A Self-Learning Approach for Detecting Intrusions in Healthcare Systems

A Self-Learning Approach for Detecting Intrusions in Healthcare Systems

  • Post by:
  • June 14, 2021
  • Comments off

P. Radoglou, P. Sarigiannidis, G. Efstathopoulos, T. Lagkas, G. Fragulis, A. Sarigiannidis: A Self-Learning Approach for Detecting Intrusions in Healthcare Systems. 2021 IEEE International Conference on Communications (ICC), 2021, (to appear).

Abstract

The rapid evolution of the Internet of Medical Things (IoMT) introduces the healthcare ecosystem into a new reality consisting of smart medical devices and applications that provide multiple benefits, such as remote medical assistance, timely administration of medication, real-time monitoring, preventive care and health education. However, despite the valuable advantages, this new reality increases the cybersecurity and privacy concerns since vulnerable IoMT devices can access and handle autonomously patients’ data. Furthermore, the continuous evolution of cyberattacks, malware and zero-day vulnerabilities require the development of the appropriate countermeasures. In the light of the aforementioned remarks, in this paper, we present an Intrusion Detection and Prevention System (IDPS), which can protect the healthcare communications that rely on the Hypertext Transfer Protocol (HTTP) and the Modbus/Transmission Control Protocol (TCP). HTTP is commonly adopted by conventional ICT healthcare-related services, such as web-based Electronic Health Record (EHR) applications, while Modbus/TCP is an industrial protocol adopted by IoMT. Although the Machine Learning (ML) and Deep Learning (DL) methods have already demonstrated their efficacy in detecting intrusions, the rarely available intrusion detection datasets (especially in the healthcare sector) complicate their global application. The main contribution of this work lies in the fact that an active learning approach is modelled and adopted in order to re-train dynamically the supervised classifiers behind the proposed IDPS. The evaluation analysis demonstrates the efficiency of this work against HTTP and Modbus/TCP cyberattacks, showing also how the entire accuracy is increased in the various re-training phases. © 2021 IEEE.

BibTeX (Download)

@conference{Radoglou_icc2021,
title = {A Self-Learning Approach for Detecting Intrusions in Healthcare Systems},
author = { P. Radoglou and P. Sarigiannidis and G. Efstathopoulos and T. Lagkas and G. Fragulis and A. Sarigiannidis},
url = {https://www.researchgate.net/publication/349158703_A_Self-Learning_Approach_for_Detecting_Intrusions_in_Healthcare_Systems},
year  = {2021},
date = {2021-06-14},
booktitle = {2021 IEEE International Conference on Communications (ICC)},
journal = {IEEE International Conference on Communications},
abstract = {The rapid evolution of the Internet of Medical Things (IoMT) introduces the healthcare ecosystem into a new reality consisting of smart medical devices and applications that provide multiple benefits, such as remote medical assistance, timely administration of medication, real-time monitoring, preventive care and health education. However, despite the valuable advantages, this new reality increases the cybersecurity and privacy concerns since vulnerable IoMT devices can access and handle autonomously patients’ data. Furthermore, the continuous evolution of cyberattacks, malware and zero-day vulnerabilities require the development of the appropriate countermeasures. In the light of the aforementioned remarks, in this paper, we present an Intrusion Detection and Prevention System (IDPS), which can protect the healthcare communications that rely on the Hypertext Transfer Protocol (HTTP) and the Modbus/Transmission Control Protocol (TCP). HTTP is commonly adopted by conventional ICT healthcare-related services, such as web-based Electronic Health Record (EHR) applications, while Modbus/TCP is an industrial protocol adopted by IoMT. Although the Machine Learning (ML) and Deep Learning (DL) methods have already demonstrated their efficacy in detecting intrusions, the rarely available intrusion detection datasets (especially in the healthcare sector) complicate their global application. The main contribution of this work lies in the fact that an active learning approach is modelled and adopted in order to re-train dynamically the supervised classifiers behind the proposed IDPS. The evaluation analysis demonstrates the efficiency of this work against HTTP and Modbus/TCP cyberattacks, showing also how the entire accuracy is increased in the various re-training phases. © 2021 IEEE.},
note = {to appear},
keywords = {},
pubstate = {published},
tppubtype = {conference}
}
Categories: