Detection of Middlebox-Based Attacks in Healthcare Internet of Things Using Multiple Machine Learning Models

Abstract

The huge number of network traffic data, the abundance of available network features, and the diversity of cyber-attack patterns mean that intrusion detection remains difficult even though many earlier efforts have succeeded in building the Internet of Healthcare Things (IoHT). The implementation of an effective algorithm to filter out most of the probable outliers of Round Trip Time (RTT) of packets recorded in the Internet environment is urgently required. Congestion and interference in networks can arise when numerous biosensors in an IoHT system all attempt to communicate at once. Internet of Health Things networks are susceptible to both intra- and internetwork interference. In this research, the Server-Side Includes (SSI) attack is a key issue because it allows for network compromise as part of Internal Attacks. Despite recent advancements, SSI detection remains difficult due to the vast amounts of network traffic data, the abundance of network features, and the diversity of cyber-attack patterns (DDoS, DoS, Satan, spoofing, etc.). With the help of sensors, physiological data may be collected and sent to distant servers, where they can be analyzed in real time by doctors to help them catch diseases in their earliest stages. This is made possible by the Internet of medical things (IoMT). Wireless data transfer, however, leaves it vulnerable to hackers, especially if the data being transferred are particularly private or sensitive. Security measures designed for devices with more storage space and processing power will not work on those with less. However, machine learning for intrusion detection can give a tailored security response to the needs of IoMT systems. For SSI detection, current methods are either inefficient because of the large number of packets that need to be caught and analyzed or unsuccessful because of outlier values in the RTTs obtained from the captured TCP packets. To the same end, "downstream detection" refers to the process of calculating the total length of all connections made after a certain point. As a means of improving the SSI detection algorithm's throughput in a network environment, packet RTT outliers will be eliminated. Flow records are used as inputs by flow-based NIDS to determine whether or not a given flow is malicious. In order to detect middlebox-based attacks from two Medical Health IoT datasets, this paper proposes a unique architecture of explainable neural networks (XNN). The model's accuracy in classifying attacks in dataset 1 of the IoHT is 99.7%t, besides achieving 99.4% accuracy in categorising attacks on IoHT dataset 2.

Figure 1

Proposed flow work.

Figure 2

Repartition of services in IoHT DATASET 1 subcategories of accomplishments in the IoHT dataset 1.

Figure 3

Repartition of attack types.

Figure 4

IoHT DATASET 2 visualization.

Figure 5

Proposed architecture of XNN.

Figure 6

Performance of XNN on IoHT Dataset 1 with KMEANS.

Figure 7

Performance of XNN on IoHT Dataset 1 with one hot encoding.

Figure 8

Performance of XNN on IoHT Dataset 1 without feature scoring.

Figure 9

Confusion matrix with KMEANS.

Figure 10

Confusion matrix with one hot encoding.

Figure 11

Confusion matrix without feature scoring.

Figure 12

Comparison of deep learning models on IoHT Dataset 1 with KMEANS.

Figure 13

Performance of XNN on IoHT DATASET 2 with KMEANS.

Figure 14

Performance of XNN on IoHT DATASET 2 with one hot encoding.

Figure 15

Performance of XNN on IoHT DATASET 2 without feature scoring.

Figure 16

Confusion matrix with KMEANS.

Figure 17

Confusion matrix with one hot encoding.

Figure 18

Confusion matrix without feature scoring.

Figure 19

Comparison of deep learning models on IoHT Dataset 2 with KMEANS.