A dataset for evaluating intrusions in IoT networks using the MQTT protocol. Comput. Netw. 2023, 231, 109809. [Google Scholar] [CrossRef]
- Husnain, M.; Hayat, K.; Cambiaso, E.; Fayyaz, U.U.; Mongelli, M.; Akram, H.; Ghazanfar Abbas, S.; Shah, G.A. Preventing MQTT Vulnerabilities Using IoT-Enabled Intrusion Detection System. Sensors 2021, 22, 567. [Google Scholar] [CrossRef]
- Bošnjak, L.; Sres, J.; Brumen, B. Brute-force and dictionary attack on hashed real-world passwords. In Proceedings of the 2018 41st International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, 21–25 May 2018; pp. 1161–1166. [Google Scholar] [CrossRef]
- Vaccari, I.; Aiello, M.; Cambiaso, E. SlowITe, a Novel Denial of Service Attack Affecting MQTT. Sensors 2020, 20, 2932. [Google Scholar] [CrossRef]
- Frye, M.; Mohren, J.; Schmitt, R.H. Benchmarking of Data Preprocessing Methods for Machine Learning-Applications in Production. Procedia CIRP 2020, 104, 50–55. [Google Scholar] [CrossRef]
- Azevedo, N. Data Preprocessing Techniques in Machine Learning [6 Steps]. Scalable Path. 29 September 2023. Available online: https://www.scalablepath.com/data-science/data-preprocessing-phase (accessed on 20 May 2024).
- Alicea, M.; Alsmadi, I. Misconfiguration in Firewalls and Network Access Controls: Literature Review. Future Internet 2021, 13, 283. [Google Scholar] [CrossRef]
- Guo, Y. A review of Machine Learning-based zero-day attack detection: Challenges and future directions. Comput. Commun. 2023, 198, 175–185. [Google Scholar] [CrossRef]
- Zhang, C.; He, Y.; Du, B.; Yuan, L.; Li, B.; Jiang, S. Transformer fault diagnosis method using IoT based monitoring system and ensemble machine learning. Future Gener. Comput. Syst. 2020, 108, 533–545. [Google Scholar] [CrossRef]
- Nazir, A.; He, J.; Zhu, N.; Wajahat, A.; Ma, X.; Ullah, F.; Qureshi, S.; Pathan, M.S. Advancing IoT security: A systematic review of machine learning approaches for the detection of IoT botnets. J. King Saud Univ. Comput. Inf. Sci. 2023, 35, 101820. [Google Scholar] [CrossRef]
- Alwahedi, F.; Aldhaheri, A.; Ferrag, M.A.; Battah, A.; Tihanyi, N. Machine learning techniques for IoT security: Current research and future vision with generative AI and large language models. Internet Things Cyber-Phys. Syst. 2023, 4, 167–185. [Google Scholar] [CrossRef]
- Intrusion Detection Systems (IDS) Special Issue. J. Comput. Secur. 2022, 10. Available online: https://content.iospress.com/journals/journal-of-computer-security/Pre-press/Pre-press (accessed on 20 May 2024).
- Honeypot Technology: A New Approach to Intrusion Detection, Countermeasures and Forensics, Proceedings of the 13th International Conference on Computers Security (IWSEC 2004). Available online: https://www.sciencedirect.com/science/article/abs/pii/S2214212616303295 (accessed on 20 May 2024).
- Anomaly Detection for Intrusion Detection Systems Using Support Vector Machines. Int. J. Comput. Appl. 2015, 115. Available online: https://ieeexplore.ieee.org/document/1007774 (accessed on 20 May 2024).
- Hossin, M.; Sulaiman, M.N. A Review on Evaluation Metrics for Data Classification Evaluations. Int. J. Data Min. Knowl. Manag. Process 2015, 5, 1–11. [Google Scholar] [CrossRef]
- Davis, J.; Goadrich, M. The Relationship Between Precision-Recall and ROC Curves. In Proceedings of the 23rd International Conference on Machine Learning, Pittsburgh, PA, USA, 25–29 June 2006. [Google Scholar] [CrossRef]
Measurement | Dataset Size | Number of Normal Samples | Number of Attack Samples | Total Number of Samples |
---|---|---|---|---|
Dataset 1 | 4.4 MB | 14,272 (87.5%) | 2046 (12.5%) | 16,318 |
Dataset 2 | 102 MB | 108,568 (57.54%) | 80,126 (42.46%) | 188,694 |
Feature | Signature-Based IDS [70] | Honeypot [71] | Machine Learning-Based IDS [72] | Integrated Machine Learning and Signature-Based IDS with Honeypot (Proposed Model) |
---|---|---|---|---|
Detection Method | Relies on pre-defined signatures to match known attack patterns. | Lures attackers into a decoy system mimicking real network services to observe their behavior. | Learns from network traffic data to identify patterns indicative of attacks. | Combines machine learning for pattern recognition with signature-based detection for known threats. Honeypot lures attackers to gather further intel. |
Strength |
|
|
|
|
Considerations |
|
|
|
|
Parameters | Dataset-1 | Dataset-2 |
---|---|---|
Accuracy | 92.5 | 99.54 |
Precision | 96.74 | 99.228 |
Recall | 44.402 | 99.69 |
F1-Score | 60.869 | 99.458 |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Ibrahim, M.; Al-Wadi, A.; Elhafiz, R. Security Analysis for Smart Healthcare Systems. Sensors 2024, 24, 3375. https://doi.org/10.3390/s24113375
Ibrahim M, Al-Wadi A, Elhafiz R. Security Analysis for Smart Healthcare Systems. Sensors. 2024; 24(11):3375. https://doi.org/10.3390/s24113375
Chicago/Turabian StyleIbrahim, Mariam, Abdallah Al-Wadi, and Ruba Elhafiz. 2024. "Security Analysis for Smart Healthcare Systems" Sensors 24, no. 11: 3375. https://doi.org/10.3390/s24113375
APA StyleIbrahim, M., Al-Wadi, A., & Elhafiz, R. (2024). Security Analysis for Smart Healthcare Systems. Sensors, 24(11), 3375. https://doi.org/10.3390/s24113375