Optimized Intrusion Detection for IoMT Networks with Tree-Based Machine Learning and Filter-Based Feature Selection

Abstract

The Internet of Medical Things (IoMTs) is a network of connected medical equipment such as pacemakers, prosthetics, and smartwatches. Utilizing the IoMT-based system, a huge amount of data is generated, offering experts a valuable resource for tasks such as prediction, real-time monitoring, and diagnosis. To do so, the patient’s health data must be transferred to database storage for processing because of the limitations of the storage and computation capabilities of IoMT devices. Consequently, concerns regarding security and privacy can arise due to the limited control over the transmitted information and reliance on wireless transmission, which leaves the network vulnerable to several kinds of attacks. Motivated by this, in this study, we aim to build and improve an efficient intrusion detection system (IDS) for IoMT networks. The proposed IDS leverages tree-based machine learning classifiers combined with filter-based feature selection techniques to enhance detection accuracy and efficiency. The proposed model is used for monitoring and identifying unauthorized or malicious activities within medical devices and networks. To optimize performance and minimize computation costs, we utilize Mutual Information (MI) and XGBoost as filter-based feature selection methods. Then, to reduce the number of the chosen features selected, we apply a mathematical set (intersection) to extract the common features. The proposed method can detect intruders while data are being transferred, allowing for the accurate and efficient analysis of healthcare data at the network’s edge. The system’s performance is assessed using the CICIDS2017 dataset. We evaluate the proposed model in terms of accuracy, F1 score, recall, precision, true positive rate, and false positive rate. The proposed model achieves 98.79% accuracy and a low false alarm rate 0.007 FAR on the CICIDS2017 dataset according to the experimental results. While this study focuses on binary classification for intrusion detection, we are planning to build a multi-classification approach for future work which will be able to not only detect the attacks but also categorize them. Additionally, we will consider using our proposed feature selection technique for different ML classifiers and evaluate the model’s performance empirically in real-world IoMT scenarios.