Many researchers have proposed several methods for designing smart health monitoring systems. Fotouhi et al. [3] developed a healthcare monitoring framework comprising three integrants, i.e., a gateway, an Access Points (APS), and a coordinator. The coordinator is defined as the node that is attached to the body of the patients for gathering information related to patient’s health using sensors. In the room’s walls, static nodes, also called access points, are located by the sensors that use communication protocols (like 6LoWPAN, BLE, or ZigBee). The information gathered by the APs gets forwarded to the gateway. Then using the internet, this information gets transferred to the cloud server. Without proper testing and explanation, some techniques have been proposed in this system for securing the data. Clifton et al. [9] explained the ML technique’s role in health monitoring systems. These techniques have been used for controlling and managing false alerts while revealing serious health issues. The data used in their experiment is a combination of the patient’s clinical observations to provide quick alerts in an envisaged emergency. This work has been conducted at Oxford University Hospital.
Rani et al. [10] introduced a cloud-based healthcare platform that uses an SVM (Support Vector Machine) approach to forecast patients’ situations and envisioned diseases. No unauthorized users are permitted in the system. Blockchain-based healthcare system framework has been designed by Chakraborty et al. [11], which is helpful in overcoming the problems associated with the traditional healthcare system related to the security issues of the records created during the treatment of the patient. The framework has been set up for supervising the treatment process all over the time from beginning to end.
Alabdulatif et al. [12] developed a cloud-based smart prediction framework. This system was based on Fully Homomorphic Encryption (FHE) approach. This system comprises three blocks, i.e., the smart community resident, cloud storage, and smart prediction model. In the first block, the data is gathered and dispatched to the cloud storage repository system. The encrypted data gets amassed in the second block. The third block has been used to detect anomalous changes like attacks without decrypting data. A secured anticipating approach based on Holt’s linear trend method has been developed that is used to predict anomalous changes in the vital sign of patients, which helps to detect different chronic diseases. The author also introduced a novel parallel technique of Holt’s method for improving the effectiveness of the FHE model. Tao et al. [13] introduced a SecureData scheme that delivers both privacy and security to the patient’s private records. FPGA (Field Programmable Gate Array) platform is used for the optimization of the KATAN secret algorithm, which is implemented for secure communication.
A security system has been suggested by Zhang et al. [14] that applied RF (Random Forest) technique to detect anomaly traffic on KDD 1999 dataset. With a 1% false positive rate, this technique achieves 95% accuracy as an anomaly detector. This dataset is employed to test anomaly detection algorithms. It is a generic Knowledge discovery and data mining dataset. Since 1999, this dataset has been used in many competitions. Rao et al. [15] employed the Indexed Partial Distance Search k-Nearest Neighbor (IPDS-KNN) technique that is employed to assess a diverse variety of attacks. It achieved 99.6% of accuracy performance. Shapoorifard et al. [16] use the k-Nearest Neighbor (KNN) technique, which achieves 85.2% of accuracy. The author mainly emphasizes on decreasing the False Alarm Rate (FAR). To forecast various attack simulations in Deep Brain Stimulators (DBSs), Rathore et al. [17] developed a DL algorithm that efficiently identifies the pattern of attacks and alerts a patient regarding that.
To overcome the attack detection problem in IoMT, Yaacoub et al. [18] discussed different types of ML-based privacy and security solutions. But, according to the author, there is still a need to introduce an effective IDS system to detect attacks. To analyze attacks in the smart hospital, an ensemble classifier IDS has been developed by T. Saba [19]. The Decision Tree (DT) technique attained 93.2% of accuracy performance in categorizing the cyber-attacks in the KDDcup-99 dataset. This dataset was created in the traditional network without adding IoT device traffic. Kumar et al. [20] performed the experiment in three stages. In the first stage, the author introduced an ensemble of the RF, naïve Bayes (NB), and DT. In the second stage, to categorize both regular and attack network records, XGBoost was applied. In the third stage, to categorize the attacks in the IoMT environment, the developed model was then applied to the ToN-IoT dataset, which attained 96.35% of the accuracy. The industrial IoT network setup has been used to create this dataset using Modbus weather sensors. In the IoMT environment, these sensors are not commonly employed. Therefore, the data presented above could not be appropriate for identifying network attacks.
Radoglou et al. [21] developed an Intrusion detection and prevention system (IDPS) for the identification and prevention of various cyberattacks against communication protocols like Modbus/TCP and HTTP, which are broadly used by e-healthcare services. EHR uses HTTP, whereas IoMT uses Modbus/TCP protocol. The proposed IDPS can retrain ML techniques and test itself using an active learning approach. The CIC-IDS2017 dataset was employed in this experiment to analyze the functioning of ML techniques on the HTTP network dataset. DT classifier achieved an accuracy of 96.44% in categorizing network attacks. In comparison, RF attained 94.45% of the accuracy on the Modbus dataset.
