Introducing IoT devices to healthcare fields has made it possible to remotely monitor patients’ information and provide a proper diagnosis as needed, resulting in the Internet of Medical Things (IoMT). However, obtaining good security features that ensure the integrity and confidentiality of patient’s information is a significant challenge. However, due to the computational resources being limited, an edge device may struggle to handle heavy detection tasks such as complex machine learning algorithms. Therefore, designing and developing a lightweight detection mechanism is crucial. To address the aforementioned challenges, a new lightweight IDS approach is developed to effectively combat a diverse range of cyberattacks in IoMT networks. The proposed anomaly-based IDS is divided into three steps: pre-processing, feature selection, and decision. In the pre-processing phase, data cleaning and normalization are performed. In the feature selection step, the proposed approach uses two data-driven kernel techniques: kernel principal component analysis and kernel partial least square techniques to reduce the dimension of extracted features and to ameliorate the detection results. Therefore, in decision step, in order to classify whether the traffic flow is normal or malicious the kernel extreme learning machine is used. To check the efficiency of the developed detection scheme, a modern IoMT dataset named WUSTL-EHMS-2020 is considered to evaluate and discuss the achieved results. The proposed method achieved 99.9% accuracy, 99.8% specificity, 100% Sensitivity, 99.9 F-score.

The Internet of Things (IoT) technology has transformed the digital world and is considered one of the most significant revolutions in the communication and information technology area. The IoT has been rapidly developed and deployed in a variety of important domains like transportation, agriculture, energy, and healthcare owing to the significant benefits that such technology offers [

The IoMT applications require superior computing capabilities to provide sustainable, resilient, and secure healthcare systems; however, cloud computing cannot efficiently fulfill these requirements due to several limitations such as latency, Internet connectivity, and lack of mobility support [

Although IoMT significantly improves the medical services to patients, cyberattacks stay to pose a significant risk to healthcare providers and cause enormous damage [

To ensure the security and privacy-preserving of information sharing in the IoMT environments, the intrusion detection system (IDS) represent a perfect security tool to overcome a variety of cyberattacks. The IDS can quickly detect anomalies and alert the system to prevent further damage. The critical part of IDS is the detection algorithm and its ability to detect different types of cyberattacks with good accuracy and minimum false alarm rates. The IDS could be integrated with edge computing to provide effective and efficient attack detection close to the data source. Additionally, the IDS can benefit from computational resources at the edge, allowing it to use complex detection algorithms and more storage capacity to store and analyze log data [

Although edge computing provides excellent computing capabilities, it lacks the required resources to complete intensive tasks such as heavy-weight machine learning models [

To meet the abovementioned challenges, this paper suggested a novel and lightweight IDS approach to efficiently overcome cyberattacks in IoMT networks. The contribution of the paper are:

As the capacity of any classifier mainly count on the features provided as input, two data-driven kernel techniques entitled Kernel Principal Component Analysis (KPCA) and Kernel Partial Least Square (KPLS) are applied to choose important features from the feature vector

To improve the classifier performance in detecting cyberattacks. Because edge devices have limited computational resources, fast training speed [

As the dataset plays a vital role to test the robustness and effectiveness of the detection model, our developed approach uses a modern IoMT dataset named WUSTL-EHMS-2020. The developed approach outperforms the other suggested methods in terms of accuracy, specificity, and sensitivity rate, as well as training speed and prediction time. The results show that our suggested IDS model has a high potential for use in the context of edge computing in IoMT networks.

This article is structured as follows. The related works and discusses the limitations are presented in Section 2. The proposed methodology is presented and illustrated in Section 3. Section 4 discusses and evaluates the proposed work using different performance metrics. Finally, Section 5 concludes the article and proposes future work.

Several studies on intrusion detection have been conducted to overcome cyberattacks in IoMT networks. An et al. [

Grammatikis et al. [

Bacha et al. [

Ketu et al. [

Alrashdi et al. [

Rahman et al. [

The literature has revealed several limitations. For example, the use of an inappropriate dataset for healthcare systems, or the use of an out-of-date dataset that is incompatible with designing and implementing IDS for cyberattack detection in IoMT networks. Although some approaches yielded promising performance results, the used detection algorithms suffer from computational complexity, making the deployment at edge devices critical.

