GEMLIDS-MIOT: A Green Effective Machine Learning Intrusion Detection System based on Federated Learning for Medical IoT network security hardening

Abstract

The increasing use of Internet of Things (IoT) gadgets in a daily rate has heightened security apprehension, particularly within the healthcare sector. In order to prevent the unauthorized disclosure of sensitive data, it is imperative for Internet of Things (IoT) systems to promptly and effectively respond to harmful activities. Nevertheless, the act of transferring data to distant cloud servers for the purpose of analysis gives rise to both temporal delays and apprehensions regarding privacy. To ensure the security of medical Internet of Things (MIoT) networks, a power-efficient Intrusion Detection System (IDS) is employed for three primary objectives that it will result in three stages of execution: (i) The objective is to categorize different types of attacks, such as Man-in-the-Middle (MitM) and Distributed Denial of Service (DDoS), by utilizing well-established machine learning (ML) techniques. This classification stage will serve to enhance the Intrusion Detection System (IDS) and the reporting system. (ii) Anomaly detection (unknown attack identification), or detection of unknown attacks, will be employed to identify previously unknown attacks. This identification stage involves retraining the ML model to enable future recognition and classification of these unknown attacks when the anomaly attack detector identifies that an unknown attack is recognized. Then, a retraining of the first stage classification model is executed due to the anomaly detection. (iii) To ensure that a remote cloud server remains current with the latest classification model changes, Federated Learning (FL) will be utilized. FL allows for collaborative model training while preserving data privacy and security. The experimental findings indicate that the Enhanced Random Forest (also called ensemble random forest) algorithm achieves a remarkable accuracy rate of 99.98% in classifying attacks. Thus, it will be our first stage classifier. Continuing, the One-Class Support Vector Machine (SVM) algorithm demonstrates a high level of accuracy, reaching 99.7% in detecting anomalies so that it will be our second stage identifier. Finally, the third-stage approach, which has as a target the overall system model updater, will be our introduced Federated Learning approach that works with the Enhanced Random Forests and identifies the ERF differences from the old model in an optimal way. The efficacy of our technique is confirmed through the implementation of experiments involving an Internet of Things (IoT) system and a Raspberry Pi MIoT gateway and with simulations that simulate the FL updating process. These experiments successfully identify known and unknown attacks with a high reliability level while limiting resource utilization and energy consumption. Future studies of this work will focus on enhancing the scalability and efficiency of our Intrusion Detection System in MIoT networks.