Zachos et al. [22] introduced a systematic and potent Anomaly-based IDS (AIDS) for the IoMT environment. To devise a unique feature set, the three features, i.e., gateways, IoT device features, and network traffic features, were combined together. To enhance the functionality of attack detection, various ML techniques have been applied to identify deviations in the gathered malicious and data events in the network. For evaluation in IoT devices, memory consumption level attributes, and CPU were taken into consideration. The TON_IoT Telemetry dataset has been used in this experiment. According to the result reported by the author, KNN, RF, and DT are the most appropriate ML technique that is employed for the central detection integrant of the introduced system.
A mobile agent-based IDS has been introduced by Thamilarasu et al. [23] to identify both network and device-based attacks in the IoMT environment. The simulation-generated datasets were tested using ML and regression techniques. Using the DT technique in the evaluation process, the device and network-level intrusion detection achieve an accuracy of 97.93% and 99.8%, respectively.
Binbusayyis et al. [24] inspected and showed a detailed comparison of different techniques like KNN, SVM, ANN (Artificial Neural Network), NB, and DT. The Bot-IoT dataset was used in the experiment to compare the working performance of ML methods. This dataset comprises various attack categories like Denial of service (DoS), theft attacks, and Distributed Denial of Service (DDoS) attacks. Spoofing attacks and MITM attacks are IoMT attacks that are not covered in this dataset. On the tested dataset, DT attained an accuracy of 100%, and other ML techniques like SVM, NB, and KNN achieved an accuracy of 99%.
As per the study, ML techniques are used to identify attacks in IoMT. But most of the datasets were created without considering the IoMT environment and attacks. The result presented by the authors in their research were outstanding, as in many contributions, the ML techniques achieved an accuracy of 95%. For the IoMT study, many input features like IoT device memory, network traffic, CPU features, or metric features were considered. But features like patient biometric data were not used or mentioned by any researchers in their work to identify cyber-attacks in the IoMT. To classify or identify the attack in the IoMT ecosystem, many researchers explored DL techniques.
For feature selection, Saheed et al. [25] used Particle swarm optimization (PSO) and applied ML/DL-based techniques to identify cyber-attacks in the network. Researchers used the NSL-KDD dataset to analyze the functionality of the suggest technique. The introduced model attained 99.76% of the accuracy performance. This dataset was not created by keeping the IoT environment in mind and should not be used to assess attack identification in IoMT.
Awotunde et al. [26] developed a swarm neural network (SNN)-based method that detects intruders while transmitting the data and permits accurate and efficient assessment of medical data at the network edge. For the experiment, the author used NF-ToN-IoT dataset, which is the amalgamation of network data, operating systems, and telemetry. The author used a deep autoencoder (DAE) to decrease the dimensions of features. To recognize the network attacks, the author used a deep feed-forward neural network (DFFNN) in the IoT environment. The DAE-DFFNN model achieved an accuracy of 89%, which is superior to ML techniques such as DT and SVM claimed by the researcher.
For identifying malware in the IoMT ecosystem, Khan et al. [27] introduced SDN (Software Defined Network) enabled CNN (Convolutional Neural Network) and LSTM (Long short-term memory) hybrid DL model, which attained an accuracy of 99%. Howbeit, this framework was not used as IDS to determine network attacks in IoMT ecosystem. Nandy et al. [28] developed intelligent agent-based SNN for detecting intruders in IoMT. The experiment was conducted using the proposed approach on the ToN-IoT dataset, which attained 99.5% of the accuracy. To identify the network attack in the IoT environment, Manimurugan et al. [29] introduced a DL-based deep belief network (DBN) algorithm that achieved an accuracy of 96%. The experiment was conducted using the proposed model on the CICIDS dataset. This dataset generation did not concentrate on IoMT network attacks.
The above study of DL approaches indicates that these techniques were not highly introduced to identify IoMT network attacks. Most of the authors only explored the network traffic dataset in their experimental work to identify the attacks in the network, as discussed in Table 1. None of the aforementioned works contemplate the combined features of patients biometric with the network flow data.
Table 1
ML and DL Methods to identify an attack in the network.