To solve these challenges, a lightweight and cost-effective IDS is designed to protect IoMT systems from cyberattacks. The proposed work selects important features from the reduced feature vector using data-driven techniques such as KPCA and KPLS. Such techniques have demonstrated their effectiveness in sensor fault detection [

In this section, the suggested intelligent IDS is detailed in

To begin, the symbols and notations used in the paper are summarized in

Symbols and notations | Name |
---|---|

N | Number of instances |

Data input matrix | |

Covariance matrix | |

Feature space | |

Eigenvector | |

Eigenvalue | |

Parameters | |

Kernel matrix | |

Kernel matrix of the test samples. | |

Prediction output of the learning set. | |

Prediction outputs of the validation set. | |

Diagonal matrix | |

Parameter of RBF kernel | |

P | Degree of the polynomial kernel |

Score vectors | |

Training observations | |

m | Output nodes number |

Weight vector | |

L | Number of hidden neurons in the hidden layer |

In the literature, there are different dimension reduction techniques such as the locality preserving projections (LPP) [

In the suggested article, the Kernel PCA method is used to reduce the dimensionality of features and is given by:

The KPCA reference model is determined by solving the following equation.

where ^{th} eigenvector of

For

Combining

Using the kernel trick. The inner product given in

Considering a Gram matrix

Using the kernel matrix may reduce the problem of the eigenvalue decomposition of

where:

Since the principal components vectors are orthonormal, it is necessary to guarantee the normality of

where N represents the number of the first eigenvalues with values different of zero. With

Many kernel functions have been used in literature, see

Name | Formula and parameters |
---|---|

RBF-kernel | |

Linear-kernel | |

Polynomial-kernel |

The radial basis function (RBF) is given by:

where

where

The are many approaches, such as principal component analysis (PCA) [

Using the input data

In the next step, the input and output observations will be transformed into space that is generated by some latent variables [

where

The PLS residues of X and Y are defined by the two matrices G and H respectively. PLS is a linear approach. If a linear model is not adequate, a transformation function [

Mathematically, the transformation of observation in the feature space is given:

The kernel function is computed as:

The Gram matrix

where

The rank-one reduction of

Then, the model generated by the KPLS technique is defined as:

An extreme learning machine (ELM) scheme represents a feedforward neural network with a single layer (SLFN). The neural structure is crucial to the transformed representation of data and the final performance and zero-shot learning [

where:

The network is described based on the triplet (

Given learning observations

The output function of ELM is given by:

where

The matrix format of

With

Using the least square principle, the solution of

With

The kernel ELM is an extension of ELM using a kernel function. The architecture is given by

The output function of the ELM classifier (

In the suggested methodology, an RBF-kernel function is used.

This section evaluates and analyzes the performance results of the developed intelligent detection model. Also, this section presents the used dataset to validate and evaluate the proposed techniques. Additionally, a comparison with the existing state-of-the-art is provided to attest the effectiveness of the suggested techniques. The experiments were conducted using windows 10 with an Intel (R) Core (TM) processor i7-7700 CPU @ 3.60 GHz 3.60 GHz.

To validate the performance of the developed methods, a healthcare dataset named WUSTL-EHMS-2020 is used [

Measurement | Value |
---|---|

Dataset size | 4.4 MB |

Number of normal samples | 14272 (87.5%) |

Number of attack data | 2046 (12.5%) |

Total number of data | 16318 |

The efficiency of the developed anomaly detection method is tested according to the following different performances. These different performances are computed using the entities TP, TN, FP, and FN, see

With:

Total observations | Predicted labels | ||
---|---|---|---|

Attack | Normal | ||

True labels | Attack | TP | FN |

Normal | FP | TN |

Methods | Accuracy | Specificity | Sensitivity | F-score | Prediction time |
---|---|---|---|---|---|

KPLS | 71.8 | 44.30 | 99.30 | 77.88 | 6.40 |

KPLS-KELM | 99.95 | 99.9 | 100 | 99.95 | 0.0468 |

KPCA-KELM | 99.9 | 99.8 | 100 | 99.9 | 0.0408 |

Ref | Method used | Accuracy (%) | Training time |
---|---|---|---|

An et al. [ |
Sample selected extreme learning machine | 99.07 | 4.52 |

An et al. [ |
Extreme learning machine | 96.09 | 4.15 |

Saheed et al. [ |
Particle swarm optimization-random forest | 99.79 | 0.11 |

Hady et al. [ |
K-nearest neighbor | 92.06 | 0.21 |

Hady et al. [ |
Support vector machine | 92.45 | 55.23 |

Proposed work | Kernel partial least square-kernel extreme learning machine | 99.95 | 0.14 |

Proposed work | KPCA-KELM | 99.9 | 0.08 |

This paper proposed intelligent intrusion detection based machine learning to overcome cyberattacks in IoMT networks. The proposed approach uses data-driven techniques to select the important data features and the KELM classifier to effectively identify cyberattacks in IoMT networks. To validate the proposed techniques, a modern healthcare dataset named WUSTL-EHMS-2020 is used. The proposed approaches achieved a higher performance result in contrast with the known approaches in terms of accuracy and specially in training time due of using a kernel extreme machine classifier characterized by one hidden layer. In the future, others data driven techniques and deep learning approach to detect intrusion in IoMT will be investigate. Additionally, more feature selection techniques will investigate and compare with our proposed work.

The authors extend their appreciation to the Deanship of Scientific Research at University of Tabuk for funding this work through Research no. S-1443-0111.

This work was supported by the Deanship of Scientific Research at the University of Tabuk through Research No. S-1443-0111.

The authors declare that they have no conflicts of interest to report regarding the present study.