XBiDeep: A novel explainable artificial intelligence based intrusion detection system for Internet of Medical Things environment

Abstract

In this study, an IDS XBiDeep based on the use of deep learning architectures for the IoMT - IoHT environments is proposed. To evaluate the performance of the proposed technique, three different datasets collected from IoMT environments: CICIoMT2024, IoMT-TrafficData, and ECU-IoHT are used. CICIoMT2024 and ECU-IoHT possess imbalanced data structures, while IoMT-TrafficData contains a balanced structure, allowing the effectiveness of the model to be examined across both balanced and imbalanced datasets. Rather than performing a simple binary classification between attack and benign data, multi-class classification is conducted to investigate various attack types. To achieve high performance across all IoMT datasets, RNN, LSTM, GRU, BiLSTM, and BiGRU architectures are tested individually and in hybrid configurations. The best results are observed with the hybrid BiGRU-BiLSTM model, which is subsequently integrated into the proposed XBiDeep architecture. Specifically, it reached 0.9975 accuracy for 6-class classification and 0.9985 for 19-class classification on the CICIoMT2024 dataset. On the IoMT-TrafficData dataset, the model attained 0.9990 accuracy, while 0.9987 accuracy was obtained on the ECU-IoHT dataset. The outcomes of the created architecture are analyzed using XAI models: SHAP and LIME. The SHAP analysis identifies key features distinguishing different attack types from benign data, while the LIME analysis highlights the most effective features for detecting each specific attack type. Importance of features is revealed both locally and globally, based on attack types and across the entire system. Hence, this study introduces an explainable deep learning-based IDS with high accuracy across diverse IoMT datasets and attacks.