Year | Authors | Methodology | Dataset | Description | Accuracy | Limitations |
---|
2008 | Zhang et al. [14] | RF technique | KDD 1999 dataset | In this paper, the proposed security framework was used to detect anomaly traffic on KDD 1999 dataset. | 95% | This dataset was developed on a conventional network without adding IoT device traffic. The dataset is not taken into account when looking for IoMT network attacks. |
2017 | Rao et al. [15] | IPDS-KNN | NSL-KDD Dataset | The proposed technique was used to test diverse types of attacks in the network. | 99.6% | The dataset is relevant for Network traffic data only, and not applicable for IoMT. |
2017 | Shapoorifard et al. [16] | KNN | NSL-KDD Dataset | The introduced approach enhanced the working performance of the IDS and mainly emphasized on decreasing the FAR. | 85.2% | The suggested approach achieves low accuracy. The dataset is relevant for Network traffic data only, and not applicable for IoMT. |
2018 | Su et al. [30] | Lightweight CNN | IoTPOT | The proposed methodology was employed to recognize DDoS cyber-attacks in IoT networks. | 94% | This dataset is a combination of IoT threats. This dataset does not use to identify attacks in the IoMT environment. |
2018 | Nguyen et al. [31] | CNN classifier | IoT Botnet | The author introduced the model that combines the CNN classifier and PSI graph for Linux IoT botnet identifications in this paper. | 92% | This dataset contained flow-based features and was only used for malware identification in IoT networks. |
2019 | Rathore et al. [17] | Recurrent Neural Network (RNN) | Dataset obtained from Physionet | To forecast various attack simulations in Deep brain stimulators (DBSs), the author introduced a DL model that efficiently identifies the pattern of attacks and alerts a patient regarding that. | Different low Loss Value | There was no discussion of accuracy in the paper, and the simulated attacks were not actual. |
2020 | T. Saba [19] | Ensemble classifier | KDDcup-99 | In this paper, an ensemble classifier IDS was introduced to analyze attacks in the smart hospital. | 93.2% | This dataset was created in the traditional network without adding IoT device traffic; The dataset is not considered for identifying attacks in the IoMT network. |
2020 | Manimurugan et al. [29] | DL-based DBN algorithm | CICIDS dataset | The author introduced a DL-based DBN approach to recognize the network attack in the IoT environment. | 96% | The dataset is relevant for Network traffic data only and not applicable to IoMT. |
2020 | Hussain et al. [32] | LR (Logistic Regression), KNN, NB, RF | CICIDS2017, IoT-23, CTU-13 | Presented the idea of a Universal feature set. Different ML models were considered for classifying the attacks. | 89% | Low accuracy; No Hyper-parameter tuning was carried out during the experimental process; Techniques took high prediction time; For Universal Classification Process, the dataset needed to be combined. |
2020 | Farhan et al. [33] | DNN (Deep Neural Network) | CSE-CIC-IDS 2018 | To classify the attack in the network, the author proposed the DNN model. | 90% | The proposed method achieved low precision and recall values, i.e., 0.65 & 0.59, respectively; No other techniques were considered for classifying the attack; The dataset is not considered for identifying attacks in the IoMT network. |
2020 | Sarhan et al. [34] | Extra Tree Classifier | UNSW-BN 15, ToN-IoT, CSE-CIC-IDS2018, BoT-IoT, | In this paper, four datasets were considered to show NetFlow features. Using the n Probe Tool, the datasets were generalized into universal feature datasets. The proposed approach achieved a weighted average of 70.81%, a Prediction Time of 14.67 µs, and an F1-Score of 0.79. | 70.81% | Prediction time is high; For classification, no other techniques have been used; High FAR rate. |
2021 | Kumar et al. [20] | Ensemble Classifier like RF, NB, and DT | ToN-IoT dataset | The suggested models were applied to categorize the attacks in the IoMT environment. | 96.35% | Modbus weather sensors are employed to create a dataset that is generally not used for the IoMT environment. It contains only network traffic data. Therefore, the dataset could not be appropriate for identifying network attacks in IoMT; The false Acceptance Rate (FAR) is high. |
2021 | Radoglou et al. [21] | Intrusion Detection and Prevention System (IDPS), DT, RF | CIC-IDS2017 dataset | The IDPS has been proposed to identify and prevent various cyberattacks against communication protocols like Modbus/TCP and HTTP, which are broadly used by e-healthcare services. | 96.44% | CIC-IDS2017 is the HTTP network dataset that bothered with network traffic aspects. This dataset is not appropriate for identifying attacks in the IoMT network. |
2021 | Saheed et al. [25] | PSO-RF | NSL-KDD dataset | The author used PSO and ML/DL-based techniques to identify malicious attacks in the network. | 99.76% | The dataset is relevant for Network traffic data only and not applicable to IoMT. |
2021 | Awotunde et al. [26] | DAE-DFFNN | NF-ToN-IoT dataset | The author presented an SNN-based method that detects intruders while transmitting the data and permits accurate and efficient assessment of medical data at the network edge. | 89% | The proposed model achieves low accuracy. |
2021 | Khan et al. [27] | SDN enabled LSTM and CNN hybrid DL model | ----- | The author proposed SDN enabled hybrid DL model to detect malicious attacks in the network. | 99% | This work only explored the identification of Malware attacks. |
2021 | Nandy et al. [28] | Intelligent agent-based SNN | ToN-IoT dataset | The author proposed an intelligent agent-based SNN for detecting intruders in IoMT. | 99.5% | The dataset is relevant for Network traffic data only and not applicable to IoMT. |
2022 | Binbusayyis et al. [24] | KNN, SVM, ANN, NB, and DT | Bot-IoT dataset | This paper showed a detailed comparison of different techniques like KNN, SVM, ANN, NB, and DT for identifying attacks in the network. | 100% | The dataset is relevant for Network traffic data only. |