Multi-view learning and model fusion framework for threat detection in multi-protocol IoMT networks

IF 15.5 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-06-25 DOI:10.1016/j.inffus.2025.103435

Sekione Reward Jeremiah , Abir El Azzaoui , Stefanos Gritzalis , Jong Hyuk Park

{"title":"Multi-view learning and model fusion framework for threat detection in multi-protocol IoMT networks","authors":"Sekione Reward Jeremiah , Abir El Azzaoui , Stefanos Gritzalis , Jong Hyuk Park","doi":"10.1016/j.inffus.2025.103435","DOIUrl":null,"url":null,"abstract":"<div><div>The Internet of Medical Things (IoMT) holds significant transformative potential for modern healthcare systems. It enables real-time patient monitoring and data insights for making informed clinical decisions. However, despite these advantages, IoMT networks face critical security challenges due to device resource constraints and heterogeneity. Existing research on IoMT security has primarily focused on data security concerns, overlooking the complexity and vulnerabilities arising from the heterogeneity of devices and communication protocols. Due to the complexity of IoMT network traffic and the high volume of data, advanced methods are necessary to enhance the security and reliability of these networks. Machine Learning (ML)-based methods provide effective techniques for detecting, preventing, and mitigating cyber threats. However, conventional centralized ML approaches are susceptible to privacy risks and vulnerabilities to single points of failure (SPoFs). This study proposes a cyberthreat detection method that employs a multi-view-based model fusion approach within a Federated Learning (FL) framework to enhance detection capabilities across multi-protocol IoMT networks. Federated learning is adopted to preserve data privacy by avoiding data transfer to central servers and mitigating SPoFs. The proposed method is evaluated using the CICIoMT2024 dataset featuring 17 Wi-Fi devices and 14 simulated MQTT devices with 18 attack scenarios across five categories (DoS, DDoS, spoofing, Recon, and MQTT). Overall, the method achieves superior threat detection using TabNet as the base learner and MLP as the meta-learner, with accuracies of 99.7 % and 99.4 % in binary and multi-class classification, respectively.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"125 ","pages":"Article 103435"},"PeriodicalIF":15.5000,"publicationDate":"2025-06-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525005081","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

The Internet of Medical Things (IoMT) holds significant transformative potential for modern healthcare systems. It enables real-time patient monitoring and data insights for making informed clinical decisions. However, despite these advantages, IoMT networks face critical security challenges due to device resource constraints and heterogeneity. Existing research on IoMT security has primarily focused on data security concerns, overlooking the complexity and vulnerabilities arising from the heterogeneity of devices and communication protocols. Due to the complexity of IoMT network traffic and the high volume of data, advanced methods are necessary to enhance the security and reliability of these networks. Machine Learning (ML)-based methods provide effective techniques for detecting, preventing, and mitigating cyber threats. However, conventional centralized ML approaches are susceptible to privacy risks and vulnerabilities to single points of failure (SPoFs). This study proposes a cyberthreat detection method that employs a multi-view-based model fusion approach within a Federated Learning (FL) framework to enhance detection capabilities across multi-protocol IoMT networks. Federated learning is adopted to preserve data privacy by avoiding data transfer to central servers and mitigating SPoFs. The proposed method is evaluated using the CICIoMT2024 dataset featuring 17 Wi-Fi devices and 14 simulated MQTT devices with 18 attack scenarios across five categories (DoS, DDoS, spoofing, Recon, and MQTT). Overall, the method achieves superior threat detection using TabNet as the base learner and MLP as the meta-learner, with accuracies of 99.7 % and 99.4 % in binary and multi-class classification, respectively.

Abstract Image

查看原文本刊更多论文

多协议IoMT网络威胁检测的多视图学习和模型融合框架

医疗物联网（IoMT）对现代医疗保健系统具有重大的变革潜力。它可以实现实时患者监测和数据洞察，从而做出明智的临床决策。现有的IoMT安全研究主要集中在数据安全问题上，忽视了设备和通信协议异质性带来的复杂性和漏洞。由于IoMT网络流量的复杂性和大数据量，需要先进的方法来提高这些网络的安全性和可靠性。基于机器学习的方法为检测、预防和减轻网络威胁提供了有效的技术。然而，传统的集中式机器学习方法容易受到隐私风险和单点故障（spof）漏洞的影响。本研究提出了一种网络威胁检测方法，该方法在联邦学习（FL）框架内采用基于多视图的模型融合方法，以增强跨多协议IoMT网络的检测能力。采用联邦学习来保护数据隐私，避免将数据传输到中央服务器并减轻spof。使用CICIoMT2024数据集对所提出的方法进行了评估，该数据集包含17个Wi-Fi设备和14个模拟MQTT设备，其中包括5个类别（DoS, DDoS，欺骗，侦察和MQTT）的18个攻击场景。总体而言，该方法以TabNet为基础学习器，以MLP为元学习器，取得了较好的威胁检测效果，二分类准确率为99.7%，多分类准确率为99.4%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.