Smart telemetry medical devices do not have sufficient security measures, making them weak against different attacks. Machine learning (ML) has been broadly used for cyber-attack detection via on-gadgets and on-chip embedded models, which need to be held along with the medical devices, but with limited ability to perform heavy computations. The authors propose a real-time and lightweight fog computing-based threat detection using telemetry sensors data and their network traffic in NetFlow. The proposed method saves memory to a great extent as it does not require retraining. It is based on an incremental form of Hoeffding Tree Naïve Bayes Adaptive (HTNBA) and Incremental K-Nearest Neighbors (IKNN) algorithm. Furthermore, it matches the nature of sensor data which increases in seconds. Experimental results showed that the proposed model could detect different attacks against medical sensors with high accuracy (»100%), small memory usage (<50 MB), and low detection time in a few seconds.
TopIntroduction
Today is the era of smart and intelligent systems such as Cyber-Physical Systems (CPS) and Internet of Things (IoT) (Gatouillat et al., 2018). IoT has been applied in different domains, including industry, healthcare, military, and energy (Rahman & Mohsenian-Rad, 2012; Xu et al., 2019; Zhou et al., 2019). The emergence of 5G technology (Ahad et al., 2019), big data (Sollins, 2018), and advances in Artificial Intelligence (AI) (Ma et al., 2017) brings the world to the Internet of Everything and Internet of skills. Nevertheless, these technology sprouts will bring more security issues and gaps that need attention before developing them(Mosenia & Jha, 2016).
Smart medical systems such as the Internet of Medical Things (IoMT) and Medical Cyber-Physical System (MCPS) is a branch of the Internet of thing (Gatouillat et al., 2018) which is getting popularised by using simple fitness devices that connects athletes with their mobile devices and cloud system (Pandey & Litoriya, 2020). However, the IoMT is a comprehensive technology that includes many applications and systems such as implantable devices, elderly care wearable devices (telemetry devices) for monitoring(Uddin et al., 2018), internet-connected hospital devices, and remote surgery systems(Shilan S Hameed, Wan Haslina Hassan, Liza Abdul Latiff, et al., 2021). Etc.
It is not deniable; such systems made life healthier and helped in having longer life with improved caring systems(Gatouillat et al., 2018; Wei et al., 2020). However, most of the devices used in hospitals and personal medical devices are vulnerable to different threats(S. Gupta et al., 2020; Shilan S Hameed, Wan Haslina Hassan, Liza Abdul Latiff, et al., 2021; Jaigirdar et al., 2019). This is due to some weaknesses, such as the lack of security measures in small medical devices and having outdated operating systems and vulnerable applications installed on hospital devices(Jaigirdar et al., 2019; Sun et al., 2019). These software and hardware faults increase the risk of different malware attacks and other cyber-attacks in such systems(Goud, 2020). It is not always possible to have such updated operating systems, and hackers are continuously developing new cyber-attacks (Landau et al., 2020). A wide range of attacks jeopardize the patient’s life and stop the smart medical system(Shilan S Hameed, Wan Haslina Hassan, Liza Abdul Latiff, et al., 2021). This urges us to develop defensive systems such as threat intelligence and intrusion detection systems that use machine learning technology. Machine learning (ML) has been used for attack detection in different ways (Xiao et al., 2018; Zuhair et al., 2020), and its performance has been approved by giant companies and leading businesses (Pannu, 2015). However, machine learning techniques may not perform well on tiny smart devices with limited power and processing units (Shilan S Hameed, Wan Haslina Hassan, Liza Abdul Latiff, et al., 2021). Therefore, it has been used with cloud computing attack detection for medical devices (Kintzlinger et al., 2020; Kumar et al., 2021). Cloud computing is associated with delay and centralized architecture that are less effective for critical systems such as IoMT. Sometimes ML techniques are tested on external devices that need to be protected and at the time changing the data, the model on such devices need to be retrained on other efficient devices (Abdaoui et al., 2020; Rathore et al., 2018), making them not viable for ever-increasing medical data. Therefore, fog-based threat detection is recently being adopted, which has merit in overcoming the delay and centralized architecture of the cloud (Alrashdi et al., 2019; Shilan S Hameed, Wan Haslina Hassan, & Liza Abdul Latiff, 2021). Few studies have used fog-based threat detection, especially for medical IoT(Alrashdi et al., 2019; Shilan S Hameed, Wan Haslina Hassan, & Liza Abdul Latiff, 2021). They are not real-time nor lightweight as these two features are essential for fog devices due to their critical position in the IoMT architecture and the big stream data nature of such devices, which needs real-time attack detection(Cisco, 2015; Sudqi Khater et al., 2019; Tabassum et al., 2021).