Zachos, Georgios ORCID: https://orcid.org/0000-0001-9130-4605, Mantas, Georgios ORCID: https://orcid.org/0000-0002-8074-0417, Porfyrakis, Kyriakos ORCID: https://orcid.org/0000-0003-1364-0261, Manuel Camões Sobral de Bastos, Joaquim ORCID: https://orcid.org/0000-0001-8182-5087 and Rodriguez, Jonathan ORCID: https://orcid.org/0000-0001-9829-0955 (2025) Anomaly-based intrusion detection for IoMT networks: design, implementation, dataset generation, and ML algorithms evaluation. IEEE Access, 13:1216. pp. 41994-42028. ISSN 2169-3536 (Online) (doi:10.1109/ACCESS.2025.3547572)

Preview

PDF (Open Access Article) 50712 MANTAS_Anomaly-Based_Intrusion_Detection_For_IoMT_Networks_Design_Implementation_Dataset Generation_And_ML_Algorithms_Evaluations_(OA)_2025.pdf - Published Version Available under License Creative Commons Attribution. Download (9MB) | Preview

Abstract

The Internet of Things has transformed the healthcare sector through the introduction of the Internet of Medical Things (IoMT) technology. However, IoMT networks remain vulnerable to a wide range of threats due to their resource-constrained characteristics and heterogeneity. Therefore, novel security mechanisms such as accurate and efficient Anomaly-based Intrusion Detection Systems (AIDSs), taking into consideration the inherent limitations of the IoMT networks, are necessary to be developed before IoMT networks reach their full potential in the market. This paper is an extension of our previous works and presents a new and refined design of a hybrid AIDS for IoMT networks. Furthermore, we provide implementation details on Raspberry Pi devices and performance evaluation results that demonstrate the efficacy of our approach. For its detection purposes, the AIDS employs Novelty detection and Outlier detection algorithms as these types of ML algorithms can detect both known and unknown types of attacks. Then, we tuned the hyperparameters of various Novelty Detection and Outlier Detection ML algorithms and evaluated their performance. Afterwards, the best performing ML algorithms (i.e., OCSVM, LOF, G_KDE, PW_KDE, B_GMM, MCD and IsoForest) are selected to be integrated into the AIDS deployed on an IoT/IoMT testbed. In addition, we evaluated the performance of the deployed AIDS during runtime, and the runtime evaluation results indicate: (i) a strong detection performance for some of the integrated ML algorithms, and (ii) a low computational cost (i.e., less than 1 % cpu usage) of the AIDS for all integrated ML algorithms.

Item Type:	Article
Uncontrolled Keywords:	anomaly-based intrusion detection, dataset generation, Internet of Medical Things (IoMT), intrusion detection system (IDS), machine learning algorithms, novelty detection algorithms, outlier detection algorithms
Subjects:	Q Science > Q Science (General) Q Science > QA Mathematics > QA75 Electronic computers. Computer science T Technology > T Technology (General)
Faculty / School / Research Centre / Research Group:	Faculty of Engineering & Science Faculty of Engineering & Science > School of Engineering (ENG)
Related URLs:	Publisher
Last Modified:	20 Jun 2025 10:19
URI:	http://gala.gre.ac.uk/id/eprint/50712

Actions (login required)

View Item

Downloads