Automated detection of cyber attacks in healthcare systems: A novel scheme with advanced feature extraction and classification

Abstract

The growing incorporation of interconnected healthcare equipment, software, networks, and operating systems into the Internet of Medical Things (IoMT) poses a risk of security breaches. This is because the IoMT devices lack adequate safeguards against cyberattacks. To address this issue, this article presents a proposed framework for detecting anomalies and cyberattacks. The proposed integrated model employs the 1) K-nearest neighbors (KNN) algorithm for classification, while 2) utilizing long-short term memory (LSTM) for feature extraction, and 3) applying Principal component analysis (PCA) to modify and reduce the features. PCA subsequently enhances the important temporal characteristics identified by the LSTM network. The parameters of the KNN classifier were confirmed by using fivefold cross-validation after making hyperparameter adjustments. The evaluation of the proposed model involved the use of four datasets: 1) telemetry operating system network internet-of-things (TON-IoT), 2) Edith Cowan University-Internet of Health Things (ECU-IoHT) dataset, 3) intensive care unit (ICU) dataset, and 4) Washington University in St. Louis Enhanced Healthcare Surveillance System (WUSTL-EHMS) dataset. The proposed model achieved 99.9% accuracy, recall, F1 score, and precision on the WUSTL-EHMS dataset. The proposed technique efficiently mitigates cyber threats in healthcare environments.